Support NeoGAF

[test_account]

Some security reason (excuse) the guy told me way back then on the phone. Since then my obsolete 6 year old CC is tied to my account and I pay my stuff with points (because paypal still does not work).

Do you have to have a CC tied to a Gold account?

 

[The Faceless Master]

So I finally found a way to disable auto-renewal on Microsoft's Xbox site. The best part is that you have to first change your location to Chicago IL before they allow you to do it. It's locked out for most areas of the country.

But even after disabling auto-renewal, I still can't remove my credit card from my account. According to MS: You cannot remove a payment option that is associated with an active Xbox LIVE Gold Membership. However, if you associate a new payment option with your Xbox LIVE membership, you can then remove the existing payment option.

How in the hell is this even legal?

It continues: If you don't have another payment option to associate with your active Xbox LIVE membership, please call Xbox Support for help removing a payment option.

I despise this company.

no doubt because of the Illinois MMO account cancellation law.

 

[The Broken Ska Record]

Mini Update: Got back from the bank, and they froze my debit card and are going to do their own investigation. They said it can take up to 10 days.

Did they phish you? Ive been getting some xbox live rewards emails but I don't click on those. I checked them once and they wanted my login and pw. Wasn't sure of it was legit so I didn't do it.

I have my login saved on the Live site and I notice that the link from the email didn't have the login saved on the live site which raised some flags for me.

I signed up for the Xbox Rewards program thing, so I get those in my email fairly regularly. Although they sometimes feel a little fishy to me. *shrug*

 

[epmode]

Now that I've turned off auto-renew, I think I'm just going to let my account expire so I can remove the CC when it goes to Silver. I may even resub but I'll be sure to use prepaid cards.

no doubt because of the Illinois MMO account cancellation law.

Probably. Consumer protection laws are so screwed up in this country.

Tangent: I worked in some crappy call center once. I loved how Americans had to pay to ship back their not-even-one-month-old broken hardware while we bent over backwards to get pre-paid envelopes to the UK people.

 

[Nelo Ice]

ouch hope u get everything resolved

also ive been beefing up my passwords even more since this hacking outbreak has been getting completely out of hand

 

[Risette]

So I finally found a way to disable auto-renewal on Microsoft's Xbox site. The best part is that you have to first change your location to Chicago IL before they allow you to do it. It's locked out for most areas of the country.

Can you tell me how you did this? Xbox.com is garbage, I can't find anything. Or did you do it in the console?

 

[The Broken Ska Record]

Can you tell me how you did this? Xbox.com is garbage, I can't find anything. Or did you do it in the console?

billing.microsoft.com

You can see everything from purchases made to security info.

 

[Risette]

Cancelled auto-renew. Thanks for the tips!

 

[Pete Rock]

I remember having to put "XBOX SUPPORT: DO NOT ASSIST WITH ACCOUNT RECOVERY" in the second line of my address field on the billing website as an extra precaution during Halo 3. Certainly you should never have a CC on file with any service with logins that could potentially be compromised through associated account searches and blatant fraud ("social engineering", excuse me while I scoff), because at the end of the day that's what occurs, not "hacking". Sounds like you're getting things taken care of regardless, best case this serves as a cautionary tale for others.

 

[Brandon F]

This just happened to me as well. Same exact issue, someone used my CC to buy 6000 and a 4000 MS points on my account yesterday.

Even worse, when I logged into my account on Xbox.com, I was logged in as a dummy Gamertag that replaced my old Gamertag. Called MS Support and they suspended my online access while resolving the issue and investigating. Told them to remove all my credit cards from the account too.

Hopefully this is the end of it, gotta contact the fraud department at my bank tomorrow regarding it.

This really sucks. The Xbox support guy was understanding on the phone, but I didn't get a very confident vibe that this was a 'priority fix' from him. Quoted me at 22 days for an investigation.

 

[Yaboosh]

This just happened to me as well. Same exact issue, someone used my CC to buy 6000 and a 4000 MS points on my account yesterday.

Even worse, when I logged into my account on Xbox.com, I was logged in as a dummy Gamertag that replaced my old Gamertag. Called MS Support and they suspended my online access while resolving the issue and investigating. Told them to remove all my credit cards from the account too.

Hopefully this is the end of it, gotta contact the fraud department at my bank tomorrow regarding it.

This really sucks. The Xbox support guy was understanding on the phone, but I didn't get a very confident vibe that this was a 'priority fix' from him. Quoted me at 22 days for an investigation.

There is a more recent thread about this. A lot of us have been affected by this exact thing.

 

[darthbob]

This really sucks. The Xbox support guy was understanding on the phone, but I didn't get a very confident vibe that this was a 'priority fix' from him. Quoted me at 22 days for an investigation.

It's not like it can expedited or anything. UA claims are a high call driver for the Support team in the summer, and the investigative team can have quite the backlog so an SLA of 22 days isn't unusual.

 

[Brannon]

Would it be possible to get a pre-paid credit card, put a couple of dollars on it, then put that number as your new main number and remove your real card?

 

[darthbob]

Would it be possible to get a pre-paid credit card, put a couple of dollars on it, then put that number as your new main number and remove your real card?

Some cards work, most don't. You'd also be wise to turn off auto renewal, otherwise the renewal will try to bill that card repeatedly, then eventually you'll be suspended and have an outstanding balance that can only be resolved by paying the money back.

 

[Brandon F]

There is a more recent thread about this. A lot of us have been affected by this exact thing.

Oh man link me. I did a forum search and this thread is what came up.

 

[The Faceless Master]

Oh man link me. I did a forum search and this thread is what came up.

http://www.neogaf.com/forum/showthread.php?t=442986

 

[Harry Potter]

well just had this happen. Fuckers bought $125 worth of points. Got my account frozen and now it's under review for up to 25 days. I hate people.

 

[LQX]

I wonder how the fuck this keeps happening. I still think it has to do how they treat email accounts.

 

[Dexa]

thx for reminding me to change my pw

 

[Harry Potter]

So it been over a week since I was hacked. How long did it take for others for Microsoft to review the account?

 

[Yaboosh]

So it been over a week since I was hacked. How long did it take for others for Microsoft to review the account?

It has been a couple of months and I am still waiting.

I got the money back through my bank, but the ill gotten points are still on my account. I am afraid to buy any more points since I don't want my legit points getting mixed up with the stolen points. Also, the illegitimate purchases are still on my account.

 

[undrtakr900]

That blows. Hopefully you don't have any trouble with your bank.

Never attach your credit card to your Live/PSN account.

I have a friend who says she uses a Pre-paid Visa card for online purchases, and only put enough money on the card to purchase the item(s) she's buying.

That way if her card number gets stolen/hacked, there won't be any money on the card.

 

[Radec]

how much $$ is 4000 points?

 

[iNvid02]

out of curiosity do your passwords contain a real word in the english language?

mine is a made up word with numbers thats why i think its been ok so far

 

[Edgeward]

how much $$ is 4000 points?

$50

 

[Harry Potter]

It has been a couple of months and I am still waiting.

I got the money back through my bank, but the ill gotten points are still on my account. I am afraid to buy any more points since I don't want my legit points getting mixed up with the stolen points. Also, the illegitimate purchases are still on my account.

2 months and your account is still locked?

 

[The Broken Ska Record]

It took me about two months of calling MS to get shit straightened out. I gave them a month of no calling just in case, then I called almost every other day for a week to get it straightened out. Eventually I did, but I didn't get the money refunded to me. That's probably because of my shitty bank.

 

[Bazhard]

That sucks.

But now you know don't put your CC/Debit online, i have never and will never link any of my CC's/Debit on xbox or PSN or any other service, they invented pre-paids for a reason.

 

[Speedymanic]

It has been a couple of months and I am still waiting.

I got the money back through my bank, but the ill gotten points are still on my account. I am afraid to buy any more points since I don't want my legit points getting mixed up with the stolen points. Also, the illegitimate purchases are still on my account.

Doesn't sound right. They should sort it out within a couple of weeks, less if you're lucky. Sounds like a call to them is in order.

 

[Shurs]

After reading this thread I tried to remove my credit card from Xbox.

The problem is, the website says my card is associated with my Xbox Live subscription even though I don't have auto renewal turned on and I've been using pre-paid Xbox Live Gold cards for the last 13 months, with 11 months still to go on my current subscription.

I don't get it.

 

[yellow submarine]

My CC is unable to be removed because of a 12 month Zune pass that I paid for in fucking March. I've sent support an email to remove it, let's see what they respond with.

 

[rac]

I can't turn off auto-renew because of the stupid 40% off 12 months I got. Guess I just have to call them, I'll do it first thing tomorrow.

 

[Shao Kahn Brewing a Stew]

I don't get it. Why isn't Microsoft vocal about this? Seems like this FIFA-related hacking is very common.

 

[LoveAndBeer]

After reading this thread I tried to remove my credit card from Xbox.

The problem is, the website says my card is associated with my Xbox Live subscription even though I don't have auto renewal turned on and I've been using pre-paid Xbox Live Gold cards for the last 13 months, with 11 months still to go on my current subscription.

I don't get it.

I was in the same boat, auto renew turned off and had been using pre-paid cards for 6 years (my first year was the only one I used my credit card on).

MS was able to remove when I called in by setting my account to silver, removing the credit card, then sending my enough gold month codes to equal my remaining gold balance.

Was a very odd way of going about the change, but they were familiar with the request and the solution, just required 20 or so min online with support.

 

[toythatkills]

I don't get it. Why isn't Microsoft vocal about this? Seems like this FIFA-related hacking is very common.

There's not really anything to say. As many cases as there may be, they're all still isolated. If Microsoft doesn't know where the breach is, what are they gonna announce?

"Hey guys, a bunch of people got phished somehow or other, erm, well, that's all we've got."

 

[Madao]

living in a country where you can't use your credit card on the 360 is a blessing in disguise.

 

[AquaticSquirrel]

As someone who used to work for Xbox Support I'll try my best to explain their shitty system from what I remember.

If you add a card on the system to purchase a subscription then for the remainder of that subscription you need to have either the original card or another card attached.

The reason is the way the system works is that pre-paid subs and CC subs are classed as two separate and non interchangeable subscriptions.

What I mean by that is that let's say you want to completely remove your card from the system the only way to do so is by canceling the account even if you have loads of months left. The account will not automatically switch over to pre-paid as you'd assume.

Now as far as I remember within the first 30 days or so (policy can and probably has changed since then) of purchasing a sub or auto renewal kicking in you can cancel the subscription completely, have your card refunded and purchase a pre-paid code. However outside of this time period if you cancel the lost months of service are on you.

The main thing to remember are that the two are NOT interchangeable. Simply put never EVER put your card on Live because it is a pain in the balls to sort it out.

Also, for those of you saying "Well, my old card is on there, I have a new one now with a new number, so when they try to charge my card it will automatically fail, cancel my sub and I'll be back to silver!"

WRONG! If you have not turned off auto renewal then what will happen is they will attempt to charge, then give you something like 45 days grace to pay the fee with a new card. If you don't then your account will be suspended until payment is made with a new card, which the remainder of that sub will be tied to.

So cancel auto renew NOW people, don't wait and let it bite you in the ass.

As for why the system is so segregated and why an active card is required for the remainder of the sub? Well MS want to make money and making it as difficult as possible to remove cards ensures the highest profits so the system has likely been designed from the ground up to ensure this.

Anyway I've tried my best to purge most of my horrible time there from my memory so if any of my guesses about time periods are wrong then call MS support and they will confirm and explain their crazy billing cycle to you.

EDIT: Oh yeah, sometimes the remainder of time on your account can be sent to you as pre paid codes, this has to be done by a Tier 2 agent and normally sits in a queue for a while, also I can't remember the exact scenario where this happens but it is rare.

 

[Speedymanic]

There's not really anything to say. As many cases as there may be, they're all still isolated. If Microsoft doesn't know where the breach is, what are they gonna announce?

"Hey guys, a bunch of people got phished somehow or other, erm, well, that's all we've got."

Pretty much. They've said there was no breach on their end, so all that's left is for them to carry on investigating and hopefully find out why it keeps happening.

They also can't blame EA or anyone else outright as they risk a major backlash from whoever they blame if they are wrong. It sucks that we aren't getting regular updates, but I have no doubts that MS are investigating and they'll find out the source of the breaches very soon.

 

[Mr Nightman]

guess its a good thing my card used to buy a year had to be cancelled since it got lost. So even if I were to get phished, they would have a non working card anyways lol. Soon as January rolls around, my account will forever remain cardless, too much hassle

 

[Wario64]

Was gonna post with a snarky reply but apparently I already did it. Good job, Wario64.

 

[epmode]

They've said there was no breach on their end

Well that settles it then! A company like Microsoft would never misrepresent the security of their personal databases.

What should be happening here (on top of investigating the cause) is implementing extra security checks so that even if someone manages to recover your gamertag, socially engineer your password or whatever they won't be able to purchase anything without either re-entering the payment information, answering security questions, responding to an automatically generated email, etc.

..but that would make it so that purchasing something on Live isn't as easy as pressing A twice so it's not going to happen.

 

[Mechazawa]

Well that settles it then! Surely a company like Microsoft would ever misrepresent the security of their personal databases.

What should be happening here (on top of investigating the cause) is implementing extra security checks so that even if someone manages to recover your gamertag, socially engineer your password or whatever they won't be able to purchase anything without either re-entering the payment information, answering security questions, responding to an automatically generated email, etc.

..but that would make it so that purchasing something on Live isn't as easy as pressing A twice so it's not going to happen.

Well, that and it's also kind of a pain in the ass.

Options never hurt though.

 

[Speedymanic]

As someone who used to work for Xbox Support I'll try my best to explain their shitty system from what I remember.

If you add a card on the system to purchase a subscription then for the remainder of that subscription you need to have either the original card or another card attached.

The reason is the way the system works is that pre-paid subs and CC subs are classed as two separate and non interchangeable subscriptions.

What I mean by that is that let's say you want to completely remove your card from the system the only way to do so is by canceling the account even if you have loads of months left. The account will not automatically switch over to pre-paid as you'd assume.

Now as far as I remember within the first 30 days or so (policy can and probably has changed since then) of purchasing a sub or auto renewal kicking in you can cancel the subscription completely, have your card refunded and purchase a pre-paid code. However outside of this time period if you cancel the lost months of service are on you.

The main thing to remember are that the two are NOT interchangeable. Simply put never EVER put your card on Live because it is a pain in the balls to sort it out.

Also, for those of you saying "Well, my old card is on there, I have a new one now with a new number, so when they try to charge my card it will automatically fail, cancel my sub and I'll be back to silver!"

WRONG! If you have not turned off auto renewal then what will happen is they will attempt to charge, then give you something like 45 days grace to pay the fee with a new card. If you don't then your account will be suspended until payment is made with a new card, which the remainder of that sub will be tied to.

So cancel auto renew NOW people, don't wait and let it bite you in the ass.

As for why the system is so segregated and why an active card is required for the remainder of the sub? Well MS want to make money and making it as difficult as possible to remove cards ensures the highest profits so the system has likely been designed from the ground up to ensure this.

Anyway I've tried my best to purge most of my horrible time there from my memory so if any of my guesses about time periods are wrong then call MS support and they will confirm and explain their crazy billing cycle to you.

EDIT: Oh yeah, sometimes the remainder of time on your account can be sent to you as pre paid codes, this has to be done by a Tier 2 agent and normally sits in a queue for a while, also I can't remember the exact scenario where this happens but it is rare.

Sometimes? Nope. If you've paid for a sub using your card and you ask to remove said card, they have a legal obligation to send you codes for the remainder of your sub or you're entitled to a refund.

And it doesn't take a while, they usually email you the codes within minutes.

Finally, removing a card from your account isn't that difficult. A call to customer services and you can have it removed within a few mins. Alternatively, if you happen to live a state/country where it's legally required, you can remove your details via the Xbox.com site.

 

[epmode]

Well, that and it's also kind of a pain in the ass.

Microsoft can tell which console or computer you're logging in from. If the console is not the usual one, make the user somehow confirm his or her identity. It's really not a big deal.

 

[Speedymanic]

Well that settles it then! A company like Microsoft would never misrepresent the security of their personal databases.

What should be happening here (on top of investigating the cause) is implementing extra security checks so that even if someone manages to recover your gamertag, socially engineer your password or whatever they won't be able to purchase anything without either re-entering the payment information, answering security questions, responding to an automatically generated email, etc.

..but that would make it so that purchasing something on Live isn't as easy as pressing A twice so it's not going to happen.

I don't disagree. They do need to implement a two step verification process though, the current set up isn't going to be tenable for much longer considering how easy it is for hackers/nefarious types to get access to hundreds of users details from the most innocent/unexpected of sources.

And it's not hard to take some personal measures, change your password/security question/answer regularly and make sure you don't fall for sites that claim to give free points, cheap live subs, etc.

 

[cgcg]

Well that settles it then! A company like Microsoft would never misrepresent the security of their personal databases.

What should be happening here (on top of investigating the cause) is implementing extra security checks so that even if someone manages to recover your gamertag, socially engineer your password or whatever they won't be able to purchase anything without either re-entering the payment information, answering security questions, responding to an automatically generated email, etc.

..but that would make it so that purchasing something on Live isn't as easy as pressing A twice so it's not going to happen.

Yep basically "hey guys hey guys! Nothing is wrong with our system while your money continued to get stolen. Not our fault we swear!"

Awaiting speedy PR response.

 

[Speedymanic]

Yep basically "hey guys hey guys! Nothing is wrong with our system while your money continued to get stolen. Not our fault we swear!"

Awaiting speedy PR response.

Do you have any proof their service/system is the weak link that's leading to the current spate of compromised/breached accounts?

Nope? So it's advisable to pipe down, cgcg.

I'll be the first to shit all over MS if they are at fault, but there's currently nothing to suggest this is down to them.

 

[Tomasooie]

There's not really anything to say. As many cases as there may be, they're all still isolated. If Microsoft doesn't know where the breach is, what are they gonna announce?

"Hey guys, a bunch of people got phished somehow or other, erm, well, that's all we've got."

http://arstechnica.com/gaming/news/...becomes-maddening.ars?comments=1#comments-bar

The community manager at Activision had his account hacked, as well as others in the industry. Element here on GAF, who used to work for Microsoft, had his account hacked with no idea how it happened.

In fact, a lot of the people have said that they practice safe computer security (complex passwords, never opening untrusted sites/emails). A few have even said that they've never even used their Windows Live ID on anything other than the Xbox itself.

There's definitely something different about this series of hacks. I don't think it's FIFA or EA though. That must just be an endpoint that has spread amongst the account thieves because of how easy it is to just sell the FIFA content for real money on eBay (or other sites).

 

[Goodacre0081]

I had my CC removed about 4-6 months ago after reading some horror stories here on gaf and xbox.com. I made the 20minuite call to CS and was downgraded to a silver membership.

does anyone know if my CC info is still in their system? lets say my account gets hacked and some douche tries to use my account to buy points/DLC.

 

[cgcg]

Do you have any proof their service/system is the weak link that's leading to the current spate of compromised/breached accounts?

Nope? So it's advisable to pipe down, cgcg.

I'll be the first to shit all over MS if they are at fault, but there's currently nothing to suggest this is down to them.

lol "advisable to pipe down?" Is it part of your job qualification to be a complete retard? Did I make any outrageous claims. All I said is that people are getting their money stolen on Microsoft's service. That's a fact. Guess what genius, when people are stealing your customers' money on your watch you have to first publicly acknowledge that and do something about it. It doesn't matter how the theft occurred. It is your responsibility to make sure it doesn't continue to happen. It's pathetic this has been going on for months.

I don't know if you have figure this simple part out yet, but when your customers' money is getting stolen left and right, it is your problem.

I was joking about the speedy PR response part but I guess you do fit the bill. Why don't you pipe down speedy gonzalez. You may or may not work for MS but you sure are acting like a PR tool here.