Sho_Nuff82
Member
I don't get why the OP is focused on "outing" game journalists who haven't been hacked yet? This is the first I've heard of it.
-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
The Consumerist: Xbox account hijacking on the increase - EA server connection?
- Thread starter The Faceless Master
- Start date
Danexmurder
Member
Looks like I got hit.
Speedymanic
Banned
HTuran said:
Pretty sure they also store email addresses which are linked to said GT. It's only a matter of brute forcing or employing some social engineering from there to 'hack' an account.
Menelaus said:
I know that, but they're suggesting the only way they can get your account details in the first place is by exploiting a vulnerability exclusive to FIFA. If you didn't play the game, how are they going to exploit the security hole that occurs only when you're a FIFA player?
MYeager said:
But they're saying it's specific to FIFA.
Neuromancer
Member
They call it the Black Market Allard Exchangevenne said:
There's a thread that was initially about one person's account getting hacked, but turned into a catch-all. Due to the title, it still looks like it's just about one person though, so I can understand people not noticing.Sho_Nuff82 said:
http://www.neogaf.com/forum/showthread.php?t=442986
Joe Shlabotnik
Banned
If you are a Gold member and you have a CC attached to your account--even if you didn't use it to subscribe to Gold--you have to wait for your sub to expire before you can remove the card. That's how it worked for me. Had to call to turn off auto-renewal, and once my subscription expired I was able to remove the credit card online.
hey_it's_that_dog
benevolent sexism
OP calls it an upswing in account jackings but the story is a single anecdote. Not really the hard hitting investigative journalism it's being sold as (by implication) in the thread title.
Speedymanic
Banned
Dunlop said:
HA HA HA HA.
No.
My process was one call and I removed my card with absolutely no problems. The only inconvenience was that I had to wait for an email which contained some redeem codes for the remainder of my gold sub.
Call took 10mins, 6 of which were me waiting. The guy I spoke to understood what I wanted, asked me why, tried to convince me to leave my details on there, I told him no, he accepted and then went on explained that I'd be bumped from Gold to free but they'd email me the remainder of my gold within a couple of hours (really took the best part of a day).
As I said, you were unlucky.
hey_it's_that_dog said:
It has been going on for quite some time, check the thread linked a couple posts above yours. It's weird that none of the gaming websites had an article about it thusfar.
People just seem to ignore it, maybe they're tired of account hacking news after the whole PSN debacle, I dunno. It's a real issue...
During one of the subscriber video's on GiantBomb, it sounded like Jeff got a text message from someone that their account was hacked. In the middle of the video he looked down at his phone and said something like "wow, watch your Live accounts people, there's some weird stuff going on with Fifa Ultimate team".
Hopefully they'll write an article or talk about it somewhere.
Hopefully they'll write an article or talk about it somewhere.
hey_it's_that_dog
benevolent sexism
koji said:
Aren't all kinds of accounts stolen all the time? That's why there isn't news about it every time there's a single incident. If there's really evidence that it's increasing or happening in a big wave, then it's newsworthy. I'll check out the link.
antiquegamer
Member
Speedymanic said:
Also didn't EA forum got hack a little while back?
As for removing CC account, you have to call MS to remove auto-renew and then have them remove CC, which is pretty shitty and annoying if you ask me but yeah saying it takes 30 days and you need CC to have gold is from people that just make shit up.
There's a trick report here on Gaf (in another of many Live hack thread), if you change your location to IL, you could turn off renewal (and thus remove the CC) because of IL law regarding canceling credit card subscription. This law should really be nationwide.
JohnnyPanda
Neo Member
...so The Consumerist posted a story about how one guy had his Live account hacked and his exchange with MS customer service. Their report has zero to do with an upswing in account jacking, it's just this guy's unfortunate story.
Speedymanic
Banned
antiquegamer said:
It did? Well, there's more fuel for the fire.
You can cancel auto renew through the website in the UK but not the CC. It seems you have to call them to remove the CC details, which is pretty damn annoying and something MS have to change.
coopolon said:
I'm not so sure, another forum I frequent has people who've had little trouble beyond being bamboozled or tricked by their shitty tactics. Which has resulted in them having to call back, not heard of anyone having so much trouble that they've had to call in 4 times.
It's all about how confident you are and not being taken in or bamboozled by their crap claims of not having access to Gold any more or not allowed to access the marketplace.
antiquegamer
Member
Joe Shlabotnik said:
This is actually not true because I used to have CC attached to my account but I always use card to subscribe to gold. And they never got link. The linking occur only when you allow them to do so such as buying Gold subscription with your CC or take one of the special offer.
I am not saying it's not shitty, and Microsoft should really make it easier for people to remove and sub to Live as they see fit. (Hulu is probably the best model of on-line subscription). People go on vacation, have other pressing matter. Microsoft is always short sight and bottom line for them is always more important than customer satisfaction thus why so many hate on Microsoft here.
diffusionx
Gold Member
HTuran said:
Good, maybe MS will do something about it now.
Something really weird is going on with XBL and MS should be forced to address it. They've issued one statement saying "we are aware of no hacking" which isn't really anything.
Sho_Nuff82
Member
coopolon said:
A lot of people on message boards have hilarious experiences with customer service because they don't know how to say "no". Some of the gamestop stories or OT stories here just make me laugh.
You don't have to explain yourself to a CS rep. You don't even have to listen to their spiel. You just demand a refund, you demand your contact information is changed, or you demand your transaction be completed without a fuss. These people are just doing their job by trying to stall you and make you change your mind, but they aren't allowed to ignore your requests.
I just checked my account to be sure either way.
Speedymanic
Banned
diffusionx said:
What if the problem isn't with MS? How should they address it if the problem is with EA's servers? Block all EA titles from XBL?
antiquegamer
Member
Speedymanic said:
I would if I was Microsoft, my customers security should always be more important than partner companies (but of course that not how Microsoft does thing, they always side with their partners because they are used to deal with enterprise setting). They always view customers as people who they sell stuff to and not the actual people that used their products. This is why Apple win, because Microsoft has no idea how to run consumer division.
letsbereasonable
Member
This happened to my brother over the summer, with the same FIFA connection. XBL account was accessed, only purchases were FIFA items.
antiquegamer
Member
Speedymanic said:
http://www.shacknews.com/article/69044/bioware-hacked-ea-information-compromised
Here is story on EA account hack.
In the US, sadly it's depends on which State you live in if you can cancel auto-renew on-line. And yes people should have more backbone when dealing with customers service and canceling subscription but by the same token Microsoft really don't need to make people jump through hoop. If they make their service attractive enough people will subscribe.
Syriel said:
In the case of Desslock, at least, his account had a strong, unique password that was only used on that account, and he had only ever accessed the account from the console. He says that he has not played any EA games on his Xbox.
JohnnyPanda said:
If it were just that one guy, sure. But there are tons of people that have been coming forward with eerily similar reports in the last few weeks. There's another thread right here on GAF about it, actually.
BMX Bandit
Member
http://www.neogaf.com/forum/showthread.php?t=446061
Another thread people might have missed. Not the same exact thing(buying points)but twice in six months(since his account is desired it seems)is quite obnoxious. I believe element works for Monolith now? So he has contacts and got his shit reversed much faster than most people can. The average lock down on your account is about three weeks while they 'investigate'. I know it is pretty easy to blame the end user but this is getting pretty wide spread now. Just go read through the thread here on gaf or multiple other forums. They really need to add an extra layer of security to let you change details or buy points/time.
Another thread people might have missed. Not the same exact thing(buying points)but twice in six months(since his account is desired it seems)is quite obnoxious. I believe element works for Monolith now? So he has contacts and got his shit reversed much faster than most people can. The average lock down on your account is about three weeks while they 'investigate'. I know it is pretty easy to blame the end user but this is getting pretty wide spread now. Just go read through the thread here on gaf or multiple other forums. They really need to add an extra layer of security to let you change details or buy points/time.
UberTag
Member
That's pretty clever of the hackers actually.
There's no way to screen for password duplication between Xbox/PSN & EA but naturally a lot of gamers would keep the information identical because of the extra hoops they need to jump through to access EA's servers, FIFA Ultimate Team accounts, pre-order DLC, etc.
So EA gets hacked, spills out the associated Gamertags/PSN accounts plus the EA-specific passwords, hackers run their little subroutine to see if the passwords used match up with the Xbox/PSN accounts in question and boom... compromised account. Time to load up on MS Points/Store purchases.
There's no way to screen for password duplication between Xbox/PSN & EA but naturally a lot of gamers would keep the information identical because of the extra hoops they need to jump through to access EA's servers, FIFA Ultimate Team accounts, pre-order DLC, etc.
So EA gets hacked, spills out the associated Gamertags/PSN accounts plus the EA-specific passwords, hackers run their little subroutine to see if the passwords used match up with the Xbox/PSN accounts in question and boom... compromised account. Time to load up on MS Points/Store purchases.
cr_blah_blah
Member
In Texas you can turn off auto-renew and remove credit cards from the website. Weird how much it changes depending on where you live.
JohnnyPanda
Neo Member
Ben Sones said:
I know, I've seen the thread, it's just that saying The Consumerist is doing a better job at video game reporting than all other gaming "journalists" by reporting on one case of fraud without saying anything about the rash of apparently FIFA-related hacks...that's not "writing an article on the upswing in Xbox account jacking."
It sounds like Patrick Klepek is actually poking around though, which is what an actual reporter would do. It may have taken weeks to do so, but it's not like The Consumerist is blowing the whistle or even posting anything out of the ordinary. They cover stuff like this all the time.
Klepek wrote a story about this back in the day. It's a bigger problem than they want to let on. Hopefully this continues to get coverage and Windows LiveID gets some security improvements.
JacksUsername
Member
Really glad someone is finally reporting on this - the other thread has a lot of people, all with the same issue, and many of them have said they use secure passwords with no keyloggers or viruses. I finally had my credit card removed from my LIVE account - thankfully MA was one of the states that I was able to do it through the system. Wish I had checked sooner, since it was fairly easy to do.
It really sucks that accounts are being compromised, and I totally understand nothing is completely safe from hackers or exploits, but what always upsets me during any thing like this is when a company doesn't talk about it or just tries to avoid it. I wish Microsoft (or EA) would just state what they've discovered so far in their investigations and what can be done, if anything, to avoid becoming a victim. Instead we get nothing, just the hope that we won't get an unexpected purchase receipt in our e-mail accounts.
Interesting news about the how it may be more so an EA exploit. Hope we hear more soon.
It really sucks that accounts are being compromised, and I totally understand nothing is completely safe from hackers or exploits, but what always upsets me during any thing like this is when a company doesn't talk about it or just tries to avoid it. I wish Microsoft (or EA) would just state what they've discovered so far in their investigations and what can be done, if anything, to avoid becoming a victim. Instead we get nothing, just the hope that we won't get an unexpected purchase receipt in our e-mail accounts.
Interesting news about the how it may be more so an EA exploit. Hope we hear more soon.
The Faceless Master
Member
a long time ago, Consumer Reports bought them.2th said:
antiquegamer
Member
Suairyu said:
It's not, but there seems to be an upswing on the hacking (probably due to FIFA and ability to sell in-game items for cash).
The Faceless Master
Member
nothing weird about it, MS enables the option in locations where they are legally required to, like Illinois.cr_blah_blah said:
Speedymanic said:
It's more than possible they've changed the policies, but that's EXACTLY what I had to go through a couple years ago to get mine removed.
The rep needed a supervisor to call me back, then after they said they "removed" it (this is the supervisor talking now, so this is/was policy, not just a shitty rep), it wasn't really removed for 30 days. A purchase could be made on the account at any time within that 30 days and it would hit the credit card and cancel the removal.
antiquegamer said:
See above, it certainly may have changed in the last few years (I hope so!) but this was straight from a supervisor's mouth. It's not "made up".
My xbox hasn't been used in over a month as I bought a new house and i tore it apart to redo it. In that time I had my account jacked and they bought 12000 MS points.
There seems to be more and more people that this is happening to but it isn't being reported. I guess the free xbox's and xbox live accounts that journo's get has paid off for Microsoft.
There seems to be more and more people that this is happening to but it isn't being reported. I guess the free xbox's and xbox live accounts that journo's get has paid off for Microsoft.
V
Vilix
Unconfirmed Member
Derrick01 said:
Pfft. Why do you even exist?
The Faceless Master
Member
well, if they don't know how awful the idea actually is, they probably expect it to be a nice experience, like shopping on Amazon or Newegg...bishoptl said:
Neuromancer
Member
Convenience.bishoptl said:
Wolfgunblood Garopa
Member
bishoptl said:
I think everyone I know who has a 360 has their card info on their account. I have to imagine it's fairly common.