Eurogamer is talking about a possible exploit people have been using to harvest Xbox Live accounts in the ongoing account hijackings. There is also another report coming from a network infrastructure manager that details the methods being used more than Eurogamer goes into.
Anyone think this is possible? I've PM'd Patrick, although I'm sure he's already on it, as well as Xav over at Shacknews who had been doing some reporting for them. So far Xav is waiting to hear back from Microsoft, and I'd assume it's the same situation for Patrick as well.