cpp_is_king
Member
While i agree that this is not a social engineering attack, how does this site demonstrate that?
-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
Hey, has your Xbox Live account been hacked/FIFA'd? Post here!
- Thread starter chubigans
- Start date
Chinpoko_Master
Member
Has anyone filed a lawsuit yet? Because it kinda sounds like that's where this could be going.
Well if anything it clears up the confusion as to why people were "hacking" live accounts just for a few fifa packs. I thought it was to sell them on ebay or something.
As it turns out the hackers are hackin' accounts and then putting them on auction sites. Then someone buys an account, buys whatever content they want and gets to keep said content on their consoles.
Ahahhaha.
RedNumberFive
Banned
If they do, they'll wait for GAF to do the work for them first.
Good idea. Its a big development.
Zoe
Member
She's pretty serious about spreading the news (I first saw it on LJ). Hope it sticks somewhere...
VibratingDonkey
Member
Do you have to call in to remove your last remaining payment option? Xbox.com won't let me remove my Paypal account since it's associated with an active service. I've turned off autorenewal and I've already paid in full for the XBL subscription. So that seems bullshitty.
Think I'll just delete my Paypal account. Keep hearing bad stuff about that company as well.
Think I'll just delete my Paypal account. Keep hearing bad stuff about that company as well.
bigtroyjon
Member
The size of the operation(appears to be larger than previously thought) combined with people in this thread saying all their social circle is getting hit, makes me think they might be buying personal info from people and using that in some kind of social hack.
The incompetence shown by MS in all aspects of this situation is mind blowing.
metareferential
Member
From xbox.com you can remove any payment option you have.
I just did it a few minutes ago.
Zoe
Member
Depends on your state's laws.
RedNumberFive
Banned
It's a regional thing. I live in Illinois, and being able to cancel via the web is required by law here. A few states over, and you need to call in to cancel. In other words, it's not consistent, and YMMV.
Garcia el Gringo
Member
How hard would it be for Microsoft to add 2-step verification to their systems? Why hasn't it been implemented yet?
metareferential
Member
VibratingDonkey
Member
Well I guess my account got bungled up somehow then. In which case I'll absolutely just cancel my Paypal account instead as this has the potential of turning into a stupid hassle. I hate hassles, especially stupid ones.
As do I. Sweden, specifically.
VibratingDonkey
Member
I sent en email to Joystiq asking to ask Microsoft about that and he replied saying they have, a couple of times. What you see in their article is the answer to their questions.
He said they'll keep working on this though, so that's encouraging. Maybe we'll start getting some actual answers eventually.
That's really messed up. I just tried to remove my CC and I can't since my subscription is still active. And that's with auto-renew off.
What a terrible system.
metareferential
Member
Switzerland, here.
I just went to "my account>payment options" and deleted everything (there still was an empty CC).
From the web, of course. Maybe some countries don't have that option.
FairXchange
Member
I'm stuck with the same BS. I have a promo where I got points and a 2 year sub. for $100 and now I can't cancel my CC because I won't be charged until my original Live runs out.
Absolutely ridiculous.
Garcia el Gringo
Member
Yes. When it happens to somebody with an audience.
jaydogg691
Member
Oh shit at the mothers story. Just removed my PayPal account from my Xbox.
Monty Mole
Member
So, following a conversation with Microsoft they've told her that her account will be "suspended for up to 25 days" pending an investigation, so they can check console IDs etc. Seems some people have been waiting a lot longer than 25 days in this thread though!
Neither of us can remove our credit card details on either of our accounts because our Xbox Live subscriptions are still valid. I don't even have auto-renewal on mine - complete bs!
Psychotext
Member
It's clearly just a new way to monetize phished accounts.
Psychotext
Member
VG247 did a little writeup on this (specifically with regard to the woman who got screwed over): www.vg247.com/2012/01/06/new-cases-of-xbox-live-account-hacking-come-to-light
Edit - Eurogamer too: http://www.eurogamer.net/articles/2012-01-06-a-january-account-of-xbox-live-hacking-and-fraud
Edit - Eurogamer too: http://www.eurogamer.net/articles/2012-01-06-a-january-account-of-xbox-live-hacking-and-fraud
MikeE21286
Member
Reporting back on my status
12/26/11 - Called Xbox Live to notify them that my account was receiving fraudulent charges on 12/20/11 in the amount of 7980 points. Account was suspended (told it could take 30 days)
1/6/12 (today) - Just received an email that investigation on my account was over. I recieved all 7980 points back (in the form of a code for me to redeem) and also received an extension on my XBL Gold membership (what length I'm not sure, it didn't say in the email --- I had already received a 30 day extension in an earlier email on 12/27/11, and I'm assuming this code does the same --- however I'm not sure if they gave me two unique codes or just copy/pasted the code from the earlier email)
Either way I'm glad it's over. They had to assign me a temp/fake windows live ID for the time being, which I can't change again for 30 days (per their policy on 1 windows live ID change within a 30 day window).
edit: It looks like I actually received back (2) 1 month Xbox Live Codes and 8000 MS Points (4500 point code + 3500 point code)
12/26/11 - Called Xbox Live to notify them that my account was receiving fraudulent charges on 12/20/11 in the amount of 7980 points. Account was suspended (told it could take 30 days)
1/6/12 (today) - Just received an email that investigation on my account was over. I recieved all 7980 points back (in the form of a code for me to redeem) and also received an extension on my XBL Gold membership (what length I'm not sure, it didn't say in the email --- I had already received a 30 day extension in an earlier email on 12/27/11, and I'm assuming this code does the same --- however I'm not sure if they gave me two unique codes or just copy/pasted the code from the earlier email)
Either way I'm glad it's over. They had to assign me a temp/fake windows live ID for the time being, which I can't change again for 30 days (per their policy on 1 windows live ID change within a 30 day window).
edit: It looks like I actually received back (2) 1 month Xbox Live Codes and 8000 MS Points (4500 point code + 3500 point code)
Psychotext
Member
Just to keep this thread updated... seems we have another thread ongoing with new info: http://www.neogaf.com/forum/showthread.php?p=34047504
Psychotext
Member
If you've got a paypal account attached, I'd remove the debit / credit card from it. I wouldn't trust Microsoft to lock your account properly (once you've reported it).
So I'll update this just to make myself feel better. Here's a clarification to the original post and an update:
11/15: I get an e-mail that my points have been successfully transferred. Knowing I didn't do this I call MS, and they tell me that my account was hacked and they'll investigate it's going to take 25 days. THE CUSTOMER SERVICE REP MISSPELLS MY EMAIL ADDRESS (this is important later).
12/15: I haven't heard from them yet, no e-mails or anything so I call them. The guy explains that he'll have the e-mail resent and it will take 10 days to get the e-mail.
12/27: I talk to someone who explains that they actually misspelled my e-mail address and the only way to change the e-mail address is to reinvestigate the account and the account investigation team will change the e-mail during this process (customer service rep doesn't have access to change this address).
1/9: I get an e-mail saying that the investigation is complete and I should get an e-mail within 24 hours on how to access my account again.
1/12: After not getting an e-mail I call MS again and they notice that the account that MS linked my gamertag to (they create a temporary @live.com account and link your gamertag to it when you get your account hacked) is still setup with the misspelled e-mail address from 11/15 as the contact address. After 2 hours and 15 minutes on the phone, they submit the third investigation.
So now I'm waiting another 12-25 days to see if they will change the e-mail address. There were lots of other calls that I didn't include here because it was just me spending an hour on the phone and getting nowhere. Also they keep recommending I call live.com for support, even though the number they give me is for customers of their paid service, and they obviously wouldn't be able to help me.
TL;DR: Microsoft needs to change the e-mail address in one field in some stupid fucking database somewhere and it's taken more than a month for them to do it.
What a bunch of clowns.
I feel for you, that series of events would have made me lose it.
I think I almost got FIFA'd. I got an email stating someone added a recovery email address to my LIVE account. The email address was they added was some string of numbers at qq.com. Luckily I noticed the email quickly, logged into my Live account and removed that email as a recovery email and changed my password before they were able to spend any MS points. I've never given out my Live credentials anywhere, so I have no idea how they were able to do this.
CadetMahoney
Member
Congrats on getting it sorted.
BJK
Member
My account got hit this morning (1/14). I've only bought things on the 360 via point cards, so my damage is limited to the $15 I still had in the account. I haven't been a gold subscriber in over a year (don't play online much, and I have a PS3 for when I do), so I couldn't tell you what my EA account password even used to be.
Same hack as everyone else seems subject to. Pair of FIFA achievements, plus a notification at startup that my last login was on another device. Here's a cut & paste of the billing statement on the account:
1/14/2012 GOLD PACK -- Game Consumable -80 0
1/14/2012 GOLD PLAYERS PREMIUM -- Game Consumable -280 80
1/14/2012 GOLD PLAYERS PREMIUM -- Game Consumable -280 360
1/14/2012 GOLD PLAYERS PREMIUM -- Game Consumable -280 640
1/14/2012 GOLD PLAYERS PREMIUM -- Game Consumable -280 920
...so I know it happened this morning.
Sent the e-mail to Microsoft Customer Support; we'll see how long it takes to investigate / refund. Can I still play on the 360 during the investigation period? (If not, I'll have to finish Bastion - my last purchase on the account - some other time.)
Same hack as everyone else seems subject to. Pair of FIFA achievements, plus a notification at startup that my last login was on another device. Here's a cut & paste of the billing statement on the account:
1/14/2012 GOLD PACK -- Game Consumable -80 0
1/14/2012 GOLD PLAYERS PREMIUM -- Game Consumable -280 80
1/14/2012 GOLD PLAYERS PREMIUM -- Game Consumable -280 360
1/14/2012 GOLD PLAYERS PREMIUM -- Game Consumable -280 640
1/14/2012 GOLD PLAYERS PREMIUM -- Game Consumable -280 920
...so I know it happened this morning.
Sent the e-mail to Microsoft Customer Support; we'll see how long it takes to investigate / refund. Can I still play on the 360 during the investigation period? (If not, I'll have to finish Bastion - my last purchase on the account - some other time.)
got my account taken for 3000 ms pts, same shit as everyone. they played fifa 12 and downloaded zune. MS said it could take up to 30 days and almost seemed like a routine to them. I asked them to disconnect the EA game fifa 12 from their service if it's creating a problem and they just said it's a problem with EA's service. I wish they would just disable fifa 12 from xbox live and everything would be settled.
I have a paypal payment option on my account, but I have changed the password since I last used it on the Xbox. This means it is essentially useless, right? I can't remove it as it is "tied" to my 12-month App Hub developer trial - which is free - and apparently my local laws don't give me any right to remove it.
Also, what I can't help but notice is that if those accounts being sold don't have anything to do with the FIFA cards, then what we're dealing with could be someone hacking the accounts, then selling them to these guys, who then sell them to people who buy the FIFA stuff. That's such a ridicolous process. No wonder it's hard to see a pattern.
Also, what I can't help but notice is that if those accounts being sold don't have anything to do with the FIFA cards, then what we're dealing with could be someone hacking the accounts, then selling them to these guys, who then sell them to people who buy the FIFA stuff. That's such a ridicolous process. No wonder it's hard to see a pattern.
Psychotext
Member
Yeah, it's fairly clear that the people hacking the accounts are staying well away from stealing from them too.
So exactly how do you come to the conclusion that social engineering isn't used to obtain the accounts?
All you see is them selling the account which isn't the problem. Problem is the fact that they're obtaining ACCESS to them. HOW???
Nealand Liquor
Member
Please could someone tell me how you see the devises that have accessed your account?
Just came across this thread. I also had my account hacked over christmas break. Scariest thing ever to be getting e-mails from PayPal to my phone for $100 charges. Total BS. And stupid MS requires a console ID and I was obviously away from home for a couple weeks. Luckily I just disputed it with PayPal and got it back. Microsoft is never getting my money again.
Any idea how this happened? I am not a typical dumb internet user. I was not tricked by any phishing scams (i barely even log in online to Xbox.com), I have strong passwords, etc. Just very strange.
Any idea how this happened? I am not a typical dumb internet user. I was not tricked by any phishing scams (i barely even log in online to Xbox.com), I have strong passwords, etc. Just very strange.