March 10, 2011 at 2:27 PM ET
In order to add Microsoft Points to your Xbox Live account, you have to input the long string of characters found on the Microsoft Points card you've purchased. A group of hackers figured out how to predict what those character strings would be and managed to snatch up $1.2 million in Microsoft Points without paying a single dime. (Msnbc.com is a joint venture of Microsoft and NBC Universal.)
Geek.com reports that while the hackers didn't exactly crack Microsoft's code generating algorithm, they did figure out how to produce working Microsoft Points codes by editing already redeemed codes to produce brand new — and valid — ones.
Microsoft has caught on to and blocked the scheme, but not before quite a bit of damage was done:
Microsoft has now blocked any new codes produced with this tool, but not before losing what is thought to be in the region of $1.2 million worth of points. What’s also unclear is whether they have the records in place to track which Xbox Live accounts redeemed the fake codes. If they haven’t, then there’s no way to demand the money back or block those accounts.