Are XboxLive accounts hackable?
There have been rumours about this for quite some time, but it’s getting traction now. Here’s what a quick search resulted in this morning:
Okay so I’ve had my xbox live account hacked several times, all I know is you need to be monitoring the incoming IP’s to get there IP then I have no clue.
My game tag was stolen and $80+ was used to by MS points. [—] Also I am finding out that I am not the only that this has happend to…=(
I power off my console to power it back on, and then to find out that it says that my acct was recovered onto another console. [—] my Microsoft Points is now down to 310 from 1,000 something, and they purchased 500 more points on my card
He blatantly says he can steal any account on your xbox with just your IP address
I just got off the phone with a Microsoft Tech for Xbox live that has confirmed this to with me and they have stated that accounts are being stolen and that “Hackers have control of Xbox live and there is nothing we can do about it”
My best guess based on the above quotes would be that it requires the victim to be logged in, and that the hacker then performs an IP-spoofed account recovery request – but it would imply extremely bad security on Microsoft’s part.
That would be … unheard of …
it's in my head 
This has now been posted on Bugtraq as well:
http://www.securityfocus.com/archive/1/463299/30/0/threaded