The technique laid out by the Infamous team is similar to the process used by pretexters, who came to national attention last year during the Hewlett-Packard boardroom scandal. Then, HP had hired investigators to track down a media leak; the private investigators, in turn, contracted pretexters to obtain phone records of board members and journalists.
When the Xbox Live user stories were related to him, Kevin Finisterre's reaction was swift: "It's not us that has the problem giving up info, it is their employees," he wrote in an e-mail. "Clan Infamous clearly said that on their Web page."
The ease with which fraudsters can worm information out of Xbox Live support has implications beyond gamers, especially if the service draws even more users in May, when it launches Games for Windows -- Live. That service, which will combine Windows PC gamers with those running Xbox, will debut with the Vista version of Halo 2.
"Think of it this way," said Finisterre in a follow-up e-mail. "Single sign on, single point of compromise. With access to people's services, leveraging that into system access can be trivial. Maybe I break into your girlfriend's e-mail account and send you a Trojan horse from her claiming to be a funny picture or something.
"Some folks are creative."