• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

Hey, has your Xbox Live account been hacked/FIFA'd? Post here!

A

Amneisac

Member
Make sure the customer service rep spells your contact e-mail address right if your account gets hacked...

Apparently the original customer service rep fucked up my e-mail address I gave her, and after the investigation was complete (about 25 days) they apparently tried to send me an e-mail to reclaim my account. I called after not hearing anything and they said they would fix my e-mail address and send it again. Well two weeks later I still hadn't heard and it turns out that to fix your e-mail address they have to RE-INVESTIGATE and change your e-mail address.

So now I wait another 25 days.
 
M

Mxrz

Member
Never big on 'game journalism' but the free pass given to MS over this is astounding. Sony was positively crucified in comparison. Did Geoff ever write anything at all?
 
P

patsu

Member
saunderez said:
If it was genuinely a loophole the volume of attacks would be MUCH larger. They'd be going all out to get as much as they can as fast as they can before the loophole is found and closed. If the scammers have found a loophole and are going (relatively) low volume for some stupid reason they're just tempting fate. The longer they do this the bigger chance they have of being caught.
Click to expand...

Do you know the size of the attack and the actual $$$ loss so far ?
 
C

cpp_is_king

Member
Mxrz said:
Never big on 'game journalism' but the free pass given to MS over this is astounding. Sony was positively crucified in comparison. Did Geoff ever write anything at all?
Click to expand...

Indeed, this really is the most surprising aspect of all. In Sony's case not a single report of compromised credit card info or fraudulent charges came out of all of it, but in this case it's been happening rampantly for MONTHS and nobody's raised a big stink about it? Seriously, what the fuck?
 
J

Jmanunknown

Member
cpp_is_king said:
Indeed, this really is the most surprising aspect of all. In Sony's case not a single report of compromised credit card info or fraudulent charges came out of all of it, but in this case it's been happening rampantly for MONTHS and nobody's raised a big stink about it? Seriously, what the fuck?
Click to expand...


I think the very reason this incident is not being covered is because its been spread out and microsoft has been tight lipped about it. Its pretty bad though that if what I remember is correct this compromising and stealing of accounts has been going on since I believe last march thats 10 months of people's information and money being stolen. Thats a long period of time for this to keep happening which opens up the possibility that whatever is happening that keeps peoples accounts getting compromised may actually not be fixable which would be why microsoft is so quiet and pretty much denies its not their fault.
 
B

ban25

Member
Amneisac said:
Make sure the customer service rep spells your contact e-mail address right if your account gets hacked...

Apparently the original customer service rep fucked up my e-mail address I gave her, and after the investigation was complete (about 25 days) they apparently tried to send me an e-mail to reclaim my account. I called after not hearing anything and they said they would fix my e-mail address and send it again. Well two weeks later I still hadn't heard and it turns out that to fix your e-mail address they have to RE-INVESTIGATE and change your e-mail address.

So now I wait another 25 days.
Click to expand...

I did get an initial "Service Request" email from them, so hopefully that's correct at least.
 
B

ban25

Member
Jmanunknown said:
I think the very reason this incident is not being covered is because its been spread out and microsoft has been tight lipped about it. Its pretty bad though that if what I remember is correct this compromising and stealing of accounts has been going on since I believe last march thats 10 months of people's information and money being stolen. Thats a long period of time for this to keep happening which opens up the possibility that whatever is happening that keeps peoples accounts getting compromised may actually not be fixable which would be why microsoft is so quiet and pretty much denies its not their fault.
Click to expand...

Yeah, it turns out this has hit almost everyone I know, which is a shocking statistic. Honestly, if they can't fix the underlying security issue, it will probably mean the end of XBL for me. It's just not worth the hassle of losing your account, dealing with customer service, with the bank, etc. if the account can never be secured. Practically every other service requires you to authenticate yourself, especially anytime money is involved: Amazon, iTunes, you name it.
 
C

cpp_is_king

Member
ban25 said:
Yeah, it turns out this has hit almost everyone I know, which is a shocking statistic. Honestly, if they can't fix the underlying security issue, it will probably mean the end of XBL for me. It's just not worth the hassle of losing your account, dealing with customer service, with the bank, etc. if the account can never be secured. Practically every other service requires you to authenticate yourself, especially anytime money is involved: Amazon, iTunes, you name it.
Click to expand...

Pretty much dead on. This has literally happened to every single Xbox user I know. I'm clutching at the straws here, and I can't think of anyone in my immediate circle of friends / Xbox owners that this has not happened to.

I wish there were a better way to raise media awareness about the problem, because being put out like a deer in headlights is the only way they'll ever really address the problem.
 
B

bigtroyjon

Member
ban25 said:
Yeah, it turns out this has hit almost everyone I know, which is a shocking statistic. Honestly, if they can't fix the underlying security issue, it will probably mean the end of XBL for me. It's just not worth the hassle of losing your account, dealing with customer service, with the bank, etc. if the account can never be secured. Practically every other service requires you to authenticate yourself, especially anytime money is involved: Amazon, iTunes, you name it.
Click to expand...

cpp_is_king said:
Pretty much dead on. This has literally happened to every single Xbox user I know. I'm clutching at the straws here, and I can't think of anyone in my immediate circle of friends / Xbox owners that this has not happened to.

I wish there were a better way to raise media awareness about the problem, because being put out like a deer in headlights is the only way they'll ever really address the problem.
Click to expand...
Sounds like there might be an issue among your friends. 400 posts on GAF(with many users making more than one) in two months is a sign it's a small problem affecting a tiny percentage of 360 owners.
 
G

Garcia el Gringo

Member
I'm the only one out of my 50+ Live friends to get attacked. I felt so alone gaming-wise for those 1 1/2 months my account was in investigation. So it doesn't seem all that widespread to me. It's still messed up regardless.
 
S

saunderez

Member
patsu said:
Do you know the size of the attack and the actual $$$ loss so far ?
Click to expand...

No but this thread would be a hell of a lot larger if everyone was vulnerable. As an anecdote to counter the various "ALL MY FRIENDS GOT HACKED" anecdotes around here, none of my friends have been targeted by this scheme. We're all from Australia, perhaps there's something in that. All I know is hackers generally aren't known to slowly abuse a vulnerability. They hit hard and fast before it's closed in my experiences.
 
Zoe

Zoe

Member
saunderez said:
No but this thread would be a hell of a lot larger if everyone was vulnerable. As an anecdote to counter the various "ALL MY FRIENDS GOT HACKED" anecdotes around here, none of my friends have been targeted by this scheme. We're all from Australia, perhaps there's something in that.
Click to expand...

Would you be able to profit off of Fifa in Australia the same way as in the US?
 
P

Psychotext

Member
I don't personally know anyone who had had it happen either, outside of me of course. Can't say that really means anything one way or another though.
 
M

Marty Chinn

Member
I just got an email from ea regarding a password reset request which I did not initiate. Is this related at all? Is someone trying to hack my ea account?
 
C

Curufinwe

Member
More from Xav at Shack.

http://www.shacknews.com/article/71811/xbox-live-security-concerns-continue-to-grow

Xbox.com's security page reveals a number of 'best practices' for users to protect their accounts; however, the majority of the site's security is linked to a single log in and password exchange between the user and the service. Meaning, once you log into an account you're free to make any account changes you wish. There are no security checkpoints along the way. In fact, once you log in you're free to examine every aspect of an account, giving hackers access to information such as your full name, phone number, and mailing address. Making substantial changes, like switching account regions, is a simple process. Why isn't Microsoft calling users or using other measures to verify account changes of this magnitude? Surely the volume of Xbox Live users switching accounts from the United States to Eastern Europe isn't enough to slow down customer service.
Click to expand...
 
S

Speedymanic

Banned
cpp_is_king said:
They dont, that would be absolutely asinine. Guys running a business out of their garage could figure out not to do that, there's a higher chance of the world ending on Dec 21, 2012 than this hack being due to CSR reps giving out passwords
Click to expand...

If there was a security loophole, it doesn't explain why there aren't that many hacks happening.

For example, if these asshats had access to a backdoor that allowed them to 'hack' into XBL and access any account, why haven't they taken advantage of this and hacked as many accounts as humanly possible before the backdoor is closed by MS?

It makes more sense that there's a select hardcore that dedicate most/all of their time to calling CS and getting details which they then use in batches. It explains why the number of people hacked is relatively low compared to the number who used the service and it would explain why MS haven't been able to figure out where the leak/problem is.

The evidence doesn't point to there being a backdoor, unless you count the EA email clusterfuck to be one.
 
C

cpp_is_king

Member
Speedymanic said:
It makes more sense that there's a select hardcore that dedicate most/all of their time to calling CS and getting details which they then use in batches.
Click to expand...

That makes the least sense of any possible explanation that could theoretically exist, and it seems you're the only one that doesnt realize it.
 
S

Speedymanic

Banned
cpp_is_king said:
That makes the least sense of any possible explanation that could theoretically exist, and it seems you're the only one that doesnt realize it.
Click to expand...

You're putting too much faith in MS CS.

Given the number of people hacked, the time between hacking incidents, 'engineering' CS seems to be the most likely culprit. (if it's not EA and their clusterfuck of a email system)

An actual backdoor as others have suggested makes the least amount of sense as they wouldn't be so restrained in taking advantage of such a backdoor. A security loophole also doesn't seem likely either, why be so restrained in using said loophole? Surely you'd want to take advantage of such a loophole as much as possible before it's discovered.

The relatively low number of people hacked and the time between mass hacks suggests it's related to MS CS.

Anything else would see the number of people hacked significantly larger than it currently is and it would be happening on a much regular basis. It would also be much bigger news.
 
U

undecided

Member
After 2 weeks I received the email that I could reset my password and log back in.. but they didn't actually give me any of my points back, and didn't mention them at all.

That doesn't make any sense, why would I want them to block me from playing my 360 for weeks just to reset my password?

Now they are opening a second investigation into the points...

This link seems really helpful when this happens, it lets you de-authorize every console. It seems like they should do this after the investigation after changing the password: https://live.xbox.com/en-US/Profile/Protection
 
P

patsu

Member
saunderez said:
No but this thread would be a hell of a lot larger if everyone was vulnerable. As an anecdote to counter the various "ALL MY FRIENDS GOT HACKED" anecdotes around here, none of my friends have been targeted by this scheme. We're all from Australia, perhaps there's something in that. All I know is hackers generally aren't known to slowly abuse a vulnerability. They hit hard and fast before it's closed in my experiences.
Click to expand...

They don't have to hit hard and fast. Depends on the difficulty of intruding even if it's automated. Plus how well protected they are.
 
F

foladar

Member
Does a prepaid amex work with an Xbox live account? I have my account set up for a $1 for 1 month promo in Dec '12 and there's no way I want to leave my CC on the account, I'm assuming a prepaid amex would work just as well, except with way less $$ available?
 
D

drewbian

Neo Member
-January 1, 2012
-2000 points stolen and used and i apparently played fifa
-i am suspended and the account is under investigation
-i had an EA account. it too got compromised and the email and password was changed.
-password had not been changed.
-my gamer tag / account is about 7 years old
-have not heard back from microsoft or EA yet.
-not sure if the security question was changed.
 
Zoe

Zoe

Member
http://hackedonxbox.tumblr.com/post/15365217063/microsoft-a-company-with-no-brains-heart-or-soul

This girl's account has been attacked twice. The second time she started messaging the person using her account.

U9Uxc.png
 
C

Curufinwe

Member
I read the whole blog and... holy shit, this poor woman. Why can't the internet take a tenth of the outrage it used on that Avenger controller guy to pressure Microsoft to help her?
 
C

chubigans

y'all should be ashamed
Wow, so hackers are selling accounts on that eBay site instead of the FIFA gold packs like we thought?

This is a major breakthrough I think. That's crazy.
 
D

Dipswitch

Member
The fact that MS is still letting first level support interact with fraud victims is unreal. The amount of negative PR alone should convince them that's a very bad idea. Making people who have been robbed by way of your service jump through hoops to get taken care of is utterly unacceptable.
 
P

Psychotext

Member
Dipswitch said:
The fact that MS is still letting first level support interact with fraud victims is unreal. The amount of negative PR alone should convince them that's a very bad idea. Making people who have been robbed by way of your service jump through hoops to get taken care of is utterly unacceptable.
Click to expand...
Exactly this. It also goes a long way to showing just how little they care about their customers. Not to mention the ludicrous investigation period... which I'm yet to see any reasonable justification for.
 
G

Garcia el Gringo

Member
Oh wow, that poor woman. I feel bad for her. I've read about several other cases of users getting attacked twice. I really hope that doesn't happen to anyone else.

And she's an Xbox Ambassador. Some of them were really hostile towards victims on Xbox Support's forums a few months back. But it seems like those people are shutting up/moving on. Across the internet there's a whole lot more sympathy now and a lot less of "sucks to be you, have a better password and don't share your info."
 
E

erpg

GAF parliamentarian
Poland? Ha, they bought a GFWL key when they hacked me and tied it to a polish email account on another service, likely bought from that same auction site.

I'm going to side with Archie Bunker and say fuck the Polish! Hope the info in those messages leads to an arrest.
 
C

cpp_is_king

Member
The unbelievable thing is how few people will cancel their XBL accounts over this obvious and atrocious security flaw in their system. There entire goddamn user base is vulnerable, and people are still sitting around snug and content thinking it wont happen to them

Even if its trul phishing (which it isnt), its still a security flaw.

MS could fix this shit in 1 fucking day by sending you an email with a 5 digit code when you log on from a new console id, and requiring you to enter that code to continue.

For website logins, same thing but new ip address instead of console id.

Honestly, fuck MS on this issue, and thats coming from someone who's always been a huge fan of everything MS. Xbox actually deserves to DIAF over this
 
Y

Yagharek

Member
cpp_is_king said:
The unbelievable thing is how few people will cancel their XBL accounts over this obvious and atrocious security flaw in their system. There entire goddamn user base is vulnerable, and people are still sitting around snug and content thinking it wont happen to them
Click to expand...

Who would cancel their account though and lose all the content theyve paid for? In case you havent noticed, the balance of power lies completely on MS' side in this case. The only thing xbl subscribers can do is to remove their CC/paypal details.
 
T

TomServo

Junior Member
I'm not going to cancel my account, but I'm sure as hell not leaving any payment info tied to it nor am I buying more points than I immediately need.

May not sound like much but it also prevents auto-renewals and impulse buys, something MS wants from users.

If enough people start yanking all payment methods from their accounts, MS will take notice.
 
C

cgcg

Member
http://hackedonxbox.tumblr.com/post/15365217063/microsoft-a-company-with-no-brains-heart-or-soul

I awaken this morning to find a further $124.98 + Tax stolen from me. I know what you’re thinking right now, “She should’ve unlinked her PayPal account from her Xbox account, the silly woman!” I completely agree with you; yes I should’ve done exactly that, but when Microsoft insisted twice that my account was completely blocked I naturally assumed that meant my account was completely blocked. Silly me! What they really meant was that they did not block the account whatsoever and the hacker/thief/opportunist decided to purchase yet another 10,000 Microsoft Points and transfer them to another dummy account.
Click to expand...

How can MS be so incompetent?

The fraud department was unable to block your account
Click to expand...

holy shiiiett..
 
M

MikeHaggar

Member
it's crazy to me that no one seems to know how this is happening after all of this time. and microsoft's handling of the situation is very disappointing. i would think after the rrod fiasco they would be on top of things immediately and do everything in their power to stop bad press aimed at their products/services.

doesn't anyone know how this is being pulled off? surely people are discussing it somewhere on the internet...
 
G

Garcia el Gringo

Member
MikeHaggar said:
it's crazy to me that no one seems to know how this is happening after all of this time. and microsoft's handling of the situation is very disappointing. i would think after the rrod fiasco they would be on top of things immediately and do everything in their power to stop bad press aimed at their products/services.

doesn't anyone know how this is being pulled off? surely people are discussing it somewhere on the internet...
Click to expand...

That's what I've been asking. The thieves and their methods haven't been exposed yet.
 
C

chubigans

y'all should be ashamed
Holy crap guys, look at this. (warning: may be NSFW, enter using a secure browser)

http://www.tradetang.com/wholesale-Virtual-Products_c40.html

Almost ~1,500 Xbox Live accounts ready to buy. Some examples:

At your own risk ~

Points are easy to disappear. Please as soon as possible, using the account
Click to expand...

live points 10000 points 2 hours warranty used account please note: now only offer 2 hours warranty.you have to use all points and download all games in 2hours, after 2 hours we won't provide any help
Click to expand...

Nature of the goods: This is not used the new ID, you can modify your password after you, and permanently retained; use this ID to download or the content, all the ID of this machine can be used, not necessarily to use this, and with your machine where the server version and the old ID has nothing to do, please rest assured to use!



What we supply?

---ID with Password From 4000 Points to 12000 points


You need to be Noted:

---What we supply is an account with password which has point available, we don't supply any subscription code!

How we offer the accounts?

---we will send the account information By tradetang message
Click to expand...

10K Points Live Points accounts 10000 Points US Version
the warrantity is 2hours, when buy it,must use all points within 2 hours.thanks.

the warrantity is 2hours, when buy it,must use all points within 2 hours.thanks.

the warrantity is 2hours, when buy it,must use all points within 2 hours.thanks.
Click to expand...

please note: now only offer 2 hours warranty.you have to use all points in this account in 2hours and transfer all contents to your main account :)
Click to expand...

Dear friends : Since the points might expire , please use up the points within the warranty time ,any way ,the sooner the better . .

Thank you. .

If you do not agree with these please buy them eleswhere . thanks for your time :

1 . The accounts are not gold . And it is better not to buy gold membership for the account because it won't last too long . how ever the other items you buy with the points in the account can be there for ever and you can use them on your main account .

2. It will never let your console be banned according to our experience of more than two years .

3 . Please tell me which version you need before you place it

4 . Any other quesitons please feel free to ask me on line through "contact now " or "ask supplier " .. thanks . I am always ready to help you with any questions . Thank you !!

5 .Please complete the order in time after you have received the account and give a possitive feedback as well . We will be grateful for you and give you better and better service .

6 . Scamers / Liers buy eleswhere !!!

Befor place it Please choose the right option of the points.And ask us the warranty time if you want ,there is diffrent warranty time sometimes
Click to expand...

Holy shit man. Social engineering my ass.
 
You must log in or register to reply here.

Similar threads

Xbox 360 COD games won't sign me in at all
14
2K
David B replied
The Rockstar Editor will no longer be available in Grand Theft Auto V and GTA Online on PlayStation 4 and Xbox One consoles as of February 20, 2024
News
7
811
sodstall replied
Final Fantasy XIV on Xbox introduces "FFXIV Coins" microtransactions so that Microsoft can get a cut
46
4K
kikii replied
BT customers unknowingly charged for Xbox Game Pass
Business Cringe Platform 2 3
140
7K
foamdino replied
Introducing Steam Families
Platform 2 3
143
5K
Topher replied
Top Bottom