Support NeoGAF

[Satchel]

Two step works like this.

If you want to change your password, you put in the request on the website and then they send you a code to your cell phone via text (or to another e-mail account) and you then have to enter that code on the website to be able to change the password.

It's an extra layer of protection--especially if you use the text option. As a hacker can't get that verification code unless they have your phone.

Yep, just googled it. Yeah, the banks tend to use this.

But I can understand why Microsoft and Sony haven't been using it all this time, because I guess from their point of view, they wouldn't have expected to, and it seems like a bit of an inconvenience to need this everytime you want to use your gaming console.

Like I said, after the hack stuff became more prevalent, I added the Xbox Live passcode (the one that's been around since the OG Xbox where you use a passcode created with button combos on the controller) on top of having to use my Windows Live password.

You'd think adding the Xbox Live passcode AND Windows Live ID password should be enough without having to resort to 2-step for a gaming console?

 

[Deleted member 752119]

You'd think adding the Xbox Live passcode AND Windows Live ID password should be enough without having to resort to 2-step for a gaming console?

No, because if they have your Windows Live ID and password they can log into your account on Xbox.com and cause all kinds of problem.

My hacker never got my gamertag downloaded to his console. I didn't have to recover it when I called support the first time after getting the e-mail that my account had been migrated to Russia. I could still sign into my gamertag on my console, the dashboard was just in Russian etc.

So that second sign in on the console itself won't stop this problem. The 2 step would keep them from doing things like changing passwords, migrating accounts, spending points from Xbox.com etc. as they wouldn't be able to get the verification code.

 

[George Claw M.D.]

Considering all this talk about 2-step security... Maybe Microsoft just doesn't want to implement 2-step, because it would add a barrier to easily spending money on XBL, and the lost potential sales outweigh the hassle of dealing with all of these hacked accounts. Compare simply clicking a button a few times to purchase something, to having to do the same thing, plus waiting for an additional code, then having to manually enter it, on XBL. That's enough to kill many impulse purchases, and all the purchases that junior may have made without his parents' permission. Or, say someone was about to make an impulse purchase, then realized he left his phone in the upstairs bedroom. Instead of getting the phone, to receive the text/email code, a lot of people will just say, "Fuck it." There goes a lost sale.

Of course, I have no idea what drives these decisions at MS, but these are just thoughts that occurred to me, while reading this thread.

 

[Live Free or Die]

Sony confirms they get hacked/security breach and they apologize:

While over at MS:

 

[Deleted member 752119]

Considering all this talk about 2-step security... Maybe Microsoft just doesn't want to implement 2-step, because it would add a barrier to easily spending money on XBL, and the lost potential sales outweigh the hassle of dealing with all of these hacked accounts. Compare simply clicking a button a few times to purchase something, to having to do the same thing, plus waiting for an additional code, then having to manually enter it, on XBL. That's enough to kill many impulse purchases, and all the purchases that junior may have made without his parents' permission. Or, say someone was about to make an impulse purchase, then realized he left his phone in the upstairs bedroom. Instead of getting the phone, to receive the text/email code, a lot of people will just say, "Fuck it." There goes a lost sale.

Of course, I have no idea what drives these decisions at MS, but these are just thoughts that occurred to me, while reading this thread.

They don't really need 2 step for simple purchases.

Just for anything like changing passwords, e-mail address, secret question, account region etc.

If points just get spent, it's easy enough to investigate that and get the account back--hence why they're turning them around in 3 days.

It's when the hackers can get full control of the account and really mess things up that makes cases more complicated.

 

[George Claw M.D.]

They don't really need 2 step for simple purchases.

Just for anything like changing passwords, e-mail address, secret question, account region etc.

If points just get spent, it's easy enough to investigate that and get the account back--hence why they're turning them around in 3 days.

It's when the hackers can get full control of the account and really mess things up that makes cases more complicated.

Okay. That makes more sense.

 

[Deleted member 752119]

Okay. That makes more sense.

Forgot a key part, they should require that verification code to sign on to xbox.com from an unrecognized computer (like a lot of banks do) or to sign-in/download the gamertag to a different console.

That would pretty much totally shut out hackers from getting control of the accounts in the first place.

 

[elcranky]

PSN hack = nobody lost money, get locked out of account for one month for security, get free games, Sony loses face.
XBL hack = people losing money, get locked out of account for one month if hacked, hopefully get reimbursed if you nag a lot, MS doesn't lose face.
-> Honestly, I prefer dealing with the first company. At least that company was able to FIND and FIX the problem after a month.

The fundamental problem with your thesis is that you assume that there is a problem with MS or Live. That is not the problem because there is NO XBL HACK. The problem was all of the gaming forums getting hacked and information stolen combined with weak user password controls. I know for sure as that is what happened to me. I also got a full refund and my account back in less than 30 days.

 

[Deleted member 752119]

Well the attention my blog got solved the issue. Got a call from an Assistant Manager, the account is being unbanned and they're sending me a new console.

It was real crazy mix up and set of coincidences. I won't waste time typing it up here as I already wrote it up in a new blog over at CAG and here's a link to that:

http://www.cheapassgamer.com/forums/blog.php?b=23488

 

[Yagharek]

Well the attention my blog got solved the issue. Got a call from an Assistant Manager, the account is being unbanned and they're sending me a new console.

It was real crazy mix up and set of coincidences. I won't waste time typing it up here as I already wrote it up in a new blog over at CAG and here's a link to that:

http://www.cheapassgamer.com/forums/blog.php?b=23488

Yet more proof that Microsoft don't do customer service, only damage control.

 

[Yagharek]

I'm still sitting at almost 6 months without getting $53.64 (4000 MS points), refunded from when my account was hacked. Just left my latest message with the Specialist who was supposed to help me.

I tried having Xbox Customer Support take care of it. I have a good 4-5 emails from attempts telling me that money would be refunded that never went through.
I've taken it to the BBB, the specialist who responded (who I'm in contact with again), did not issue the refund properly.
I tried taking it to my bank, microsoft said that my bank was not authorized to refund me, and took the money back that the bank had issued me in return.

I've removed all my payment info off because of this, and even switched phones (Was a windows phone user) in large part because of this bullshit. Hopefully he gets his shit taken care of, I'm still waiting on mine.

And now we need to get Microsoft to pull their finger out and fix this guy's problems.

 

[alr1ght]

I am shocked at this turn of events.

 

[epmode]

Well the attention my blog got solved the issue. Got a call from an Assistant Manager, the account is being unbanned and they're sending me a new console.

Classic Microsoft. Nothing will change. If I were you, I wouldn't even update the blog with this information.

I'd like to put more money into my account to pick up the Arcade stuff I've missed recently but I think I'll hold out until they put in some kind of two-step verification.

 

[Hero_of_the_Day]

A series of completely random numbers:

1:17
1:22
1:24
1:31
1:34
1:36
1:39
1:40
1:43
1:44
1:47
1:50

Someone please tell me what this post means...

 

[George Claw M.D.]

Yet more proof that Microsoft don't do customer service, only damage control.

The squeaky wheel gets the grease, as the saying goes. It really sucks, but it's an unfortunate reality of many companies, across many industries. A single, unhappy, vocal customer can cost a business more than would a thousand, unhappy, yet silent customers.

 

[dallow_bg]

Kotaku posted it, heh.
Glad it worked out, they really need to evaluate their procedures.

http://kotaku.com/5881425/the-ridiculous-three+month-ban-of-an-innocent-xbox-gamer

 

[Derrick01]

You would think MS would have learned not to ignore a problem until it becomes a huge problem. Apparently they're still learning that lesson.

 

[Dan Yo]

I'm taking my credit card off of my account immediately. Sure it means I'll make less purchases on Live and impulse buying will pretty much be out the window, but it's better than this shit. Get your shit together, MS.

 

[damn that's nice]

He finally got owned.

.

 

[Mxrz]

It somehow ended up in the hands of a hacker who used it to hack some high profile gamertags of MS employees etc.

What the shit? They told you this?

A person has to have some serious balls to leave a card on an account with the way they're running stuff over there.

 

[Deleted member 752119]

What the shit? They told you this?

The Assistant Manger from MS told me that was what happened.

As I detailed in the blog linked above, I'd just dropped the RROD'd 360 off at Best Buy to recycle when I bought a new Slim to replace it.

Guess either someone at Best Buy or somewhere along the chain they send electronics to for recycling stole it, fixed it and used it for hacking.

Just a crazy, freak event I guess.

 

[Curufinwe]

Well the attention my blog got solved the issue. Got a call from an Assistant Manager, the account is being unbanned and they're sending me a new console.

It was real crazy mix up and set of coincidences. I won't waste time typing it up here as I already wrote it up in a new blog over at CAG and here's a link to that:

http://www.cheapassgamer.com/forums/blog.php?b=23488

That's awesome, and as a fellow CAG member it's good to know I can write a blog there if I ever get dicked over by Microsoft.

Someone please tell me what this post means...

They are time stamps of Speedymanic's posts on the first couple of pages. The hour is probably different for you, but the minutes should be same.

 

[Deleted member 752119]

That's awesome, and as a fellow CAG member it's good to know I can write a blog there if I ever get dicked over by Microsoft.

Yeah, the CAG community is truly awesome.

I can't thank them enough for all the buzz the generated passing my blog on to gaming sites, twitter feeds of MS staff etc. and creating a big uproar over my story that I never could have done on my own.

Also big thanks to the editors at Kotaku and Joystiq for acting on my story and contacting MS for comment ,and Kotaku for still running the story with details on the resolution so the story gets the publicity it deserves to make sure the same thing doesn't happen to others.

 

[Satchel]

No, because if they have your Windows Live ID and password they can log into your account on Xbox.com and cause all kinds of problem.

My hacker never got my gamertag downloaded to his console. I didn't have to recover it when I called support the first time after getting the e-mail that my account had been migrated to Russia. I could still sign into my gamertag on my console, the dashboard was just in Russian etc.

So that second sign in on the console itself won't stop this problem. The 2 step would keep them from doing things like changing passwords, migrating accounts, spending points from Xbox.com etc. as they wouldn't be able to get the verification code.

Yep, good point. Didn't think of that.

 

[CitizenCope]

I'm taking my credit card off of my account immediately. Sure it means I'll make less purchases on Live and impulse buying will pretty much be out the window, but it's better than this shit. Get your shit together, MS.

Yeah I finally did it yesterday. No more impulse buys. I actually used the video marketplace a lot for movies. Really too bad.

 

[Yagharek]

I'm done with the MS points system now if this shit keeps happening. They make it so easy for your account to be hijacked one way, relative to how impossible it is for them to fix it. With any luck, more high profile MS people get hacked too. That might get them to catch on that yes, there is an inherent and serious flaw.

Incidentally, if its an innate flaw in their security, anyone in Australia would do well to test out if they can get a refund on all their purchases on xbl with our new consumer protection laws.

 

[RedNumberFive]

Yeah I finally did it yesterday. No more impulse buys. I actually used the video marketplace a lot for movies. Really too bad.

Yeah, my impulse buys have completely stopped since this shit started happening. I was really close to grabbing Raidiant Silvergun and Guardian Heroes, but haven't been bothered to pick up a points card.

 

[Risible]

This is why I've resisted digital-only content thus far - there's no way of telling how this is going to develop. If at all possible I still only buy hard copies of my games. I see too many people getting screwed over digital content.

 

[water_wendi]

This is why I've resisted digital-only content thus far - there's no way of telling how this is going to develop. If at all possible I still only buy hard copies of my games. I see too many people getting screwed over digital content.

One of the larger tests is coming soon. What happens to all the purchased games when the new consoles hit? i think there is too much money at stake to let people keep playing their previously bought games on the new next gen systems.

 

[Deleted member 752119]

One of the larger tests is coming soon. What happens to all the purchased games when the new consoles hit? i think there is too much money at stake to let people keep playing their previously bought games on the new next gen systems.

I don't think that will be an issue.

On 360 and PS3 they're tied to your account rather than the console. So moving the licenses to a next gen console should be no different than moving them to a new machine like you can currently.

It's not going to cost them any sales. Someone isn't going to by next gen downloadable games just because they can still play Castle Crashers and Braid. So it's no different than any kind of backwards compatibility in that regard.

 

[Phat Michael]

Ive been on XBL since around 2003/4.

The customer service at MS is the worst thing ive ever had to deal with. I cant change my region, they told me that IF i used a 12 month gold subscription they would flat out double charge me on the credit card i have stored on my account on top of that.

I told them that;s ridiculous - im going to just change one of the numbers so it doesnt go through and ill use the 12 month gold cards - they said if i did that id be permanently banned from XBL.

They keep telling me that because im on the AUS server, i cant use the "remove my CC details" because this is not allowed in australia. I tried to do it by phone, i had to wait for 30 mins (International call for me now) so i hung up.

Im basically a prisoner of this, im stuck using a CC i dont have access to anymore and if that ever fails ill be banned from XBL and lose all my XBLA games. I tried to approach them civilly to remove it, and every time i wrote back to them it was someone new who wasnt familiar with my case.

This has now gone on since October last year and i still cant get them to remove the CC. IT auto charged me in November for anohter year....

 

[charlequin]

i think there is too much money at stake to let people keep playing their previously bought games on the new next gen systems.

We live in a post-iPhone world now; at this point there's too much money at stake to not let people.

 

[Joni]

The fundamental problem with your thesis is that you assume that there is a problem with MS or Live. That is not the problem because there is NO XBL HACK. The problem was all of the gaming forums getting hacked and information stolen combined with weak user password controls. I know for sure as that is what happened to me. I also got a full refund and my account back in less than 30 days.

It is however not what happened to all users here, and many here have stated to use unique passwords. Most of the forum hacks didn't get passwords btw. Those things are stored hashed in most cases, that is not easy to reverse. Aside from that, it would also a lot of failed login attempts coming in which should also alert MS. Aside from that, they really need to prevent someone from accessing CC data on another console if they can't type in the CC number. Logically, if it is really phishing/other hacks; PSN should have as much stolen accounts.

 

[Kujo]

Wow, Speedymanic, wow

 

[El'Kharn]

We live in a post-iPhone world now; at this point there's too much money at stake to not let people.

Good point.

Wow, Speedymanic, wow

Yea thats some pretty heavy shit right there..

 

[user_nat]

All these threads go the same way, so I don't really want to get into the hack stuff.

But, why has he lost access to all the content he has purchased? It is all tied to the console and gamer tag.

Do they invalidate the console lisences when banning an account or something?

Edit: so it was fixed, I need to get some media connections

 

[Augemitbutter]

Ive been on XBL since around 2003/4.

The customer service at MS is the worst thing ive ever had to deal with. I cant change my region, they told me that IF i used a 12 month gold subscription they would flat out double charge me on the credit card i have stored on my account on top of that.

I told them that;s ridiculous - im going to just change one of the numbers so it doesnt go through and ill use the 12 month gold cards - they said if i did that id be permanently banned from XBL.

They keep telling me that because im on the AUS server, i cant use the "remove my CC details" because this is not allowed in australia. I tried to do it by phone, i had to wait for 30 mins (International call for me now) so i hung up.

Im basically a prisoner of this, im stuck using a CC i dont have access to anymore and if that ever fails ill be banned from XBL and lose all my XBLA games. I tried to approach them civilly to remove it, and every time i wrote back to them it was someone new who wasnt familiar with my case.

This has now gone on since October last year and i still cant get them to remove the CC. IT auto charged me in November for anohter year....

wow, this is terrible.

 

[CadetMahoney]

I'm taking my credit card off of my account immediately. Sure it means I'll make less purchases on Live and impulse buying will pretty much be out the window, but it's better than this shit. Get your shit together, MS.

I'm in the UK, how do I get them to get my credit card off their database so it doesn't show on xbox live account as having a card on file to make purchases?

 

[dark10x]

Just one more reason why I'm not OK with a fully digital download future. I don't want Microsoft or any other company to hold the keys to my games.

Of course, as a retro collector, this probably bothers me more than most people. :\

 

[NIGHT-]

Well, we are only getting one side of the story...

Not saying the guy is leaving info out, but something doesn't really add up when the majority get their accounts back with zero problems.

Yea, something is def off about this story

 

[RedNumberFive]

Just one more reason why I'm not OK with a fully digital download future. I don't want Microsoft or any other company to hold the keys to my games.

Of course, as a retro collector, this probably bothers me more than most people. :\

I'm with you 100%. I love knowing that every old game I own starting from the 2600 will always be playable as long as I have a working console. My kids will always be able to play my NES games, I doubt they'll be able to play my PSN and XBLA purchases in the future.

 

[Htown]

The answer is not to abandon digital distribution entirely. The solution is to say "screw Microsoft" and take your business elsewhere.

 

[dab0ne]

A series of completely random numbers:

1:17
1:22
1:24
1:31
1:34
1:36
1:39
1:40
1:43
1:44
1:47
1:50

Completely random!?!?!? These are in sequential order you sequential order fanboy!!! Chronological order FTW!!!

 

[LAUGHTREY]

If the three months without your account isn't enough to make you want to not pay for xbox live anymore, the banned after the fact should.

 

[test_account]

Doesn't take away from the fact that at least MS, in the majority of cases do return accounts unlike Sony who even refuse to accept an account could have been hacked.

The difference is that the case you're referring to (i guess it was the case that was posted on GAF where the guy lost £200 or so?) is an isolated case. The cases with MS isnt isolated when it happeneds to so many people.

Honest question, how did MS handle complaints like back in i.e 2009 when people said that their account had been hacked? Did MS just give them their money back?

 

[Omikaru]

This is just a typical MS hacking scenario which we're hearing so much about. Someone gets the short end of the stick, kicks up a stink, bloggers and gaming community at large start building up into outrage, and then MS corrects it.

They really are a fucking awful company. You'd think by now that they'd have mechanisms in place to account for mistakes that leave their customers screwed over, because they seem to be making enough of them. People shouldn't have to kick up a stink with bloggers and the gaming community just to get MS to do the right thing.

One of the larger tests is coming soon. What happens to all the purchased games when the new consoles hit? i think there is too much money at stake to let people keep playing their previously bought games on the new next gen systems.

Yes, because Sony have blocked all digital content bought on or for the PSP from going to Vita. And Nintendo obviously never let people transfer their DSi Ware purchases to the 3DS.

I'm sure the same will be applied to the PS3 to PS4, Wii to Wii U and Xbox 360 to whatever MS calls their next console. We are all screwed.

Oh, wait...!

It's pretty much expected that stuff you buy digitally will seamlessly move to the next system. It's not like the olden days where they could change the cartridge slot and get away with it. The first company to try that shit in the next generation is going to learn the hard way that it's a very dumb move.

 

[itxaka]

This is just a typical MS hacking scenario which we're hearing so much about. Someone gets the short end of the stick, kicks up a stink, bloggers and gaming community at large start building up into outrage, and then MS corrects it.

They really are a fucking awful company. You'd think by now that they'd have mechanisms in place to account for mistakes that leave their customers screwed over, because they seem to be making enough of them. People shouldn't have to kick up a stink with bloggers and the gaming community just to get MS to do the right thing.
.

Problem is, the culprit here seems to be the end user (not talking about this case but in general) getting phised, hacked, etc.. so it's not MS fault. They are "losing money" if they give the points back and such so Im guessing they do not try really hard to give the customer the money back as they feel it wasn't their fault at all.

Gotta see both points of view! Still MS support sometimes sucks sometimes is awesome. Guess it's a lucky chance.

 

[Curufinwe]

Yeah, my impulse buys have completely stopped since this shit started happening. I was really close to grabbing Raidiant Silvergun and Guardian Heroes, but haven't been bothered to pick up a points card.

I'm sitting on a 1600 points card, but I will only redeem it when I'm ready to spend all of it.

 

[Amagon]

Wow, Speedymanic, wow

Its been a while since I've seen a genuine troll round here.

LOL!

 

[snap0212]

The answer is not to abandon digital distribution entirely. The solution is to say "screw Microsoft" and take your business elsewhere.

Where? On Nintendo systems, you buy games that are tied to your system. On Sony's platforms, you never know when a certain title / add-on, avatar, whatever, might be available in your region and the store and everything surrounding it has not improved enough since it launched. Sony clearly doesn't get DD and while Nintendo seems to be heading in the right direction, they're not there yet and their service probably won't be as good as Microsoft's.

These hacks are horrible and no one should give Microsoft their credit card details, but they're still the best (on consoles) when it comes to digital distribution of content. Far better than Sony and Nintendo combined, and that's why people will keep using MS's service.