Xbox Entertainment Awards blighted by security breach

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://www.mcvuk.com/news/read/xbox-entertainment-awards-blighted-by-security-breach/0112664

Microsoft has this morning been hit by a security breach of its Xbox
Entertainment Awards 2013 service.

MCV was contacted by a reader with a link to a page that appeared to
list all those who had voted and therefore been entered into the prize
draw. The data included names, gamertags, emails and birthdays.

Those accessing the site were also free to edit or remove each listing.

The entire website has now been shut down. It is not known for how
long the data was accessible before the closure.

MCV has contacted Microsoft for comment.

UPDATE: Microsoft has supplied MCV with the following statement: "We
are currently experiencing technical difficulties with the Xbox
Entertainment Awards landing page and have taken the site offline
while we investigate.”

UPDATE 2: The reader who first contacted MCV about the issue claims
that before its removal the list of users numbered 2,892.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.