Your bank account and personal information may be at risk, especially if you’ve traded in an Xbox 360 console recently. That’s the finding of a Drexel University research team, which highlighted an issue with the security of your personal information stored on an Xbox 360 after you trade it in.
Apparently, even after GameStop, Microsoft, or insert storefront name here employees restore your Xbox’s hard drive to its factory state there’s still some bit of your data leftover–the kind of stuff that can ruin your day if someone were to find it and use it to buy a Captain America shield replica.
The researchers at Drexel carried out a case study, which highlighted the problem. They purchased a refurbished Xbox 360 from a Microsoft-authorized retailer, and found through downloading a basic modding tool they could access files and folders stored on the drive. Most importantly, however, they were able to excavate the original owner’s credit card information.
Kotaku spoke with Ashley Podhradsky, who wrote up the study as well as many other studies regarding numerous works on digital forensics, but is far from a seasoned gamer. As such, she believes that veteran gamers and modders will be able to navigate their way around these used systems more easily. The software, she said, is easy and free to download for anyone persistent enough.
So what can you do to stop your discarded system from turning over your entire life savings? Well, there’s not much you can do if you’ve already traded it in. However, for those that haven’t yet there’s something you can do to wipe your drive. Detach the hard drive from the Xbox 360, hook it up to your computer, and use Darik’s Boot and Nuke. This program will delete any contents on the drive it can detect. Or you can always complain to Microsoft to create a better factory restore program.