Restoring an Xbox 360 console to factory settings before selling it apparently isn't enough to remove your personal information. In an interview with Kotaku, Drexel University researcher Ashley Podhradsky said that her team had successfully retrieved credit card data from a refurbished Xbox using simple modding tools. The software gave them access to the console's files and folders, letting them extract information that hadn't been wiped even by the Microsoft-authorized reseller. The process was published in the August 2011 Proceedings of the America's Conference on Information Systems.
Podhradsky says that Microsoft "does a great job of protecting their proprietary information. But they don't do a great job of protecting the user's data." In particular, she singles out what she sees as a long history of misleading information. "When you go and reformat your computer, like a Windows system, it tells you that all of your data will be erased. In actuality that's not accurate — the data is still available." Fortunately, it is possible to sanitize an Xbox hard drive by hooking it to your computer and running a program like Darik's Boot & Nuke, she says. Podhradsky does not appear to have published research on other consoles, though, so PlayStation 3 or Wii users might want to wait before calling out Microsoft for poor security.