• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

UPDATE: Hackers are selling stolen Xbox Live accounts on foreign auction sites. (!)

C

chubigans

y'all should be ashamed
So things just got a whole lot more interesting, as Zoe posted in the Xbox Live Hacking thread.

The news of Xbox Live hacked accounts has been going on still, which was already discussed in a few stories on Giantbomb and Kotaku. It's assumed that Fifa has something to do with all this; that is, people are buying Fifa Ultimate Team packs and flipping them on ebay. Just some random guy and social engineering or something.

But what's new is the fact that one person was hacked twice, with hundreds of dollars taken from her paypal account.

http://hackedonxbox.tumblr.com/post/15365217063/microsoft-a-company-with-no-brains-heart-or-soul

It's an interesting, horrible story, but here's the fascinating part: she was able to chat with the person who hacked her account. And he revealed that he bought the account on TradeTang.

A look at the site (warning: this may be a harmful site so it's NSFW and you should visit it on a secure browser) reveals over a thousand Xbox Live accounts, ready to buy. (edit: a lot of these accounts are ones created specifically for stolen credit card purchases, and not necessarily stolen accounts. Thanks volturnus.)

http://www.tradetang.com/wholesale-Virtual-Products_c40.html (if mods need me to take down this link, I will)

A look at some of the entries:

At your own risk ~

Points are easy to disappear. Please as soon as possible, using the account
Click to expand...

live points 10000 points 2 hours warranty used account please note: now only offer 2 hours warranty.you have to use all points and download all games in 2hours, after 2 hours we won't provide any help
Click to expand...

Nature of the goods: This is not used the new ID, you can modify your password after you, and permanently retained; use this ID to download or the content, all the ID of this machine can be used, not necessarily to use this, and with your machine where the server version and the old ID has nothing to do, please rest assured to use!



What we supply?

---ID with Password From 4000 Points to 12000 points


You need to be Noted:

---What we supply is an account with password which has point available, we don't supply any subscription code!

How we offer the accounts?

---we will send the account information By tradetang message
Click to expand...

10K Points Live Points accounts 10000 Points US Version
the warrantity is 2hours, when buy it,must use all points within 2 hours.thanks.

the warrantity is 2hours, when buy it,must use all points within 2 hours.thanks.

the warrantity is 2hours, when buy it,must use all points within 2 hours.thanks.
Click to expand...

please note: now only offer 2 hours warranty.you have to use all points in this account in 2hours and transfer all contents to your main account :)
Click to expand...

Dear friends : Since the points might expire , please use up the points within the warranty time ,any way ,the sooner the better . .

Thank you. .

If you do not agree with these please buy them eleswhere . thanks for your time :

1 . The accounts are not gold . And it is better not to buy gold membership for the account because it won't last too long . how ever the other items you buy with the points in the account can be there for ever and you can use them on your main account .

2. It will never let your console be banned according to our experience of more than two years .

3 . Please tell me which version you need before you place it

4 . Any other quesitons please feel free to ask me on line through "contact now " or "ask supplier " .. thanks . I am always ready to help you with any questions . Thank you !!

5 .Please complete the order in time after you have received the account and give a possitive feedback as well . We will be grateful for you and give you better and better service .

6 . Scamers / Liers buy eleswhere !!!

Befor place it Please choose the right option of the points.And ask us the warranty time if you want ,there is diffrent warranty time sometimes
Click to expand...

Hackers aren't necessarily gaining access to accounts to get some Fifa cards; they're selling them to people that can gain access to your account, buy a bunch of stuff with your points & tie it to their console. Then they abandon the account and you're left with the mess.

This is pretty unreal, and somewhat of a breakthrough as to why there's been so many hacked accounts lately. What's still unanswered: how these people are managing to gain access to all these accounts.
 
R

Raxus

Member
Well I am glad I never used my actual credit card for ANY of my online accounts.

You'd think Xbox would have taken as much flak as Sony for this shit.
 
V

volturnus

Banned
Those are not fifahacked accounts, they're recently created accounts with points bought on maximuscards.com or similar websites with stolen credit cards.
Warranty used to be 24hs, but now it's 2hs only because the guys at maximuscards wave warned several authorities and are pissed off already.
 
D

def sim

Member
I thought they were doing this the whole time? I can't imagine why they would not considering the information they supposedly have.

volturnus said:
Those are not fifahacked accounts, they're recently created accounts with points bought on maximuscards.com or similar websites with stolen credit cards.
Warranty used to be 24hs, but now it's 2hs only because the guys at maximuscards wave warned several authorities and are pissed off already.
Click to expand...

Well then, probably a mix of stolen and created accounts.
 
D

drizzle

Axel Hertz
That's nothing new. It's the easiest way to come through "easy points".

You buy an account that has 10k points in it, you activate the account on your console, you buy the content you want with that gamercard.

If somehow Microsoft gets that account back, since xbox live content is assigned to both the gamertag that bought it AND the console it was bought on, all the content can be used on that console legitimately.

If/when the account is retrieved back by Microsoft/the purchases are removed from the account, the "buyer" of the hacked account can never download that content again (his account doesn't have it and he doesn't have access to the account he used to purchase it), but as long as he doesn't delete the content, it's usable forever.

For the longest time those "accounts" were available on regular auction sites (in other words, you could find them on eBay). After a while, these auctions started to get pulled faster and faster, so it pretty much went all into forums or obscure Chinese auction sites.

The difference between this and the FIFA thing is that, in this case, the accounts are being sold because of the MS points funds in them. With the FIFA thing, the points and game content are bought on the stolen account and traded away through EA's trading system.

tl;dr: This is not new at all.

Edit:
volturnus said:
Those are not fifahacked accounts, they're recently created accounts with points bought on maximuscards.com or similar websites with stolen credit cards.
Warranty used to be 24hs, but now it's 2hs only because the guys at maximuscards wave warned several authorities and are pissed off already.
Click to expand...
Yes, that's also how this can be done.

They're completely different scenarios of fraud.
 
Y

Yagharek

Member
volturnus said:
Those are not fifahacked accounts, they're recently created accounts with points bought on maximuscards.com or similar websites with stolen credit cards.
Warranty used to be 24hs, but now it's 2hs only because the guys at maximuscards wave warned several authorities and are pissed off already.
Click to expand...

If you read the OP, you would know that the woman who was hacked found this site since her account was sold off via it.
 
C

chubigans

y'all should be ashamed
volturnus said:
Those are not fifahacked accounts, they're recently created accounts with points bought on maximuscards.com or similar websites with stolen credit cards.
Warranty used to be 24hs, but now it's 2hs only because the guys at maximuscards wave warned several authorities and are pissed off already.
Click to expand...

Then how did the girl with the twice-hacked account end up on that site?

I'm sure there are accounts like that, but hers were among them. And I'm sure plenty more are too.
 
B

Brazil

Living in the shadow of Amaz
After I was hacked last year and Microsoft told me I had to wait two months before they could do anything and that I should keep calling them (through the international line) to get reports on the situation, I just threw it all up in the air and waved the service good-fucking-bye.

They didn't even recognize the mass hacking waves as a "thing", and their customer support is one of the worst freaking jokes in the industry. I'll never get back to Live, ever.

So maybe someone out there has bought my account by now. Hope they rot with it.
 
Zoe

Zoe

Member
RandomVince said:
If you read the OP, you would know that the woman who was hacked found this site since her account was sold off via it.
Click to expand...

She even chatted with the person.

U9Uxc.png
 
T

Thoraxes

Member
WTF is this shit I just saw in the ToS (i'm probably a slowpoke on this):

16. LIABILITY LIMITATION.

You can recover from us for all successful claims only direct damages up to a total amount equal to your Service fee for one month. You cannot recover any other damages, including consequential, special, indirect, incidental, or punitive damages and lost profits.

This limitation applies to anything related to this contract, for example:

the Service;
loss of data;
your content, third party content (including code), third party programs, or third party conduct;
viruses or other disabling features that affect your access to or use of the Service;
incompatibility between the Service and other services, software, or hardware;
delays or failures you may have in initiating, conducting, or completing any transmissions or transactions in connection with the Service in an accurate or timely manner; and
claims for breach of contract; breach of warranty, guarantee, or condition; misrepresentation; omission; strict liability; negligence; or other tort.
It also applies even if this remedy does not fully compensate you for any losses, fails of its essential purpose or we knew or should have known about the possibility of the damages.

Nothing in these terms except the agreement to arbitrate and class action waiver in Section 18.1 will affect the statutory rights of any consumer. Nothing in these terms will exclude or restrict liability for death or personal injury arising from our negligence, fraud, gross negligence or willful intent. Some or all of these limitations or exclusions may not apply to you if your state, province, or country does not allow the exclusion or limitation of incidental, consequential or other damages.
Click to expand...

18.1.6. CLASS ACTION WAIVER. YOU AND MICROSOFT AGREE THAT ANY PROCEED­INGS TO RESOLVE OR LITIGATE ANY DISPUTE, WHETHER IN ARBITRATION, IN COURT, OR OTHERWISE, WILL BE CONDUCTED SOLELY ON AN INDIVIDUAL BASIS, AND THAT NEITHER YOU NOR MICROSOFT WILL SEEK TO HAVE ANY DISPUTE HEARD AS A CLASS ACTION, A REPRESENTATIVE ACTION, A COLLECTIVE ACTION, A PRIVATE ATTORNEY-GENERAL ACTION, OR IN ANY PROCEEDING IN WHICH YOU OR MICROSOFT ACTS OR PROPOSES TO ACT IN A REPRESENTATIVE CAPACITY. YOU AND MICROSOFT FURTHER AGREE THAT NO ARBITRATION OR PROCEEDING WILL BE JOINED, CONSOLIDATED, OR COMBINED WITH ANOTHER ARBITRATION OR PROCEEDING WITHOUT THE PRIOR WRITTEN CONSENT OF YOU, MICROSOFT, AND ALL PARTIES TO ANY SUCH ARBITRATION OR PROECCEDING.
Click to expand...
 
Y

Yagharek

Member
Zoe said:
She even chatted with the person.

U9Uxc.png
Click to expand...

Yep.

That woman's account should be mandatory reading for anyone who wants to come in here saying it's no big deal. Peoples' accounts are being stolen wholesale now, along with hundreds of dollars.

Microsoft's silence on this matter is damning. Not to mention their active deception of the public by silencing games journalists who get hacked.
 
D

drizzle

Axel Hertz
Brazil said:
After I was hacked last year and Microsoft told me I had to wait two months before they could do anything and that I should keep calling them (through the international line) to get reports on the situation, I just threw it all up in the air and waved the service good-fucking-bye.

They didn't even recognize the mass hacking waves as a "thing", and their customer support is one of the worst freaking jokes in the industry. I'll never get back to Live, ever.

So maybe someone out there has bought my account by now. Hope they enjoy it.
Click to expand...

Couple of things:

  • Skype makes free calls to 800-my-xbox. That's how I solved my stolen account issues.
  • The two month thing is because there's so many hacked xbox accounts that they can't solve all the issues in a timely manner. Yes, this sucks horribly. My account was given back to me in 2 weeks on the button. It sucks to wait 2 months, but you would probably get your account back.
  • They will NEVER admit that there's a problem. Mostly because I don't think there's a hacking problem. Most of these issues seem to be from Social Engineering and user dumbness: I had the same password on my Live account as my PSN account. It's good to remember that your Windows Live Messenger uses Windows Live as well. Same account, same password. That was pretty idiotic of me.

Also, this will be a 5-10 page discussion exactly the same as the last one: Bitter people complaining about shitty support, 3 people saying they got their accounts back without any issues.

This could easily be fixable with a two-tier identification system. Shoot an email to the registered address asking if you're authorizing the recovery of your account on another console. DONE. Steam guard does this and I don't think i've ever heard about stolen accounts ever again, at least not from smart people that don't have the same password on their email addresses.
 
V

volturnus

Banned
RandomVince said:
If you read the OP, you would know that the woman who was hacked found this site since her account was sold off via it.
Click to expand...

Maybe they're using new forms of getting CC numbers, then.

One of the guys I talked to said he worked in an office in Hong Kong with 12 other people that steal CCs from random sources and use them to buy points online with fresh accounts. Accounts were sold at $15 with 6000 points and the guy said his ''team'' is operating since 2007.

(btw: I was hacked once and did a thorough investigation by myself, I've never bought any account)
 
Zoe

Zoe

Member
volturnus said:
Maybe they're using new forms of getting CC numbers, then.

btw: I was hacked once and did a thorough investigation by myself, I've never bought any ccount)

One of the guys I talked to said he worked in an office in Hong Kong with 12 other people that steal CCs from random sources and use them to buy points online with fresh accounts. Accounts were sold at $15 with 6000 points and the guy said his ''team'' is operating since 2007.
Click to expand...

It's not credit card numbers, it's the accounts. People who are hacked are only seeing charges related to Live via the payment set up on their account. The cards themselves are not compromised.

And for this girl, it was a Paypal account.
 
B

Brazil

Living in the shadow of Amaz
drizzle said:
Couple of things:

  • Skype makes free calls to 800-my-xbox. That's how I solved my stolen account issues.
  • The two month thing is because there's so many hacked xbox accounts that they can't solve all the issues in a timely manner. Yes, this sucks horribly. My account was given back to me in 2 weeks on the button. It sucks to wait 2 months, but you would probably get your account back.
  • They will NEVER admit that there's a problem. Mostly because I don't think there's a hacking problem. Most of these issues seem to be from Social Engineering and user dumbness: I had the same password on my Live account as my PSN account. It's good to remember that your Windows Live Messenger uses Windows Live as well. Same account, same password. That was pretty idiotic of me.

Also, this will be a 5-10 page discussion exactly the same as the last one: Bitter people complaining about shitty support, 3 people saying they got their accounts back without any issues.
Click to expand...

You can bet I'm bitter.

And how can someone get their account back "without any issues" when losing their account in the first place is a huge issue? It's the kind of thing that simply can't happen. And when it happens, it should be solved as quickly as possible. Not after weeks of "investigation".

For me, it just wasn't worth it to keep involved with a service that offers no security and that is run by people that don't feel in the need to be honest with their customers. I know I could get my account back, but I don't want it anymore. It's not worth the effort.
 
metareferential

metareferential

Member
Boogalogist said:
Why isn't this splashed all over the news like the PSN account hack?
Click to expand...

Because it's been happening for a few years now, and Microsoft even denies the very existence of the issue.

EDIT: problem with the Live ID is that you can't fucking change it xD

Every time I try to change the ID tied to my gamertag, I just get an error. Everything else works perfectly.
 
V

volturnus

Banned
Zoe said:
It's not credit card numbers, it's the accounts. People who are hacked are only seeing charges related to Live via the payment set up on their account. The cards themselves are not compromised.

And for this girl, it was a Paypal account.
Click to expand...
I thought those were the Fifa hack incidents?
 
D

def sim

Member
Boogalogist said:
Why isn't this splashed all over the news like the PSN account hack?
Click to expand...

Because it's not system wide. If that we're the case, almost everyone who has an XBL account will be here complaining. The point of these threads is to find a reason how select people are being targeted.
 
F

funkystudent

Member
Raxus said:
You'd think Xbox would have taken as much flak as Sony for this shit.
Click to expand...

You would think that but MS are a whole lot better at PR and spreading a positive message and keeping the media folk happy.
Plus game journalists dont normally have to deal with the normal lengthy systems MS has set up for normal people. They had there own separate quicker channel to go through when RROD was a thing and I bet MS have or are planning something similar for any media people who get there account compromised since this problem is only getting bigger.

Actually this doesn't seem to be connected to the Fifa scams... still pretty fucked up though that people are abusing the system like that.



Still I hope MS and every other console maker introduce some form of 2 step verification since that seems like a good way to protect peoples accounts.

Maybe even sell some kind of XBL USB authenticator thats similar to the WoW authenticator blizzard sells.

After last year any other security features they can add would be great.... Just add more.
 
G

Garcia el Gringo

Member
Brazil said:
They didn't even recognize the mass hacking waves as a "thing", and their customer support is one of the worst freaking jokes in the industry. I'll never get back to Live, ever.
Click to expand...

Support was so inconsistent with this when I was dealing with them. Some knew exactly what the "Fifa hack" was and would try to help me right away, some were completely incompetent with unauthorized access (not knowing what it was or how to begin helping me). Some support reps would admit that the call center had been swamped with people claiming that they were robbed, others would pretend like I was the first and only victim in the history of Xbox Live.

Boogalogist said:
Why isn't this splashed all over the news like the PSN account hack?
Click to expand...
Because most people can still play their games online and have their MS point balance untouched, so "sucks to be you." Journalists, besides Patrick Klepek, don't seem to care about the issue until it effects them.
 
RedAssedApe

RedAssedApe

Banned
Is it just me or are there problems with the xbox.com site? Trying to remove my PayPal but the site isn't responding.
 
C

Codeblue

Member
It sucks when the only way for this to get attention is to start your own blog.

There is no part of this that hasn't been mishandled.
 
D

drizzle

Axel Hertz
funkystudent said:
You would think that but MS are a whole lot better at PR and spreading a positive message and keeping the media folk happy.
Plus game journalists dont normally have to deal with the normal lengthy systems MS has set up for normal people. They had there own separate quicker channel to go through when RROD was a thing and I bet MS have or are planning something similar for any media people who get there account compromised since this problem is only getting bigger.
Click to expand...
This is a much bigger issue. Hacking happens, people lose their accounts because they have idiotic passwords ALL THE TIME. Fuck, I still use the same password that got hacked on my Windows Live account on some shitty websites and forums on the web that I don't care about.

Now, the fact that Microsoft actively bumps journalists to the top of the pile, quickly solve their issues, negates the amount of compromised accounts and doesn't even care enough to come up with a system to protect the accounts, like SteamGuard and it's two-tier authentication system, is fucking ABSURD. It's ABSURD. It's the 3RL scenario ALL OVER AGAIN, but with a much bigger issue, imho.

People should focus on that. Support sucks, what else is new? You'll get your account back, if you keep complaining. It'll take two months, but you'll get your shit back. I recently bought a cellphone online on a big store (I'm not from the US, so I can't use Amazon) and it was never delivered. It took them 45 days to give me a new phone. Support sucks, sure. What are you going to do? Are you saying "fuck it" and giving up the right to have your product?

Complain about the real issue: Lack of a system engineered to prevent authentication of your account in the case your account is stolen. "I'm an idiot and my password was weak and Microsoft didn't return the account to me immediately! I'm so angry at them!" will gets us nowhere.
 
Ardenyal

Ardenyal

Member
Boogalogist said:
Why isn't this splashed all over the news like the PSN account hack?
Click to expand...

Because the hackers don't want any publicity. The PSN hacking was on the news only because the hackers were gaming the media with PR statements etc. MS also wants to keep a low profile on this matter, every youtuber/media person has had their hacking resolved within days...
 
ElRenoRaven

ElRenoRaven

Gold Member
Wow. Reading her story is just flooring. That's the type of total failure on Microsoft that leads to lawsuits.
 
G

gundamzeta209

Banned
I see a lot of people throwing the term "social engineering" around In this thread. what does that mean in this context? Im guesing that We arent talking about federal and state social policies here
 
F

Face it Tiger..

Banned
slowclap.gif

Now that's some all-star investigating, Detective-GAF.

I hope these ass clowns get what's coming, swiftly.

EDIT: aggregating & elaborating information for me for me as a reader is key, mindlog.
 
D

def sim

Member
Ardenyal said:
Because the hackers don't want any publicity. The PSN hacking was on the news only because the hackers were gaming the media with PR statements etc. MS also wants to keep a low profile on this matter, every youtuber/media person has had their hacking resolved within days...
Click to expand...

Some tin foil hat stuff right here. XBL, or any service, being completely compromised would be a huge story anywhere. Get some perspective, the PSN hack is in a different level than this. Both are still awful though.
 
S

saunderez

Member
gundamzeta209 said:
I see a lot of people throwing the term "social engineering" around In this thread. what does that mean in this context?
Click to expand...

Basically pretending you're someone else and using that to your advantage. With enough information you can easily impersonate anyone when - for instance - calling Xbox Support. I blame Facebook for the explosion in social engineering, it's incredible how much information morons put there for the public to see.
 
D

drizzle

Axel Hertz
Sysgen said:
Has MS implemented a Steam Guard equivalent?
Click to expand...
Neuromancer said:
No but they need to; this is getting absurd.
Click to expand...

They really need to. The only thing they added is the "Xbox 360 Profile Protection System", which is an option that requires any xbox out there to re-download your profile: https://live.xbox.com/en-US/Profile/Protection

In other words, they need to input your account password on that machine again to re-download the profile.

Which is fine and dandy when you go to a friends house, download your profile and, somehow, you forget to delete it from the console. If he tries to get back in, he'll need your password and will be screwed.

HOWEVER, this doesn't help in the event of a console being hacked AT ALL. We really need two-tiered activation, Steam Guard style.

gundamzeta209 said:
I see a lot of people throwing the term "social engineering" around In this thread. what does that mean in this context? Im guesing that We arent talking about federal and state social policies here
Click to expand...
saunderez said:
Basically pretending you're someone else and using that to your advantage. With enough information you can easily impersonate anyone when - for instance - calling Xbox Support. I blame Facebook for the explosion in social engineering, it's incredible how much information morons put there for the public to see.
Click to expand...
Exactly. "Social Engineering" is not hacking a system, a database. It's "hacking" the person on the other line of a phone line. Pretending to be somebody else with enough information to make that person believe you're the user of that account, and acquire even more information. And it's not only on Xbox Support.

Let's say you call some other service that, instead of changing your password, provides you your password through the phone. Let's also say you're one of the millions of people that have tiered password system: One for stupid websites on the internet, one for regular sites you care but don't have any credit card information and another password (usually this one is really good! It has numbers and shit!) for those sites that do have Financial/Personal information.

If you, for instance, call Netflix and somehow get them to give you your Netflix password, there's a chance that the same password is being used on the 360. As one service "ties" into the other, both have Credit Card information, both need to be seucre. What do you do? You use your "good" password in both services. Boom, you're screwed.

I'm specifically calling out Netflix because, in prior threads, some reports of people socially engineering through Netflix have been found.
 
M

Mindlog

Member
Tiger uppercut said:
http://i307.photobucket.com/albums/nn309/thtswhatshesaid/slowclap.gif
Now that's some all-star investigating, Detective-GAF.

I hope these ass clowns get what's coming, swiftly.
Click to expand...
I don't quite understand how the reposting qualifies as GAF detective work -_-

Now, what someone should be doing, 'Hello Kotaku, GB, IGN, Shacknews, etc etc etc.' Setup a script to monitor the shady auction sites for a period of several weeks. That will give you a rough estimate of compromised accounts. Some actual number to pin to the headline.
 
M

Mxrz

Member
However you want to put it, its still MS' customers being fucked. That isn't a positive. Surprised the site manages to be as low-key as it is. Or was, hopefully this gets MS to doing something.
 
You must log in or register to reply here.

Similar threads

[UPDATE] 3DS and Wii U software online services to end on April 8 | Pokemon Bank and Poke Transporter to remain online
News
0
462
Thick Thighs Save Lives replied
Xbox 360 COD games won't sign me in at all
14
2K
David B replied
Introducing Steam Families
Platform 2 3
143
5K
Topher replied
I am a professional hacker...
38
2K
kurisu_1974 replied
Xbox's automated 'moderation' systems need to be scrapped. Microsoft has fired thousands of customer service employees, and replaced them with AI
Opinion News Drama 2
93
5K
StereoVsn replied
Top Bottom