Microsoft: "Together we can prevail over criminals"

Microsoft's Alex Garden, general manager of Xbox Live, has issued an open letter calling for gamers' assistance in the ongoing struggle against hackers.

Garden posted the letter to Major Nelson's blog as part of Safer Internet Day, and noted the "surge of personal information being compromised and sold" over the last year.

While Garden didn't name any specific examples, the attack on the PlayStation Network is the most high-profile example among several that have blighted games companies in the last year.

The letter claims that Xbox has "no evidence" of any security breach on its Live service, though it does acknowledge "members whose accounts have been compromised by malicious and illegal attacks."

"Security is an ongoing battle. No matter how well we work to improve security - and we are working every day to bring new forms of protection to Xbox LIVE - our work will never end. With every measure we put in place, ill-intentioned people will create new ways to attack online services."

"Some of the security measures we have in place to help protect our members include password-attempt throttling, CAPTCHA (an industry-standard anti-scripting measure designed so that an actual human needs to answer the challenge), strong proofs (trusted PC, pin sent to cell phone, secondary e-mail and security questions), and account lockout for multiple failed attempts and compromised accounts, which we investigate and recover to the rightful owner."

Garden insists that Microsoft is also working towards improving the speed of recovery when an account has been compromised. The letter also describes Microsoft as an "industry leader" in investigating "cyber-criminals and bot nets."

However, Garden also appeals to Xbox users to arm themselves against these attacks by improving their knowledge of methods of attack, and the best steps to safeguard their own information.

The letter warns users about phishing, malicious software designed to capture passwords, re-using passwords from previously breached accounts, and "social engineering" in order to guess a user's password.

It also emphasises the importance of setting and regularly changing strong passwords, using unique passwords for each service, and reducing the amount of personal information shared through social networks.

The letter precedes the departure of Stephen Toulouse, director of policy and enforcement for Xbox Live, on February 15.

"I have nothing but confidence in the future of Microsoft and specifically Xbox and Xbox Live," Toulouse wrote in a post on his personal blog. "I have enormous gratitude for my time there. I want to finish my next book, and explore other opportunities."