It seems logging into the website adds a "console' entry. I don't have a 360 and my GFWL account is exclusively for PC SFIV and SSFIV:AE use and it showed an entry for today (logged into the site to check) and for the 25th (last time I played SSFIV:AE)
-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
UPDATE: Hackers are selling stolen Xbox Live accounts on foreign auction sites. (!)
- Thread starter chubigans
- Start date
It's not laughable: It's the truth.
If you don't enable Profile Protection, it's a very real possibility. And two months ago, when Profile Protection didn't even exist, it was an even "realer" possibility.
It was a poor system in it's inception, and it continues to be. Now, 6 years after it's creation, they got half a solution. Good on them. We need more.
Also, let's not even start how you're fixed to a 12 character limit on your password. Not only "jKlrk34Sd" is easier to brute force than "lol microsoft and it's profile protection thing suck", it's also harder to remember.
That seems like a massive security issue to me. I don't know of any other service where that is the case and I think it strengthens my thoughts that the FIFA Hack uses some kind of password bypass mechanism where it spoofs the account being already authorised but doesn't have the password.
How could anyone design a system like that without pointing out the flaw that an account can be accessed without the password. I am by no means a security expert but theoretically could someone brute-force the verification of a registered account? How does the an Xbox know it has already used the account and logged in successfully? In this case you wouldn't compromise the password but exposing a flaw in how LIVE handles known accounts.
Rebel Leader
THE POWER OF BUTTERSCOTCH BOTTOMS
I also belive xbox.com adds an entry because the previous entry from 1/31/2011 (which is from the xbox) the other entry was 1/6/2012 Which IIRC was the previous time I logged on xbox.com
Psychotext
Member
Speedymanic
Banned
It was the truth, now there's no way someone can archive your account and access it years after you've changed your password. That's the laughable aspect of the post.
12 character limit? My current password is 14 characters and my previous one was 17.
When you click on "change password" on the xbox live website, it throws you into the Live Profile website, and if you click "change password", the new password can have a max of 16 characters.
I just checked this. My google password, on the other hand, has 34 characters.
semiconscious
Gold Member
can't make this stuff up. smh...
Speedymanic
Banned
Crazy. I wonder when they changed it. Still, 16 characters is sufficient for a very secure password if you use some imagination.
Zoe
Member
Standards change, and sometimes you have to push people.
I used to only have to use an alphabetic password to get into my Chase account from any computer more than 10 years ago. Now I can't by-step 2-pass authentication on unknown computers even if I wanted to.
Speedymanic
Banned
Of course they do, but not everyone chooses to follow those standards, and the reason is mainly for convenience sake. (I can only think of one service that requires 2 step and that's online banking, but that, for them is unavoidable)
We, as consumers, have to force MS to implement such a feature, but that won't be achieved by posting on here/other forums that they have crappy security measures, we need to use the power we have to demand a better service and force a change.
This is achievable, especially on here, as we have so many gaming 'journalists' posting/visiting they could help bring more attention to a demand for better security measures.
cpp_is_king
Member
Exactly. I'm glad she got solved and refunded, but they need to take this shit seriously for everyon and fix their goddamn service, not giving special treatment to people to make them go away only when they get bad PR.
For how long is she having issues with this?
Apparently, she only managed to get things fixed fast for her after she created a Tumblr page describing the issues and only after the major videogame journalist websites got wind of it and started going reports on the subject and mailing microsoft asking: Hey, what's up with this?
That's not how this kind of problem should be solved. User Support should have fixed this this fast.
Uno Venova
Banned
So she only got it fixed fast because she made a big fuss about it.
I hope I'm not the only one that sees something seriously wrong with that type of customers service.
funny since the same thing happened to me and I had over double the ammount charged, 700+ so if a make a huge scene u think they will give me a lifetime subscription to live?
this whole thing is a joke
Good for her, and I'd be glad she is continuing on with this. Saying she is complaining because she got special treatment yet wants to help the many others who aren't getting this help is dumb. This is a serious issue and just because it hasn't happened to you doesn't mean right now it isn't happening to someone else.I'd be flipping if someone was taking money from me.
Dr Frasier Crane
Member
Usual fucking blow-off from Microsoft on Eurogamer....
cpp_is_king
Member
They've got everyone by the balls. They know you're not gonna take your money and run because you've got so much time into your account. So they just tell you to fuck off and don't really care. It's obvious there are things they can do to drastically reduce the number of incidents, but they don't
PixyJunket
Member
Sigh. I clicked a strange looking link in an eMail for a customer service survey after MS closed resolved my girlfriend's case. My first instinct was NOT TO (naturally), but it came in two days after their resolution eMail and Googling the eMail only came up with two cases online where other people received the eMail directly after calling the support number (zero instances of any unprovoked survey eMails, in other words), so I figured it was probably legit and I really wanted a place to vent about Microsoft needing two step authentication.
So I clicked the link and everything (except the URL) looked legit. No questions were asked of my identity (other than the URL probably being associated with my eMail address), no asking for Gamertags, eMails, passwords or other personal information. Just a few pages of 1-9 ratings for the support call and a comments box (which I did politely address the widespread nature of this and the simple solution).
I feel like I'm okay but this whole thing is making me paranoid about clicking that link now.
So I clicked the link and everything (except the URL) looked legit. No questions were asked of my identity (other than the URL probably being associated with my eMail address), no asking for Gamertags, eMails, passwords or other personal information. Just a few pages of 1-9 ratings for the support call and a comments box (which I did politely address the widespread nature of this and the simple solution).
I feel like I'm okay but this whole thing is making me paranoid about clicking that link now.
Speedymanic
Banned
They've got no-one by the balls. You can choose to take any future business elsewhere, doesn't matter about your already bought content, they can't take it away.
Instead of moaning so much why don't you follow mine and Garcia's lead and email/tweet Major Nelson and Stepto to make the changes that would stop the 'hacks'.
semiconscious
Gold Member
so we all now know what kinda situations require the expertise of the 'tier 3 team'? as in, 'defcon 3 team'
...
The Faceless Master
Member
if you're still inside the 3 months, you can call Xbox support and tell them you have an Xbox Live Gold card and it won't let you enter it and they can reverse the pending charge so you can enter the code (or not)
PixyJunket
Member
An update on my survey panic from above, I tweeted @XboxSupport about it and they said it was okay (and confirmed/wanred that they wouldn't ask for personal info).
Paranoia averted. For now.
Paranoia averted. For now.
Psychotext
Member
You shouldn't need to use imagination when passphrases are easier to remember and far, far more secure than your average 16 char password.
For instance, my next 360 password could have been "Microsoft has utterly ridiculous password policies for a company that supposedly takes security seriously.".
Infinite Justice
Member
I can imagine how long that takes to write on the virtual keyboard...
I guess your password is "qwerty", because that's pretty easy to type on the virtual keyboard.
Infinite Justice
Member
Nah but i wouldn't be surprised if that worked somehow.
Psychotext
Member
Quite some time I'd imagine. Though thankfully you can connect a keyboard for the rare occasions you have to enter a lot of text.
I'd quite like to give it a go on the chatpad.
cpp_is_king
Member
God you are so dense it hurts sometimes. People dont WANT to take their business elsewhere because they have history, friends, achievements, downloaded games, and more on Xbox that they wont be able to use without a gold subscription.
Of course they have a choice, if you knew what the expression "got you by the balls" meant maybe this would be simpler for you to understand.
Seriously, stop trying so hard, this shit is OBVIOUS and you are the only person having a hard time with it.
Sixfortyfive
He who pursues two rabbits gets two rabbits.
You have to let your sub run out. If you extend it with prepaid cards, then you won't be able to remove your CC until that extended sub expires.
And in order for that sub to run out, you obviously have to make sure that you have auto-renew turned off... which might still be a hassle to do; haven't checked in a while.
Lovely system.
That is correct.
Don't take this the wrong way, but if you're expending any effort in arguing with Speedymanic in a Live hack thread, you're also pretty dense.
I find their arrogance quite revolting, as did the lady on tumblr.
http://www.eurogamer.net/articles/2012-01-06-a-january-account-of-xbox-live-hacking-and-fraud
Psychotext
Member
They've been trotting out that line for months. As I've said before, more concerning is that they actually believe it.
It's not like there's nothing they could do about the situation. Any of this activity could be detected by a reasonably simple fraud detection system, and of course, as discussed, they could implement two step authentication. They wont of course, because that'll cost them money for implementation, increased support costs and likely reduce the amount spent (short term) because people will get locked out and abandon their accounts.
First things first though, they might want to learn how to properly lock accounts on their system so that they can't have more money stolen from them when they're under investigation.
That's aside from the possibility of working with EA to find a better (more secure) way of having those Fifa gold packs, given it's one of the few things which can actually be sold / transferred on the system.
It's not like there's nothing they could do about the situation. Any of this activity could be detected by a reasonably simple fraud detection system, and of course, as discussed, they could implement two step authentication. They wont of course, because that'll cost them money for implementation, increased support costs and likely reduce the amount spent (short term) because people will get locked out and abandon their accounts.
First things first though, they might want to learn how to properly lock accounts on their system so that they can't have more money stolen from them when they're under investigation.
That's aside from the possibility of working with EA to find a better (more secure) way of having those Fifa gold packs, given it's one of the few things which can actually be sold / transferred on the system.
Speedymanic
Banned
Again, they have no-one by the balls if people are willingly staying and using their service. What, pray tell, is your definition of 'by the balls', I'd very much like to know.
And what the hell does Gold have to with anything?
You're seriously telling me to stop trying so hard? Hahahaha. I'm at least attempting to make a difference and am encouraging others to follow suit, all you've done is continually shit up the thread with half truths and general nonsense.
Speedymanic
Banned
Nope, call CS and have the card details removed. You DO NOT have to wait for your sub to expire. Stop misleading people.
Not correct. See above.
SMT
this show is not Breaking Bad why is it not Breaking Bad? it should be Breaking Bad dammit Breaking Bad
Do I hear $1,800 for the 6 year-old account with 25,000 points and 180,000 achievement points?
Sold to the man in the black trench coat and goofy goggles.
It must be a profitable business since reputation carries weight around the world, either that or people are having trouble logging in and can't be arsed to make a new password, either way, you gotta be rich.
Sold to the man in the black trench coat and goofy goggles.
It must be a profitable business since reputation carries weight around the world, either that or people are having trouble logging in and can't be arsed to make a new password, either way, you gotta be rich.
Hopefully someone at MS will realize that in the long-term extra security for their platform should pay for itself by making people more comfortable about buying content from them. I never gave my credit card to MS because of all the horror stories about how hard it was to get it removed, but I did use to enjoy having a healthy balance of MS Points that I could use to buy games and DLC on a whim. Not anymore, obviously.
Speedymanic
Banned
They are not making any money as they are refunding everyone. The only ones making any money are EA and the criminals.
bigtroyjon
Member
Really have no idea how they could be making money on this but what's happening is that they probably feel like the current lax security nets them more money than if they locked things down better and lost some sales due to people having to go through extra hassle to make money.
Lets you know how they are only thinking of us customers as a bunch of numbers and dollar signs and aren't too concerned about us as people.
Poor choice of words. Meant what bigtroyjon said, but honestly they're not refunding everyone. If they were, they would be offering better support upfront and not waiting until they raise hell about it.
Speedymanic
Banned
Source to back up the claim they aren't refunding everyone please, because I haven't come across any. All are refunded eventually, they are legally bound to refund you if your account was compromised.
The only source of that statement that I can find in this thread or remember from cases since 2009 is people going "omg they're not returning my account IMMEDIATELY, I have to wait from 2 weeks to 2 months? fuck this shit i'm going to PSN!!111"
In other words, people that don't care about getting the money back.
Okay, so I'm sure it realistically takes two months to get the problem addressed. Right... Sure, if they wait long enough they will. However, they shouldn't have to. I'm almost positive they can address the problem in a shorter amount of time than they are now. Besides, no one should have to go through that.
slidewinder
Banned
Oh, that's rich.
PistolPete
Member
I posted this in the last thread about XBL hacking but ill repost here:
My account was hacked. I noticed it immediately and called Microsoft. Before you ask, my password was not weak. It was a string of multiple character types that would be impossible to guess, and I know a phishing scam when I see one so something else far worse is at play here.
So after a 1 month wait, I was notified by Microsoft that I violated the terms of service by using my first initial instead of my full name when setting up my account. Essentially I have no recourse, and all of my XBL content is gone. Everything - GONE.
Yea, fuck Microsoft. I hope this blows up in their face in the worst possible way.
My account was hacked. I noticed it immediately and called Microsoft. Before you ask, my password was not weak. It was a string of multiple character types that would be impossible to guess, and I know a phishing scam when I see one so something else far worse is at play here.
So after a 1 month wait, I was notified by Microsoft that I violated the terms of service by using my first initial instead of my full name when setting up my account. Essentially I have no recourse, and all of my XBL content is gone. Everything - GONE.
Yea, fuck Microsoft. I hope this blows up in their face in the worst possible way.
Certainly for PSN (in the UK ay least) that isn't the case at all. Sony specifically say that they aren't responsible if your account is compromised and won't issue refunds. I've had it happen some time ago on PSN and got nothing back.
Finally got off my ass and removed my Xbox Live credit card info after reading this today. It was painless enough, aside from not being able to do so online. They sent me codes to cover my remaining Gold subscription, which won't get renewed, and now it's point cards for me from here on out.
I know I'm going to be spending less money on 360 downloads because of this, which is a nice little plus. And somehow, like they often do, Steam wins again. I still trust those guys with my info, and I'm just as likely to buy stuff impulsively as I was during the first few years of the 360. Moreso even, because of the deals. Feels good to stop supporting services that don't deserve it.
I know I'm going to be spending less money on 360 downloads because of this, which is a nice little plus. And somehow, like they often do, Steam wins again. I still trust those guys with my info, and I'm just as likely to buy stuff impulsively as I was during the first few years of the 360. Moreso even, because of the deals. Feels good to stop supporting services that don't deserve it.