Attackers are using fraudulently obtained information to take over high-profile Xbox Live accounts held by current and former Microsoft employees, company officials said.
"We are aware that a group of attackers are using several stringed social engineering techniques to compromise the accounts of a handful of high-profile Xbox LIVE accounts held by current and former Microsoft employees," Microsoft officials said in a statement sent to Ars. "We are actively working with law enforcement and other affected companies to disable this current method of attack and prevent its further use."
The disclosure comes two days after security reporter Brian Krebs linked one of the people who may have prompted a raid on his home by armed police to a four-man team that uses illicitly obtained credit information to hijack Xbox Live accounts. According to Krebs, the same person who took credit online for the swatting attack also ordered a denial-of-service attack on his website. Records unearthed by Krebs found that the same Gmail address used to order that hit also ordered a DoS on Ars Technica.