medium SEVERITY
September 14, 2025
Xbox Live Gamertag Database Scraped
Approximately ~1.5 million users potentially affected
Data Exposed:
- Gamertags
- Email addresses
- Account activity
- Game library info
What Happened
A database of Xbox Live user information was compiled through API scraping. While no passwords were exposed, the data enables targeted phishing attacks.
What You Should Do
- Be cautious of emails claiming to be from Xbox or Microsoft
- Enable Microsoft Authenticator for your account
- Review sign-in activity at account.microsoft.com
- Never click links in unsolicited Xbox-related emails
- Report phishing attempts to Microsoft
Check If You Were Affected
Use GalaxyWarden to scan for your credentials in this and other breaches.
Scan My Email Free →