"He got an old cell phone [number] of mine, and yeah, he called it occasionally," Xbox Live director of policy and enforcement Stephen "Stepto" Toulouse told us of the contact he'd had with the apparent hacker known as "Predator," who took control of Toulouse's Xbox Live account
this past weekend. "I can play you a voice message if you want, to show you the nature of his contact with us." What followed was ... not suitable for printing. Expletives and derogatory terms were all that we could make out in the mess of a message.
Multiple voices could be heard, too. "I have a six minute one where he and his friend discuss all the different ways they're gonna have sex with my wife." Not exactly what Predator characterized as "reaching out" to Microsoft to offer his help resolving the security issues he's claimed to have exploited.
"I would say 'reaching out for contact' is an extremely generous phrase," Toulouse said. "Most of the stuff that he leaves on there is flat out harassment. It's not contact. He's not trying to help or do anything. He's mostly just insulting me. And I get that from time to time. It's just the nature of my role. The kids sometimes try to go after me -- it's not that big a deal."
In terms of what actually happened, Toulouse was quick to point out that his Xbox Live account wasn't "hacked" per se, but rather his personal site's web host failed to protect his information. The actual issue, he said, is social engineering (Predator's ability to manipulate the web host in order to reset Toulouse's password) -- an issue that "no one has solved."
"What happened here had absolutely nothing to do with Xbox Live," Toulouse insisted. "What these kids try and do is, all day long, they try and get my account or someone's account who's popular or prominent. We're talking like hours and hours and hours
of phone calls and trading tips and tricks on forums. It's quite humorous sometimes to watch."
Of course, this particular incident is no laughing matter. "What he did, from a lot of people's point of view, I think, is a crime, and we're going to be investigating that," Toulouse added.
Customer account security remains job number one for the Xbox Live guardian, regardless of what method is being used to breach security. "We certainly take threats against accounts seriously," he assured. "We wanna make sure that our customers are protected as well."
Toulouse's best advice for protecting oneself from a similar breach? It's surprisingly simple: "have strong passwords and don't give them out."