cpp_is_king
Member
While i agree that this is not a social engineering attack, how does this site demonstrate that?
6 . Scamers / Liers buy eleswhere !!!
While i agree that this is not a social engineering attack, how does this site demonstrate that?
Wow, that blog is a fascinating read. Wonder if any of the gaming "news" sites will run a story on it.
Wow, that blog is a fascinating read. Wonder if any of the gaming "news" sites will run a story on it.
Well, I'll post a new thread on this anyways. This is pretty fascinating stuff.
Wow, that blog is a fascinating read. Wonder if any of the gaming "news" sites will run a story on it.
While i agree that this is not a social engineering attack, how does this site demonstrate that?
Do you have to call in to remove your last remaining payment option? Xbox.com won't let me remove my Paypal account since it's associated with an active service. I've turned off autorenewal and I've already paid in full for the XBL subscription. So that seems bullshitty.
Think I'll just delete my Paypal account. Keep hearing bad stuff about that company as well.
From xbox.com you can remove any payment option you have.
I just did it a few minutes ago.
From xbox.com you can remove any payment option you have.
I just did it a few minutes ago.
Depends on your state's laws.
It's a regional thing. I live in Illinois, and being able to cancel via the web is required by law here. A few states over, and you need to call in to cancel. In other words, it's not consistent, and YMMV.
Well I guess my account got bungled up somehow then. In which case I'll absolutely just cancel my Paypal account instead as this has the potential of turning into a stupid hassle. I hate hassles, especially stupid ones.From xbox.com you can remove any payment option you have.
I just did it a few minutes ago.
As do I. Sweden, specifically.Didn't know that. I live in Europe. xD
How hard would it be for Microsoft to add 2-step verification to their systems? Why hasn't it been implemented yet?
I can stop auto-renew, but can't remove my CC or else they cancel my account. (Or so they say).
Does Stepto care about this hacking stuff?
As do I. Sweden, specifically.
That's really messed up. I just tried to remove my CC and I can't since my subscription is still active. And that's with auto-renew off.
What a terrible system.
Does Stepto care about this hacking stuff?
Happened to my gf over the weekend. She's never played FIFA, never shared details and she's never even played online multiplayer and only uses her 360 for games like Peggle and De Blob. She logs in yesterday to find she has bought "GOLD JUMBO PACKS" among other things and her point balance drained, whilst also having achieved 25 gamer points on FIFA 12 which she has never own nor played.
Her credit card details were on her account but luckily it looks like they went no further than her points and we've since changed her password. There's far more to all this than Microsoft is letting on - it's far beyond just a "phishing" issue and this incident would show.
It's clearly just a new way to monetize phished accounts.This is pretty damning evidence for MS. But never mind, Geoff Keighly and stepto are on the case!
Make sure the customer service rep spells your contact e-mail address right if your account gets hacked...
Apparently the original customer service rep fucked up my e-mail address I gave her, and after the investigation was complete (about 25 days) they apparently tried to send me an e-mail to reclaim my account. I called after not hearing anything and they said they would fix my e-mail address and send it again. Well two weeks later I still hadn't heard and it turns out that to fix your e-mail address they have to RE-INVESTIGATE and change your e-mail address.
So now I wait another 25 days.
So I'll update this just to make myself feel better. Here's a clarification to the original post and an update:
11/15: I get an e-mail that my points have been successfully transferred. Knowing I didn't do this I call MS, and they tell me that my account was hacked and they'll investigate it's going to take 25 days. THE CUSTOMER SERVICE REP MISSPELLS MY EMAIL ADDRESS (this is important later).
12/15: I haven't heard from them yet, no e-mails or anything so I call them. The guy explains that he'll have the e-mail resent and it will take 10 days to get the e-mail.
12/27: I talk to someone who explains that they actually misspelled my e-mail address and the only way to change the e-mail address is to reinvestigate the account and the account investigation team will change the e-mail during this process (customer service rep doesn't have access to change this address).
1/9: I get an e-mail saying that the investigation is complete and I should get an e-mail within 24 hours on how to access my account again.
1/12: After not getting an e-mail I call MS again and they notice that the account that MS linked my gamertag to (they create a temporary @live.com account and link your gamertag to it when you get your account hacked) is still setup with the misspelled e-mail address from 11/15 as the contact address. After 2 hours and 15 minutes on the phone, they submit the third investigation.
So now I'm waiting another 12-25 days to see if they will change the e-mail address. There were lots of other calls that I didn't include here because it was just me spending an hour on the phone and getting nowhere. Also they keep recommending I call live.com for support, even though the number they give me is for customers of their paid service, and they obviously wouldn't be able to help me.
TL;DR: Microsoft needs to change the e-mail address in one field in some stupid fucking database somewhere and it's taken more than a month for them to do it.
12/26/11 - Called Xbox Live to notify them that my account was receiving fraudulent charges on 12/20/11 in the amount of 7980 points. . . Either way I'm glad it's over.
Holy crap guys, look at this. (warning: may be NSFW, enter using a secure browser)
http://www.tradetang.com/wholesale-Virtual-Products_c40.html
Almost ~1,500 Xbox Live accounts ready to buy. Some examples:
Holy shit man. Social engineering my ass.