Stories that Microsoft lost millions of dollars when a promotion offering Microsoft points was hacked seem to have been a bit overhyped.
The promotion offered Microsoft Points, 48-hour Xbox LIVE passes,but users discovered that they could generate hundreds of working codes and redeem thousands of points.
It seems that Redmond used a special URL to generate the redeemable codes. The URL included a two-digit number used to pick the kind of code that would be generated and an enormously long string that governed which set of codes the system would hand out. All you needed to do was change four characters in that string to any number and the system generated new codes.
The tech press claimed that Redmond lost $3 million dollars before the system was shut down. However Redmond said the figures where daft and it lost nothing like that.
Ars Technica worked out that it probably cost about $140,000, which is a large sum but it is not $3 million.
It does not look like Microsoft will be able to punish those who abused the system.The codes that were generated are legitimate, and it may prove difficult for the company to figure out which rewards were legit and which are not.
However there are unconfirmed reports in Xbox land that some people who took advantage of the flaw have already been banned.