After some initial confusion involving crazy Bungie.net hacking rumors, Microsoft seems to have determined from where recent Live security issues originated. True, accounts were not "hacked" via Xbox Live or Bungie's web site, but accounts were compromised by old-school, tech-free conning of customer support reps.

Xbox Live's Larry "Major Nelson" Hryb explains what happened on his blog:

Earlier this week when I first heard about the "Xbox Live network hacked" story, I checked with the people on our end, and then posted about it. As originally posted, Xbox Live has not been hacked. That is still true. A security researcher, Kevin Finisterre, discovered not a hack, but the fact that some accounts may have been compromised as a result of 'social engineering', also known as 'pre-texting', through our support center. Kevin gave me a call directly and once I realized what he was talking about (he sent me some painful-to-listen-to audio files) I confirmed that the team is fully aware of this issue. They are examining the policies, and have already begun re-training the support staff and partners to help make sure we reduce this type of social engineering attack.

Larry adds apologetically, "There's no other way to say it; this situation shouldn't have happened. Our customers deserve better." Xbox Live subscribers with questions about their account should contact Microsoft and the Xbox customer support team at 1-800-4MYXBOX. Michael McWhertor

Xbox Live Security Update [Major Nelson]