A number of people have made off with a chunk of virtual change--an estimated $1.2 million--from Microsoft as part of an exploit that left one of the company's promotional sites spitting out codes for free blocks of Microsoft Points.
The exploit, which was discovered by forum members of enthusiast site The Tech Game over the weekend, centered on a promotion Microsoft was running on a temporary site that offered users a choice of two free days of Xbox Live Gold, a virtual item for their Xbox Live avatar, or 160 Microsoft Points. While a small denomination, 160 Microsoft Points equals $2, which could then be stacked with existing account balances, making the item the most appealing target of the bunch.
The attackers devised a way to tweak the URL of the promotional site to have it repeatedly spit out codes, with most going for the free points. According to games blog Save and Quit, Microsoft shut the site down within hours of the exploit being unearthed (following its buckling under the surge of traffic), but not before enterprising users made off with an estimated $1.2 million in virtual currency.
Microsoft's Points system remains the main currency used on the Xbox Live and Zune Marketplaces, as well as in Windows Live Gallery. Users can buy points in various denominations, from 400 ($5) all the way to 4,000 ($50), either online or in retail stores. Microsoft recently decoupled its necessity for purchasing game downloads and add-on content from its Games for Windows Live service, allowing users to have charges sent to credit cards instead.