Attackers are using fraudulently obtained information to take over high-profile Xbox Live accounts held by current and former Microsoft employees, company officials said.

"We are aware that a group of attackers are using several stringed social engineering techniques to compromise the accounts of a handful of high-profile Xbox LIVE accounts held by current and former Microsoft employees," Microsoft officials said in a statement sent to Ars. "We are actively working with law enforcement and other affected companies to disable this current method of attack and prevent its further use."

The disclosure comes two days after security reporter Brian Krebs linked one of the people who may have prompted a raid on his home by armed police to a four-man team that uses illicitly obtained credit information to hijack Xbox Live accounts. According to Krebs, the same person who took credit online for the swatting attack also ordered a denial-of-service attack on his website. Records unearthed by Krebs found that the same Gmail address used to order that hit also ordered a DoS on Ars Technica.

Krebs called the 20-year-old member of "Team Hype" after watching videos the hacking crew had posted showing them hijacking Xbox Live accounts in progress. The videos showed the members using desktop screen-grabbing software and even showed conversations with other members in instant message windows in the background. An anonymous source told Krebs that the group uses fraudulently obtained Social Security Numbers from the site ssndob.ru to gain control of Xbox Live accounts. Some of the members then sell the accounts to other Xbox Live Players. Krebs has much more on the technique here.

Microsoft's confirmation of the Xbox Live account compromise came the same day as a report that the Xbox Entertainment website briefly displayed the names, gamertags and addresses of nearly 3,000 users who had voted on the site. The data was visible for only a short time, and no passwords were compromised, the unnamed person told mvcuk.com.

On Wednesday, Microsoft issued a statement that read: