Recently, Xbox Live enforcement guru Stephen “Stepto” Toulouse had his Xbox Live account compromised.  He was a victim of social engineering.  It was not a breach of Xbox Live or a hack into Xbox Live.  The culprit used an exhausting method of social engineering to gain access to Stepto’s domain registrar and gain access through it.

From Joystiq … “What happened here had absolutely nothing to do with Xbox Live,” Toulouse insisted. “What these kids try and do is, all day long, they try and get my account or someone’s account who’s popular or prominent. We’re talking like hours and hours and hours of phone calls and trading tips and tricks on forums. It’s quite humorous sometimes to watch.”

The moral of this story is to protect yourself from this kind of thing as best you can.  Don’t give out passwords and don’t have easy passwords.  If you have a problem remembering difficult passwords, then write them down somewhere.  Do not give out personal information.

I’d go so far as to call your different support places, domain places and have them put verbal passwords on your account.  You can also go so far as to have them call you when changes to your account are requested.

You can never been too safe or careful.  Let’s learn from this.