Microsoft Points exploit may have cost the company over $1 million

By Tom Warren, on 9th Mar 11 7:38 pm with 12 Comments

Microsoft Points cards

A gaping hole in a promotional Microsoft Points system may have cost the company over $1 million.

A user named Dark, at The Tech Game forums, posted instructions over the weekend to generate free Xbox LIVE codes. The codes were generated via Microsoft’s own official Xbox 360 site and could be used to redeem Microsoft Points. Thousands of users are believed to have used the codes to generate 160 free MS points each time. The original forum thread, which has since been closed, has been viewed over 28,000 times with over 500 replies.

Some users claim they were able to generate 10,000 or more Microsoft Points. “Well Dark I have to thankyou I made a bot just for this and now have 380160,” wrote one user. “Just Got 3k Micrsoft Points Thanks Brooo,” wrote another. Microsoft’s Points system is the virtual currency for Xbox LIVE Marketplace, Games for Windows, Windows Live Gallery and its Zune online stores. The virtual points allow users to exchange cash from credit cards for virtual points to be used against goods. 80 points are equal to $1.

Microsoft has since fixed the flaw and is currently assessing the cost and damages of the exploit. Users were able to create programs that automatically generated the codes in a short space of time. Over 10,000 codes could be generated according to Blorge, and the site speculates that as much as $3.2 million could have been lost as a result of the glitch.

WinRumors has reached out to Microsoft for comment but at the time of writing has not yet received a response.

Update –  Microsoft has now issued a statement:

“We are aware of the situation and have taken steps to invalidate the codes obtained illegitimately. We take safety and security very seriously and require that Xbox LIVE members use the service in compliance with applicable laws and specifically prohibit people from engaging in illegal activity as a part of our Terms of Use and Code of Conduct. Our Policy and Enforcement team is evaluating whether or not certain individuals have violated the Terms of Use for Xbox LIVE and will take the appropriate enforcement on an individual basis. Codes obtained legitimately by users will not be impacted.”

Image Credit: Yoppy (Flickr)

  • GP007

    That’s ok, the rapid Kinect sales have easily covered that small loss to MS’s pocketbook.

  • mark

    just curious as to the math behind this, 10 000 codes at 160 points each should be 1.6 million points, if 80 points = $1 then that should be $20 000

  • mark

    just curious as to the math behind this, 10 000 codes at 160 points each should be 1.6 million points, if 80 points = $1 then that should be $20 000

  • Beinrich

    It didn’t cost them anything. That’s the thing with digital distribution.

    • Karl Cramer

      Well, yes it does. When the publisher of whatever was downloaded with these points wants their commission check.

  • justme

    Actually I’m sure it did cost them something, when you consider they have to pay the content provider for whatever was purchased with the points. I

  • Grannyville7989

    Is there no way of Microsoft to find out who got a stupid amount of MS points on their account in a short amount of time?

    • Sebastian Gorgon

      You would be surprised what else they can do in a short amount of time

  • astroX

    I was curious to read the forum post since now Microsoft fixed the exploit and therefore it wouldn’t any effect now, would it?

  • Karl Cramer

    Much like when someone found an exploit that allowed people to download Gunstar Heroes for free last year, the rights will be revoked and the accounts will be punished.

  • Jordan Hicks

    Damn, I wish I saw this before it was fixed. :(

  • Mend

    3.2m loss loose change to them mny grabbin fcukers we need these hacked points to pay for all the ea games passes we need to buy wen we buy preowned games there my gunna b bothered about these doesn’t cost them out to make virtual points get over it there virtual for a reason no loss what so ever