• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

Hey, has your Xbox Live account been hacked/FIFA'd? Post here!

sonicmj1

Member
Yeah. I didn't have my points yet, so I called them now to ask about it. First, my support guy was shocked I got my account back so fast. I'm apparently a real rarity.

Secondly, I probably won't get my points back until the next billing period, which just happens to come around on the 18th of every month. So I guess I'm boned there.

Kinda sucks, but at least I can play Street Fighter with my friends if I want to.

It's been a month since I regained control of my account, and I still don't have my points back.

How hard is it to give me a refund?
 
Don't wait for MS to make a move that they probably won't. It seems like they have moved on from your case. Complain to support. Get the BBB involved if support fails to refund you.

It really sucks that some people have to fight for their UA cases to be solved. It ate up so much of my free time back in Oct-Dec. But don't give up, fight for your stolen spacebucks.
 
Not hacked yet but...

I tried to remove my credit card information last month but it said I couldn't because I still had an active account (Live Gold). Ok, fine, I turned off auto renew and let the subscription run out. Yesterday is ran out and now I'm a "free member." So I log into billing.microsoft.com and THE REMOVE CREDIT CARD OPTION IS GONE! In help they even said they removed it. Come on microsoft!
 
Yeah, didn't someone in one of there threads mention that everyone of his friendslist was targeted? Don't know if that was an exaggeration or something.

I warned all my friends when I was robbed back in October because I thought something like that could possibly happen. I would have felt horrible if some thief used my friendslist for new targets. None of them were attacked though.

Anyway, it seems like MS can finally handle this UA cases competently. A few days or a week of investigation is reasonable. Either the bulk of the attacks are over or MS has really hired more workers. The next step is just adding more security options for the users to avoid UA all together.
 

depths20XX

Member
My account got hacked last August. They bought $125 worth of points and spent it on XBLA games in the span of a night. Ended up taking until December to get my money refunded. It took countless calls checking on the status and probably hours on the phone. I won't be renewing Live after my free months are up. Probably the worst service I've ever had.
 
Not hacked yet but...

I tried to remove my credit card information last month but it said I couldn't because I still had an active account (Live Gold). Ok, fine, I turned off auto renew and let the subscription run out. Yesterday is ran out and now I'm a "free member." So I log into billing.microsoft.com and THE REMOVE CREDIT CARD OPTION IS GONE! In help they even said they removed it. Come on microsoft!

What the fuck? I don't get why MS are making it so difficult to remove CC info?!? Why make it so difficult and potentially open up all kinds of class action law suits if this hacking stuff goes big.
 
My account got hacked last August. They bought $125 worth of points and spent it on XBLA games in the span of a night. Ended up taking until December to get my money refunded. It took countless calls checking on the status and probably hours on the phone. I won't be renewing Live after my free months are up. Probably the worst service I've ever had.

My case didn't last anywhere near as long as yours, but I know that feel.
 

NewBrof

Member
my account got hacked this weekend. I had linked my account to paypal (I removed CC during the PSN problems)... so I could cancel 3 transactions with a total of 5000 MS points... after contacting MS, they suggested to cancel the paypal transactions on the paypal site (it would be faster that way)...

why aren't those MS hacks in the news....??? My password was weak though (6 letters, no numbers or special letters)...
 
why aren't those MS hacks in the news....??? My password was weak though (6 letters, no numbers or special letters)...

It's not in the news more because it's likely effecting only a minuscule percentage of Live users and no one is really sure what's going on. MS and EA claim it's not hacking. We have no confirmation that it's phishing. The theives haven't really been exposed so it's a hard story to report on. And the enthusiast press that could be reporting on it gets pampered by MS if they get robbed. So we're not going to win this one.

Check your passwords with howsecureismypassword.net and use unique passwords for every service in the future. You don't want a 6 letter dictionary word to be your master key. Heck, I had a unique 10+ case senstive character password and I still got attacked. And I really don't think my computer was infected with any keyloggers any time in the past year or so. I'd sure like to know where I went wrong if I was phished so I could practice better security going forward.

I think the best thing for victims (and Live users in general) to do would be to put MS on blast for their lack of two step and other account security options. I think this is the more important thing to focus on now than finding a group to blame for the UAs.
 

akira28

Member
Yah someone changed my Windows Live ID account password a week ago. I had a suspicious feeling today and decided to check it out, and of course it had actually been changed. So I changed the password again, and logged into Xbox Live, no apparent changes. I wonder if I should do anything else, or am I covered? I did have my credit info attached, but no new purchases, and only my last 4 digits were visible. Of course now they know my name and my zip code...


Nothing happened to me yet...so I'm guessing they're just hacking accounts in bulk now?
 

Deefuzz

Member
Mine was compromised a couple weeks ago. I only use my live ID with my Xbox Live stuff, never use that address for anything else. I know better than to get phished, and as far as I know I am not using that same address/email combo for a login on any other site.

I noticed when I saw an email in my account for a receipt for purchase of MS Points. It was about $125 total (10000 MS Points). I tried logging in on the website and I couldn't. I did a password recovery and found that my LIVE ID was no longer linked to my Gamertag and I couldn't change it. Called in support and told them what was going on. Told me it would be about 12 days.

Had it resolved in 3 days, but I have to continue using this temp LIVE ID they setup for me for the next 30 days until I can change it to something else. Charges were reversed but now I have no MS Points in my account, and I could have sworn I had some sort of balance in there before all this happened, but I don't remember if I did or how much.

But yeah, I now have 15 achievement points for FIFA 12 that I never wanted...yay.
 
I really chanced it taking this long but I finally removed my debit card from my account. Did it through chat on xbox.com. Was painless. I made her well aware why and told her she would be hearing about the "FIFA HACK" soon enough and she said she was "Well aquainted with the FIFA issues.".
Unreal this thing.
 

Satchel

Banned
Had my credit card tied to my account for around 6 years.

Taken it off now since this. Not worth the risk. I rarely if ever use the CC, and I haven't auto-renewed once. I've always found deals online and stuff.

Better to be safe than sorry.

I only have around 700 points in my accoutn right now anyway. I'd now be more pissed about having FIFA 12 on my gamerscore, when I'm not interested in owning or playing it. Very OCD about that.
 
Blah, you guys are reminding me how much it irks me when I scroll past Fifa 12 on my games played list. I like to get about 75% gamerscore out of each retail games I play. I'm stuck with 35/1000 achievement points for Fifa 12. Welp, at least I'm not sick in the head enough about achievements to actually buy Fifa 12 just to fix my stats. There's no way I'm supporting a game that's used to launder space money. There's no way I'm buying and playing a sports game. I probably would have caved if it was some geeky shit.
 

hitoshi

Member
Mine was compromised a couple weeks ago. I only use my live ID with my Xbox Live stuff, never use that address for anything else. I know better than to get phished, and as far as I know I am not using that same address/email combo for a login on any other site.

I noticed when I saw an email in my account for a receipt for purchase of MS Points. It was about $125 total (10000 MS Points). I tried logging in on the website and I couldn't. I did a password recovery and found that my LIVE ID was no longer linked to my Gamertag and I couldn't change it. Called in support and told them what was going on. Told me it would be about 12 days.

Had it resolved in 3 days, but I have to continue using this temp LIVE ID they setup for me for the next 30 days until I can change it to something else. Charges were reversed but now I have no MS Points in my account, and I could have sworn I had some sort of balance in there before all this happened, but I don't remember if I did or how much.

But yeah, I now have 15 achievement points for FIFA 12 that I never wanted...yay.

I hope this helps: You can check all your previous purchases and your balance regarding your account at billing:

https://billing.microsoft.com/
 

Curufinwe

Member
This familiar story of a hacked Xbox account has some unusual twists.

http://www.cheapassgamer.com/forums/blog.php?b=23483

I’m a 30 something, college professor who lives in the US, not a Russian hacker stealing Xbox Live accounts! This is all info they have and can easily verify. Yet they refuse to unban my account simply because there’s no official record of suspicious activity before I called them after the account was migrated. The hacker had my log-in info, so they have no way of knowing the exact point when the account was taken over, and thus they are just blame me for anything that happened prior to my starting the investigation. And it gets permanently banned due to their zero tolerance policy.

What kind of customer service is it to not give the customer the benefit of the doubt in such a simple case as this? Are account thieves reporting their own accounts stolen, going so far as to file Better Business Bureau complaints to try to get them back? Am I omnipresent so that I can be hacking accounts from Russia while living and working in the US? It’s just baffling that Microsoft can treat a loyal customer this way. The 360 was the only console I’ve owned most of this generation, and I’ve spent a great deal of money on the hardware (two consoles since the first got the RROD outside of the 3-year warranty), X-box live memberships, X-box live points and games. I’ve never had any suspensions or other disciplinary action on my account prior to this debacle.

Yet when I’m victimized by a hacker, I get the run around on getting the account back and then get accused of being a hacker myself when all logic and reason clearly illustrates that the violations which got my account banned were committed by whoever stole my account.
 

U2NUMB

Member
My first friend just got hacked 10 min ago. Or at least he just noticed. Drained a ton of points and had The Lara Croft XBLA game on his list which he did not own.

But I get the feeling his password was not unique even though I warned all my friends months ago to at least make that step.
 
My first friend just got hacked 10 min ago. Or at least he just noticed. Drained a ton of points and had The Lara Croft XBLA game on his list which he did not own.

But I get the feeling his password was not unique even though I warned all my friends months ago to at least make that step.

Welp, now he gets to keep an amazing game for free! A gamer should be proud to have Lara Croft and the Guardian of Light on their games played list. And support will probably fix his case in a few days like everyone else experiencing it now. I wish whoever robbed me bought awesome shit instead of Fifa 12 Gold Packs.
 

S1kkZ

Member
mine was hacked yesterday. 6000 points were bought with my credit card and they were used to buy a "jumbo gold pack" (whatever that is). i never played fifa. already called ms and the cc company.
 

F0NZ

Member
Got hacked well over three months ago, and am still waiting on Microsoft to sort it all out. I've called customer service more times than I care to count and have essentially given up. The crazy thing is that, even after requesting that they cancel my account, M$ is unable to do so. WTF?

It takes someone from Brazil approximately 10 mins to take control of my account and change the region of said account, while it takes 3 months, and counting, for Microsoft to get a handle on the situation. I'm disgusted with the way my situation has been handled by M$.
 

Massa

Member
Interesting tweet from Gamespot's Brendan Sinclair:

EA forecasts $47 million in FIFA 12 digital revenue this quarter alone. Presumably split between a dozen hacked XBL accounts.
 
Just sent an e-mail to 7 RLF's to get their card off file as two people on my list have been hit. Probably should have done it sooner.
Would love to start a new thread to get all 360 owners to spam their 100 or less friends on Live to get their CC's off file. I think a mass exodus off CC's will send MS a message. I won't start a new thread though as I think it will be frowned upon with all these FIFA Hack threads and I like my account here.
 

Jindujun

Neo Member
-The date it occurred
-Your "damages" (points spent, games played you don't own, etc.)
-Your current situation with MS (if your account is suspended, under investigation, etc.)
-If you have an EA account of any kind, or have played any EA games in the past few months
-If your password, to your knowledge, was a unique one between your EA and MS account.
-How old your Gamertag/Live account is, and
-Your compensation, and whether it's been resolved or not.
-If your security question was changed, and if so, whether the new answer has Chinese characters.
-Did you have the 4-button security pass code enabled for your account? (thanks ukresistance!) (also can anyone confirm if this passcode is local console only or tied to the account?)

- January 12th
- 4400 points spent, FIFA 12 played
- Account locked and unlocked after 5 days. Have not recieved my points back yet.
- Have an EA account, yes. Not linked to Xbox LIVE account.
- Unique passwords on each service
- Not sure
- Compensation. Promised to get my points back and 1 month of gold for the 5 day lock.
- No.
- No

I might add that the additional email they added to my account as a secondary email had been used to hack LIVE accounts previously in october last year. Seems very odd that microsoft hadn't blocked it or something
 
What the hell do I do, GAF? Account has been locked and waiting investigation since before Christmas, still no word. Been in touch with customer support half a dozen times and they never have any updates.
 
What the hell do I do, GAF? Account has been locked and waiting investigation since before Christmas, still no word. Been in touch with customer support half a dozen times and they never have any updates.

Are you in North America? If so, file a complaint with the BBB. Support will make you a priority.
 
Yeah, I'm in the continental US. Seems like a drastic recommendation; has this been done before to some success?

My account has been locked since fucking OCTOBER, and still no word from MS. I filed a complaint with BBB today. Not sure if it will prod MS to get off their ass and do something or not, but it's worth a try.
 
My account has been locked since fucking OCTOBER, and still no word from MS. I filed a complaint with BBB today. Not sure if it will prod MS to get off their ass and do something or not, but it's worth a try.

Microsoft actually does take BBB complaints very seriously. Here's the key though... don't tell the BBB you're satisfied until MS actually fixes what they said they will. A rep from MS will call promising you that it will all be taken care of, and then immediately file to the BBB that the problem was resolved. When the BBB e-mails you to see if you agree, say no, and refuse to accept their resolution until MS actually takes care of business. I had to open a 2nd BBB report because of this. As I've learned, MS reps say a lot of things (like you'll get a call back from us within the week), most of it is complete bullshit.
 
I got the FIFA hack about a month ago. I was actually watching my brother play online when my XBL name popped up online. Talk about a WTF moment. I told my brother to instantly message him as I scrambled to cancel my credit card and get Microsoft on the phone. Luckily, all he had time for was to collect the 2800 MS points I had sitting in my account and didn't charge any more to my card.

What really kills me about this is that Microsoft hasn't admitted that their security has been breached. They CONTINUE to say that anyone who has fallen victim to this was a victim of a phishing scam. Essentially, they're saying it's OUR faults. Not only do we get hacked, but Microsoft blames us for it. They said that we must've given some of our information out online in a scam. I've heard many people say that that's not possible. I'd like to think the vast majority of us on GAF are internet literate and know not to give our personal information up in one of those 'free MS points' scams.

Anyway, they locked my account and I actually got it back quickly (ten days?). I changed my Windows Live password and since my credit card is cancelled, the next time it happens, they can't charge points to my card. I also try to keep my MS point balance to as close to zero as I can get it. Which kind of sucks because now I'll wait until the math works out to buy points to use on games. By that, I mean if I see a game for 800 points, I'm not buying it until I see another game I want for 800 points to be able to redeem a 1600 point card and use it immediately.

If anyone has their credit card, debit card or paypal account linked to their Xbox, don't say you'll take it off later. Do it now, because I didn't think that this stuff would ever happen to me.

On a final note, it really bothers me that the game press isn't covering this better. Playstation had a security breach, shut their service down COMPLETELY and then came back with an apology (free games) when they finally got it back up. Microsoft, on the other hand, had a security breach, lied and said that they didn't, blamed their customers for it and continue to leave their service up where people are suffering from the same scam each and every day.

And the worst part? We're all paying for this service. It feels like a huge 'fuck you' to me after being hacked.
 

Amneisac

Member

Grecco

Member
. Microsoft, on the other hand, had a security breach, lied and said that they didn't, .


How do you know this?



Anyways


http://majornelson.com/2012/02/07/a-letter-from-alex-garden-your-security/



Recovering compromised accounts – in a timely manner – is also a priority and an area where we’ve made, and will continue to make, improvements. We have invested more resources in our account recovery process and as a result, for most new fraud cases we are now able to investigate and return accounts within three days. For users who have added strong proofs to their accounts, this may be as fast as 24 hours. We still have a few cases that are taking longer to fully recover and some refunds are still being processed, but we’re making great strides. We hope our customers are experiencing the improvements firsthand.
 
I know it's frustrating, FollowSmoke, but Microsoft would have admitted if they were hacked. It's most likely some form of social engineering. There are many other reasons to be upset with MS in this whole mass UA incident. Knock MS for how bad their support is (well, was back in 2011) and their lack of account security options. Don't get stuck on some potential hacking coverup.

That's a totally reasonable amount of time to resolve a case. I wish I only had to deal with this instead of my 50 days of torture. Hopefully two-step is not too far behind. I can't wait until this is all over so we can go back to enjoying the Live service worry free.
 
I know it's frustrating, FollowSmoke, but Microsoft would have admitted if they were hacked. It's most likely some form of social engineering.
No. There are a number of us here who know for sure that's not the case.

My missus didn't even have the (pretty strong) password for her account and it was only ever entered directly into a 360. Would have to be some sort of voodoo level social engineering to get between my fingers and the pad.
 
It really baffles me how I could have gotten phished too, if that's the case. I practice good security and I've never had a problem with any other service in my many years of being online. I regularly use strong and unique passwords and different emails for my accounts. My computers were and are free of any keyloggers. I don't have any personal info that could be found by Google searching my gamertag. My gut tells me that it wasn't a problem on my end.

But I think it's really unlikely that MS is covering up being hacked. A company wouldn't risk covering that up, especially after the PSN hack. That'd be suicide if MS was exposed.

I'd love for it to be confirmed that MS was hacked so I could point some fingers, be showered with compensation and know that my security practices are solid. But unless someone has proof that MS was hacked, it doesn't make sense to speak in such a definitive way. I'm not trying to get off topic though. I'm one of the guys that doesn't want to argue hacking vs phishing. I'm the guy who won't shut up about how we just need two-step.
 

Grecco

Member
But I think it's really unlikely that MS is covering up being hacked. A company wouldn't risk covering that up, especially after the PSN hack. That'd be suicide if MS was exposed.


Microsoft is such an incrdibly large company, with so many people involved that covering up a hypothetical hack, (Which has been happening for around a year maybe more) would be incredibly difficult if not impossible. Not only that it took Sony 3 months to close the avenue they were hacked, Microsoft would have closed their "hack" by now as well.
 
But I think it's really unlikely that MS is covering up being hacked. A company wouldn't risk covering that up, especially after the PSN hack. That'd be suicide if MS was exposed.

I don't see how it's so far-fetched. It's either all of us gave our information away somehow, or people got it by exploiting Microsoft's security. There's no third option, right? This quote is from a statement Microsoft made three weeks ago on allegations that their security was compromised: "In addition, it reiterated that account compromises are often a result of phishing scams and malware used to snatch your password."

There's no way that that's the case. There are too many people saying that there's no way this could've happened. And how could they've used malware to 'snatch my password' when I hadn't logged into Windows Live since I'd created the account years ago? There was also an article on UK's IGN that explained Windows Live had a loophole, allowing a program to use brute force it's way in. Which, is a breach in Microsoft's security.

Why would Microsoft deny this? Why blame the consumer instead of admitting they fucked up? They don't want to have to shut down. That's 35 million paying users. If the service is down three months to fix it--like PSN--that would be $350,000,000 in XBL membership fees alone. Nevermind everything else that would be affected. As the CEO of a company in that situation, would you take the months and months of regular people on the internet complaining of being hacked, their voices going (for the most part) unheard? Or would you admit to a security breach and lose the company hundreds of millions of dollars?

I'm not a conspiracy guy. I think of myself as a completely rational human being who can step back and evaluate things without involving emotion. That being said, I believe Microsoft is covering this up.
 

jimmypop

Banned
But I think it's really unlikely that MS is covering up being hacked. A company wouldn't risk covering that up, especially after the PSN hack. That'd be suicide if MS was exposed.

Or, it would be the cost of doing business. RROD is really a distant memory for you?

Somewhere, data was compromised.
 

Satchel

Banned
I don't see how it's so far-fetched. It's either all of us gave our information away somehow, or people got it by exploiting Microsoft's security. There's no third option, right? This quote is from a statement Microsoft made three weeks ago on allegations that their security was compromised: "In addition, it reiterated that account compromises are often a result of phishing scams and malware used to snatch your password."

There's no way that that's the case. There are too many people saying that there's no way this could've happened. And how could they've used malware to 'snatch my password' when I hadn't logged into Windows Live since I'd created the account years ago? There was also an article on UK's IGN that explained Windows Live had a loophole, allowing a program to use brute force it's way in. Which, is a breach in Microsoft's security.

Why would Microsoft deny this? Why blame the consumer instead of admitting they fucked up? They don't want to have to shut down. That's 35 million paying users. If the service is down three months to fix it--like PSN--that would be $350,000,000 in XBL membership fees alone. Nevermind everything else that would be affected. As the CEO of a company in that situation, would you take the months and months of regular people on the internet complaining of being hacked, their voices going (for the most part) unheard? Or would you admit to a security breach and lose the company hundreds of millions of dollars?

I'm not a conspiracy guy. I think of myself as a completely rational human being who can step back and evaluate things without involving emotion. That being said, I believe Microsoft is covering this up.

Just for reference, brute forcing your Windows Live ID is not the same as 'Xbox Live has been hacked' in the same way the PSN was hacked.

With Sony that actual Playstation network was compromised. Our data stored on PSN was compromised.

You won't hear MS admit Live was hacked EVER because Xbox Live hasn't been hacked. Windows Lve IDs are being hacked. Big difference if we're going to be technical about this.

Add in the fact that EA is involved and hell will freeze over before MS admits to something that technically isn't happening.
 

epmode

Member
No. There are a number of us here who know for sure that's not the case.

My missus didn't even have the (pretty strong) password for her account and it was only ever entered directly into a 360. Would have to be some sort of voodoo level social engineering to get between my fingers and the pad.
Social engineering doesn't necessarily mean that it's from you or someone you know. It could mean convincing a phone support person that you're the account holder and having them reset the password or somehow grant account access to the thief.

Which isn't to say that this is all social engineering since that sort of thing is easily traceable on Microsoft's side.
 

patsu

Member
Just for reference, brute forcing your Windows Live ID is not the same as 'Xbox Live has been hacked' in the same way the PSN was hacked.

With Sony that actual Playstation network was compromised. Our data stored on PSN was compromised.

You won't hear MS admit Live was hacked EVER because Xbox Live hasn't been hacked. Windows Lve IDs are being hacked. Big difference if we're going to be technical about this.

Add in the fact that EA is involved and hell will freeze over before MS admits to something that technically isn't happening.

This is why the victims are mad. No one has claimed responsibility to fix it. And no one has said they can/will stop it.

All they see is their money have been taken, and they didn't get phished or social engineered. If there is a way in via Windows Live ID, then XBL needs to block fraudulent logins. Both are MS's systems. If XBL's customer service agents got fooled by the social engineers, then MS is responsible. If the customer service agents forgot to lock a compromised XBL account, they are responsible too.

Despite the user info theft on PSN, most users' accounts and $$$ are intact. Debating that one of the locks is not picked while the money in the safe is already gone may not be sufficient.
 
Top Bottom