-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
Hey, has your Xbox Live account been hacked/FIFA'd? Post here!
- Thread starter chubigans
- Start date
chubigans said:
-Date: October 21, 2011
-Damages: 3240 points spent on FIFA 12 Premium Gold Packs and Premium Jumbo Packs. Never played FIFA before; now it's on my gamertag with a few achievements on it.
-Currently: Account is under investigation.
-EA: Yes, I have an account. No, I haven't played an EA game in a while.
-Passwords: They were different.
-Account age: Since late 2007, I think.
-Compensation: None yet.
I caught the intrusion as it happened, and was able to sign into my Live ID and change all my details while the thief had my account on his Xbox draining my points on FIFA. He added an alternate email address to my account, so I removed that, changed my password, and my security question had also been changed to a Chinese character so I changed that as well.chubigans said:
Aptos
Member
-Date: October 16, 2011
-Damages: ~6k points spent on FIFA 12 Gold Packs, and 3 FIFA 12 achievements.
-Currently: Account is suspended and under investigation, and has been for about 2 weeks.
-EA: I've had an account since BF2142 and play many EA games on both PC and Xbox.
-Passwords: Same.
-Account age: Xbox - since '04, EA - since whenever BF2142 came out?
-Compensation: None as of yet.
-Security Question Changed: Nope
-Damages: ~6k points spent on FIFA 12 Gold Packs, and 3 FIFA 12 achievements.
-Currently: Account is suspended and under investigation, and has been for about 2 weeks.
-EA: I've had an account since BF2142 and play many EA games on both PC and Xbox.
-Passwords: Same.
-Account age: Xbox - since '04, EA - since whenever BF2142 came out?
-Compensation: None as of yet.
-Security Question Changed: Nope
I recently had my account returned to me for a second time. My gamer tag is Sonic, so I can see where it is a little desirable. The first time the account was stolen was over the summer and I kind of have an "in" with the company and with enough yelling I was able to get the account back. Second time also. No points were stolen or charged.
I really don't feel like going into details but let me give a couple words of advice.
Add 9 backup email accounts to your Windows Live account tied to your Xbox Live account. That way an additional email address cannot be forcibly added to your windows Live account.
Search text pastebin sites for your dox. For example my dox were listed with my gamertag on pastie.org, and pastebin.com.
Change your details on your account to something only you would remember. Make your address a little different. Make your zip code one number off. Use a friend's address. Use your middle name as your first. SOMETHING you would only know. Because if your details are out there, it is very simple to call Xbox support and have them change it to whatever they want.
In my example, for my second hacking, they called Xbox, changed my email address on my Xbox Live account, and said they wanted to cancel my credit card. No biggie, right? Wrong. They then sent a code with the remainder of my Live subscription to the NEW email address they JUST added. Six months of Live, gone.
I really don't feel like going into details but let me give a couple words of advice.
Add 9 backup email accounts to your Windows Live account tied to your Xbox Live account. That way an additional email address cannot be forcibly added to your windows Live account.
Search text pastebin sites for your dox. For example my dox were listed with my gamertag on pastie.org, and pastebin.com.
Change your details on your account to something only you would remember. Make your address a little different. Make your zip code one number off. Use a friend's address. Use your middle name as your first. SOMETHING you would only know. Because if your details are out there, it is very simple to call Xbox support and have them change it to whatever they want.
In my example, for my second hacking, they called Xbox, changed my email address on my Xbox Live account, and said they wanted to cancel my credit card. No biggie, right? Wrong. They then sent a code with the remainder of my Live subscription to the NEW email address they JUST added. Six months of Live, gone.
chixdiggit
Member
So is there any chance I will have to do another account recovery resulting in my offline play getting wiped? Like do I have to worry about my progress in Forza being set to back when I was last online?
metareferential
Member
This thread is scary.
That 9-email thing is new to me, might add that to my online security.
What kind of question does Ms ask when verifying someone's identity? It can't just be name/adress/etc.
Most efficient protection is don't give Ms your CC info. Or leave an empty pre-paid card as your CC. At least you stop them from buying anything.
Also, don't leave Ms points laying around.
That 9-email thing is new to me, might add that to my online security.
What kind of question does Ms ask when verifying someone's identity? It can't just be name/adress/etc.
Most efficient protection is don't give Ms your CC info. Or leave an empty pre-paid card as your CC. At least you stop them from buying anything.
Also, don't leave Ms points laying around.
My account was stolen on 8/23/11.
6000 MS points and 4000 MS points ($125 total) purchased w/ my account. (Nothing FIFA)
I got my account back about 30 days after I reported it, all $$ has been refunded.
Yes to EA account.
My gamertag (chewydogg) is almost 8 years old.
My security question was not changed, but country of residence was changed to Brazil.
Point of note:
I called XBox about 10 mins. after my account was stolen. The MS rep told me that he would lock the account and flag it for investigation. When I reclaimed my account I had new friends from Brazil, my purchase history showed activity four days after my phone call and I apparently played games that I do not own ( up to the first week of Sept.!). Does it take that long to lock an account?
6000 MS points and 4000 MS points ($125 total) purchased w/ my account. (Nothing FIFA)
I got my account back about 30 days after I reported it, all $$ has been refunded.
Yes to EA account.
My gamertag (chewydogg) is almost 8 years old.
My security question was not changed, but country of residence was changed to Brazil.
Point of note:
I called XBox about 10 mins. after my account was stolen. The MS rep told me that he would lock the account and flag it for investigation. When I reclaimed my account I had new friends from Brazil, my purchase history showed activity four days after my phone call and I apparently played games that I do not own ( up to the first week of Sept.!). Does it take that long to lock an account?
Psychotext
Member
Security question was changed on mine too. No idea what the answer was, but it certainly wasn't the original question.
Leftover911
Banned
Mine just got hacked today. Spent 1200 points on 10 PREMIUM GOLD PACKS, and tried to charge 6000 points to my card. Luckily I had an expired card on there so they couldn't charge me.
-Stolen in early August I think.
-4000 MS points.
-I had my account back in about 3 weeks.
-Yes to EA, for quite a while. Not exactly sure when, maybe 2005 or 2006?
-I don't think the passwords were the same, they might have been.
-Xbox gamertag since 2007.
-I was refunded by my bank day of and Microsoft gave me a couple 1 month XBL codes.
-They changed my password to the account right away. I caught the charge the day of, by a couple hours.
Honestly while it was crappy to have happen, it was the single most pleasant experience I've had with Microsoft. The phone call went extremely smoothly. I hadn't even been playing my Xbox for months.
-4000 MS points.
-I had my account back in about 3 weeks.
-Yes to EA, for quite a while. Not exactly sure when, maybe 2005 or 2006?
-I don't think the passwords were the same, they might have been.
-Xbox gamertag since 2007.
-I was refunded by my bank day of and Microsoft gave me a couple 1 month XBL codes.
-They changed my password to the account right away. I caught the charge the day of, by a couple hours.
Honestly while it was crappy to have happen, it was the single most pleasant experience I've had with Microsoft. The phone call went extremely smoothly. I hadn't even been playing my Xbox for months.
Flying Toaster
Member
-November 6th (Today)
-4000 pts
-account is under investigation and escalation for refund
-I have an EA account, I have not played any EA games in months
-No
-Since 2004
-NA, as of now account is still under review
NEW: nope.
The only reason I know it was hacked and I lucked out on this rather quickly, is that I was doing my banking this morning when the charge appeared. I called MS and changed my password immediately.
-4000 pts
-account is under investigation and escalation for refund
-I have an EA account, I have not played any EA games in months
-No
-Since 2004
-NA, as of now account is still under review
NEW: nope.
The only reason I know it was hacked and I lucked out on this rather quickly, is that I was doing my banking this morning when the charge appeared. I called MS and changed my password immediately.
biggyfries
Member
Ok, this whole EA thing is scaring me, since I'm new to xbox.
Where is my EA info? Did I need to sign up with EA, or is it automatic thru xbox?
I just got an old madden game. Got the update file, but dont play online. Am I still at risk?
Any info would be greatly appreciated.
Where is my EA info? Did I need to sign up with EA, or is it automatic thru xbox?
I just got an old madden game. Got the update file, but dont play online. Am I still at risk?
Any info would be greatly appreciated.
Rockman
Member
Interesting for those who have had their account hacked and country changed to Brazil. Microsoft's call center for Xbox support is located in Brazil. I hear they love soccer in Brazil for those who have had FIFA related content purchased. Inside job by unethical call center employees maybe?
Your profile information (name, address), XBox serial numbers (I'm pretty sure they can see which purchase was made with which xbox serial number), and the "secret question", which I promptly answered with "aw, cmon, nobody remember those things". Because I NEVER FUCKING DO.reggie said:
Most? Maybe. I'm from Brazil, but my Xbox Live Account says I'm from the US.Zeppelin said:
They have call centers everywhere. I specifically asked where my support girl was from (because my spoken english is kinda messed up, and she was pleasant to talk too), and she was from the US.Rockman said:
Brazil loving so much soccer could mean that there are Brazillians doing the hack, but they're not the only ones, as people have had Chinese characters in their secret question form.
I'm sure there are multiple people performing those hacks. Like I said earlier: There's no EA/Microsoft connection. It's just that EA has an easy way to make Microsoft Space Bucks buy something that can be easily tradeable and sold.
Garcia el Gringo
Member
I was never asked my "secret question" on any of my calls to support. And they always ask me for a credit card # even though I removed the only credit card I ever used from the account about 2-3 years.
Hmm.
Hmm.
Woke up to an e-dick up my ass.
Canadian here.
-The date it occurred: Nov 6
-Your "damages" (points spent, games played you don't own, etc.): 90$ worth of MS points that was mostly spent on something called "Rift"...
-Your current situation with MS (if your account is suspended, under investigation, etc.): Account under investigation, not able to play online
-How old your Gamertag/Live account is: 5 years old
-Your compensation, and whether it's been resolved or not: Not resolved, but the rep mentioned compensation. Also spoke with my bank who said they'll go to bat for me if microsoft tells me to fuck off.
-If your security question was changed, and if so, whether the new answer has Chinese characters: rep mentioned i didn't have one on account (not sure if I initially did).
Canadian here.
-The date it occurred: Nov 6
-Your "damages" (points spent, games played you don't own, etc.): 90$ worth of MS points that was mostly spent on something called "Rift"...
-Your current situation with MS (if your account is suspended, under investigation, etc.): Account under investigation, not able to play online
-How old your Gamertag/Live account is: 5 years old
-Your compensation, and whether it's been resolved or not: Not resolved, but the rep mentioned compensation. Also spoke with my bank who said they'll go to bat for me if microsoft tells me to fuck off.
-If your security question was changed, and if so, whether the new answer has Chinese characters: rep mentioned i didn't have one on account (not sure if I initially did).
secretanchitman
Member
reggie said:
when i called the first time (the day it happened), they asked for:
-my first/last name
-billing address
-phone number associated on the account (i gave them both my home and cell)
-gamertag
-credit card (told them i only use prepaid cards)
-an answer to my secret question, which was "who is my favorite fictional character?", in which i gave them around 4-5 characters but none were it. the first time i called, the rep said he'll bypass it, and he did so without a problem. the second time i called (2 days ago), the rep couldn't bypass the secret question, but was able to tell me the status of the investigation (still going on apparently).
-xbox live serial number on the back of the xbox and the console id in the dashboard.
the second time i called (2 days ago), they asked for everything except xbox live serial number and console id.
absolutely aggravating to say the least.
Speedymanic
Banned
Erm, why have the EA questions been struck through? Bad decision not to follow up on that line of inquiry and implies bias.
And many had different passwords? What? Seems to be about even, no real majority.
With regards to those who claim they used unique EA password, please detail the process in using a unique password so people don't fall foul of registering the same password as their XBL account when they register a new EA account.
Hate to keep asking, but no-one's been able to answer this, which makes claims of people having a unique EA password somewhat dubious.
And many had different passwords? What? Seems to be about even, no real majority.
With regards to those who claim they used unique EA password, please detail the process in using a unique password so people don't fall foul of registering the same password as their XBL account when they register a new EA account.
Hate to keep asking, but no-one's been able to answer this, which makes claims of people having a unique EA password somewhat dubious.
Tonner Cyn
Member
chubigans said:
- I believe I was hacked on 11/2/11. I had log-in issues on 11/3/11 which is when I noticed.
- Fortunately, I had an expired card on the account so as far as I can tell they were not able to charge anything. They did spend a bunch of points to buy a couple of Gold bundles.
- I did an instant chat with MS who advised me to contact Billing. At that point I should expect to have my account closed for up to 30 days.
- I have not changed my account name, gamer tag, or email since starting it up, probably 5 years ago?
- No compensation at this time as I have yet to contact MS about it. I do have to have some info from the console, right?
- My security question was not changed, though I did change it as a precaution.
EDIT: I noticed the problem because my gamer card showed I had played FIFA 12 and earned 2 achievements. I don't own FIFA 12. I probably have an EA account I set up sometime in the past and it probably was the same password. I played Madden 12 when it came out and I'm sure I have played other non-sports EA games as well.
It's not getting anywhere really. Some had unique passwords, some didn't, almost everyone had an EA account at one point, so what's the use in asking that anymore when we have more interesting developments like chinese characters in secret answers and such.Speedymanic said:
Speedymanic
Banned
chubigans said:
Fair enough, although I feel it's a little short sighted to drop the EA aspect so soon. Getting a proper idea of how many people had EA accounts and, more importantly, if they shared the same password is pretty important.
But if you feel it's no longer worth asking, fair enough.
Garcia el Gringo
Member
I'm officially at week two since I was hacked and made my first call. And my account has been suspended for nine business days.
So I just called support seconds ago to try to get a free month of Gold for an alternative account. I got over my hang-up of playing 360 games on an account that wasn't my main, I'll play games on a different account for a few weeks so I could join my friends on all the big games I was planing on playing. The lady I talked to informed me that my security question was now in Japanese. The 4 people I talked to the past 2 weeks did not mention that. Thank goodness for this lady. I was eventually planning on asking, but she brought it up on her own.
Unfortunately, since I have no credit card on the account and now that my security question has been violated they can't confirm that I am really who I say I am over the phone. They can't give me the complementary month of Gold in advance that some others were getting. I guess they'll know I'm me by checking the IP address during the investigation or something. That sucks a lot, but at least I know about the security question now.
So I just called support seconds ago to try to get a free month of Gold for an alternative account. I got over my hang-up of playing 360 games on an account that wasn't my main, I'll play games on a different account for a few weeks so I could join my friends on all the big games I was planing on playing. The lady I talked to informed me that my security question was now in Japanese. The 4 people I talked to the past 2 weeks did not mention that. Thank goodness for this lady. I was eventually planning on asking, but she brought it up on her own.
Unfortunately, since I have no credit card on the account and now that my security question has been violated they can't confirm that I am really who I say I am over the phone. They can't give me the complementary month of Gold in advance that some others were getting. I guess they'll know I'm me by checking the IP address during the investigation or something. That sucks a lot, but at least I know about the security question now.
Speedymanic
Banned
Garcia el Gringo said:
That doesn't sound likely. Surely they can verify who you are buy asking you confirm some old purchases, your DoB, the address you used to register the account, how long you've had the account, etc, etc.
Psychotext
Member
I was under the impression that's what they use the 360 serial number information for.
Speedymanic
Banned
Psychotext said:
Only if you've registered the console, might be mistaken though.
And MS are shite when it comes to using 360 serial numbers properly. If they implemented a check when you log into XBL using your registered SN, they could all but eliminate instances of account 'hacking', breaching, etc.
No need for two step or any other security measures. Force everyone to register their console when they setup an XBL account and use that info to keep accounts secure. Want to download your GT at a mate's house, fill in some additional security info via the console and even then the most you'd be able to do is play using that account, you wouldn't be able to change passwords, personal info and you certainly wouldn't be able to buy content or MSP.
MS are just lazy dicks in this regard.
Garcia el Gringo
Member
They always ask for my address and phone number, but nothing like date of birth or how long I've owned the account. She said they needed the last 4 digits of a credit card # or the answer to my security question to verify who I am over the phone. And that that was why I couldn't get the free month of Gold for an alternate account. I'm just reporting what that one support lady said. She was very apologetic about it all and said that the lack of info wouldn't impact my investigation.Speedymanic said:
That said, I find support to be very inconsistent. It's mind-boggling to me that she was the first support person to mention that my security question wasn't in English. So who knows? But I think I'm done calling support now, unless my investigation goes well over 25 business days.
Speedymanic
Banned
Garcia el Gringo said:
Yep, not the first time I've heard this. Some of them outright lie about what you're allowed to do to your account and what they can do or simply don't bother doing anything.
That said, my limited experience with MS CS has been good and pretty straightforward.
I didn't mean to be aggressive or insinuate you were wrong/lying, was just surprised and a little baffled that they would limit account verification to just your security question or the last four digits of a CC.
Harry Potter
Banned
Ugh. Account still frozen and there are 5 games I want to buy this month. fml
I know, first world problems
Speedymanic
Banned
Harry Potter said:
Pretty sure you can play offline.
If the game needs a patch, set up an temp account but don't redeem any codes, online passes, etc via the temp account. (goes without saying, but I thought I'd mention it anyway)
Harry Potter
Banned
Ya. Doesn't help me with MW3 MP though.
Garcia el Gringo
Member
Yeah, it's all about social gaming in November. Modern Warfare 3, Halo Anniversary, Saints Row 3. I already missed Battlefield 3 and the new Gears maps. By the time I get back my account my friends will have moved on. What's the point then? I missed the event and hype. Hell, the majority of my friends list only really bothers to log on during Call of Duty time.
I'm pretty much a singleplayer kind of guy the rest of the months of the year. What a lame coincidence.
I'm pretty much a singleplayer kind of guy the rest of the months of the year. What a lame coincidence.
Palette Swap
Member
Psychotext
Member
Are you sure about that? It would be very easy for them to check on which machines the gamertag is normally used.Speedymanic said:
They asked for it from my missus and she's never registered anything with them (I registered both of our consoles on my account).
AndyMoogle
Member
That's pretty big. Hopefully it means that they will add another security layer in the new dashboard update.Palette Swap said:
AndyMoogle
Member
That will never happen.big_z said:
Speedymanic
Banned
Lyphen said:
Why? If they aren't to the source of the breach, why would they need to do this? Normally, you're only forced to do this if you're worried about a security breach...
Psychotext said:
As I said, I may have been mistaken.
Speedymanic
Banned
Seems suspect.
antiquegamer
Member
chubigans said:
I think there's some sort of a link there if anything it does no harm of including it. Unless of course you have other agenda for this thread.
Anyway, on an interesting note just got an email today for my EA bioware account asking me to change my password because they want to increase "security". Another thing is that the email tell me all EA account are link and my password change would affect all EA related service. Email said if any account that was created before October 21st must have a new stronger password.
edit: damm, of course beaten by Speedy PR. : P
Thankfully haven't been hacked, but after reading all the horror stories in this thread I wanted to take some steps to avoid waking up to someone having FIFA'd my account.
There was an old thread about credit card removal on XBL that pointed to a really useful Reddit article.
That article described how to not only turn off auto-renew but later in the discussion how to also completely remove your credit card from your XBL account (apart from MS keeping it in their own records for historical purposes).
I can confirm that the methods described still work. Auto-renew is turned off for my XBL account, and my CC has also been removed. It's pre-paid cards and codes for me from now on.
I know this won't help those of you who've already been hacked, but for those who haven't--and don't want to spend a better part of their day talking to a MS rep--maybe this will help.
tl;dr - the links above tells you how to turn off auto-renew and remove your CC from your Xbox Live account.
There was an old thread about credit card removal on XBL that pointed to a really useful Reddit article.
That article described how to not only turn off auto-renew but later in the discussion how to also completely remove your credit card from your XBL account (apart from MS keeping it in their own records for historical purposes).
I can confirm that the methods described still work. Auto-renew is turned off for my XBL account, and my CC has also been removed. It's pre-paid cards and codes for me from now on.
I know this won't help those of you who've already been hacked, but for those who haven't--and don't want to spend a better part of their day talking to a MS rep--maybe this will help.
tl;dr - the links above tells you how to turn off auto-renew and remove your CC from your Xbox Live account.
GarthVaderUK
Banned
Santini said:
Thanks, I'm going to try that now.
GarthVaderUK
Banned
It worked! Card removed! Brilliant!
base shagohod
Member
Wow, this is fucking annoying.
My account has apparently been hacked.
-came home to sign in on my system and it said I had to recover my account. I was just online two days ago.
-tried recovering and pw was changed
-went to change password back, sign in to xbox.com and it looks like they bought 3 xbox gold accounts with points I just purchased two weeks ago.
What's my next step? I'm guessing call Xbox?
So fucking frustrating; now I'll have to switch to a different tag while they settle this bullshit.
edit: Just checked and Fifa 12 just played 11/7/11, same day the gold accounts were bought.
Not sure how to check my security answer thing.
My account has apparently been hacked.
-came home to sign in on my system and it said I had to recover my account. I was just online two days ago.
-tried recovering and pw was changed
-went to change password back, sign in to xbox.com and it looks like they bought 3 xbox gold accounts with points I just purchased two weeks ago.
What's my next step? I'm guessing call Xbox?
So fucking frustrating; now I'll have to switch to a different tag while they settle this bullshit.
edit: Just checked and Fifa 12 just played 11/7/11, same day the gold accounts were bought.
Not sure how to check my security answer thing.