Microsoft Corporation (NASDAQ:MSFT) has announced that it is starting an investigation into the alleged ability to obtain the credit card details of previous users from refurbished and used Xbox consoles. News broke last week that securities experts had discovered a method to recover the personal data of former users of a console even if the console had been out of use for some time or had been fully restored to factory settings. Microsoft has caught wind of the story, which made the rounds on popular tech blogs, and is now looking in to the claim in the hope of developing better security procedures.
The company has requested information directly from the researchers invloved to allow them to ascertain the veracity of their claim. This is an important move by Microsoft, showing them to be at the very least concerned about the researchers findings. The news must have startled many in the company’s security divisions. Security flaws have the potential to drive users away and tarnish a brand name. Look at the social networking site Path, now synonymous among tech enthusiasts for user data breaches. It is the same for others like Sony’s Playstation Network. Even Google is becoming increasingly associated with a creepier image than ever before.
Microsoft has maintained a reasonably good image concerning customers data in recent years. The company has not been the victim of major privacy disputes like other tech giants such as Google, Apple and Facebook. The Xbox looked rather well after Sony’s competing Playstation Network was attacked last year resulting in the compromising of millions of users data. That infiltration left the company’s service crippled for some time and left a black mark beside its name in relation to data security. The ongoing dispute and worry inherent in the export of data to third party hosts is one that will not likely go away in the future.
The advent of cloud based computing and mobile devices moving users to a web based service model means there will be greater need for companies to obtain data from their users. Whether or not the companies can manage to keep this data safe in an era where hacker groups like anonymous run rampant is another story. Microsoft is at least taking the claim seriously and investigating it. If they find it to be true it will be interesting to gauge their reaction. Will a firmware update suffice? Or a total recall? Or perhaps they’ll let it lie and sweep it under the rug. Anything is possible in the connected age.