How to protect yourself from Xbox Live hackers

Should only really be necessary to hide what games you've been playing.

People target live accounts to get at the DLC and Live Content that has been purchased on them - they don't care as much about the gamerscore.

you forgot one major tip that rules out everything you just said

Don't buy a Xbox 360 or just sell your current Xbox 360 duh

how could they hack account without knowing his account information ?!

You have me worried now :(

Summary: To safely enjoy Xbox Live's social capabilities, turn off everything social about Xbox Live. (only half-kidding; don't downvote me yet)

Really most of this is common sense, a commodity which seems to be greatly lacking on the internet. While all that stuff about turning off the show-off-your-gamerscore stuff certainly reduces your chances, the main problem is that as long as you play online, people will be able to get at least that info. Your best bet is, in truth, to play primarily with a core group of people that you know and trust, and only friend random people after you play them enough to know they're not scammers (how long that takes is up to you but "thirty seconds, and they say they can get you into the super secret Modern Warfare 3 beta" is probably not enough time).

Does the fake information mean fake stuff in your bio and motto on your gamercard or your actual account information? Because that seems a little excessive

I used to have a friend who would write totally nonsensical things when he signed up for anything. I remember him telling me that he would do stuff like put "Mt. Rushmore" for the recovery question "What is your favorite book?". Apparently, he'd also do random letters and numbers, print out a sheet with the answers, then keep it in a safe of some sort in his room... He was a bit paranoid.

"Should only really be necessary to hide what games you've been playing.

People target live accounts to get at the DLC and Live Content that has been purchased on them - they don't care as much about the gamerscore."

Once your gamerscore goes past a certain amount, people who steal accounts tend to assume someone with 20,000 GS or higher will have a bunch of stuff unlocked anyway - and there is a specific portion of the leet community who do little else other than try to steal accounts with high GS, or failing that use modding tools to inflate their score artificially then sell the account on.

Whoah, whoah whoah.

First off, this report does NOT recommend 'avoiding sites like MyGamerCard', and I am deeply troubled that Joystiq would not only interpret it this way, but post it exactly as such.

Secondly, MGC does not condone or even exist to cater to people who would do illicit activities on Xbox Live. The promotion of GamerScore is for entertainment purposes - users can create their own personal Leaderboards for friends or clans, and some people enjoy vying for the top spots in their particular country.

Thirdly, this is not 'hacking', this is social engineering, which are two giant continents of their own and should not be confused. This is all about people who fall for the 'Give me your Live ID and Password for free MS Points' or 'Give me your account and I'll activate Prestige on Call of Duty' (which I personally received two days ago). Being a member of MyGamerCard puts you at no greater or less -risk- if you are of sound mind to realize these are scams.

Yeah, I feel I need to chime in here. I'm the person who gave the talk at the security conference. At no point did I ever suggest NOT to use the site mentioned above - and I certainly didn't advise anybody to "steer clear" of sites such as MGC or any of the other similar services. I merely highlighted how people such as phishers will use the data that's viewable on the site - in much the same way they'll trawl for info on sites like facebook, myspace etc - and use that to ascertain who their next potential target will be.

I also never suggested that sites like MGC are somehow dubious themselves - MGC clearly isn't, it's a Microsoft community developer. I mentioned how people will cut and paste stats from the Bungie site (in the same way they'll reference data on MGC, or how profile spamming tools will show a MGC badge in their browser window when hunting for targets) when trying to buy & sell stolen accounts - yet nobody is saying to "avoid Bungie". This strikes me as unfair.

Finally, if anyone is to "blame" for gamerscores being viewable causing targeted phishing / social engineering attacks, it would be Microsoft for not providing the option to hide the score. Sites such as MGC are simply doing interesting things with that data, but ultimately as long as MS don't let you have the option to hide said score, the problem will continue.

Nobody could have predicted at the time that as GS increased, so did the desire in bad actors to try and steal those accounts, but here we are and now MS needs to address it. Be critical of the way we throw all of this data around for people to see, sure. But specifically saying to "avoid MGC" - no. It's a bit of a wasted effort anyway, as by the time 99% of people become aware their GS might make them a target, it's already out there in the wild and pasted across a whole bunch of sites whether we wanted it or not (mine included).

I thought I could just not accept friend requests from people with Gamertags lik 'FreeXboxL1ve'

I don't pay $8 a month to worry about Xbox Live hackers. Microsoft needs a better way to maintain security.

just keep it sensible and you will be ok.

Alexs comment is a good one also.