April 03, 2011, 10:45 PM — Stephen "Stepto" Toulouse is director of policy and enforcement for Microsoft's Xbox Live gaming service. That means the buck eventually stops with him when it comes to questions of appropriate behavior on the service.
Toulouse is a pretty personable guy, often appearing on the "Xbox Live's Major Nelson Radio" podcast to talk about his job, Xbox Live Policy, and to share a few amusing stories about his interactions with the community (generally revolving around a banned user's explanation of why he or she didn't really break the rules). He's done panels about his job at several Penny Arcade Expos and has written a book titled A Microsoft Life. My point being, he's got a pretty high profile for someone who makes a lot of enemies via his policies (and, let's be clear, makes a lot of friends for trying to keep Xbox Live from devolving into a cesspit).
And today he got hacked. For a while both his personal website, stepto.com, and his Xbox Live account were in control of a hacker who claimed this was payback for having been banned from the Xbox Live service 35 times. The hacker claims he socially engineered his way into the accounts. Toulouse says the hacker convinced Network Solutions to point his DNS record elsewhere. Or that what it sounds like. What he actually tweeted was Network Solutions handed my DNS over to an attacker via social engineering. [source] It isn't clear how the hacker got access to the Xbox Live account.
There's a 6 minute video of the hacker talking about the accomplishment, and he claims he's tried to contact Toulouse on multiple occasions to talk to him about a weakness in Xbox Live's security. It's an expletive-laden video with a healthy does of hate speech so I won't link to it directly, but somewhat NSFW site Ripten has it, as well as a series of tweets from Toulouse during the time he'd lost control of the site.
By Sunday evening everything was back to normal at Toulouse's website (and presumably his Xbox Live account) but the moral of the story is that no one is entirely safe. A person in Toulouse's position has a big red target on his back and it's safe to assume he takes every possible precaution against hackers, but this time, all his precautions weren't enough. It's pretty hard to protect yourself against social engineering since you're so often at the mercy of a third party.