Support NeoGAF

[ShallNoiseUpon]

Had this happen to me in the middle of July. Still waiting on their Investigation team to do something about the $120 I'm still missing, my bank refuses to do anything unless Microsoft won't do a refund.

At least the guy I've talked to with customer service calls me weekly to give me updates and ask if I have any questions.

Edit: He said the email associate with the account was changed to @hotmail.co.kr or something. Worst part? My xbox was RROD and I kept putting off calling to get the account canceled and card information removed. I guess partially my fault.

 

[okenny]

People should make sure they weren't rooted or have malware on their system. It's really hard to even keep enough info private to not be a victim of social engineering. I came into work one day and my coworker started reading out my parents address (where I lived 15 years prior) and listing my last few phone numbers and places of residence. Aside from being freaked out by her, I was surprised at how my identity was being held hostage by many government and private entities and released to the public unless I paid extra to keep it private.

Gotta be extra careful now and watch your cash flow and credit reports Who know my budget would have line items for identity protection.

 

[depths20XX]

Same thing happened to me last Wednesday. They bought 4000 points and 6000 points. Then purchased a bunch of xbla games while I was at work. Live account is now suspended. MS support gave me very little peace of mind and basically just said I'll be twiddling my thumbs for 1-4 weeks while they investigate...

 

[Oppo]

Quite a few reports on here about hacked accounts. Unnerving.

 

[SapientWolf]

My hotmail account was sending spam last Saturday but I didn't notice any activity on my Live account. I changed the password and the reset question to be safe.

 

[Dunlop]

I went through a lot of shit with LIVE in the past and had to practically sacrifice an animal to get them to remove my credit card once it was all resolved. In the end they told me to just dispute the charges with my credit card company, quite brutal.

A couple of weeks ago my buddy convinced me to pick up Trenched and I almost put my CC back on..this topic makes me happy I spent 10 minutes extra to go pick up a prepaid card.

good luck op

 

[AzaK]

Sorry to hear the news about you account. Here's an interesting site on password strength. Includes an estimator of time to brute force attack your password. Good read IMO.

https://www.grc.com/haystack.htm

 

[Piano]

Everything was fine this morning, yet after coming back from work, I cant log into my Xbox live account. My password wouldnt work, and when I tried to reset my password, windows live claimed my security question was incorrect.

Decided to check Gamefaqs forum just on a whim, and apparently this happened to 3 other people, possibly more. Whoever jacked my account ended up buying 2 sets of 4000 points and 1 1600. Dont see the purchases on my credit card account, so maybe MS stopped them, but i'm still posting just in case anyone else may have fallen victim to this today. Happened at 12:04am CST for me.

Man...might have to cancel my credit card, and small as it may seem, I really hope I can recover my email address and XBL account. Luckly I had my email open in another window on my PC since I was checking UPS earlier today, and could see the evidence.

Never shared my password with anyone, been to any fishy sites, or anything strange like that.

This EXACT thing happened to me a month and a half ago. Whoever took my account bought $120 in FIFA dlc. Still haven't gotten the charges reversed...Microsoft is taking its damn time 'investigating' my account.

EDIT: my suggestion is to start using Oplop for your passwords

 

[depths20XX]

This EXACT thing happened to me a month and a half ago. Whoever took my account bought $120 in FIFA dlc. Still haven't gotten the charges reversed...Microsoft is taking its damn time 'investigating' my account.

EDIT: my suggestion is to start using Oplop for your passwords

I really hope it doesn't take that long for mine to get straightened out. Has your LIVE account been suspended that whole time as well?

 

[DSmalls84]

Also had this happen several weeks ago. Got my bank to cancel the debit card tied to the account and dispute the charge. Microsoft is doing an investigation and the account is locked but I haven't heard back from them yet.

 

[Smokey]

A friend of mine got hacked yesterday as well, his CC was charged a lot MS points. I changed my password and took out my CC info from my XBL account just to be on the safe side.

I thought you couldn't remove a CC from XBL without calling MS?

 

[blackflag]

Is there a common thread with all of these cases? Is everyone that is experiencing this, logging into their account from PC?

 

[epmode]

I thought you couldn't remove a CC from XBL without calling MS?

You can if it's not tied to a recurring subscription, or something. I've been entirely unable to remove my CC from Live Gold for months and I've given up on trying. My plan is to disable the automatic renew feature (already done) and just let the account expire (only 2 weeks to go). If I ever resub, they're getting a subscription code, not a credit card.

 

[DSmalls84]

I have logged in through xbox.com and have used games for windows on some pc games.

 

[JorSneezy]

This exact thing happened to me on July 29th. I think you'll find the language changed to Russian, too.

It took Microsoft until August 30 (yesterday) to fix it (over a month!), but they forgot to change the country back to United States (from Russia). I contacted them last night about it and they said it would take an estimated week to fix it. It's ridiculous.

I will no longer hate on Sony for the PSN outage.

 

[Big-ass Ramp]

you guys are making me nervous....

 

[Piano]

I really hope it doesn't take that long for mine to get straightened out. Has your LIVE account been suspended that whole time as well?

Nope, they just got around to suspending it yesterday.

 

[darkwing]

Time to change passwords

 

[Big-ass Ramp]

aren't the chances that this is from other sites leaking passwords instead of an xbl hack?

 

[Borgnine]

Posted about it in another thread, happened last Saturday, 4000 and 1600 points. Called MS, investigating, locked account, etc. Haven't used 360 in months, doesn't really effect me.

 

[Evlar]

This kinda reminds me of a year and a half ago whenever everyone seemed to be having their WoW accounts hacked. Turned out to be a keylogger embedded in ads on popular WoW fan sites, exploiting a vulnerability in Flash.

Wonder if it's not a similar situation here... A common pattern would be that it would only strike people who have logged into their XBL accounts on their PCs or Macs.

 

[DSmalls84]

Ugh my estimated time for the investigation was 21 days. Still waiting but I hope it's fixed by the time Gears 3 is out.

 

[Deleted member 20415]

This happened to me in June... what a cluster fuck. Got $130+ jacked from my credit card and spent on Rock Band 3 songs and such.

Took nearly 2 months for Microsoft to correct the mistake and get my account back to me - had a bunch of dropped investigations on Microsoft's side of things. It was really a frustrating mess.

Now, my coworker had this same thing happen to him on Sunday. This seems very wide spread. Seems to be a rash of account hijacks in the last few months.

I think investigations are now taking up to 21 days before you can get your account back.

Microsoft never refunded me the 4,200 points that were also stolen... but that's a whole other story (and ongoing investigation).

My sympathies OP. Good luck with everything - stay on their asses about the progress of the investigation.

 

[bj00rn_]

To steal the stored points is one thing, but MS's policy to force people have a CC linked to the account is bullshit. I love the 360 but damn.

 

[Dunlop]

I totally forgot you can use paypal now. I am assumng that would protect you from this?

i.e does it ask you your paypal password when you make the transaction?

 

[Teknoman]

This happened to me in June... what a cluster fuck. Got $130+ jacked from my credit card and spent on Rock Band 3 songs and such.

Took nearly 2 months for Microsoft to correct the mistake and get my account back to me - had a bunch of dropped investigations on Microsoft's side of things. It was really a frustrating mess.

Now, my coworker had this same thing happen to him on Sunday. This seems very wide spread. Seems to be a rash of account hijacks in the last few months.

I think investigations are now taking up to 21 days before you can get your account back.

Microsoft never refunded me the 4,200 points that were also stolen... but that's a whole other story (and ongoing investigation).

My sympathies OP. Good luck with everything - stay on their asses about the progress of the investigation.

Yeah, apparently this happened to alot of people this week, or at least according to the woman I was speaking to about my credit card. She said that they got a report about it and that it wasnt just something along the lines of small amount of people, but that it was pretty substantial.

Going to have to get a new card now, just to be on the safe side...and yeah I totally forgot about Gears hitting so soon.

 

[whyman]

I totally forgot you can use paypal now. I am assumng that would protect you from this?

i.e does it ask you your paypal password when you make the transaction?

No only the first time i think. I used it a couple of weeks back and once the account was "added" i didnt have to type in any password. Its crap, no protection.

 

[Teknoman]

Looks like i'll just buy MS points from in store from now on. Maybe even PSN stuff as well.

 

[Zomba13]

Bastards apparently spent 130 bucks worth of MS points and just bought game content with it. Also three freaking weeks? No 3S GAF matches for me...or anything else for that matter. Guess I can just reset my email password in the meantime.

Hope you get the money back (seems you have from a post of yours saying your bank cancelled the pending charges) and MS handle this stuff better than Sony (as in don't threaten to ban your account and refuse to do anything).

 

[neonvision]

This happened to me last week too. $150 in MS points charged on my card. MS said it would take 3 weeks for an investigation to get done, so for now I just wait. Really frustrating.

 

[Hammer]

Ok, well I found this a little unnerving, as well as somewhat fascinating how this is even possible. After a little googling I was lead to a foray of you tube videos of users showing how to fake password reset emails/links. Most users seems to do it themselves from their own email, but a few use a separate site to generate the resets. Could these attacks be of a similar nature? I doubt they are, but morbid curiosity has me wondering. I'm also surprised that Microsoft hasn't fixed this exploit yet, looking at how old some of these videos are.

Luckily my account expired over the weekend so I should be in the clear.

 

[Diablohead]

my main worry is that with the current hundreds of pounds worth of gear some people can own now on their gamertag, you should be protected by more then ONE SINGLE PASSWORD.

Steam got it right a few months back with their new logging in on unknown computer stuff, xbox live needs something extra too.

 

[Teknoman]

Decided to log into my XBL account on Xbox.com with my reset password (This wont have any effect on the investigation right?) to check the download history just to see what "they" bought:

Torchlight
A Kingdom for Keflings
Fable III Understone Quest Pack
Fable III Traitor's Keep Quest Pack
Castle Crashers Blacksmith Pack
The Underdome
Zombie Island
New Revolution
Secret Armory
Geometry Wars Evolved²
Trials HD
Peggle
Deadliest Warrior: Legends

Going to see if I can disable auto-renew for live.

 

[Thoraxes]

Still got no money back, and they said they would've had my money back before my account

I need that money to buy a book for school now.

 

[Snuggles]

Torchlight, GeoWars2, Peggle and Trials? At least he has good taste.

 

[Ben Morales]

Finally managed to disable auto-renew on Live. Changed my address to a pizza place in Illinois and the Automatic Renewal option became clickable. Yay!

 

[Thoraxes]

Just providing an update, I still do not have my money back and it's past the time they old me it would be. Any luck Teknoman?

 

[strata8]

To steal the stored points is one thing, but MS's policy to force people have a CC linked to the account is bullshit. I love the 360 but damn.

Since when has this been true? I just buy all my points with Paypal.

My password looks something like this:

fruY!at4u-

It's not actually that hard to remember once you've used it a couple of times.

 

[koji]

Uh, so how come this isn't bigger news guys? Seems like a widespread issue...

Account hacking is so 5 months ago for the media now or what?

 

[Persona7]

Uh, so how come this isn't bigger news guys? Seems like a widespread issue...

Account hacking is so 5 months ago for the media now or what?

I guess we will wait and see.


Could be a targeted malware attack that got information from a lot of people who browse similar websites within a certain community. Gamefaqs and GAF overlap quite a bit.

 

[Thoraxes]

Uh, so how come this isn't bigger news guys? Seems like a widespread issue...

Account hacking is so 5 months ago for the media now or what?

I have no idea, but the big instances of it happen in large clumps of people.
I think the past week or so was another big outburst of it.
I literally called MS 10 minutes after an e-mail was sent to my associated account (I am a habitual e-mail checker... like every 5 minutes I check), and they're rescinded the $5 charge, but not the rest of the $70.

I also don't think it was with my XBL account (which only had the free join and get gold month free thing on it), I actually think it was my GFWL account that was used to buy it from when AoE was $.10 I believe... like a year or so ago.

 

[Persona7]

OP and others who were compromised, do you use third party DNS servers? By third party I mean not your ISPs DNS servers.

 

[Thoraxes]

OP and others who were compromised, do you use third party DNS servers? By third party I mean not your ISPs DNS servers.

Nope, not once. However this happened really was completely random. I'm really secure (yes I know shit can happen), and i've not had GFWL installed on the PC I currently use. The one it was on has been gone for a year now.

Also as far as XBL goes, i've not once connected a credit card to that account, so I don't think it was from there.

 

[d0c_zaius]

sorry to hear Tekno and the rest that have to deal with this.

Sucks too as now I'll be paranoid and have to check all the time.

 

[Persona7]

Nope, not once. However this happened really was completely random. I'm really secure (yes I know shit can happen), and i've not had GFWL installed on the PC I currently use. The one it was on has been gone for a year now.

Also as far as XBL goes, i've not once connected a credit card to that account, so I don't think it was from there.

Yeah, it could be a whole host of things. Maybe a hotmail email exploit like that chinese Gmail thing.

If your hotmail is compromised they also have your xbox live.

 

[Thoraxes]

Yeah, it could be a whole host of things. Maybe a hotmail email exploit like that chinese Gmail thing.

If your hotmail is compromised they also have your xbox live.

Turns out they unlocked it now, so first thing I did was go and delete my CC information.
Hopefully i'll get my money back soon.

 

[Phandy]

My bank has finally been charged Time to make a trip to the local branch.

 

[Blue Ninja]

Shit like this makes me glad I removed my CC info from my XBL. Working with point cards from now on.

 

[Triple Da G.O.D!]

A friend of mine just called me and said his account was banned too for "theft" or some shit, and he is someone I know spends lots of money on Microsoft Points to buy DLC, movies, etc. Looks like some accounts are being compromised.

Same shit happened to me as well. I tried calling Microsoft and all they could do for me was close my old account and give me the Gold time in codes. Hopefully MS gets their shit straight because it's just crazy how these things can happen and how unhelpful MS can be in these situations.

 

[Speedymanic]

Doesn't sound like a problem with Live, but perhaps with Hotmail and some password exploit being used to hack accounts. In any case, nothing untoward happening on my account but then my password is very secure using numbers, characters, capitals, pretty much the works.

It's simply madness/ineptitude to use a simple password for an account that has hundreds of pounds of content linked to it.