Support NeoGAF

[bigtroyjon]

I don't quite understand how the reposting qualifies as GAF detective work -_-

Now, what someone should be doing, 'Hello Kotaku, GB, IGN, Shacknews, etc etc etc.' Setup a script to monitor the shady auction sites for a period of several. That will give you a rough estimate of compromised accounts. Some actual number to pin to the headline.

How are they supposed to figure out which accounts come from hacked live accounts and which ones are coming from stolen credit cards unrelated to live?

Gaming "journalists" could set themselves up for lawsuits/C&D orders if they start making unsupported claims.

Edit-This story likely won't fully break until one of the "journalists" is able to get a source inside MS that is able to give them info on how big of a problem this actually is.

 

[SephirothRK]

Wait, you can transfer points from 1 account to another?

 

[Codeblue]

Some tin foil hat stuff right here. XBL, or any service, being completely compromised would be a huge story anywhere. Get some perspective, the PSN hack is in a different level than this. Both are still awful though.

How much money was stolen in the PSN attack? Which company provided some amount of transparency instead of sweeping it under the rug? Which incident left affected users with compensation and which left then with a mess?

This might not be as remarkable in scale as the PSN hack. But it is remarkable because it has been happening for a while, Microsoft is hesitant to acknowledge it, and they are apparently so bogged down with the issue that they can't help in a reasonable time team unless you run a popular gaming website.

The fact that this hasn't gotten much coverage is stunning.

 

[Garcia el Gringo]

Bloggers just need to shout, "2-Step Verification," at Microsoft until they get the message. Then MS and users wouldn't have to deal with investigations or refunding points or any of this nonsense. Just make it nearly impossible for thieves to steal the accounts. Lesser services use 2-step authentication. C'mon, Microsoft.

 

[RedAssedApe]

Wait, you can transfer points from 1 account to another?

No. But you can sign in with someone else's account on your Xbox, download stuff using the points and be able to use that content on any account on that console. When you buy stuff with MS points you get two licenses, 1 tied to the Gamertag and 1 to the console.

 

[gundamzeta209]

Exactly. "Social Engineering" is not hacking a system, a database. It's "hacking" the person on the other line of a phone line. Pretending to be somebody else with enough information to make that person believe you're the user of that account, and acquire even more information. And it's not only on Xbox Support.

Let's say you call some other service that, instead of changing your password, provides you your password through the phone. Let's also say you're one of the millions of people that have tiered password system: One for stupid websites on the internet, one for regular sites you care but don't have any credit card information and another password (usually this one is really good! It has numbers and shit!) for those sites that do have Financial/Personal information.

If you, for instance, call Netflix and somehow get them to give you your Netflix password, there's a chance that the same password is being used on the 360. As one service "ties" into the other, both have Credit Card information, both need to be seucre. What do you do? You use your "good" password in both services. Boom, you're screwed.

I'm specifically calling out Netflix because, in prior threads, some reports of people socially engineering through Netflix have been found.

Well if the bulk of these hacked account cases are the result of Social Engineering, then I don't see why microsoft should disclose anything to the public. it doesn't seem to be a problem that specifically tied their company.

I don't think some two-bit criminal hackers are going to have the ability to break into Microsoft databases. That's not to say that there are some extremely talented hackers out there, but you've got to know the criminal profile here. people selling accounts on some Chinese sites for $50 bucks probably aren't NSA level hackers

 

[SephirothRK]

No. But you can sign in with someone else's account on your Xbox, download stuff using the points and be able to use that content on any account on that console. When you buy stuff with MS points you get two licenses, 1 tied to the Gamertag and 1 to the console.

I was looking at the blog and saw this one

Don't know what that means.

 

[ElRenoRaven]

I was looking at the blog and saw this one

http://i271.photobucket.com/albums/jj121/suckmyproverbial/pointtransfer040112.png[IMG]

Don't know what that means.[/QUOTE]

If you buy a family account such as the hacker did you can set up sub accounts of the main account. You then can transfer points you buy on the main account to the sub accounts.

 

[Patapwn]

PSN meltdown: Xbox edition?

 

[Mindlog]

How are they supposed to figure out which accounts come from hacked live accounts and which ones are coming from stolen credit cards unrelated to live?

Gaming "journalists" could set themselves up for lawsuits/C&D orders if they start making unsupported claims.

Edit-This story likely won't fully break until one of the "journalists" is able to get a source inside MS that is able to give them info on how big of a problem this actually is.

I don't believe it matters. That specificity can be accounted for with careful wording. Any proper journalist could do it. An account purchased with a stolen credit card still qualifies as an illegitimate account. Legitimate accounts being sold on these sites would be a hard sell. However, the writer could include a disclaimer for that as well.

 

[Zoe]

Well if the bulk of these hacked account cases are the result of Social Engineering, then I don't see why microsoft should disclose anything to the public. it doesn't seem to be a problem that specifically tied their company.

How is it not tied to their company if their CSR's are giving away the customers' info?

 

[Vanillalite]

Has MS implemented a Steam Guard equivalent?

That would be too logical of a fix. Why the fuck their windows live id which works for a fuck ton of shit doesn't have 2 step authentication yet is mother funking mind boggling.

 

[Ketch]

Question:

I cancelled my gold account over a year ago now, the xbox is no longer hooked up to the internet... it is now the kinect machine in the living room (ie: never gets used). I haven't noticed anything suspicious in my email or from my credit card statement... Does this affect silver accounts as well as gold? Am I at risk here?

 

[Infamous Chris]

Some tin foil hat stuff right here. XBL, or any service, being completely compromised would be a huge story anywhere. Get some perspective, the PSN hack is in a different level than this. Both are still awful though.

This x 1000.

It's pretty annoying seeing juniors or people who don't own an Xbox 360 compare this to the PSN hack (I remember a few of the usual suspects mentioning this in the FIFA thread). There are nothing alike in the least; one was a system-wide hack that compromised dozens of millions of CC info and had all of PSN shut down for a long time, including access to even buy games on PSN which also affected publishers.

The other is social engineering that isn't a hack and can happen to virtually anything with a password, something that happens constantly in things like MMOs, etc. Since it happens to 0.00001% of the userbase, it isn't publicly known.

There isn't even a topic about this on the Xbox forums, which are very active on a daily basis (at least last I checked there wasn't). People make topics about the most stupidest shit and yet this doesn't seem an issue on the majority of gaming forums. Yes, it exists and MS should take notes from Steam, but to blow it out of proportion is ludicrous.

 

[wutwutwut]

Fuck Microsoft for not doing two-factor.

 

[Zoe]

Question:

I cancelled my gold account over a year ago now, the xbox is no longer hooked up to the internet... it is now the kinect machine in the living room (ie: never gets used). I haven't noticed anything suspicious in my email or from my credit card statement... Does this affect silver accounts as well as gold? Am I at risk here?

There was at least one silver account in the main thread.

Remove your credit card and switch to points cards to be safe.

 

[Nelo Ice]

That would be too logical of a fix. Why the fuck their windows live id which works for a fuck ton of shit doesn't have 2 step authentication yet is mother funking mind boggling.

Seriously give us something like steam guard or an authenticator like Blizzard. It's insane how seemingly easy it is to gain access to windows live accts.

 

[bigtroyjon]

I don't believe it matters. That specificity can be accounted with careful wording. Any proper journalist could do it. An account purchased with a stolen credit card still qualifies as an illegitimate account. Legitimate accounts being sold on these sites would be a hard sell. However, the writer could include a disclaimer for that as well.

There is a black market for nearly everything, people selling points isn't really a story.

 

[cpp_is_king]

I don't quite understand how the reposting qualifies as GAF detective work -_-

Now, what someone should be doing, 'Hello Kotaku, GB, IGN, Shacknews, CNN, etc etc etc.' Setup a script to monitor the shady auction sites for a period of several weeks. That will give you a rough estimate of compromised accounts. Some actual number to pin to the headline.

FTFY.

 

[SephirothRK]

If you buy a family account such as the hacker did you can set up sub accounts of the main account. You then can transfer points you buy on the main account to the sub accounts.

Ah, thanks for clearing that up.

 

[jagowar]

Bloggers just need to shout, "2-Step Verification," at Microsoft until they get the message. Then MS and users wouldn't have to deal with investigations or refunding points or any of this nonsense. Just make it nearly impossible for thieves to steal the accounts. Lesser services use 2-step authentication. C'mon, Microsoft.

Agreed.... even if that pin thing they had was tied to the account (not the console) it would be good enough to protect you better.

I still want them to leverage that companion app they recently released.... a code would automatically be generated when the xbox turns on and it would have to be input to login.

This x 1000.

It's pretty annoying seeing juniors or people who don't own an Xbox 360 compare this to the PSN hack (I remember a few of the usual suspects mentioning this in the FIFA thread). There are nothing alike in the least; one was a system-wide hack that compromised dozens of millions of CC info and had all of PSN shut down for a long time, including access to even buy games on PSN which also affected publishers.

The other is social engineering that isn't a hack and can happen to virtually anything with a password, something that happens constantly in things like MMOs, etc. Since it happens to 0.00001% of the userbase, it isn't publicly known.

Also agreed.... the two have very little in common. At most this is affecting what maybe 100k people.... that alone is a far cry from the 40+ million the ps3 hack affected.

 

[Mindlog]

There is a black market for nearly everything, people selling points isn't really a story.

I don't see where you are going with that. Evey site I listed has run a story on this situation. Watching the auction sites gives them at least one less than imaginary number to use in their articles.

xx points
xx accounts
xx accounts filtered by achievement points for previous activity

I'm not writing the article though so that's the end of my contribution.

 

[domlolz]

There was at least one silver account in the main thread.

Remove your credit card and switch to points cards to be safe.

Yep

 

[Tobe]

holy shit thanks for the heads up, gonna call ms over skype and fix my issue with the points.

 

[Htown]

Of course not. They can just sweep this under the bus and it will go away, right?

As long as they make sure any game journalists get their account problems handled ASAP, yeah, pretty much.

Sucks, because at some point there's only so much rocking the boat game sites can do, because there's always the threat of MS pulling a Ubisoft and blacklisting their site. And nobody wants to be the only website that doesn't have preview impressions or review copies for Halo 4. That's what happens when the sites are dependent on the publishers for their content.

 

[bigtroyjon]

I don't see where you are going with that. Evey site I listed has run a story on this situation. Watching the auction sites gives them at least one less than imaginary number to use in their articles.

xx points
xx accounts
xx accounts filtered by achievement points for previous activity

I'm not writing the article though so that's the end of my contribution.

I guess I was confused, I thought you were talking about using the info from the auction sites to determine the number of people getting hacked.

Evey site I listed has run a story on this situation

This is what I meant by not a story, the sale of points is something that's already been covered. Not sure if there is enough of an audience for an update to be worth the effort.

 

[Garcia el Gringo]

This x 1000.

It's pretty annoying seeing juniors or people who don't own an Xbox 360 compare this to the PSN hack (I remember a few of the usual suspects mentioning this in the FIFA thread). There are nothing alike in the least; one was a system-wide hack that compromised dozens of millions of CC info and had all of PSN shut down for a long time, including access to even buy games on PSN which also affected publishers.

The other is social engineering that isn't a hack and can happen to virtually anything with a password, something that happens constantly in things like MMOs, etc. Since it happens to 0.00001% of the userbase, it isn't publicly known.

There isn't even a topic about this on the Xbox forums, which are very active on a daily basis (at least last I checked there wasn't). People make topics about the most stupidest shit and yet this doesn't seem an issue on the majority of gaming forums. Yes, it exists and MS should take notes from Steam, but to blow it out of proportion is ludicrous.

There were so many threads about Unauthorized Access on the Xbox Support Forum the last time I checked a little over a month ago.

But yeah, I don't think you can compare the magnitudes of the PSN hack and this Unauthorized Account Access fiasco. The PSN hack effected dozens of millions and this Xbox account stuff seems to be happening to several thousand people. But you can absolutely compare how the Sony and Microsoft are handling it. Microsoft is doing a terrible job at fixing this and regaining the trust of victims compared to how Sony handled their situation by shutting down the service until it was safe, promising users credit card protections and the whole showering of free gifts with the Welcome Back package. It also sucks that most UA victims are left offline longer than the PSN outage lasted.

 

[gundamzeta209]

How is it not tied to their company if their CSR's are giving away the customers' info?

it's not grounds for disclosure.

So some con men fool a few costumer service reps with information obtained from external sources....I don't think that's a significant or extraordinary event.

 

[Mindlog]

I guess I was confused, I thought you were talking about using the info from the auction sites to determine the number of people getting hacked.


This is what I meant by not a story, the sale of points is something that's already been covered. Not sure if there is enough of an audience for an update to be worth the effort.

I can understand that. I agree there is no way to get a total accounting of the number of hacked accounts. 1 Gold account will spawn several sub-accounts and whatnot. It would just be interesting to see someone make the effort. I don't know if this by itself is worthy of an update, but I am fairly certain there will be more articles on the subject. I believe these numbers would make a wonderful compliment especially as a running log keeps collecting data.

 

[cpp_is_king]

How is it not tied to their company if their CSR's are giving away the customers' info?

Their CSRs aren't doing that though.

 

[cgcg]

it's not grounds for disclosure.

So some con men fool a few costumer service reps with information obtained from external sources....I don't think that's a significant or extraordinary event.

Just like that, mystery solved, Microsoft cleared. Move along everyone nothing to see here.

 

[Zoe]

Their CSRs aren't doing that though.

I don't believe they are, but other people do.

 

[ReturnOfTheRAT]

This whole thing is disgusting. Based on what they doing it seems like there isn't a flag going off on Microsoft's side because family accounts are being created or used for this scheme. I conceivably could create an account in California and create, then share points with a "family member" in Florida. Right?

Is that how the system is being broken here?

 

[reptilescorpio]

Why the fuck isn't this a bigger issue for Microsoft?

Where are the reporters? I know one of them got hacked and got their account back instantly but where the hell is the integrity? This is a huge issue and they should be shouting it from every corner of the media to shame Microsoft into doing something.

Make enough bad PR for Microsoft and they will have no choice but to investigate and find a way to block this from happening.

 

[Tobe]

cant we do something about i mean, send this to every major "game journalist", 4chan it or something?

 

[Yagharek]

Why the fuck isn't this a bigger issue for Microsoft?

Where are the reporters? I know one of them got hacked and got their account back instantly but where the hell is the integrity?

Free Xboxes, free live, fast-track hardware repairs, fast-track account recovery, and reliance on blockbuster game coverage for a media hungry audience. And, well, these journalists dance with skyrim review copies.

I don't believe they are, but other people do.

Just on "social engineering", you have a few groups in this thread and others saying its a matter of "user error/stupid passwords" and "social engineering/isolated incidents" (sounds a lot like the RROD denial sycophants). Social engineering is possible, but then it wouldnt be as prevalent as this now would it? I figure the social engineering way would be too time consuming for the profit gain. But so far as possible sources for getting account details you would have all this info out there to find:

* gamertags publicly listed on stuff like mygamertag.net
* people using facebook/twitter etc with personal details (city/family names/pets listed - popular secret question answers) and gamertags mentioned there too
* completing the loop by calling xbox support for the last little detail - but that would be reflected in the account history on the customer service side

So essentially, people who get hacked need to enquire when they call XBox 'Support' as to whether there have been any recent calls about their account in recent days/weeks. If that is a common theme, then we can assume social engineering is prevalent. But I wouldn't assume it's the only method - there is probably some kind of Live ID exploit that MS are reluctant to comment on, seeing as it would impact Zune, Windows, Hotmail, XBox Live, Windows Phone, GFWL etc.

If MS admitted such a thing, that would encompass a potentially much wider threat audience than the PSN hacks did.

Which is probably why they are suppressing all the news on it they can.

 

[KevinRo]

Because it's not system wide. If that we're the case, almost everyone who has an XBL account will be here complaining. The point of these threads is to find a reason how select people are being targeted.

Wrong.

It is system wide and everyone is at risk. That's why it's so crazy to hear people deny it. Most users will never have a problem because of the sheer amount of XBL users there are in the system but there is a security hole that deals with xbl customer support.

If you deny this then you yourself have never called in any rep support line and threatened to cancel your account or never had to deal with recovering a lost account over the phone. If you have then you understand how easy it is for someone to get your personal information. Heck, one instance I was talking to an XBL rep and they even confirmed my own information about me by TELLING me it before I could even answer the question. Now how crazy is that?

I've been saying it forever, this is a problem that Microsoft is sweeping under the rug to avoid bad press. I've seen it first hand with AOL when they had an epidemic of social engineering with their AOL accounts. The only solutions AOL came up with were flags on profiles of previous tampering, which is crazy because it doesn't prevent the first social engineering attack. In the end the attacks were large but small enough where the amount of users on the system could mask the problem.

Microsoft should implement an email verification system something like Steam whenever your account is recovered. Not only that but each account within their database should have a access counter. The highly accessed accounts will be flagged and will be easier to overview and watch. In some instance those with high access counters will have suspended functionality, like not being able to purchase or transfer anything.

 

[cpp_is_king]

Wrong.

It is system wide and everyone is at risk. That's why it's so crazy to hear people deny it. Most users will never have a problem because of the sheer amount of XBL users there are in the system but there is a security hole that deals with xbl customer support.

There is a security hole, but if you think it involves customer service giving away password information by the tens of thousands, then I don't know how to help you, quite frankly.

I agree that an email verification system would help though. They should also do the email verification whenever you log in thorugh a different console, or IP address.

 

[bigtroyjon]

There is a security hole, but if you think it involves customer service giving away password information by the tens of thousands, then I don't know how to help you, quite frankly.

I agree that an email verification system would help though.

So what's the problem then? Unless you know, you're guess is just as good as anyone else's but the fact that clusters of friends are all getting hit suggests this is a social engineering problem. Pretty much statistically impossible for that to happen just as a coincidence.

 

[Joni]

This x 1000.

It's pretty annoying seeing juniors or people who don't own an Xbox 360 compare this to the PSN hack (I remember a few of the usual suspects mentioning this in the FIFA thread). There are nothing alike in the least; one was a system-wide hack that compromised dozens of millions of CC info and had all of PSN shut down for a long time, including access to even buy games on PSN which also affected publishers.
.

If you steal my PSN account, you'll be unable to use my credit card. If you steal my Live account, you can buy as many points as you want. That is the difference. For all the stupid things Sony did, they did one thing right with PSN security: you can't access someone's credit card details without having that persons credit card number and that stupid three-letter number. So yes, they have stolen PSN information which may have included CC numbers (my bank though said it was unnecessary to cancel my CC, they hadn't found any irregular activity with any of their customers. still did cancel, but hey, I'm a bit anal that way. It was also never confirmed Anon got CC numbers from SCE, although they did get some at SOE.) but they don't have that stupid number so they could never have used it on PSN.

It would be a small effort to force people to enter their CC on each Xbox 360 they want to use it! And it would solve all these problems.

 

[KevinRo]

There is a security hole, but if you think it involves customer service giving away password information by the tens of thousands, then I don't know how to help you, quite frankly.

I agree that an email verification system would help though. They should also do the email verification whenever you log in thorugh a different console, or IP address.

It's not done by the tens of thousands. These people or 'hackers' doing these attacks are little kids on skype with a bunch of time on their hands. All they need is that one rep to slip up out of the 10. They can hang up on and call back within seconds on Skype and try again with no flagging system set in place. Which is crazy.

The best thing is, this has been confirmed by Major Nelson and an outside 'security researcher' over 4 years ago!

http://majornelson.com/2007/03/23/xbox-live-security-update/

A security researcher, Kevin Finisterre, discovered not a hack, but the fact that some accounts may have been compromised as a result of ‘social engineering’, also known as ‘pre-texting’, through our support center. Kevin gave me a call directly and once I realized what he was talking about (he sent me some painful-to-listen-to audio files) I confirmed that the team is fully aware of this issue. They are examining the policies, and have already begun re-training the support staff and partners to help make sure we reduce this type of social engineering attack.

There’s no other way to say it; this situation shouldn’t have happened. Our customers deserve better.

You can smell Microsoft cover up all over it within the first sentence. By dismissing it as 'not a hack' they're trying to downplay its significance, yet those who aren't dumb realize how prevalent it is within the community..

 

[reptilescorpio]

I agree that an email verification system would help though. They should also do the email verification whenever you log in thorugh a different console, or IP address.

Hopefully enough noise is made that they will move to this system sooner rather than later.

Free Xboxes, free live, fast-track hardware repairs, fast-track account recovery, and reliance on blockbuster game coverage for a media hungry audience. And, well, these journalists dance with skyrim review copies.

I was pleading more than asking

 

[cartoon_soldier]

The main question here is how are the accounts being hacked? That needs to be answered before MS can do something about it.

 

[cpp_is_king]

So what's the problem then? Unless you know, you're guess is just as good as anyone else's but the fact that clusters of friends are all getting hit suggests this is a social engineering problem. Pretty much statistically impossible for that to happen just as a coincidence.

In-game friends list. You hack one account, log in and look at their friends list, hack those, etc. I was the one whose circle of friends was all hacked, and none of us know anyone else's information, nor would any of us have socially engineered the other even if we did. To suggest is preposterous.

It was already mentioned on a previous page, but one plausible scenario involves the fact that you can completely bypass password authentication when logging into your console if you've ever downloaded the profile. For example, put your profile on a USB stick and go take it to another console. Notice you do not have to enter your password. It stands to reason that if there were a way to download a profile through some sort of backdoor or vulnerability in the XBL API, then game would be over.

Note that things like this actually are common and happen all the time.

Things like customer service reps giving out user's information in droves happens... Well, rarely, to say the least.. It is also a slow process. Do you know how inefficient it would be to have to place 10,000 phone calls and hope you don't get the same rep in the process who would be like "hey didn't you just call 30 minutes ago?" Do you also know how absolutely unequivocably trivial it would be for Microsoft to identify and put a stop to this if it was in fact the problem?

This is like clinging to the idea that that TV in your living room that is flickering and all your friends say is broken is actually fine, but you're rapidly being sent back and forth between a different dimension where things look slightly distored, so you end up with a flicker effect, as opposed to simply just saying the damn thing is broken.

I mean yea, it's theoretically possible by the laws of the universe that this is what's happening, but if so then go buy a mega millions ticket because the random number generator used by Mother Nature is going absolutely insane.

 

[Dead Man]

Free Xboxes, free live, fast-track hardware repairs, fast-track account recovery, and reliance on blockbuster game coverage for a media hungry audience. And, well, these journalists dance with skyrim review copies.




Just on "social engineering", you have a few groups in this thread and others saying its a matter of "user error/stupid passwords" and "social engineering/isolated incidents" (sounds a lot like the RROD denial sycophants). Social engineering is possible, but then it wouldnt be as prevalent as this now would it? I figure the social engineering way would be too time consuming for the profit gain. But so far as possible sources for getting account details you would have all this info out there to find:

* gamertags publicly listed on stuff like mygamertag.net
* people using facebook/twitter etc with personal details (city/family names/pets listed - popular secret question answers) and gamertags mentioned there too
* completing the loop by calling xbox support for the last little detail - but that would be reflected in the account history on the customer service side

So essentially, people who get hacked need to enquire when they call XBox 'Support' as to whether there have been any recent calls about their account in recent days/weeks. If that is a common theme, then we can assume social engineering is prevalent. But I wouldn't assume it's the only method - there is probably some kind of Live ID exploit that MS are reluctant to comment on, seeing as it would impact Zune, Windows, Hotmail, XBox Live, Windows Phone, GFWL etc.

If MS admitted such a thing, that would encompass a potentially much wider threat audience than the PSN hacks did.

Which is probably why they are suppressing all the news on it they can.

Sounds like a clusterfuck to me.

 

[TTP]

If you steal my PSN account, you'll be unable to use my credit card.

Are you sure about that? When I add money to my PSN wallet I'm not required to type any CC info. Why would someone else with my account be asked to do so? Does it detect different hardware?

edit: I'm referring specifically to buying money for the PSN wallet with a stolen PSN account.

 

[Zee-Row]

As far as i know people weren't getting their money stolen after the PSN hacks and Sony got major bad press, with these Xbox hacks people actually are getting points stolen and it seems like everything is getting swept under the rug.

 

[Yagharek]

As far as i know people weren't getting their money stolen after the PSN hacks and Sony got major bad press, with these Xbox hacks people actually are getting points stolen and it seems like everything is getting swept under the rug.

AFAIK there were some people affected financially by PSN hacks. Some have posted about it on GAF, but not a great deal of people, so its hard to gauge how widespread it was.
But the problem/difference with the XBL hacks is that all of them are expressly for the purpose of buying/downloading/stealing content from the original account owner, so you have a 1:1 ratio of hacking to being on the receiving end of fraud.

 

[bigtroyjon]

In-game friends list. You hack one account, log in and look at their friends list, hack those, etc. I was the one whose circle of friends was all hacked, and none of us know anyone else's information, nor would any of us have socially engineered the other even if we did. To suggest is preposterous.

I'm not saying that your friends are doing the hacking, I'm saying that one of them has a flaw somewhere(facebook or some other social site) that is connecting real life info with gamertags.

That's a lot more likely than hackers having the ability to hack accounts and doing it slowly over a long period of time and not going as fast and hard as they can like every other hacking case.

 

[Osietra]

As far as i know people weren't getting their money stolen after the PSN hacks and Sony got major bad press, with these Xbox hacks people actually are getting points stolen and it seems like everything is getting swept under the rug.

I guess Steptoe has a pretty big dustpan and brush,