-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
Wow was my Windows live/ Xbox account just hacked?
- Thread starter Teknoman
- Start date
Admiral Snackbar
Member
My account was hacked through my Gmail back in August. My Gmail was tied to Live, they Password Reset, logged in and changed all the info to Korean. I only noticed due to being in the email client at the time and seeing them pop up. Logged in before they removed my email as a secondary contact and re-reset everything. But not before they'd bought $140 worth of MS Points.
My ticket has been open for over a month. No contact from MS past the second week. I called today and when I explained the account was fine and connected to Live without a problem, the guy flipped out. "Oh no, it should have been frozen this whole time. Let me do that now."
So now my account is locked on GoW3 day. The investigation should be done in three days and the refunds are being sent then.
While your LiveID is generally easy to get into, your email accounts tied to the LiveID are just as vulnerable. I run 2-Step authentication on all my emails now and still sit here constantly vigilant.
My ticket has been open for over a month. No contact from MS past the second week. I called today and when I explained the account was fine and connected to Live without a problem, the guy flipped out. "Oh no, it should have been frozen this whole time. Let me do that now."
So now my account is locked on GoW3 day. The investigation should be done in three days and the refunds are being sent then.
While your LiveID is generally easy to get into, your email accounts tied to the LiveID are just as vulnerable. I run 2-Step authentication on all my emails now and still sit here constantly vigilant.
DownLikeBCPowder
Member
I also caught it immediately, reported it immediately, and also experienced a delay in the actual onset of the "investigation".. hah. Not shocked.Zerokku said:
cazosozey said:
Finally an update to my little story from my post on page 1.
Xbox called back, left a voicemail. Stated that there was no evidence of fraud on the account.
The account is now an Xbox free account, which we paid for a year of gold in March.
So after a 3 month ordeal. The only thing we got out of it was an unchangeable Russian account. (all the text when you log in is Russian). Luckily we did get refund back from the initial purchase of the XBL point cards, thanks to the bank.
Just really disappointed overall. I don't want to be one of 'those people', but this experience will affect my future Microsoft hardware/services purchasing decisions.
JacksUsername
Member
cazosozey said:
http://www.bbb.org/
https://www.ftccomplaintassistant.gov/
I would seriously file a complaint with both. The number of complaints from this thread are way too high to be coincidental and the fact that many have confirmed that they use secure passwords shows that something else is going on. I know it's a pain to fill out the forms, but if it were to happen to me, and customer support treated me like they have you (especially the fact that you lost your gold account after paying for it) I would be outraged. This thread has me checking my hotmail account every day and I'm very disappointed that there hasn't been any public investigation or a rep from Microsoft address the issue. You'd think they'd learn from the RROD and Sony hacking - the longer you hold out information, the greater the backlash will be.
Truespeed
Member
Unless I'm missing something it seems like there have been more reports of Xbox Live accounts being compromised than PSN accounts. Which is completely bizarre considering the hack that forced Sony to take down the PSN. Which makes me wonder if any PSN user data was actually leaked at all.
JacksUsername
Member
Truespeed said:
Well Sony locked everything up when they realized how serious the breach was. Their biggest mistake was just not coming out and being honest with their consumers regarding how bad the security hole was which lead to a lot of anxiety, but it seems most of the damage was mitigated by fast action. Microsoft here just seems to be letting it slide as long as possible and hoping it will quietly go away - who knows, maybe they have info and because it's only say 2% of accounts, they're not willing to take the PR damage of announcing a breach of security. No one can say for sure, but I just hope the silence ends soon.
Edit:
Mandoric said:
Well put.
Truespeed said:
It was, but name / address / properly hashed password really isn't that useful at all, unless you're a really ambitious and oddly specific cat burglar.
OTOH, if there's a security flaw somewhere on the Live network that allows unauthorized login, that will affect far fewer people (at least until the lid gets blown off) but allow them to be taken for up to their credit limit in Live points and DLC.
Add me as someone that got hacked. My windows live acct. info had been changed to Chinese writing or something similar and they charged a credit card i had on there for 110 bucks and spent my 700 points i had 
. Put a stop payment and called MS and now my live acct. is locked pending investigation.
. Put a stop payment and called MS and now my live acct. is locked pending investigation.Really think this thread(or a new one that better summarizes the issue) gets stickied.
More people should be aware, I am still awaiting ANY word from MS after three weeks, and with the industry completely silent and naive, it would be nice if the mods were at least willing to give us victims a bit of a clearer voice.
The Sony thing was bad for Sony, but this is a premium service where actual theft is occurring, and its customer base is being victimized with terrible support from Microsoft. I've been a loyal customer for over 8 years of Live service, and am ready to jump ship.
More people should be aware, I am still awaiting ANY word from MS after three weeks, and with the industry completely silent and naive, it would be nice if the mods were at least willing to give us victims a bit of a clearer voice.
The Sony thing was bad for Sony, but this is a premium service where actual theft is occurring, and its customer base is being victimized with terrible support from Microsoft. I've been a loyal customer for over 8 years of Live service, and am ready to jump ship.
cuevas. PhD.
Member
A friend of mine and I both got "hacked". They bought points and some games but that was it on both of our accounts. We got em back. Both were over the past month.
By the time I called they had detected it and had refunded my money so they didn't have to close my account.
By the time I called they had detected it and had refunded my money so they didn't have to close my account.
nicoga3000
Saint Nic
Kinda happy I cancelled my account and removed the credit card earlier today after selling my system and reformatting it. A+
mjemirzian
Banned
Good reason to never keep credit cards on file on any website. Buy any subscription with game cards purchased at a trusted retailer and if you use a card on a website make sure they don't keep it. Also if you subscribe to Xbox Live Gold you have to call to cancel and get harassed by a CSR for your trouble. Screw it.
AcceptableGhost
Member
A friend of mine was hacked in this exact way a week ago... I thought he was just being insecure but this sounds more likely.
JacksUsername said:
Took your advise and filed a complaint with BBB. I didn't file with the FTC, because it seemed like their options weren't applicable to my current situation.
Here is the body of the complaint I wrote to them. Anyone feel free to use it as a template if you like, I've removed all personal info:
BBB Complaint said:
Shed_a_Ninja
Banned
Now that I think about it, I don't recall there being any reports of PSN users' accounts being hacked.Truespeed said:
AcceptableGhost
Member
I wonder how big this has actually hit. I am sure there are lots of people out there who are not on these forums who have gotten hit (like my friend).Shed_a_Ninja said:
ShallNoiseUpon
Member
This seems like the kind of issue The Consumerist would gobble up. Cazosozey I'm sure if you sent them what you sent the BBB and a link to this thread they would be interested.
JacksUsername
Member
cazosozey said:
Sorry about that, from the brief description, it sounded like the FTC would be a good place, but after seeing the application it looks like it's referring to more serious cases of identity theft.
Glad you took the time to report to BBB though; too many times people let things like this slide and I think it's important that at least some agency is looking into this considering the numerous reports and then the appalling customer support.
I guess if anyone else goes to the BBB, I would recommend giving even more detailed info like describing what LIVE is, its annual cost, how it works, detailed interactions with customer support if you have it, etc. I hope you get a quick response. I really want my LIVE account to feel secure. Need to call Microsoft sometime from work or this weekend to make sure my card gets removed.
VibratingDonkey
Member
This thread should have its title changed. Thought it was still about the one guy who originally got his account hijacked.
I've got my debit card details off of Microsoft's servers for a while now. Had to attach a Paypal account to do it, but that's at least safer right? Changed my Live, Paypal and related email passwords+security q's just in case. Now the answers are more passwords.
I've got my debit card details off of Microsoft's servers for a while now. Had to attach a Paypal account to do it, but that's at least safer right? Changed my Live, Paypal and related email passwords+security q's just in case. Now the answers are more passwords.
VeryGooster
Banned
My friend called Microsoft to follow up on her situation. Customer service didn't help. Still didn't explain what the violation was that keeps them from helping:
I linked this thread to a few sites on Twitter in hopes of... anything.
I linked this thread to a few sites on Twitter in hopes of... anything.
cuevas. PhD.
Member
Here's a story by Patrick Klepek on this stuff. They are probably using the same "social engineering" tactics he talks about.
Brandon F said:
VibratingDonkey said:
Zeppelin said:
Yeah, if a mod could change the title to something more suitable for the issue, i'd be fine with that. Looking back, I didnt think it was the start of something big...but now...looks like this is getting out of hand.
mjemirzian said:
Yeah, i'm never saving card info or keeping one on file for anything. Going to be direct entry and no save log in info from now on.
Diseased Yak
Gold Member
cuevas said:
Well, I have no doubt some are hacked that way, but that was written in 2008 and like you said, details stuff like the social engineering/phishing side of things.
This latest wave seems much more sinister than that. Seems too widespread to be anything but a real hack or data theft of some sort.
OldJadedGamer
Banned
cuevas said:
"when someone is unknowingly coerced into revealing confidential information"
That is where I stopped reading. Don't give out your account details, don't get hacked.
cuevas. PhD.
Member
OldJadedGamer said:
I think it has more to do with shitty passwords than anything. These "hackers" use other sites to get people's emails and then they get fucked.
LQX
Member
I wonder if a lot of this is stemming from the fact if you do not login in to your hotmail/live account for a certain time it basically gets deleted and someone can assume it. I created a email for my Japanese account on Live and did not login for a awhile and when I tried to recoup it I could not because someone else had it. And I bet many of these accounts getting hacked have the same email name as there Live name.
OldJadedGamer
Banned
cuevas said:
You would think that people would use a different password per site by now. The whole thing sounds like user error to me.
A Twisty Fluken
Member
Count me among the hacked. 6000 points vanished from my account from downloads that showed up on my points history but not my XBL page, reported it two weeks ago, account has been locked for two weeks and I hear I won't get it back until Oct. 5th. Password was secure.
SuicideUZI
Member
well about 25 days later finally got my account restored today. They did not say anything useful in the email referring to what or how it actually happened, just:
"Dear Xbox LIVE Customer,
We have completed our investigations on your report of an unauthorized access to your Xbox LIVE account. As a normal part of our process, we took temporary control of your Xbox LIVE account and the associated Windows Live ID. This protects your account details until you take control of your account, which you may do by following the few easy steps outlined below."
and then said to reset my password etc.
they did however give me a 3 month code for live gold for the inconvenience
I'm probably going to make a new email for my account just to be on the safe side, if these hackers already got my email associated with my Live account somehow then chances are they might try to hack it again
"Dear Xbox LIVE Customer,
We have completed our investigations on your report of an unauthorized access to your Xbox LIVE account. As a normal part of our process, we took temporary control of your Xbox LIVE account and the associated Windows Live ID. This protects your account details until you take control of your account, which you may do by following the few easy steps outlined below."
and then said to reset my password etc.
they did however give me a 3 month code for live gold for the inconvenience
I'm probably going to make a new email for my account just to be on the safe side, if these hackers already got my email associated with my Live account somehow then chances are they might try to hack it again
LoveAndBeer
Member
Was a bit nervous after reading this thread already and found out a friend of mine was hacked (same 4000 + 6000 purchase then spending all the points) -- so I decided to remove my CC info from my account just to CYA.
Turns out if you've EVER used the CC for your Gold sub then you have to call in to get it removed. My first sub (7 years ago-ish) was on the CC which means I couldn't use the web to remove the CC, even though I've used gaming cards ever since.
Especially odd is the process, they bump me down to silver, remove the CC then send a code good for the remaining live to re-up my gold.
Very very odd stuff, but it seems to have worked so I guess an unusual process is better than no process at all. Of course, I've not gotten my gold code in the email yet.... .... and as I was typing that in comes an email with 4 codes, 2 3mo and 2 1 mo .. crazy.
Turns out if you've EVER used the CC for your Gold sub then you have to call in to get it removed. My first sub (7 years ago-ish) was on the CC which means I couldn't use the web to remove the CC, even though I've used gaming cards ever since.
Especially odd is the process, they bump me down to silver, remove the CC then send a code good for the remaining live to re-up my gold.
Very very odd stuff, but it seems to have worked so I guess an unusual process is better than no process at all. Of course, I've not gotten my gold code in the email yet.... .... and as I was typing that in comes an email with 4 codes, 2 3mo and 2 1 mo .. crazy.
cazosozey said:
A new update on my little ongoing chronicle.
24 hours after filing a complaint with the BBB with the above statement I was contacted at work by Microsoft by a member of the "Customer Advocacy Team". He was very knowledgeable of my existing ticket information and also researched the issue. For our troubles he offered a 12 month live code, which he emailed immediately after our conversation. I would have preferred to get the cash value of the code, but did not want to press that. I was impressed that he gave me his direct contact phone and email address in the meantime.
He is currently researching if it is possible to manually change the region from Russian back to USA.
Live journal feelings about the issue at this point in the saga:
- Bummed we did not get a refund for the cash value of the remaining subscription, handed a subscription card, that I may not even use.
- Impressed with the latest agent working this issue, and willingness to help.
- Disappointed that it took a complaint from the BBB to get to an associate of this caliber.
Shed_a_Ninja
Banned
I like how they are taking the silent approach, only paying off their distraught costumers with gratuities instead of also addressing the issue.
cazosozey said:
Ha, yeah that'll get you a quick call from higher level microsoft employees. I did that when my second 360 (first refurb after the very first system I bought red riinged) red ringed. A woman named Stacy called and just kept pushing the fact that they were "repairing" them for free. Got a 3 month code out of it though.
My case isnt of that caliber yet though, so i'll hold off for now...unless the investigation extends even further or they dont remove auto renew and my old card.
This whole thing is a fucking mess.
Someone got onto my account and spent $70 on MS points 2 months ago and it still hadn't been resolved. It took them an entire month to complete an investigation, after which they proceded to fuck up and spell my email address incorrectly, meaning I never got the email concerning the situation being "resolved".I finally called them again and hopefully they will resend the email.
Also, it's been 2 months and I still haven't been refunded the $70, so I can't even remove the credit card until they get around to doing that.
They gave the account 400 MSpoints and 3 months free, which I guess they didn't have to do.
Someone got onto my account and spent $70 on MS points 2 months ago and it still hadn't been resolved. It took them an entire month to complete an investigation, after which they proceded to fuck up and spell my email address incorrectly, meaning I never got the email concerning the situation being "resolved".I finally called them again and hopefully they will resend the email.
Also, it's been 2 months and I still haven't been refunded the $70, so I can't even remove the credit card until they get around to doing that.
They gave the account 400 MSpoints and 3 months free, which I guess they didn't have to do.
Speedymanic
Banned
A Twisty Fluken said:
How secure?
For example, my password resembles the following - two symbols followed by two capital letters followed by three numbers followed by another two symbols which are following by three capitals and it's topped off with a mixture of two more symbols and three letters/numbers.
I haven't been 'hacked'.
cuevas. PhD.
Member
Speedymanic said:
Well now you just made your password 500x easier to crack.
Speedymanic
Banned
sixghost said:
That people claiming they've been hacked even though they had secure passwords haven't in fact been hacked, but had poor passwords/used the same password over different accounts/services.
Seems odd that with the number of members on Live that this isn't as bigger issue.
Speedymanic
Banned
cuevas said:
meh, even if it does, they'll never crack before they die. Maybe their grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, grand, ...oh you get the idea.
So I was hacked back in early August I believe, for the standard 4k and 6k purchases. I saw the emails immediately, called support, told them to lock down my account so they couldn't spend the points. The guy said I needed to be in front if my xbox for them to do that, so by the time I got home, most of the points had been spent. I called back asking for a refund, and a new lady said that they can't give refunds on points, especially when the points had already been spent. Grrrr. So I get angry and ask for a supervisor, but she says they will have to have them call me back. I say ok, and of course they never called back. The lady had said that I would have to go through my bank.
I called my bank, they have me provisional credit while they investigate the issue. I haven't heard anything from them since.
Here's the problem. The leftover points from the illegal charges as well as the games purchased are still under my account. I am scared to spend any of the points I had before this ordeal or buy any more because who knows how these idiots will handle my account.
In summary, fuck Microsoft.
I called my bank, they have me provisional credit while they investigate the issue. I haven't heard anything from them since.
Here's the problem. The leftover points from the illegal charges as well as the games purchased are still under my account. I am scared to spend any of the points I had before this ordeal or buy any more because who knows how these idiots will handle my account.
In summary, fuck Microsoft.