The platform holder says it is considering what action to take against those who netted themselves Microsoft Points illegitimately.
Microsoft has revealed that the reported $1.2 million loss from an exploit that gave people Microsoft Points for free was an exaggeration. The company wouldn't share exact numbers, but said that the actual value of the MS points was nowhere near the amount reported by the press.
In a statement, Microsoft said that it had taken steps to invalidate any codes generated through the exploit. It also said that it took this kind of activity very seriously, and that its policy and enforcement team was looking into the matter to determine what, if any, further action would be taken against those who had taken advantage of the exploit. There was no single blanket policy, however, and punishment would be meted out on a case-by-case basis.
I'd be a little surprised if Microsoft didn't take a strong line against anyone who did grab free points codes. While the amount of revenue lost might not have been that high, it is essentially stealing the money from Microsoft directly. Obviously, it's not exactly the same, as the codes don't have any value until someone redeems them and buys something with the points. Not everyone will have actually gotten that far, but some will, and that's about as close as you get to stealing when you're talking about digital goods.