• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

Wow was my Windows live/ Xbox account just hacked?

Teknoman

Member
Everything was fine this morning, yet after coming back from work, I cant log into my Xbox live account. My password wouldnt work, and when I tried to reset my password, windows live claimed my security question was incorrect.

Decided to check Gamefaqs forum just on a whim, and apparently this happened to 3 other people, possibly more. Whoever jacked my account ended up buying 2 sets of 4000 points and 1 1600. Dont see the purchases on my credit card account, so maybe MS stopped them, but i'm still posting just in case anyone else may have fallen victim to this today. Happened at 12:04am CST for me.

Man...might have to cancel my credit card, and small as it may seem, I really hope I can recover my email address and XBL account. Luckly I had my email open in another window on my PC since I was checking UPS earlier today, and could see the evidence.

Never shared my password with anyone, been to any fishy sites, or anything strange like that.
 

Messi

Member
Teknoman said:
Everything was fine this morning, yet after coming back from work, I cant log into my Xbox live account. My password wouldnt work, and when I tried to reset my password, windows live claimed my security question was incorrect.

Decided to check Gamefaqs forum just on a whim, and apparently this happened to 3 other people, possibly more. Whoever jacked my account ended up buying 2 sets of 4000 points and 1 1600. Dont see the purchases on my credit card account, so maybe MS stopped them, but i'm still posting just in case anyone else may have fallen victim to this today. Happened at 12:04am CST for me.

Man...might have to cancel my credit card, and small as it may seem, I really hope I can recover my email address and XBL account. Luckly I had my email open in another window on my PC since I was checking UPS earlier today, and could see the evidence.

Never shared my password with anyone, been to any fishy sites, or anything strange like that.

10 bucks say they buy ea ultimate team gold card packs. scumbags.
 

Teknoman

Member
Smision said:
Was a reltively easy or short password? they may have brute forced it

Six letter, and it wasnt anything you'd use in an every day conversation or anything. Xbox call center is apparently at high call volume...so hopefully I get through.
 
Teknoman said:
Six letter, and it wasnt anything you'd use in an every day conversation or anything. Xbox call center is apparently at high call volume...so hopefully I get through.

honestly not trying to kick you while you're down, but especially anything with a credit card attached, man, at least throw some numbers in there. Also, 8 characters should be the absolute minimum IMO. I'm a software developer and while i'm not rabid about security, you have to take a few precautions!
 

feel

Member
Meanwhile in a PSN executive's office:
23thzlf.jpg
 

Teknoman

Member
catapult37 said:
honestly not trying to kick you while you're down, but especially anything with a credit card attached, man, at least throw some numbers in there. Also, 8 characters should be the absolute minimum IMO. I'm a software developer and while i'm not rabid about security, you have to take a few precautions!

Yeah I should have, but I set up the account long ago. These days i've got at least one or two numbers in all things. Just got my HRAP VX-SA stick too... AUGH.
 

Thoraxes

Member
Actually this just happened to me Sunday.
Had to call to get everything refunded, and they've only refunded me 1 of the 3 purchases so far (the $5 one).
 
A friend of mine just called me and said his account was banned too for "theft" or some shit, and he is someone I know spends lots of money on Microsoft Points to buy DLC, movies, etc. Looks like some accounts are being compromised.
 

epmode

Member
I still haven't seen evidence of anything other than brute forcing passwords, keyloggers and social engineering. If someone legitimately hacked into Live and sole some passwords, that would be huge news.
 

Yaboosh

Super Sleuth
This happened to me. I called and they basically refused to do anything for me and told me to go through my bank. If they ban my account as a result of me going through my bank i will be none too pleased.

I got an email that I purchased 4000 points and 6000 points. I caught it before the guy spent any of the pounts, i called Xbox Support, they said there is nothing they could do without me being in front of my system. By the time i was in front of my system, most of the points had been spent (Beyond Good and Evil, Monopoly, Need for Speed Hot Pursuit, and NBA 2k10). I called back, and there is nothing they can do, they cant refund me, especially since the points had been spent. I was unhappy, asked for a manager, she said that she would put me on the list for a call, and i never received a call. Fuck Microsoft and their shit customer service.
 

Teknoman

Member
Thoraxes said:
Actually this just happened to me Sunday.
Had to call to get everything refunded, and they've only refunded me 1 of the 3 purchases so far (the $5 one).

Bastards apparently spent 130 bucks worth of MS points and just bought game content with it. Also three freaking weeks? No 3S GAF matches for me...or anything else for that matter. Guess I can just reset my email password in the meantime.
 

Thoraxes

Member
Teknoman said:
Bastards apparently spent 130 bucks worth of MS points and just bought game content with it. Also three freaking weeks? No 3S GAF matches for me...or anything else for that matter. Guess I can just reset my email password in the meantime.
Yeah 22 days is complete bullshit. The guy on the phone (name was John) said that the financial stuff should be refunded in the week, but I won't have my account back for 22 days. I never had a CC connected to my XBL account, but I did on GFWL like a year ago when AoE was on sale for $1, so that's how it's on there, since they merged the systems and all.

I'll call my bank to get a new card soon, but I would rather wait until I get my refund from MS to get my card switched instead of them depositing money to a card out of service.

They took $75 from me.
 

Phandy

Member
This totally just happened to me tonight.
I'm not sure if the charges have gone to my bank yet, but they spent like £90 on points :(. Hopefully I can get my bank to block it tomorrow morning.

The worst thing is I don't even have an xbox, I've use it for like 2 things on GFWL about a year ago. Fucking sucks, if they can't do anything about it :(.
 

cazosozey

Member
This happened to me recently in July, the day me and my wife went on vacation. While in the airport, my wife got an email on her iphone from Xbox, confirming two MS point purchases ($130), as well as a conformation of changing the country of origin to Russia. (wtf..)
Cancelled the card at the airport with the money refunded later that day(from the bank) as well as locking down the account with Xbox.
Could not file a unauthorized access claim with MS until we were physically next to the console (they needed a serial number), which we did a week later when we got back.
Funny thing is, I was able to regain access to the account a week later and change the password.

Anyways, Xbox is still investigating. They gave us a 3 month gold card and locked down the account in question. I'm guessing it was a brute force attack, my password was very simple, shame on me. Unfortunately that password was not my ultra secure letters numbers caps and symbols password.
 

Thoraxes

Member
I got lucky in that they didn't manage to change any of my personal information, so everything was able to be handled really easily.
 

Teknoman

Member
Changed password to one that should be strong enough now. They didnt get any of my personal details either apparently, only screwed up my windows live/xbox live password prior to resetting.

Its been so long...but isnt there a way to log into my gamertag for achievements sake while staying offline?
 

Mikey Jr.

Member
I was on a forum, and this guy posted some link to an ebay type site where people were selling 6000 points for 11 bucks and 10000 for 15 bucks.

The site looked Chinese. Not sure how that worked, but maybe it has something to do with that?
 
If your account gets hacked and you're sure you've never messed with fishy sites, maybe I'd suggest you run some anti-malware software, like malwarebytes' one, searching for a keylogger or something akin.

Oh, and make sure your passwords are complex and different for every account you have. I know it sounds stupid, but it's a good start. There are good password managers, like keepass, around.
 

chewydogg

Member
This happened to me 7 days ago. Got an email that I bought 6000 ms points. I ran to the TV and turned on the Xbox, couldn't log into LIVE. Checked my email again and I had received another email about 4000 ms points that same minute. So I called 18004myxbox right away. The guy I talked to (forget his name) said that's the MO, 6000 and 4000 then they move on.
He said it's some one in Eastern Europe with jtaged xboxes that can some how "ghost" account info, buy points, then sell the points on shady websites. He actually said it was the "mafia or something." He locked my account and said MS would refund the money and restore my account within 5-10 days. Neither of which has happened yet...
 

Moaradin

Member
Ironically, my Games for Windows Live account was randomly banned yesterday. The only thing I honestly do is play Super Street Fighter 4: Arcade Edition on PC yet I was charged with Marketplace fraud. The hell?
 
chewydogg said:
This happened to me 7 days ago. Got an email that I bought 6000 ms points. I ran to the TV and turned on the Xbox, couldn't log into LIVE. Checked my email again and I had received another email about 4000 ms points that same minute. So I called 18004myxbox right away. The guy I talked to (forget his name) said that's the MO, 6000 and 4000 then they move on.
He said it's some one in Eastern Europe with jtaged xboxes that can some how "ghost" account info, buy points, then sell the points on shady websites. He actually said it was the "mafia or something." He locked my account and said MS would refund the money and restore my account within 5-10 days. Neither of which has happened yet...
I had this happen to me back in June and it took Xbox support 2 months to unlock my account and did not refund my money. I practically had to call them every day for a week to get progress.
 

AlexMogil

Member
Yeah, I got hacked too, and my Windows Live account got compromised as well. It's infuriating. Fortunately my Xbox Live account is locked. I might get it back. I have like 600 bucks of software in there.

I have some inside contacts at Microsoft to help me and I still... STILL cannot unlock the accounts. Fuck. This. Windows. Live. Shit.
 

Teknoman

Member
So I changed to a decently strong password and check out the email I just got from "Windows Live team" >_>


j9NhDo2hIFUFD.png


Really, from fischbooks@live.com? C'mon son. Wish Detective GAF could somehow tracks these guys down...


EDIT: Credit card company had the charges as pending, so they erased them no problem.
 

Thoraxes

Member
TheNiX said:
Call your credit card company first. Don't rely on MS for the refund.
I'm debating which to do first only because they did actually refund me for the $5 charge. I'm just waiting on the $20 and $50 one though. SO yeah, maybe that would be best.

I figured i'd give it 10 days or so just because if I do get it back from MS, I don't want them depositing money to a card that doesn't exist.
 
happened to me on saturday also, got 3 separate emails that i purchased MS points. Decided to wait till monday to call and got the same answer as everyone else, account could be locked for up to 22 days and they will refund the points that were purchased.

I literally have not played a game on Live in a good 9 months so I dunno how they even got my username
 

Atomski

Member
hawkshockey11 said:
What kind of free games do you think Microsoft will give away? Maybe everyone will get a month of gold?
I'm pretty sure this has nothing to do with 360's security, but rather the users PC security.
 

AlexMogil

Member
Atomski said:
I'm pretty sure this has nothing to do with 360's security, but rather the users PC security.


Man, I don't know. If you had a half hour I could tell you a good story about how I lost, regained, put an INSANE password on the account... and lost the account again. And I did it from a clean PC.

I reiterate, fuck this windows live shit.
 

Raonak

Banned
What the fuck is going on?
Is this normal?

If theres one thing the PSN breach told me, it was use different passwords for each service.
 

Xamdou

Member
A friend of mine got hacked yesterday as well, his CC was charged a lot MS points. I changed my password and took out my CC info from my XBL account just to be on the safe side.
 

saunderez

Member
AlexMogil said:
Man, I don't know. If you had a half hour I could tell you a good story about how I lost, regained, put an INSANE password on the account... and lost the account again. And I did it from a clean PC.

I reiterate, fuck this windows live shit.
I've had that happen before with my GMail, they obviously had my secret question answer which they were using to recover my account and I couldn't change the secret question fast enough to lock them out. Took a few tries but I got there in the end. And now I use Google Authenticator so that's the end of that. 2 stage authentication FTW.
 

AlexMogil

Member
saunderez said:
I've had that happen before with my GMail, they obviously had my secret question answer which they were using to recover my account and I couldn't change the secret question fast enough to lock them out. Took a few tries but I got there in the end. And now I use Google Authenticator so that's the end of that. 2 stage authentication FTW.

Oh I agree... I 2 stage my Google, too. It's great. But you still have to use a Windows Live account to register your Xbox and use Live. And that has its own security, separate from whatever security you have on your Gmail account.
 

heavyness

Member
saunderez said:
2 stage authentication FTW.

If you don't use it now in gmail, turn it on! Basically, if anyone logs in to your gmail account from a different computer, they have to enter a special code that is generated and sent to your phone. Basically, they will have to steal your phone to change your password.

And yes, you can use gmail for you Xbox Live account (passport account).

Do it now!
 

LAUGHTREY

Modesty becomes a woman
mines been out of my hands for a while now, since July 5th. It's been a hassle trying to get it back but ive been reassured I'll get it back it just takes time multiple times now.

Here's what I think it happening:

I had my email and windows live account with the same name and password (incredibly stupid, I know.) but when it was getting compromised my gmail was never accessed from anywhere but my own IP so they didn't need to get into my email to reset my password. If I had gotten phished it stands to reason that someone would at least TRY to get into the gmail account since it would've made their lives 100 times easier.

I'm thinking this is a widespread issue now, because I got a chinese password reset email and then a password successfully reset email without my email account being compromised. they must have done the same thing that PSN had happen to it right after it went down for a few weeks in that they somehow spoof or manage to guess/get the URL to reset the password and reset it themselves without ever seeing the email. This could potentially be a pretty big security breach.

I actually got in contact with the guy who has my account now, he said he bought it from a Chinese website. Absolutely amazing.

MS support is a big pain in the ass, the investigation keeps going back and forth between the "investigation team" who works 5 days a week, to the customer service department, which is supposed to call/email me with any needed info or updates but never do. If they do call they call once, leave no message, and don't try again. I had my investigation completely started over earlier this month because their system fucked up and they lost all my information. I keep calling to make sure everything's on track, but they say it can take from 21 to 28 business days.

It's not that hard to tell them I'm Laughtrey. There's no other "Laughtreys" on the internet. Just email me I'll tell you its me. I wish I knew how robust their "investigations" are. I'm still out 70 bucks they charged to my account. If you guys can get pointcards instead of putting your credit card on your live account I suggest you do it just in case.
 

Phandy

Member
This is weird and both good/bad.
After having the fraud transactions take place last night, I sent an email to Xbox about what had happened. My bank still hasn't been charged which is good news.

Ive been sort of following whats been happening on my Microsoft Billing page. It appears that now Microsoft are refunding me the transactions, before my bank has even been charged. They have refunded me half of it so far. The remaining points that were on there have disappeared also.

The weird part is that they haven't even contacted me about it at all. I've had no reply to my email.
Maybe they know there is a problem somewhere and are instantly fixing it?

If anyone else thinks something funny is happening, check out 'billing.microsoft.com' - it has a good overview of everything.
 

darthbob

Member
Phandy said:
This is weird and both good/bad.
After having the fraud transactions take place last night, I sent an email to Xbox about what had happened. My bank still hasn't been charged which is good news.

Ive been sort of following whats been happening on my Microsoft Billing page. It appears that now Microsoft are refunding me the transactions, before my bank has even been charged. They have refunded me half of it so far. The remaining points that were on there have disappeared also.

The weird part is that they haven't even contacted me about it at all. I've had no reply to my email.
Maybe they know there is a problem somewhere and are instantly fixing it?

If anyone else thinks something funny is happening, check out 'billing.microsoft.com' - it has a good overview of everything.

When multiple charges for 4000 and 6000 occur, an account is automatically locked, and those charges reversed. However, a lot of people already know this, so they'll do 2x4000 and 2x6000 MSP purchase. So you'll have 1 charge for $49.99 and 1 charge for $74.99 that do get charged to your account before that lock can happen.

Still, when any of those points get spent, they can't get refunded because they came from the same 'pack', per se. Only way to get that back is to have the Xbox Support team file an Unauthorized Access claim for you.
 

steadfast

Member
Happened to me last week. No CC on file so they just spent $25 on FIFA bullshit.

The password was not changed so I got the account back, but a month before the investigations team decides on whether I get I points back or not.
 
What's the difference between having a CC on file and a paypal account on XBL ?

Do both let any hacker buy whatever they want until the owner realizes his account has been compromised ?

saunderez said:
2 stage authentication FTW.
This should be the norm. At this point, I view any service that doesn't offer the possibility as lacking on the security side of things.

Also, fuck paypal for charging me 30€ to use that. I'm not paying for this, the burden of building trust is on their side.
 
Top Bottom