Support NeoGAF

[dose]

Gamesindustry.biz have posted an article about it.
http://www.gamesindustry.biz/articles/2012-01-06-fraudulent-xbox-live-accounts-for-sale

For those who don't have an account (hopefully ok to quote it all...)

The experiences of a young woman in Texas have highlighted security issues for Microsoft's Xbox Live service, after her account was hacked and points purchased on it sold to the highest bidder.

Susan T shared her story on a blog which documented her correspondence with both Microsoft and someone who had bought the points fraudulently purchased with her account.

She became aware of the problem on January 2 when she received purchase confirmations from Microsoft for 10,000 points and the Family Gold Pack, as well as an email to say the points had been successfully transferred. She had been charged $214.97, and immediately contacted Microsoft's Xbox Phone Support Team, who blocked her account.

On January 4, despite being told her account was blocked, she was charged another $124.98 for another 10,000 points, which were transferred to the user RipplyCorgi16. She contacted Microsoft again, who told her they had been unable to block her account.

72 hours after her initial contact with Microsoft, the account was still not blocked and she was able to contact RipplyCorgi16, the user who had received the latest batch of stolen points.

He told her he was based in Poland and he had purchased the Xbox Live account from a site called TradeTang, a Chinese wholesale site where 10,000 Microsoft Points are currently available for around $30.

He had been directed there by the seller via a Polish trading site called Allegro, and handed over the seller's Allegro username and email address. She has also been in touch with Microsoft again.

"I have spoken to Microsoft again and the rep I chatted to was appalled that no one else had actually managed to get my account blocked since the moment I first reported the issue on Monday."

"He said he is going to pass my case onto the Tier 3 team who will phone me once my account has been blocked and the investigation began."

GamesIndustry.biz has contacted Susan T for an update on the situation.

Late last year Microsoft denied that Xbox Live had been hacked blaming phishing scams.

"Xbox Live has not been hacked. Microsoft can confirm that there has been no breach to the security of our Xbox Live service."

 

[Dinosur]

I've used cards to renew my Gold subscription for at least the last three years and it still won't let me remove my credit card information.

This payment option cannot be removed as it is currently used for the following memberships:

Xbox LIVE Gold: Prepaid 12M Xbox LIVE Gold

So if I continue to be paranoid, I need to turn off auto-renew, wait until my Gold runs out in March, remove my CC info, then use another prepaid card?

 

[drizzle]

I just went and enabled Profile Protection and is it strange that I have all these consoles listed under Profile Protection when I've only ever used one Xbox 360?

The fact that they don't list any kind of real information about them (no "connection location", no partial serial number, NOTHING) other than "previous console" and a date, i'd guess they're separating them by IP address.

It would really be useful if they showed a partial serial number or something to that extent, to identify the actual box.

My account was hacked in June and I have "previous consoles" dating back to 2009. I have no idea what they are, and there's a new one from today. The last console before today was from December 10th. I think I changed my ip addresses since December 10th only once. (two days ago, when I cleaned my room and turned my router off). Today is the first day I turned my 360 on since then.

There has never been more than one console that's able to connect to my gamertag. All the "previous" consoles are required to use a password. This changes automatically (previous consoles going from "These consoles may allow unauthorized access to your Xbox LIVE profile" to "Consoles that require your password for sign in") at least on a monthly basis for me. Coincidentally, so does my IP address.

 

[Curufinwe]

You're already hacked.

Well if that's true it's weird they never used my MS Points to buy anything since I used to keep a healthy balance of them in my account.

When I first went into the Profile Protection page it said 1/3/12 for "Most Recent Console", (which was accurate) and then when I enabled Profile Protection it immediately changed that date to 1/6/12. Like it was counting the work PC I'm using right now as a console.

 

[Speedymanic]

I've used cards to renew my Gold subscription for at least the last three years and it still won't let me remove my credit card information.



So if I continue to be paranoid, I need to turn off auto-renew, wait until my Gold runs out in March, remove my CC info, then use another prepaid card?

Have you turned auto renewal off? If yes, call MS, they will remove the details.

 

[Deadstar]

Can someone page Patrick Kleppick? We need our best men on this.

 

[gamergirly]

It's not just Xbox Live, you just have to be smart about using your CC/DC these days ANYWHERE online

 

[Zoe]

It's not just Xbox Live, you just have to be smart about using your CC/DC these days ANYWHERE online

This isn't about card safety. This thing makes it unsafe to have any kind of automatic payment source attached to your account.

 

[Deadstar]

I've used cards to renew my Gold subscription for at least the last three years and it still won't let me remove my credit card information.



So if I continue to be paranoid, I need to turn off auto-renew, wait until my Gold runs out in March, remove my CC info, then use another prepaid card?

If it's any help at all, what I did is add a prepaid $20 card to my account. You then change your address to Ohio or something, I don't remember but you can look it up online. Then you transfer your gold membership to that card. Then you can safely remove your real credit card. I did that a while ago and it hasn't been a problem.

 

[cpp_is_king]

Here's a question: profile protection lists all the consoles youve used, but does it require a password for a console youve never used and is not on that list?

 

[Garcia el Gringo]

We should take all the time and energy we're spending arguing about this being phishing vs hacking and put it towards voicing our concerns towards Microsoft about their lack of 2-step authentication and other security options. Everyone on Live would benefit from it. I think it's more important that this unauthorized access nonsense ends and for Live accounts to be safe than it is finding who's to blame, be it hackers, Microsoft, the victims for getting phished or whoever. The arguing really isn't productive.

It'd be great if blogs were running some posts demanding 2-step authentication.

 

[Curufinwe]

Here's a question: profile protection lists all the consoles youve used, but does it require a password for a console youve never used and is not on that list?

I assume this means all other consoles require a password.

"Consoles that do not require your password for sign in

No consoles found."

 

[bigtroyjon]

Here's a question: profile protection lists all the consoles youve used, but does it require a password for a console youve never used and is not on that list?

How would a console that you've never used get the account on it without a password?

 

[drizzle]

Well if that's true it's weird they never used my MS Points to buy anything since I used to keep a healthy balance of them in my account.

When I first went into the Profile Protection page it said 1/3/12 for "Most Recent Console", (which was accurate) and then when I enabled Profile Protection it immediately changed that date to 1/6/12. Like it was counting the work PC I'm using right now as a console.

Maybe it keeps changing the console and the PC as being an "most current console", based on your login? Because when you go to the Xbox Marketplace on your browser, you're logging in, using your password. When you turn your xbox on, you're also logging in.

That would make sense, but the "most current console" and "previous console" naming scheme is fucking RIDICULOUS.

 

[Speedymanic]

Here's a question: profile protection lists all the consoles youve used, but does it require a password for a console youve never used and is not on that list?

No, but the question makes no sense.

Protect your Xbox LIVE profile by requiring a fresh download of your profile to any console you use. This protection is recommended if you saved your password on a console you don’t control.

We should take all the time and energy we're spending arguing about this being phishing vs hacking and put it towards voicing our concerns towards Microsoft about their lack of 2-step authentication and other security options. Everyone on Live would benefit from it. I think it's more important that this unauthorized access nonsense ends and for Live accounts to be safe than it is finding who's to blame, be it hackers, Microsoft, the victims for getting phished or whoever. The arguing really isn't productive.

It'd be great if blogs were running some posts demanding 2-step authentication.

I've been saying this for some time, but nothing's ever come of it. We need to mass email Stepto and Nelson and keep doing so until it's implemented.

 

[Salaadin]

I just went and enabled Profile Protection and is it strange that I have all these consoles listed under Profile Protection when I've only ever used one Xbox 360?

Visited Consoles Last Visited
Most Recent Console 1/6/2012
Previous Console 12/31/2011
Previous Console 7/26/2011
Previous Console 7/23/2011
Previous Console 1/25/2011

Do you use GFWL at all?

This is what I have:

Consoles that do not require your password for sign in
These consoles may allow unauthorized access to your Xbox LIVE profile
VISITED CONSOLES LAST VISITED
Most Recent Console 9/9/2011
Require Profile Download Cancel

Consoles that require your password for sign in
VISITED CONSOLES LAST VISITED
Most Recent Console 1/6/2012
Previous Console 12/25/2011
Previous Console 10/22/2011
Previous Console 3/1/2010

I played Batman:AC (PC version) on 12/25 and Batman:AA (PC Version) on 10/22 so it looks like its counting each of those GFWL games as a single "console". The 3/1/2010 console is one that I have no clue about but that might fall in line with my last RROD replacement.

I dont know why I have a console that doesnt require my password and I also cant remember the last time I used my 360 but I sure as hell didnt use it today yet they say I last visited it on 1/6/12. Sounds like theyre counting profile logins from a PC as a console visit too.

Either way, the card I have tied to my 360 is no longer good because I cancelled it when PSN was hacked so Im safe. Still enabling the protection anyways and not ever tying a card to my account again.

 

[cpp_is_king]

How would a console that you've never used get the account on it without a password?

Usb stick?

 

[Speedymanic]

Either way, the card I have tied to my 360 is no longer good because I cancelled it when PSN was hacked so Im safe. Still enabling the protection anyways and not ever tying a card to my account again.

Call MS and remove the card. In the event that you're hacked, they can still apply charges to the card that's linked to the account. You won't be charged as your card has been cancelled, but MS will suspend the account until you provide more details.

Do the sensible thing and remove those details now.

 

[Salaadin]

Call MS and remove the card. In the event that you're hacked, they can still apply charges to the card that's linked to the account. You won't be charged as your card has been cancelled, but MS will suspend the account until you provide more details.

Do the sensible thing and remove those details now.

Really? Thanks for that. Ill give em a call.

 

[D4Danger]

I just went and enabled Profile Protection and is it strange that I have all these consoles listed under Profile Protection when I've only ever used one Xbox 360?

Visited Consoles Last Visited
Most Recent Console 1/6/2012
Previous Console 12/31/2011
Previous Console 7/26/2011
Previous Console 7/23/2011
Previous Console 1/25/2011

mine looks like this

VISITED CONSOLES	LAST VISITED
Most Recent Console	05/01/2012

VISITED CONSOLES	LAST VISITED
Most Recent Console	06/01/2012
Previous Console	15/04/2011
Previous Console	27/09/2010
Previous Console	04/09/2010
Previous Console	01/07/2010
Previous Console	21/06/2010

I have no idea what this means because they don't provide any extra information with it.

It would be nice if they added like the first few digits of the console's serial number next to the date so I could check

I have 1 360 right now (a 60gb pro old fat model) and I had a 20gb launch console that broke in 2010 so maybe it's that but it doesn't explain why I have 6 consoles listed

 

[slidewinder]

Do you use GFWL at all?

This is what I have:




I played Batman:AC (PC version) on 12/25 and Batman:AA (PC Version) on 10/22 so it looks like its counting each of those GFWL games as a single "console".

Yeah, same deal for me: it looks like it's counting GFWL activity as a "previous console." Which is dumb and needlessly confusing, but not all that surprising.

 

[[Nintex]]

mine looks like this

VISITED CONSOLES	LAST VISITED
Most Recent Console	05/01/2012

VISITED CONSOLES	LAST VISITED
Most Recent Console	06/01/2012
Previous Console	15/04/2011
Previous Console	27/09/2010
Previous Console	04/09/2010
Previous Console	01/07/2010
Previous Console	21/06/2010

I have no idea what this means because they don't provide any extra information with it.

It would be nice if they added like the first few digits of the console's serial number next to the date so I could check

I have 1 360 right now (a 60gb pro old fat model) and I had a 20gb launch console that broke in 2010 so maybe it's that but it doesn't explain why I have 6 consoles listed

Maybe firmware updates like NXE?

 

[Speedymanic]

Really? Thanks for that. Ill give em a call.

Yep. MS are real dicks in that respect.

A mates account was suspended when they auto renewed his gold using details that were no longer valid. He worked it out in the end, but it was very frustrating/annoying. so much so that it turned him off the 360 and he went PC only.

 

[bigtroyjon]

Usb stick?

Don't you still need a password to connect that profile with Live once you move it over?

 

[D4Danger]

Maybe firmware updates like NXE?

I did actually think that but wikipedia says

2.0.14699.0 - December 6th 2011
2.0.13604.0 - October 11, 2011
2.0.13599.0 - July 19, 2011
2.0.13146.0 - May 19, 2011 to May 31, 2011
2.0.12625.0 - January 19, 2011
2.0.12611.0 - November 1, 2010
2.0.9199.0  - April 6, 2010
2.0.8955.0  - October 23, 2009

so looking at the dates on my PP page

Previous Console  15/04/2011  ?  2.0.12625.0
Previous Console  27/09/2010  ?  2.0.9199.0
Previous Console  04/09/2010  ?  2.0.9199.0
Previous Console  01/07/2010  ?  2.0.9199.0
Previous Console  21/06/2010  ?  2.0.9199.0

I wish the PP page had more information but this is less than useless.

edit: is it just a coincidence that the 2.0.9199.0 dashboard introduced USB profile sharing?

 

[cpp_is_king]

Don't you still need a password to connect that profile with Live once you move it over?

Not without profile protection i dont think, my friend brought his to work from home, plugged it in to a random xbox, and just logged in. And with PP, no idea. That was my original question

Someone should try it though to confirm

 

[Curufinwe]

Do you use GFWL at all?

I have used GFWL quite a bit this year to play games like Dawn of War II and Bioshock 2. Good thinking.

 

[bigtroyjon]

Not without profile protection i dont think, my friend brought his to work from home, plugged it in to a random xbox, and just logged in. And with PP, no idea. That was my original question

Someone should try it though to confirm

I just did this a week ago and had to enter the password.
link

When you move your Xbox LIVE profile to a USB flash drive or memory unit, you will always be prompted for your Windows Live ID password when you sign into your profile (on the portable storage device). This password requirement can't be changed and is meant to protect the security of your account, in case the storage device is lost or stolen (password protection was added in the Fall 2011 version of the console software).

Looks like a recent change.

 

[drizzle]

For the hell of it, I just changed my password and required all consoles to enter the password to retrieve the account. There were no longer consoles able to login to my account without providing password, according to the Profile Protection page.

Two entries from today showed up on "previous consoles".

Turned on my 360 and yes, it said that the profile I had was invalid and I should download it from the servers.

I tried to do it and it asked for the password. I input the new password and it downloaded my profile. When I logged in, it asked if I wanted the console to remember my password or not. It told me that, If I didn't check the checkbox, it would ask me for a password the next time.

I checked for it to remember the password and bam, "current console" showed up on the Profile Protection page and one entry from "previous console" disappeared. While I was downloading and, technically, if I didn't check the "remember this password", The 360 profile page wouldn't have helped me at all: There was no way to be sure that a new (or old) console was using my gamertag.

This is horrible communication of what is happening. Give me a partial Serial Number or something cmon! They do have that information, because it's what they use to figure out if you have an actual account steal or if you're just buying shit and calling them complaining about not buying shit: They use the Xbox Serial Number to figure that shit out. Surface that information, even partially. "Previous Console" and a Date doesn't help anybody


I have personally used my Gamertag in 3 different XBoxes: My earlier, RROD one, A friend's xbox and my current XBox. I have used my profile on multiple computers (because if you reinstall windows, that's considered a new machine for online services purposes, and I've done that a lot recently, because I changed motherboards twice and computers twice).

 

[cpp_is_king]

I just did this a week ago and had to enter the password.
link


Looks like a recent change.

Well that's good to know at least.

 

[D4Danger]

I just did this a week ago and had to enter the password.
link


Looks like a recent change.

so before the fall 2011 update, let's say the hacker managed to get your account info they could copy your profile to a USB key and just sit on it. Even if you changed your password it would just log you straight in?

http://support.microsoft.com/kb/2636771

If your Xbox LIVE profile is downloaded to another console and it's not password-protected or your password becomes comprised, you can remotely remove the password so that your profile can't be accessed.

this was only added in the last update (fall 2011). what happened before that?

say I copied my profile to a USB key using the password "pword1" and then selected "don't prompt" what happened if I changed my Live ID password to "pword2"?

I could be reading this wrong but it looks like it doesn't even check and just signs you in. That can't be right.

 

[Speedymanic]

For the hell of it, I just changed my password and required all consoles to enter the password to retrieve the account. There were no longer consoles able to login to my account without providing password, according to the Profile Protection page.

Two entries from today showed up on "previous consoles".

Turned on my 360 and yes, it said that the profile I had was invalid and I should download it from the servers.

I tried to do it and it asked for the password. I input the new password and it downloaded my profile. When I logged in, it asked if I wanted the console to remember my password or not. It told me that, If I didn't check the checkbox, it would ask me for a password the next time.

I checked for it to remember the password and bam, "current console" showed up on the Profile Protection page and one entry from "previous console" disappeared. While I was downloading and, technically, if I didn't check the "remember this password", The 360 profile page wouldn't have helped me at all: There was no way to be sure that a new (or old) console was using my gamertag.

This is horrible communication of what is happening. Give me a partial Serial Number or something cmon! They do have that information, because it's what they use to figure out if you have an actual account steal or if you're just buying shit and calling them complaining about not buying shit: They use the Xbox Serial Number to figure that shit out. Surface that information, even partially. "Previous Console" and a Date doesn't help anybody.

Using serial numbers upon login to verify your console would stamp out this 'hacking' fiasco overnight, it's a shame that MS aren't smart or capable enough to realize this.

They already implement a more basic version of this for games/content, so why not just expand to accounts as well. :/

 

[metareferential]

say I copied my profile to a USB key using the password "pword1" and then selected "don't prompt" what happened if I changed my Live ID password to "pword2"?

I could be reading this wrong but it looks like it doesn't even check and just signs you in. That can't be right.

If you change password and use auto sign-in without having to input the password, yes, it just logs you in no matter what.

We should all set every account to "request password". Painful, but maybe effective?

 

[D4Danger]

If you change password and use auto sign-in without having to input the password, yes, it just logs you in no matter what.

We should all set every account to "request password". Painful, but maybe effective?

so your Live ID password is only good at the time the account is copied. If you change it after that it doesn't matter?

that's scandalous if correct.

 

[drizzle]

so before the fall 2011 update, let's say the hacker managed to get your account info they could copy your profile to a USB key and just sit on it. Even if you changed your password it would just log you straight in?

http://support.microsoft.com/kb/2636771

this was only added in the last update (fall 2011). what happened before that?

say I copied my profile to a USB key using the password "pword1" and then selected "don't prompt" what happened if I changed my Live ID password to "pword2"?

I could be reading this wrong but it looks like it doesn't even check just signs you in. That can't be right.

Previously, you could only have ONE xbox assigned to ONE profile. So, if somebody stole your account and "rerieved" that account on some xbox, your xbox wouldn't be bale to login to your account. You'd have to "retrieve" it again, inputting your password. With USB sticks, multiple consoles could have access to your profile, because the profile was downloaded and signed on that stick. The same way you could bring your HD from your xbox to your friend's house and login with your gamertag stored in it: It was already signed as valid (because you inputed your password once on some device).

In other words, to answer your question: Nothing. That profile was "enabled" to be logged from that console. In this case, the memory stick you were carrying, or the detacheable HD you took to your friend's house. It was signed once by somebody, it's good enough. It would only become "invalid" if you "retrieved" it in a console.

I did that: I took my HD to a friend's house in another city once, to play some rockband. We couldn't play the DLC tracks, because it was signed to MY console and MY gamertag. We had to login with my gamertag to have access to it, and it never asked for a password.

Edit: what you said explains it much better: The Live ID password is only valid on account retrieval. If you change it after that, it doesn't matter: Your account was already "signed" and would always connect.

 

[Zoe]

We should all set every account to "request password". Painful, but maybe effective?

Oh no, that's way too much of an inconvenience.

 

[Rebel Leader]

I've used cards to renew my Gold subscription for at least the last three years and it still won't let me remove my credit card information.



So if I continue to be paranoid, I need to turn off auto-renew, wait until my Gold runs out in March, remove my CC info, then use another prepaid card?

That worked for me
(lives is the US)

 

[bigtroyjon]

so before the fall 2011 update, let's say the hacker managed to get your account info they could copy your profile to a USB key and just sit on it. Even if you changed your password it would just log you straight in?

http://support.microsoft.com/kb/2636771



this was only added in the last update (fall 2011). what happened before that?

say I copied my profile to a USB key using the password "pword1" and then selected "don't prompt" what happened if I changed my Live ID password to "pword2"?

I could be reading this wrong but it looks like it doesn't even check and just signs you in. That can't be right.

Pretty sure that is right, they sacrificed security for ease of use. All about that corporate America cost/benefit analysis!

so your Live ID password is only good at the time the account is copied. If you change it after that it doesn't matter?

that's scandalous if correct.

If you had auto login enabled, yes. It's been changed though, and now no longer allows auto login.

 

[metareferential]

so your Live ID password is only good at the time the account is copied. If you change it after that it doesn't matter?

that's scandalous if correct.

Well I guess that if you then require the password to be prompted with every login you should be safe.

I changed my password yesterday, and my console logged me in without even noticing the change. I wonder what will happen if I just set to require password.

I have a feeling it will just fail to recognize it, like it always happens when trying to change the ID associated to the gamertag.

The Live ID password is only valid on account retrieval. If you change it after that, it doesn't matter: Your account was already "signed" and would always connect.

If that's the case, it's useless.

EDIT: xbox support says that if you require the password, it forces a redownload, then requiring the new password, prior to login.

 

[Speedymanic]

If you change password and use auto sign-in without having to input the password, yes, it just logs you in no matter what.

We should all set every account to "request password". Painful, but maybe effective?

In an ideal world, but just like Gmail and Steam, it's a matter of convenience for the user.

If it weren't, 2 step would be activated from the moment you set up an account and steam guard would be active the moment you set up an account.

They aren't, it doesn't take a genius to figure out why.

 

[Rebel Leader]

so your Live ID password is only good at the time the account is copied. If you change it after that it doesn't matter?

that's scandalous if correct.

So MS should do what Sony has done with signing in on the ps3?

Even if they have autosign-in, once the PW is changed you can't sign in

 

[drizzle]

In an ideal world, but just like Gmail and Steam, it's a matter of convenience for the user.

If it weren't, 2 step would be activated from the moment you set up an account and steam guard would be active the moment you set up an account.

They aren't, it doesn't take a genius to figure out why.

What baffles me is WHY they don't provide the OPTION to create a two tiered system: If you want to login from a different machine/console/computer, shoot me an email, in which I have to confirm the thing.

It's not that hard.

 

[Speedymanic]

Oh no, that's way too much of an inconvenience.

Poor response.

Think about it, if it wasn't a matter of convenience, wouldn't google and steam activate their respective security measures from the moment you set up an account?

Mock it all you want, but the harder/more complicated a service is to use at the beginning, the less likely people are to use it.

What baffles me is WHY they don't provide the OPTION to create a two tiered system: If you want to login from a different machine/console/computer, shoot me an email, in which I have to confirm the thing.

It's not that hard.

Indeed. We, as users have to force them to look at this and the way to do that is to mass email their reps and keep emailing them until they listen to our suggestions. We wield a lot of power, we just choose not to use it because we think it won't make a difference.

 

[M3d10n]

How is this embarrassing for MS? They can't do anything about others sites security. If your details were obtained from another site, what they can realistically do?

The way MS have handled is very embarrassing and for that they need to held to account, but I'm not seeing how MS could be held accountable if the above is the cause of the 'hacks'

It's embarrassing that an archived GT can still be used years after the password has been changed.

 

[Speedymanic]

It's embarrassing that an archived GT can still be used years after the password has been changed.

It can't if you take advantage of the tools available.

 

[drizzle]

It can't if you take advantage of the tools available.

The tools weren't made available until two months ago. Sure, it's GREAT that they're available now. however, if my password is stolen TODAY (either by a security fault, database leak or stupidity on my part), my account will still be hacked. It's not the perfect solution, as it doesn't do anything for future hacks. It's something, but it's not perfect.

 

[Garcia el Gringo]

Indeed. We, as users have to force them to look at this and the way to do that is to mass email their reps and keep emailing them until they listen to our suggestions. We wield a lot of power, we just choose not to use it because we think it won't make a difference.

I'm ready to do this. I already blasted Stepto with tweets.

 

[Speedymanic]

The tools weren't made available until two months ago. Sure, it's GREAT that they're available now. however, if my password is stolen TODAY (either by a security fault, database leak or stupidity on my part), my account will still be hacked. It's not the perfect solution. It's something, but it's not perfect.

True. I've never claimed it's perfect, but the suggestion that someone can access your account years after you've changed your password is laughable.

Again, very few sites/services actually protect sufficiently against hacking before the fact. Most deal with post hacking, it's a depressing but sad truth.

 

[Unhandled Exception]

My best guess with how the vast majority of these accounts are being broken into is via cross-referencing '@msn.com' '@hotmail.com' '@live.com' emails and passwords that were leaked from other sources throughout the last year and a half or so. All of the 'LulzSec' nonsense and what not. How hard is it to filter out those types of emails from those releases and copy/paste into the xbox.com login screen? Not very.

 

[Speedymanic]

I'm ready to do this. I already blasted Stepto with tweets.

Good man, we need a more collective effort and instead of focusing on why this is happening, we need to force a change that will stop it dead in its tracks.

Someone needs to create a new thread with all the details of who to tweet, email, etc and what to demand. The bigger the number of people demanding a change, the less chance it will be ignored.