There has been a lot of buzz recently about the possibility of Xbox Live being hacked. People are taking over accounts, locking out the original owners, and racking up charges. Message boards were in a panic, speculating about what the gaping security hole was and how it was exploited. As it turns out, the whole thing boils down to a social engineering attack (or pre-texting, for those who like to invent new words). The attackers simply call up Xbox Live support and convince the customer service rep to reset the account. Not particularly exciting but as usual, very effective -- after all, social engineering is the oldest trick in the book.
Xbox Live is undoubtedly a complicated system that, hopefully, has layered security designed in from the ground up. It may or may not be resilient to application-level attacks. In the eyes of the public, however, that is irrelevant. No matter how secure Xbox Live is from a purely technical perspective, it has now been "hacked". Players don't care whether their accounts are stolen through an application-level hack or a social engineering attack -- the end result is the same to them.
Now Microsoft has to figure out how to solve this problem without making it impossible for the people who need their accounts reset for legitimate reasons. Solving a process issue is a lot harder than patching a SQL Injection vulnerability, that is for sure.