-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
Hey, has your Xbox Live account been hacked/FIFA'd? Post here!
- Thread starter chubigans
- Start date
Diablohead
Member
Microsoft really need to fix that log in shit.
Uno Venova
Banned
Good to see MS is still on top of things, isn't it fun checking your Xbox.com everyday to check if your points are still there?
Garcia el Gringo
Member
I do this too many times a day now.
AppleBlade
Member
Just got hacked over the night. They depleted the 5000+ points I had received just 4 days ago on my birthday and now my account is locked.
I know this stuff happens, but I really feel like giving up on Microsoft. I'm not going to get into it, but I've had many issues with their customer service over the years.
I know this stuff happens, but I really feel like giving up on Microsoft. I'm not going to get into it, but I've had many issues with their customer service over the years.
so I dont even own an xbox, but I do have a windows/ gfw live account
i go to https://live.xbox.com/en-US/Profile/Protection and I see this
Consoles that require your password for sign in
Visited Consoles Last Visited
Most Recent Console 1/16/2012
what the hell? also, why is my password limited to 16 characters?
no way in hell im buying a 360, this is scary.
i go to https://live.xbox.com/en-US/Profile/Protection and I see this
Consoles that require your password for sign in
Visited Consoles Last Visited
Most Recent Console 1/16/2012
what the hell? also, why is my password limited to 16 characters?
no way in hell im buying a 360, this is scary.
Terrordactyl
Member
Ouch.. Happy belated anyways!
By the way, is it common for lost accounts to have a new, compromised email address added before everything is stolen? Because I've found that you're entirely unable to add additional recovery addresses if you already have about 10 on record.
So if adding a recovery address is a required part of these attacks, this will stop em in their tracks.
In related news, fuck Microsoft. I'm sitting on a 4000 point card that I refuse to add to my profile until I can spend it all in one go (or until they add 2-step verification). It's going to be a while.
So if adding a recovery address is a required part of these attacks, this will stop em in their tracks.
In related news, fuck Microsoft. I'm sitting on a 4000 point card that I refuse to add to my profile until I can spend it all in one go (or until they add 2-step verification). It's going to be a while.
Zoe
Member
Yeah, I got that too. Must be a bug when you don't have anything to list there.
It counts playing GFWL games as visiting a console, and it might even count logging on to Xbox.com as visiting a console.
Community Forum
Member
OK here's my question why the fuck don't they shut down the FIFA purchasing if that is what is going on?
iceatcs
Junior Member
Possibly lawsuit from EA, and why stop if still profit etc..
Rebel Leader
THE POWER OF BUTTERSCOTCH BOTTOMS
I believe we have confirmed that logging on xbox.com leaves a log of a console.
cpp_is_king
Member
Better yet, why dont they just increase their goddamn security withe most secure option ON by default, password verification when purchasing from a new console, Steam Guard, and two-factor auth.
Game over microsoft, your shit stinks and everyone knows it
I don't think that there is something wrong with Fifa, or EA's system except for beeing hooked up to a unsecure network like Live.
The Fifa-packs, is just a chance to get a item in high demand that you can get on XBox Live, wich you can make a profit on by selling your players.
There is also other stuff beeing sold, such as games, Xbox Live Gold family packs and similar.
I suspect MS let's it happen because they make money on it, for each person who notices this, there are probably alot of people who don't, and that means lots of profit: Xbox live - now with autoshopping.
The 30-day account-lockdown and investigation is probably a scam aswell, they just do it to scare their customers from reporting this treasure-chest, and punishment for having the nerve to ask for the money back, wich obviously were bought from your account.. :-/
It's pretty clear after seeing the people who has bought stolen/used accounts with software, bought on Live and via family-packs, they get to keep using them - without even beeing notifyied that it's stolen, if they don't allready know.
Once - or if - they fix Live, there won't be as much theft from Fifa or other EA-games on a large scale compared to the other platforms..
Psychotext
Member
I still think it's really strange that there aren't many (any?) reports of this FIFA related activity on the PS3... I mean, if Microsoft are to be believed about it being an industry wide problem (phishing, identity theft, weak passwords).
Yeah...
Yeah...
Same happened to my wife's account, even down to the Fifa purchases. Now I'm trying to get $100 back from these assholes, which they say could take weeks. We are also not the typical retards who click on phising e-mail links or go to shady websites, either.
What the fuck is going on, Microsoft? This shit is getting BAD.
Ardenyal
Member
A lot of the Fifa youtubers/livestreamers got hacked a couple months ago. Majority of them play on 360, but Nepenthez had 7 million coins stolen from him on PS3 (He also has a 360 though, so might be a case of using same password on both platforms). These attacks weren't quite as random as most, since all of them got their accounts hacked within a 2 week period so it's quite obvious they were targeted.
Nealand Liquor
Member
Has anyone who got hacked have the 4 digit password activated at the time of the theft?
secretanchitman
Member
the 4 digit keystroke? only is tied to that specific console if i read that correctly. it does nothing in terms of preventing your account from getting hacked. honestly, microsoft needs a steam guard of their own, its getting ridiculous at this point.
Nealand Liquor
Member
How laughably fucking useless if that is the case.
Yeah I do realize that the 4 digit passcode can't stop your account from being hacked, but if it was active on more than one console, the people hacking the account couldn't dl'd the content onto their console.
AndyMoogle
Member
The pass code will be reset when your gamertag is recovered. It's useless.
Nealand Liquor
Member
What a fucking joke...
I was surprised not to see anything about this today...
http://www.joystiq.com/2012/01/17/microsoft-adjusts-reported-live-id-security-concern/
http://www.joystiq.com/2012/01/17/microsoft-adjusts-reported-live-id-security-concern/
It was mentioned a day or two ago although perhaps not in this thread. Some of the stolen accounts reportedly had passwords that were too complex to be cracked in a simple brute force attack, even if there was no limit to the login attempts. But as usual, there's no way to be sure.
Yeah, what I meant is I hadn't seen any mention of the fact that they had seemingly imposed a limit on password fails.
Dr Zhivago
Member
The 4-digit pass code is only really for stuff like stopping kids using a machine without the parents' knowledge.
It is not interesting to hack someone's PSN account. You can't get access to their credit card details. You need to re-enter all CC details on a new console, so they couldn't profit as they do on the 360.
slidewinder
Banned
Oh, that's interesting. Sure seems like they would've noticed if there were mass brute-forcing attempts going on, though, and as epmode says it doesn't explain hacks of accounts with essentially un-bruteforceable passwords.
Baron_Calamity
Member
I still think they figured out some way to recover any account without knowing the password. I captured the data my 360 sends and receives during a recovery of my account off a usb key and it seems to me that the process is relying a lot on the 360 to verify the account is real.
Diseased Yak
Gold Member
My main XBL account hasn't been hacked, but I do have some interesting info nonetheless. For some reason, I have a second Windows Live account that is nothing more than just an empty account that's tied to a Gmail account. This one got hacked yesterday, but since there's nothing there, nothing was done to the account, they didn't even change the password. I just got notified that someone had changed my security questions, so I logged in and changed the password, even though the account means nothing to me.
Now, my main XBL account has an old, non-working email address as it's login, along with a really hard to guess/brute-force password. I'm wondering if since the login points to a non-working email account, is that saving me from having been hacked?
Now, my main XBL account has an old, non-working email address as it's login, along with a really hard to guess/brute-force password. I'm wondering if since the login points to a non-working email account, is that saving me from having been hacked?
i mentioned this earlier in the thread but this is very common among hotmail/live, gmail and yahoo. spammers/hackers have been hijacking emails for a while now. they dont change anything so you wont know they're there until the damage is done. usually they use the account for spamming but they will dig through information and take over accounts else where as well. i had a dummy email i use for junk taken over and i've had two friends also affected. odds are you've gotten spam by people you know that have been hacked. as soon as you see someone sending spam make sure you tell them asap to change their password everywhere.
Psychotext
Member
You can't get someone's "credit card details" on the 360 either. You can simply spend on it. That's irrelevant though, they can still spend any credit they have just fine (which is what they did to my missus's 360 account).
You raise a good point though, why is there not another layer of security to stop you spending without confirmation. Well... stupid question I guess, they don't want to put anything in between you and them getting your lovely cash.
Money on the account is fair game indeed, but I would presume people always just charge the minimal amount they need to charge. That is how I do it on PSN in any case: don't have enough money, let the PSN decide how much I need to charge to buy what I want to buy, don't charge anything more. (Actually, reloading pre-set amounts of money is more difficult than just adding the amount required to pay the items. The last one can be done on checkout, the first one on a seperate tab)
Psychotext
Member
I only ever really tend to buy credit (360 and PS3) when it's on offer. Unfortunately that tends to end up with me having £50 just sat there doing nothing.
FUCK! I have been hacked.. I thought I was safe... The good news is that I didn't have my card linked to the account thank fuck, so they only emptied my MS points balance.. they bought...
TITLE CONTENT TYPE DATE
PREMIUM GOLD PACK Game Consumable 13/01/2012 Add to queue
GOLD PLAYERS PREMIUM Game Consumable 13/01/2012 Add to queue
but when I click they go to error pages.. I'm a little bit stunned.. my password wasn't changed.. I don't know what to do.. do I contact Microsoft and get my account locked for god knows how long, or just live with the 3000 point loss??
TITLE CONTENT TYPE DATE
PREMIUM GOLD PACK Game Consumable 13/01/2012 Add to queue
GOLD PLAYERS PREMIUM Game Consumable 13/01/2012 Add to queue
but when I click they go to error pages.. I'm a little bit stunned.. my password wasn't changed.. I don't know what to do.. do I contact Microsoft and get my account locked for god knows how long, or just live with the 3000 point loss??
CitizenCope
Member
A friend of mine was just hacked last night. As soon as I found out I removed him as a friend. =/
Fifa achievements & point purchases on his card.
Fifa achievements & point purchases on his card.
just an update,
got hacked on the 11th (stolen pts), noticed on the 14th and called right away. they took over my account and gave me 1 month gold within minutes. today i got my account back from them with pts stolen, and another 1 month gold.
it took them 5 days and i got 2 months live and my points back, sucks that it happened but Microsoft has kept me very happy customer.
got hacked on the 11th (stolen pts), noticed on the 14th and called right away. they took over my account and gave me 1 month gold within minutes. today i got my account back from them with pts stolen, and another 1 month gold.
it took them 5 days and i got 2 months live and my points back, sucks that it happened but Microsoft has kept me very happy customer.
Sounds like the turnaround time is getting much better. That's great to hear.
Garcia el Gringo
Member
1-800-469-9269
You just need to choose billing/account when the automated system asks you why you're calling and when you get a support rep on the line report the unauthorized access. You should probably explain every detail of the theft to the rep.
Make sure they copied down your alternate email correctly and that they get all your other info right.
You just need to choose billing/account when the automated system asks you why you're calling and when you get a support rep on the line report the unauthorized access. You should probably explain every detail of the theft to the rep.
Make sure they copied down your alternate email correctly and that they get all your other info right.
Explain the situation.
They will test you with your info (address, email, gamertag, secret question, etc.)
They will ask for an alternate email, make sure you have one available
They will ask for your Console ID / Serial #
just got off the phone, 12 minute call and the guy was American (wow!) I gave him my details, he said I'd get the points back in about 7 days because they had doubled the number of staff who deal with the fraud, but he made me turn on the Xbox for the serial number and I missed the Patriots field goal.. bastard! It was funny hearing him ask me my secret question.. which is not so appropriate to ask someone haha, after all I did set it in 2000
Nealand Liquor
Member
No offense buuuuut it always strikes me as odd how important that is to some in the US.
Im from the UK, you normally get someone outsourced in India.. it's amazing how rare it is to get someone who natively speaks your language.
Anyway.. it's done! It look less than 30 hours for my points to be back in my account.. I assume it was so quick because thankfully I was smart enough to avoid putting a CC on file after seeing MS and their shady tricks, so in the end the only damage is Fifa 12 being on my profile with 2 achievements
Anyway.. it's done! It look less than 30 hours for my points to be back in my account.. I assume it was so quick because thankfully I was smart enough to avoid putting a CC on file after seeing MS and their shady tricks, so in the end the only damage is Fifa 12 being on my profile with 2 achievements
Perhaps you are unfamiliar with useless outsourced help desks? It's not that they can't speak the language or anything, it's that people in that kind of job are forced to comply with a rigid script, never cutting to the heart of the matter.