• Register
  • TOS
  • Privacy
  • @NeoGAF
  • Like

The Broken Ska Record
Member
(06-13-2011, 06:38 AM)
The Broken Ska Record's Avatar
Looks like my Xbox Live Account was hacked this afternoon. When I went to go check my email, about an hour ago, I got something from Microsoft about 4000 MS point activation confirmation. I thought it was odd since I haven't bought points since early May. I go to xbox.com first to make sure everything is "okay." It showed I had 1 point left and the last game I "played" was Fifa '11, which I don't own.

So I go to change my password and security question and then I log into billing.microsoft.com to see where the points went. Looks like they bought a 4000 point bundle and another 6000 point bundle. After that, it basically shows this:



I called Xbox Support and they are filing an Unauthorized Access claim on my account and I should find something out in 1-15 days. Until then they are locking my account, so I can't access Xbox Live/Windows Live during that time. Tomorrow, I need to call my bank to claim fraudulent charges.

After some searching on Google by a friend, he found that this was fairly common. People accessing other people's account purchasing Ultimate Team card packs and selling them on Ebay. I didn't find anything about this here, but I did find a thread on Giant Bomb. So watch out. :(
Tron 2.0
Member
(06-13-2011, 06:39 AM)
Tron 2.0's Avatar
That blows. Hopefully you don't have any trouble with your bank.

Never attach your credit card to your Live/PSN account.
Wario64
works for Gamestop (lol)
(06-13-2011, 06:39 AM)
Military grade security
The Broken Ska Record
Member
(06-13-2011, 06:42 AM)
The Broken Ska Record's Avatar
I've actually tried to remove my CC from Xbox Live, but can't because my ex's friend, on accident, signed me up for one of those 3 months of XBL for $5 things the catch being I need to get a full year of Xbox Live. So, unfortunately, I can't remove my CC info. As much as I've tried. :(
Neuromancer
The Mayuh of f'n Bawston
(06-13-2011, 06:44 AM)
Neuromancer's Avatar
Dude that sucks. Sorry to hear.
Izayoi
Banned
(06-13-2011, 06:44 AM)
Izayoi's Avatar
When all of the hack news about PSN started going around I removed my credit card from all major online services. Never hurts to be too careful, I suppose. Hope everything works out, OP.
Cday
Banned
(06-13-2011, 06:44 AM)
Cday's Avatar

Originally Posted by The Broken Ska Record

I've actually tried to remove my CC from Xbox Live, but can't because my ex's friend, on accident, signed me up for one of those 3 months of XBL for $5 things the catch being I need to get a full year of Xbox Live. So, unfortunately, I can't remove my CC info. As much as I've tried. :(

You have to call them or wait until your account is silver and remove it via Xbox.com

Why doesn't Microsoft tell you this anywhere? Why would they?
Persona7
Banned
(06-13-2011, 06:44 AM)
You should probably change all your passwords and virus scan your computer and flash drives/mediaplayers/external hardrives
daffy
Banned
(06-13-2011, 06:45 AM)
daffy's Avatar
Jeez, that is unfortunate! Well, at least you aren't freaking out and have taken steps to get things sorted out, that's what really matters. You have a strong soul
epmode
Member
(06-13-2011, 06:48 AM)
epmode's Avatar
I've been unable to remove my CC from Xbox Live for years. The website always errors out when I try and I spent almost two hours on the phone for nothing. But now that I just got a new credit card number, Microsoft and Sony can keep the old one for all I care. Point cards from now on.
The Broken Ska Record
Member
(06-13-2011, 06:50 AM)
The Broken Ska Record's Avatar

Originally Posted by Cday

You have to call them or wait until your account is silver and remove it via Xbox.com

Why doesn't Microsoft tell you this anywhere? Why would they?

Yea, I have to wait at least a year, so until early August to remove it. At least I hope so.

Originally Posted by FTH

Jeez, that is unfortunate! Well, at least you aren't freaking out and have taken steps to get things sorted out, that's what really matters. You have a strong soul

Thanks. I was a little freaked out when I saw it, and luckily Xbox Support was still open this late on a Sunday.

Originally Posted by Persona7

You should probably change all your passwords and virus scan your computer and flash drives/mediaplayers/external hardrives

I actually ran an MSE scan about an hour before I saw the email.
fernoca
Member
(06-13-2011, 06:52 AM)
fernoca's Avatar
It is kinda weird that similar "hacks" only happen through Fifa. Though even weirder that the OP says he doesn't own/plays Fifa. Was the account at some moment/point recently used on another Xbox/friend's-unit that happens to play Fifa?
The Broken Ska Record
Member
(06-13-2011, 06:53 AM)
The Broken Ska Record's Avatar

Originally Posted by fernoca

It is kinda weird that similar "hacks" only happen through Fifa. Though even weirder that the OP says he doesn't ownFifa. was the account at some moment/point recently used on another Xbox/friend's-unit that happens to play Fifa?

Nope. I haven't used my XBL account on another friend's Xbox in a few years. And even then, said friend doesn't have his 360 anymore or have any interest in Fifa.
fernoca
Member
(06-13-2011, 06:59 AM)
fernoca's Avatar

Originally Posted by The Broken Ska Record

Nope. I haven't used my XBL account on another friend's Xbox in a few years. And even then, said friend doesn't have his 360 anymore or have any interest in Fifa.

Really weird then. Wonder how it was hacked.

Another user recently posted something similar, but he actually played Fifa; and also said he clicked through one of those "phishing-scams messages" that promises points and Gold subscriptions.
The Broken Ska Record
Member
(06-13-2011, 07:04 AM)
The Broken Ska Record's Avatar
The only thing I can think of is my WoW account was hacked over a year ago and it's the same email address info.
xbhaskarx
Banned
(06-13-2011, 07:11 AM)
xbhaskarx's Avatar
Hackers??
Xbox Live down for a month
big_z
just gonna rub one out
in the next few minutes
(06-13-2011, 07:14 AM)
big_z's Avatar
i remember reading about people getting account info via some sort of phishing message they send you on xbox live. this was some time ago so im not sure if it's still a problem.
jaydogg691
Member
(06-13-2011, 07:17 AM)
jaydogg691's Avatar
2011: Year of the hackers.
supermackem
Banned
(06-13-2011, 07:18 AM)
supermackem's Avatar

Originally Posted by epmode

I've been unable to remove my CC from Xbox Live for years. The website always errors out when I try and I spent almost two hours on the phone for nothing. But now that I just got a new credit card number, Microsoft and Sony can keep the old one for all I care. Point cards from now on.

Yeah good luck with that ms is good at still being able to charge old cards.
Gen X
Trust no one. Eat steaks.
(06-13-2011, 07:20 AM)
Gen X's Avatar

Originally Posted by The Broken Ska Record

Looks like my Xbox Live Account was hacked this afternoon. When I went to go check my email, about an hour ago, I got something from Microsoft about 4000 MS point activation confirmation. I thought it was odd since I haven't bought points since early May. I go to xbox.com first to make sure everything is "okay." It showed I had 1 point left and the last game I "played" was Fifa '11, which I don't own.

So I go to change my password and security question and then I log into billing.microsoft.com to see where the points went. Looks like they bought a 4000 point bundle and another 6000 point bundle. After that, it basically shows this:

http://i.imgur.com/RwVHU.jpg

I called Xbox Support and they are filing an Unauthorized Access claim on my account and I should find something out in 1-15 days. Until then they are locking my account, so I can't access Xbox Live/Windows Live during that time. Tomorrow, I need to call my bank to claim fraudulent charges.

After some searching on Google by a friend, he found that this was fairly common. People accessing other people's account purchasing Ultimate Team card packs and selling them on Ebay. I didn't find anything about this here, but I did find a thread on Giant Bomb. So watch out. :(

Had you sold your 360? If they bought all that stuff then it will be tied to your XBL account won't it so I don't see how it will be any use to them. Best you set up a passcode for logging into XBL when you sign in with your Gamertag.
Plasmid
Member
(06-13-2011, 07:22 AM)
Plasmid's Avatar
My friend had his broken, hackers hacked him to level 100 in gears 2, he can't get achievements or anything else either.

This is where it gets weird, they also bought gears of war 1, along with a shit load of soccer and football game stuff.

Microsoft refunded him completely though, here's hoping you can too.
ant_
not characteristic of ants at all
(06-13-2011, 07:23 AM)
ant_'s Avatar
Happened to me as well, except the guy also changed my gamertag to something pretty racist/derogatory.

Called Xbox Support and we got it worked out, and they refunded all my money. Just give it time, they should be able to work it out.
Keyser Soze
Member
(06-13-2011, 07:24 AM)
Keyser Soze's Avatar
Do you have a really simple password? If your password is just a word or even two words put back to back it would be easily bruteforced to "hack" you account(s). Also, if you made you secret answer (dogs name / moms maiden name) available on forums/facebook it could be available via an easy internet search for people to get easy access to "hack." No one is going to go to the bother of hacking separate accounts. They rather just hope to stumble in.

If you know you did not make those mistakes, then it could be that you just got unlucky.
The Broken Ska Record
Member
(06-13-2011, 07:32 AM)
The Broken Ska Record's Avatar
Thanks everyone. I have no doubt MS will refund the amount that was charged, and I don't mind waiting, honestly.

Originally Posted by Gen X

Had you sold your 360? If they bought all that stuff then it will be tied to your XBL account won't it so I don't see how it will be any use to them. Best you set up a passcode for logging into XBL when you sign in with your Gamertag.

I sold my 360 a year ago to get the Slim. I don't remember if I deleted my account before I traded it into GameStop or not.

Originally Posted by Keyser Soze

Do you have a really simple password? If your password is just a word or even two words put back to back it would be easily bruteforced to "hack" you account(s). Also, if you made you secret answer (dogs name / moms maiden name) available on forums/facebook it could be available via an easy internet search for people to get easy access to "hack." No one is going to go to the bother of hacking separate accounts. They rather just hope to stumble in.

If you know you did not make those mistakes, then it could be that you just got unlucky.

My old security question was my favorite childhood movie, so it's possible and my old email address was a word with numbers at the end. The only thing I could THINK of what happened was I was looking for drivers for using a PS3 controller with PC. I may have stumbled on a disreputable site or clicked something I shouldn't have when I was there.
killdatninja
Banned
(06-13-2011, 07:37 AM)
killdatninja's Avatar
Deleted credit card info on mine, going to get prepaid stuff at all times. Fuck hackers.
dani_dc
Member
(06-13-2011, 07:49 AM)
dani_dc's Avatar
You weren't the only one with this issue, I few people on gaf had similar problems not long ago.
Mileena
Banned
(06-13-2011, 07:58 AM)
Mileena's Avatar

Originally Posted by xbhaskarx

Hackers??
Xbox Live down for a month

Hopefully I'll get Undertow for free
metareferential
Member
(06-13-2011, 08:03 AM)
metareferential's Avatar
It's incredible that there's always Fifa involved; that game is such scam fest lately it's unbelievable.

Like others suggested, maybe it has to do with some keyloggers you accidentally stumble upon (or maybe someone else using your computer?).

That's pretty common. Have you ever used some "get free microsoft points" site or similar?
Stumpokapow
listen to the mad man
(06-13-2011, 02:00 PM)
Stumpokapow's Avatar

Originally Posted by Keyser Soze

Do you have a really simple password? If your password is just a word or even two words put back to back it would be easily bruteforced to "hack" you account(s).

Although bruteforcing a simply password offline given a particular hash is computationally easy, it is virtually impossible to do so online, both because the cost of an attempt is high (minimum 1 second) and because most online login interfaces have a limiter on number of failed password attempts before locking an account.

Maybe to make this more clear, think of it this way; assuming your password is 8 characters or fewer made of capitals, lowercase letters, and numbers (no symbols), there are 221,919,452,000,000 possibilities. At one access attempt per second, it would take 7 million years to exhaust the search space.

Cracking the same password offline against a hash may take only a few hours, or less with a rainbow table.
ShogunX
Member
(06-13-2011, 02:08 PM)
ShogunX's Avatar

Originally Posted by metareferential

It's incredible that there's always Fifa involved; that game is such scam fest lately it's unbelievable.

Like others suggested, maybe it has to do with some keyloggers you accidentally stumble upon (or maybe someone else using your computer?).

That's pretty common. Have you ever used some "get free microsoft points" site or similar?

This!

It's always the way people end up in these type of situations. People will always try and phish your account details from you by providing dodgy websites and other links.

It's always Fifa involved because there is a market for the items obtained from Fifa on ebay.
itsgreen
Member
(06-13-2011, 02:12 PM)
itsgreen's Avatar
As far as I know most Xbox 'hackings' are because of social engineering...

Either at MS's end or at the users end someone made a mistake.

Simple password recovery question or just a simple password...
LiK
(06-13-2011, 02:16 PM)
LiK's Avatar
Did they phish you? Ive been getting some xbox live rewards emails but I don't click on those. I checked them once and they wanted my login and pw. Wasn't sure of it was legit so I didn't do it.

I have my login saved on the Live site and I notice that the link from the email didn't have the login saved on the live site which raised some flags for me.
PumpkinPie
Member
(06-13-2011, 02:17 PM)
PumpkinPie's Avatar
Looks like the hackers have a questionable taste in music.
bj00rn_
Banned
(06-13-2011, 02:30 PM)
bj00rn_'s Avatar
Anyway, I'm not saying this is your case, but NEVER EVER USE THE SAME PASSWORD ON DIFFERENT SITES NO MATTER WHAT.. It can be a hassle but it's totally worth it; I made a formula which ensures unique and secure passwords (12-character random Uppercase/Lowercase and Numbers) on each online service I use.

This also ensure that "secure" password I used at f.ex. "Codemasters" (Creators of "Dirt", which got hacked last week..) isn't used at f.ex. Xbox.com as well, because then the hackers would have direct access to my xbox account by now.

At the same time I am anal about never ever clicking on stuff I am not 100% sure about in the context of this. I never use the password other than directly on site, and also never go to online services via links but go to the service by typing out the address in the address bar instead.

Oh, and I never connect to free/open wifi connections either..

Paranoid, perhaps, but the bonus is that my ass is well-covered.
painful fart
Member
(06-13-2011, 02:34 PM)
painful fart's Avatar

Originally Posted by The Broken Ska Record

I've actually tried to remove my CC from Xbox Live, but can't because my ex's friend, on accident, signed me up for one of those 3 months of XBL for $5 things the catch being I need to get a full year of Xbox Live. So, unfortunately, I can't remove my CC info. As much as I've tried. :(

These stories always cracks me up, Microsoft donīt deny themself.

Lesson to be learned:
NEVER EVER GIVE MICROSOFT YOUR CREDIT CARD NUMBER.
enemyairship
Junior Member
(06-13-2011, 02:37 PM)
I'm in a similar situation as the OP. I recently returned from a few week trip overseas and the day I get home I notice in my e-mail a few confirmation letters from Microsoft about points purchased. Thinking it might be a family member I go to check the download history and any time/date information I can get on it.
Turns out they bought Michael Jackson Theme Packs (as well as a few other games, but I had a wtf moment there).
Diablohead
Member
(06-13-2011, 02:39 PM)
Diablohead's Avatar
Personally I just updated my pass, I don't have my CC on there (never would ever again) but I do own games which cost money to buy.

Steam has the right idea with someone logging in from a different computer having to check your email for a special 5 letter code before you can do anything.
El_TigroX
Member
(06-13-2011, 03:16 PM)
El_TigroX's Avatar
Well, I was hacked last Friday and finally figured out what happened last night.

Friday I was on GiantBomb.com and saw that my last game played was Rock Band 3 and I hadn't been on that game in over a month or two... so I got a bit concerned and called a buddy of mine to check out if I was signed online at the time.

He told me that I wasn't even on his friend's list anymore... this weekend I had to go to a bachelor party, so I couldn't really get into it until last night.

Tried to sign on and it said my account didn't exist. I did the same thing with the MS billing website and saw that 5,000 points I had on my account were spent on Rock Band songs... a lot of them odd foreign language ones. I checked my credit card and $133 was spent on MS points. My bank returned the money before I even knew this happened, so good on Chase for helping me out.

I did the whole support thing and I will get access to my account hopefully in the next two weeks once they determine it was fraud. If Chase determined it without even talking to me, I imagine MS will find the same and restore my account and stolen points.

Good times... guess I should get InFAMOUS 2 now while I'm out of commission on Xbox.

Fuck hacking douches.
AndyMoogle
Member
(06-13-2011, 03:42 PM)
AndyMoogle's Avatar

Originally Posted by Diablohead

Personally I just updated my pass, I don't have my CC on there (never would ever again) but I do own games which cost money to buy.

Steam has the right idea with someone logging in from a different computer having to check your email for a special 5 letter code before you can do anything.

Google uses a similar system as well. I hope that MS and Sony will do something like that in the future.
Data West
coaches in the WNBA
(06-13-2011, 03:46 PM)
Data West's Avatar

Originally Posted by painful fart

These stories always cracks me up, Microsoft donīt deny themself.

Lesson to be learned:
NEVER EVER GIVE MICROSOFT YOUR CREDIT CARD NUMBER.

Never give any company your credit card number unless it's Amazon
itxaka
Defeatist
(06-13-2011, 03:47 PM)
itxaka's Avatar

Originally Posted by Stumpokapow

Although bruteforcing a simply password offline given a particular hash is computationally easy, it is virtually impossible to do so online, both because the cost of an attempt is high (minimum 1 second) and because most online login interfaces have a limiter on number of failed password attempts before locking an account.

Maybe to make this more clear, think of it this way; assuming your password is 8 characters or fewer made of capitals, lowercase letters, and numbers (no symbols), there are 221,919,452,000,000 possibilities. At one access attempt per second, it would take 7 million years to exhaust the search space.

Cracking the same password offline against a hash may take only a few hours, or less with a rainbow table.


Im guessing his password was hunter2
Palette Swap
Member
(06-13-2011, 03:55 PM)
Palette Swap's Avatar

Originally Posted by AndyMoogle

Google uses a similar system as well. I hope that MS and Sony will do something like that in the future.

I'm baffled that most serious service providers don't use any kind of two-factor authentification yet.
An additionnal layer of authentification per device would save everyone a lot of time and tears.

I checked last week and it seems paypal even has the nerve to make it a paying service (30€ for a token based authentificator)
Warrior_Keoni
Member
(06-13-2011, 03:57 PM)
Warrior_Keoni's Avatar
What bothers is me is that many companies love to save your credit card information for possible easy re-purchases again.

In truth, I'd rather buy a gift card or game card and add points instead of dealing with credit card hassles.
epmode
Member
(06-13-2011, 07:33 PM)
epmode's Avatar
So I finally found a way to disable auto-renewal on Microsoft's Xbox site. The best part is that you have to first change your location to Chicago IL before they allow you to do it. It's locked out for most areas of the country.

But even after disabling auto-renewal, I still can't remove my credit card from my account. According to MS: You cannot remove a payment option that is associated with an active Xbox LIVE Gold Membership. However, if you associate a new payment option with your Xbox LIVE membership, you can then remove the existing payment option.

How in the hell is this even legal?

It continues: If you don't have another payment option to associate with your active Xbox LIVE membership, please call Xbox Support for help removing a payment option.

I despise this company.
TheSeks
Blinded by the luminous glory that is David Bowie's physical manifestation.
(06-13-2011, 07:37 PM)
TheSeks's Avatar

Originally Posted by Tron 2.0

Never attach your credit card to your Live/PSN account.

Or, Steam.

Or online services like Netflix, Gamefly, Amazon...

*cough*
epmode
Member
(06-13-2011, 07:39 PM)
epmode's Avatar

Originally Posted by TheSeks

Or, Steam.

Or online services like Netflix, Gamefly, Amazon...

*cough*

A few of those allow you to remove credit card information from the site so I have no problem with them.
test_account
XP-39Cē
(06-13-2011, 07:41 PM)
test_account's Avatar
What is the reason for Microsoft not allowing people to remove their CC info? Is it because that people shouldnt be able to use stolen CC info when creating an Xbox Live Gold account and then delete the CC right after the account is made? Is it possible to remove the CC info if you have a Silver account?
Atomski
Member
(06-13-2011, 07:48 PM)
Atomski's Avatar
Ive always figured people's live accounts get hacked the same way WOW players do. Looking at phishy websites, probably getting keylogged.

Never had my xbl or wow account hacked though.. knock on wood.
derFeef
lil' bit tasty
(06-13-2011, 07:52 PM)

Originally Posted by test_account

What is the reason for Microsoft not allowing people to remove their CC info? Is it because that people shouldnt be able to use stolen CC info when creating an Xbox Live Gold account and then delete the CC right after the account is made? Is it possible to remove the CC info if you have a Silver account?

Some security reason (excuse) the guy told me way back then on the phone. Since then my obsolete 6 year old CC is tied to my account and I pay my stuff with points (because paypal still does not work).
Hixx
Member
(06-13-2011, 07:54 PM)
Hixx's Avatar
Hacked for FIFA Ultimate Team packs.

UT players are seriously fucking crazy.

Thread Tools