Support NeoGAF

[Instro]

I'm kind of surprised that the coverage of this, even on GAF, has been rather small compared to the PSN thing or even the Steam problem a week back. I'm not really familiar with the details but considering people are actually losing accounts, or being charged for shit, it seems worse than the PSN hack yet there hasn't been much reaction so far. Have MS or EA made any major statements about this yet?

Good luck to anyone getting hit by this btw, hopefully getting everything back is easy for you.

 

[ColonelSkills]

i managed to turn on profile protection. this is definitely a must.

Can you explain more about this?

 

[Yagharek]

It sounds to me like its being swept under the carpet by ms/ea/gaming media, tbh. Unless gaf users are disproportionately unlucky, or more likely to notice stolen points.

There is a good way and a bad way to handle hacks of this nature or the PSN outage.

Good way: admit there is a problem for some, and have a rapid response so that customer downtime is minimal, and compensate them with a free month or a discounted game proportional to damage done.

Bad way: hide the problem for a week, then shut down the service.

Sony acted late and their outage was noticed by everyone, which was pretty ordinary. However, it seems little damage was actually done to customers. They may have pissed people off at the time, but in hindsight it wasn't actually that serious compared to how it looked initially. Of course a few people probably got hit hard.

Despicable way: MS and EA on the other hand are taking the RROD approach to damage control. First, they ignore isolated reports. Then they put out a brief statement stating they are only isolated incidents completely unrelated to the things they are actually related to (Fifa, EA online).

Next step will be a blase statement along the lines of "things break". Then it will turn out everyone is afflicted with the exploit/vulnerability and only when customers complain enough to reach fever pitch will the media start covering it. That's the point at which MS/EA will consider doing something about it.

Maybe this is being melodramatic, but this gen has taught me one thing: cynicism is usually a safe bet, and reality is generally worse.

 

[Garcia el Gringo]

Ugh. There has not been a single journalist that has taken this seriously. Even Patrick Klepeck phoned in a shitty article.

Well at least Patrick Klepeck didn't call me a moron. I guess the only thing that'd change Sterling's tune is if he woke up one morning with 3 Fifa fucking 12 achievements on his personal account with hundreds of dollars spent on fifa gold packs. But even in that scenario, the guy is still a video games blogger. He wouldn't have to deal with support and the multiple month long wait we have to. He'd have his account back within the day from Microsoft with a complementary hooker as an apology. So he wouldn't care anyway.

I'm kind of surprised that the coverage of this, even on GAF, has been rather small compared to the PSN thing or even the Steam problem a week back. I'm not really familiar with the details but considering people are actually losing accounts, or being charged for shit, it seems worse than the PSN hack yet there hasn't been much reaction so far.

Yeah, people couldn't stop crying when Sony shut down PSN to keep everyone safe and to actually get their shit together when it came to security. People on PSN weren't even attacked really. Microsoft is leaving Live up, mostly unchanged (that new profile protection doesn't seem like it's enough), allowing more of their users to be robbed. I'm really disappointed that people aren't making more noise.

 

[Psychotext]

The Guardian handles the story much, much better: http://www.guardian.co.uk/technology/2011/nov/22/xbox-live-users-phishing-attacks

Can you explain more about this?

It wouldn't do shit to protect against what we've had happen to us. It literally just allows you to recover your profile on certain consoles without your password. Totally fucking pointless. What we need is a way of making it so you can only recover your password / profile at certain machines... like Steam has.

 

[VibratingDonkey]

The Guardian handles the story much, much better: http://www.guardian.co.uk/technology/2011/nov/22/xbox-live-users-phishing-attacks

There's still hope it seems. GG Guardian.

And yup, profile protection is the worthlessest. Won't help if someone steals your console either. Its purpose seems to be solely to cover the example mentioned on the site where you've put in your login details on a console that's not yours. Clearly worth prioritizing this system over two-step authentication. Which would've addressed this problem also.

 

[ColonelSkills]

It wouldn't do shit to protect against what we've had happen to us. It literally just allows you to recover your profile on certain consoles without your password. Totally fucking pointless. What we need is a way of making it so you can only recover your password / profile at certain machines... like Steam has.

Oh, lame. What a shame. I was naively hoping for some sort of realistic two step authentication.

But that would make too much sense, I suppose. Can't have that.

 

[Rukes]

Here's my info.

-June 6, 2011
-6000 points bundle was bought, 1,340 points were immediately spent on a lot of FIFA add-ons, the Red Dead Redemption "Undead Nightmare" pack (I don't own RDR) and a Battlefield: BC2 trailer was downloaded. My Gamertag was also bonded to someone else's Microsoft Live email/account. Haven't used my Xbox for about 3+ months before this occurred.
-Account was suspended while they investigated, said it would take two weeks. Got an update about 3 weeks later, they created a random hotmail email address and binded my gamertag to that. Then, after 30 days, I was able to change the Microsoft Live email back to my old one.
-I registered for my EA account for the very first time for only one game, Dead Space 2 PC on January 25, 2011. Only time I ever used that account was throughout playing that game until I beat it. I don't have my EA account bonded to my Xbox in any way, it's 100% PC only.
-Passwords unique on both EA and Xbox Live
-Had my Xbox account since the very beginning.
-They removed the points, and refunded all charges. I have my account back, under my own Microsoft Live account. No compensation.
-Security question wasn't changed.

 

[Garcia el Gringo]

I was really hoping to have my account back in time for Black Friday. This sucks.

 

[Tomasooie]

I was really hoping to have my account back in time for Black Friday. This sucks.

You can still redeem points cards and make purchases on Xbox.com, even while your account is under investigation.

 

[Garcia el Gringo]

You can still redeem points cards and make purchases on Xbox.com, even while your account is under investigation.

I own just about everything that'll be on XBLM's Black Friday sale, so I'm not interested in that. And people really shouldn't be redeeming points and buying DLC on XBLM with their accounts that are in limbo. That's risky. And why give MS more money when they haven't resolved the issue yet?

I'm talking about retail games. I don't want to go buy a bunch of 360 games on Amazon while I still don't know the outcome of my account investigation. I want to pick up all the games I've missed since the investigation started at cheap Black Friday prices, but I personally can't do that until I know I can play those games with my account. I know I'll cave in and buy the games. I'll just leave them sealed until I get my account back and my points refunded. And if my account isn't returned to me soon, I'll just return the games.

 

[CSampson]

I feel like Microsoft is not going to get around to looking at my account. I AM A VICTIM!

 

[VideoMan]

 

[VibratingDonkey]

Getting special treatment already.
https://twitter.com/#!/geoffkeighley/status/140189830444367872

 

[Garcia el Gringo]

Getting special treatment already.
https://twitter.com/#!/geoffkeighley/status/140189830444367872

Man he must have been relieved after learning this.

 

[toythatkills]

That's such bullshit.

If Keighley's playing his Xbox online tomorrow, people need to make a huge deal about it. If it's possible to have the issue sorted for one person in minutes, then everyone should get the same treatment regardless of their job.

 

[Shalashaska]

That's such bullshit.

If Keighley's playing his Xbox online tomorrow, people need to make a huge deal about it. If it's possible to have the issue sorted for one person in minutes, then everyone should get the same treatment regardless of their job.

Ehh, it happens all the time. When game journos were having RROD problems, they'd talk to their MS contacts to get new ones replaced quickly. Same with PS3 issues as well, they always just threw those comments out there on podcasts.

 

[Garcia el Gringo]

That's such bullshit.

If Keighley's playing his Xbox online tomorrow, people need to make a huge deal about it. If it's possible to have the issue sorted for one person in minutes, then everyone should get the same treatment regardless of their job.

People have been relatively quiet. I'm disappointed. People are just bending over for Microsoft, and there's no outrage when blogs like Destructoid mock the victims of Unauthorized Access. We're not some snot nosed kids giving out our passwords for recon armor. We're being attacked. I feel like this is affecting thousands of people, but it's only the same handful of people amongst forums that are actually trying to have a conversation about this.

 

[chubigans]

I don't know why, but I feel like I'm going to be extremely angry if Geoff gets his account back in a day or two.

The whole account investigation thing is such bullshit to begin with. Had everyone's account been resolved within a few days this wouldn't be quite as huge an issue, but it's almost like they don't give a shit about anyone and do the standard "freeze for twenty-thirty days then issue refunds and free month" unless you're someone important.

But, like I said, should be interesting to see what happens.

edit: sounds like Geoff may do something though!

@floordje I am looking into this.

 

[Garcia el Gringo]

Great. I like Geoff Keighley a lot. I hope he can help us out a bit. It really irks me that most of the other blogs are just mocking us when they post about the incidents when it's rather obvious that it's a legit issue. These attacks are happening to rather internet savvy, cautious people.

Even if MS doesn't stop blaming users for getting hacked, if a journalist could pressure MS to add a two-step authenticator that would be a job well done. We need more layers of security on our accounts.

 

[Garcia el Gringo]

Sorry for the double post.

I just got my account back a few minutes ago. I waited 39 days. I didn't get a full refund for the stolen points yet, but I'm happy.

I feel so much better! This was stressing me out like mad since the end of October. I hope I'm not attacked again. Good luck to everyone that's still dealing with an investigation!

 

[Psychotext]

I just got my account back a few minutes ago. I waited 39 days. I didn't get a full refund for the stolen points yet, but I'm happy.

What the hell, 39 days and no refund? My missus had hers back in 28 and got her points back at the same time.

 

[chixdiggit]

Today is 25 for me (thought it was longer) and no word from MS. Even a simple e-mail saying "Hey we are working on it" would be nice.

 

[To Far Away Times]

Well, today was day 25 and MS finally sent me an email an hour ago. My account should be fixed now.

Pretty inexcusable when I can call my credit card company and they can reverse the charges within 10 minutes, yet it takes MS 25 days to see that someone accessed my account from somewhere else.

I really hope this issue gets brought into the spotlight and gets the attention that it deserves.

 

[Garcia el Gringo]

Well it's been happening to more journalists in the past couple of days. For example...

http://venturebeat.com/2011/12/04/h...e-of-hijack-xbox-live-and-fifa-trading-cards/

I wonder if anything will come of these journalists getting attacked.

I'm still waiting on a full refund for the $75 stolen from me. I only got $5 back. It would really suck if I had my account locked down for 39 days just to get $5 back. I'm going to call support tomorrow if I see that my balance is still at only 420 MS points. If they can't help then I'm going back to the BBB. This has seriously been the single worst customer support I've ever experienced.

 

[kassatsu]

http://twitter.com/RohdeScott/statuses/143599432204681216

PSN security measures > XBL?tinyurl.com/c96zmsh

I lol'd

 

[To Far Away Times]

Well it's been happening to more journalists in the past couple of days. For example...

http://venturebeat.com/2011/12/04/h...e-of-hijack-xbox-live-and-fifa-trading-cards/

I wonder if anything will come of these journalists getting attacked.

I'm still waiting on a full refund for the $75 stolen from me. I only got $5 back. It would really suck if I had my account locked down for 39 days just to get $5 back. I'm going to call support tomorrow if I see that my balance is still at only 420 MS points. If they can't help then I'm going back to the BBB. This has seriously been the single worst customer support I've ever experienced.

Customer support on the phone was very polite and understanding when I called. They also seemed powerless to actually do anything. I think the problem comes from the top. Why can't this be done over the phone when you call? Why does it take so long to complete an investigation. It's bullshit.

 

[Cynar]

I changed my passwords and removed my cc from the account after contracting xbox support. What was kind of stupid about it is they had to cancel my current subscription then reissue me a year and two months for all my remaining time. It should not be that difficult to remove a credit card.

Weird thing I noticed is the join date for my xbox live account had changed, not a big deal but still weird.

 

[Harry Potter]

I submitted a complaint with the BBB on December 1st and beleive it or not Microsoft emails me today saying they've concluded the investigation and are giving me my account back and refunding my money. Thanks Garcia el Gringo for suggesting the BBB and providing the links and template in the other hacked thread. Good luck to the rest of you.

 

[Garcia el Gringo]

Congrats on getting your account back, Potter!

 

[mackattk]

Head up... so apparently you can't recover gamertags anymore with the new dashboard update. This comes to be a problem with anybody whose gamertag has been changed to a different live id. What happens is that microsoft sets up the gamertag to a temporary live id (at least they did for me).

But anyway...

Just spoke with microsoft support, said that there is no more recovering gamertags. Its a fucking headache. I had 1920 microsoft points that seemingly disappeared from my account. To get those points I would have to start a new investigation, which would lock my out of my account for 30 days AGAIN.

So right now my old gamertag is registered to a random live id, I can't change that until 30 days have passed.

I use Zune for my phone. I would have to do a COMPLETE wipe on my phone to be able to use the service im paying for, start my phone account with the temporary id, then when I can transfer my id to my real email address I would have to do another complete wipe.

I know they can't do anything about the live id change or the phone thing, but I talked to a manager and they can't even give me any microsoft points without starting another investigation. Its infuriating. Any other business would have seen all the trouble im going through right now and made it right, but these guys just wont fucking budge.

Im thinking about just saying screw it and sell my xbox/windows phone and go with android or something.

 

[Baron_Calamity]

Head up... so apparently you can't recover gamertags anymore with the new dashboard update. This comes to be a problem with anybody whose gamertag has been changed to a different live id. What happens is that microsoft sets up the gamertag to a temporary live id (at least they did for me).

But anyway...

Just spoke with microsoft support, said that there is no more recovering gamertags. Its a fucking headache. I had 1920 microsoft points that seemingly disappeared from my account. To get those points I would have to start a new investigation, which would lock my out of my account for 30 days AGAIN.

So right now my old gamertag is registered to a random live id, I can't change that until 30 days have passed.

I use Zune for my phone. I would have to do a COMPLETE wipe on my phone to be able to use the service im paying for, start my phone account with the temporary id, then when I can transfer my id to my real email address I would have to do another complete wipe.

I know they can't do anything about the live id change or the phone thing, but I talked to a manager and they can't even give me any microsoft points without starting another investigation. Its infuriating. Any other business would have seen all the trouble im going through right now and made it right, but these guys just wont fucking budge.

Im thinking about just saying screw it and sell my xbox/windows phone and go with android or something.

Wait a minute here... You mean it isn't just your Xbox account but your entire Microsoft live account? Holy cow, that would really suck if it happened to me.

 

[mackattk]

Wait a minute here... You mean it isn't just your Xbox account but your entire Microsoft live account? Holy cow, that would really suck if it happened to me.

Yeah i think the new dashboard completely screwed me. I don't have a way to recover my old gamertag to my email anymore, as it is not linked to my email.

I can "download" the gamertag that is linked to my email, which accomplishes absolutely nothing.

 

[Dr Zhivago]

Not being able to recover gamertags should stop other people being Fifa'd though?

 

[Psychotext]

Not being able to recover gamertags should stop other people being Fifa'd though?

Wont make any difference in the slightest. If you have the password (which they seem to have), then they've got full access to the account and can buy what they like.

Recovering the tag is pretty much irrelevant.

 

[Adam Scott Aukerman]

This is only semi-related, with it being PSN, but I bought a PS3 on friday, and made my first PSN purchase yesterday. By 7pm that evening, my account had been locked by bank's fraud team as my pattern of spending had been suspicious.

...is the situation with PSN (& XBL) really that bad?

 

[Psychotext]

Shouldn't be, but I imagine given the size of both services they're easy targets for fraudsters.

 

[Garcia el Gringo]

I just got my full $75 refund a moment ago. It took a while, but I'm happy. Back to spending a shit ton of money on 360!

 

[acm2000]

ok, of those people who have been "fifa'd", how many have used unofficial xbox live apps for ios, android, pc etc?

 

[chubigans]

I just got my full $75 refund a moment ago. It took a while, but I'm happy. Back to spending a shit ton of money on 360!

Congrats man!

 

[Zoe]

I just got my full $75 refund a moment ago. It took a while, but I'm happy. Back to spending a shit ton of money on 360!

sarcasm?

 

[Garcia el Gringo]

sarcasm?

Yes. I can see the mocking tone didn't really come through at he end of that post lol. I'm not psyched to be giving anyone that made me miserable money. But Microsoft did eventually fix my case, so I'll continue to do business with them.

Thanks to chubigans and everyone else that made threads on this topic. The threads really helped me.

 

[Zoe]

Yes. I can see the mocking tone didn't really come through at he end of that post lol. I'm not psyched to be giving anyone that made me miserable money. But Microsoft did eventually fix my case, so I'll continue to do business with them.

Just had to make sure what with some people buying multiple 360's back in the heyday of the RROD :lol

 

[Speedymanic]

I haven't been able to keep up with this, has the level of 'hacking' gone down or increased? Has everyone moved to a different thread?

Anyway, most excellent news Garcia. You should demand some compensation from MS though, all the hoops they made you jump through and the hassle of constantly calling, etc can't be ignored. They have to pay.

 

[Garcia el Gringo]

All the threads have gotten a few more posts since you've been gone (they've slowed down quite a bit), but the most notable thing that's happened in Unauthorized Access land is this.

Geoff Keighley Live Account Gets Fifa Hacked (& Suspended for 25 days)

It's been happening to a few games journalists in the past 2 weeks. Nothing's really come out of it yet though. Geoff Keighley said he wouldn't pass up on the story, but he must be way too busy with the VGAs to make it make it a priority. The number of new UA incidents in general seems to be lower than it was at the end of October when I got attacked. Threads across all different forums were blowing up that week. Now the topic seems kind of cool besides the few journalists. Microsoft has insisted that they haven't been breached and claiming that it's all phishing.

Anyway, I did demand some compensation and rain checks on Deals of the Weeks and Black Friday/Cyber Monday Deals (one of my favorite features as a paying Gold member). No luck, but I'm not going to fight anymore. I did get an extra month of Live in addition to the two months refunded. But I spent way too much of my free time from October to November on this Unauthorized Access nonsense. It felt like a victory enough to get my account back with a full refund after so many weeks when it was looking hopeless. It's pretty fucked up, but I'd rather not waste anymore of my valuable free time on support when I can just be having fun on 360 again.

I'd take better security like 2-step verification and settings that allow me to restrict where my account can be accessed over a few complimentary MS Points, some free Gold or a free game. I let everyone I talked to at MS know that. I hope they beef up our security options soon. Too many people are arguing about phishing vs hacking, wanting to find MS/EA or the UA victims to blame, when everyone should just be getting on MS' case about their UA investigation handling and the absence of better security on our accounts. Everyone on Live would benefit from more security options. Make it harder for the thieves.

 

[mokeyjoe]

Well I was locked out of my account for 25 days but at least I got to keep the 2000 points that the hacker wasn't quick enough to spend.

 

[Avinexus]

Wont make any difference in the slightest. If you have the password (which they seem to have), then they've got full access to the account and can buy what they like.

Recovering the tag is pretty much irrelevant.

Wait, I'm lost. Don't they need to recover the account to their Xbox in order to use the account? They can still buy points and the FIFA card packs (or whatever they are) on xbox.com, but they can't use what they bought without actually having the account on their Xbox. So...don't they need to recover it?

 

[Quote]

-12/12/11 (yesterday
-They bought 1600pts, 4000pts, 400pts, they attempted to buy 800pts but it failed. They bought some Gears of War stuff and CoD Elite. I didn't get a chance to log into my GT before I called Live Phone support to have it locked.
-Account is locked for 3-6 weeks while they "investigate." They refuse to refund me any of the money spent right now and told me to have my bank deal with it.
-I have an EA account. I've played BF3 a bit and logged into EA sites for it a few times.
-I believe my password was the same on both Live and EA
-Gametag is about 3-4 years old?
-Nothing.
-I believe my security question was changed to "Your first best friend" or something.
-No

So they bought the points and I logged in immediately to change the password. The points were not spent by that time and I thought I would just deal with it later. A couple hours went by and I was receiving e-mails for activating a Zune 14-day trial, and e-mail from EA with the subject "Welcome to the pitch. Start earning points for" which basically says "thanks for playing Fifa!" Then an e-mail saying "Points transferred to your account: 10200" and then another e-mail stating "Points transferred from your account: 10200 | Current Balance: 0"

Oh, the rep also canceled my 14-day trial to Zune.

The whole thing is fucking bullshit and they need some sort of fraud protection because this shit is so obvious. The worst part is my bank locked my credit card twice two weeks ago for suspicious activity even though I was buying normal stuff, but yesterday they didn't suspect anything ever. THOUGH, when I did call them they instantly asked me "Is it all these Xbox Live purchases?" (Bank of America)

 

[Psychotext]

Wait, I'm lost. Don't they need to recover the account to their Xbox in order to use the account? They can still buy points and the FIFA card packs (or whatever they are) on xbox.com, but they can't use what they bought without actually having the account on their Xbox. So...don't they need to recover it?

Yes, but with the password (which they seem to have) they can change settings, recover profiles and generally do what they like. That dashboard recovery related setting is utterly useless in this situation.

 

[PixyJunket]

So my girlfriend was just hit by this (yesterday apparently), I called in the case for her since she goes to bed early for her job.

Thankfully, there were no charges made to her card, even though one was on the account. But they bought FIFA crap with all of her remaining MS Points.

Can anybody tell me what the points value for this trash is?

SILVER PACK
SILVER UPGRADE
PREMIUM GOLD PACK
PREMIUM GOLD JUMBO

So yeah, yadda yadda, account locked for 25 days, investigation, points will be refunded (which is why I asked how much all that stuff was). She's pretty annoyed because she wanted to do some gaming during her two weeks off and now this. Oh yeah, we have a friend who was hit by this a few months ago too. Sigh.