DownLikeBCPowder
Member
But in these cases (my case, I should say) the card isn't compromised.. it was just utilized as part of a compromised account. They have no real card data to extract. At any rate, I didn't cancel my card.RandomVince said:
-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
Wow was my Windows live/ Xbox account just hacked?
- Thread starter Teknoman
- Start date
Got auto renewal turned off, but still cant remove my credit card. I guess i'll have to wait until it expires for that. Didnt take long either since I actually got a pretty cool rep the first time. She just asked why I wanted to turn it off, told her the situation, she said that it made sense, bam no renewal.
Now to figure out how to remove Deadliest Warrior 2 from my games list...
Now to figure out how to remove Deadliest Warrior 2 from my games list...
UltimaPooh
Member
Got hacked today...
10,000 points 125 dollars worth taken out of my bank account. Called MS and they are going to investigate it.
Sucks too with Gears 3 just released, Dark Souls, and Battlefield 3 beta... I won't be able to participate.
EDIT: They used the points on FIFA junk.
10,000 points 125 dollars worth taken out of my bank account. Called MS and they are going to investigate it.
Sucks too with Gears 3 just released, Dark Souls, and Battlefield 3 beta... I won't be able to participate.
EDIT: They used the points on FIFA junk.
Best info for everyone: Go to your bank. Go to your bank first thing.
I have a 60 day policy with my bank for these things, and since it's been one month with no reimbursement from MS, I went to my bank (which I should've done right away. Silly me thinking MS would be quick on this). My bank told me the quicker the better, but yes, their policy is 60 days for these things. The woman there also recommended I just change my card to be on the safe side (because you never know).
They're going to give me a new card, and start pestering MS for me to insure this gets resolved, and refund my money because MS hasn't done it yet. Took me a whole 5 minutes while I was depositing my check to get this done.
I have a 60 day policy with my bank for these things, and since it's been one month with no reimbursement from MS, I went to my bank (which I should've done right away. Silly me thinking MS would be quick on this). My bank told me the quicker the better, but yes, their policy is 60 days for these things. The woman there also recommended I just change my card to be on the safe side (because you never know).
They're going to give me a new card, and start pestering MS for me to insure this gets resolved, and refund my money because MS hasn't done it yet. Took me a whole 5 minutes while I was depositing my check to get this done.
This happened to my friend last week. He had 12,000 points bought on his account and they were all gifted away. His computer is clean, no virus/trojans/keyloggers, he wasn't phished and his password is pretty complex.
I think someone got access to their account database and pulled a ton of accounts out of it, it's the only explanation given how widespread this is. I urge everyone to go change your windows live ID password immediately so that it doesn't match whatever database they nabbed.
I think someone got access to their account database and pulled a ton of accounts out of it, it's the only explanation given how widespread this is. I urge everyone to go change your windows live ID password immediately so that it doesn't match whatever database they nabbed.
Weird... I just got an email saying there was a failed attempt at buying 6000 points on my account. Luckily this is because the CC tied to my account is an old prepaid one with no money left on it. Still changed my password and everything, not sure what else to do... The fuck's goin on with xbl?
UltimaPooh
Member
Animaniac said:Well this is interesting... I got an email confirming one of the 400 point transfers, but not the rest of them. It tells me who the points went to.
I had a similar email today but I think the points were gifted to my account... because I don't have a recipient. FYI That is not my gamer tag in your email.
Also I called my bank... Gotta go up and get a new card tomorrow and I will be refunded the money in 5 days.
Universaldamps
Neo Member
Noticed something interesting/bad. I activated a XBL Prepaid 3 month code to my account on the 24th of September to play Gears 3. Got a confirmation email and everything was fine -
27th of September was when my account was breached, 3x unauthorized transactions were made -
Called up MS about two hours after it had happened, and got them to freeze the account and initiate the investigation. Now looking under "Your Services", there's no evidence that I've applied the 3 month prepaid code, and the only recent transaction listed is the fraudulent one that took place on the 27th (which is now suspended because I called them up). -
I wonder if I'm going to get my 3 months reimbursed..
27th of September was when my account was breached, 3x unauthorized transactions were made -
Called up MS about two hours after it had happened, and got them to freeze the account and initiate the investigation. Now looking under "Your Services", there's no evidence that I've applied the 3 month prepaid code, and the only recent transaction listed is the fraudulent one that took place on the 27th (which is now suspended because I called them up). -
I wonder if I'm going to get my 3 months reimbursed..
Crimson Angelus
Banned
Whatever the case may be, I really feel t hat Microsoft should make a statement other than "there is no evidence of blahblahblah....breach...blah." It makes me worry about my Live account 
Cornballer
Member
Just had a 6000 and 4000 points card purchased on my account. I think I changed my password fast enough to prevent them from spending the points, and the Xbox CS people are going to reverse the purchases. Hopefully, the prompt password change takes care of this, but I'll have to wait and see what happens. :/
EDIT: Nope, not in time. They spent the points.
EDIT: Nope, not in time. They spent the points.
Universaldamps
Neo Member
Excuse me..
GURGDFLSFJDJSDDFJSDDSSsss
Ahem.
I just checked my bank statement. The 338.92 that was spent unauthorized on xbox live after being hacked has now cleared and shown up on my transaction history. But guess what?! I've been charged again for the exact same amount just today. Even AFTER I canceled the card 3 days ago. In total, 677.84 Australian dollars has effectively gone missing from my account. Happy days!
GURGDFLSFJDJSDDFJSDDSSsss
Ahem.
I just checked my bank statement. The 338.92 that was spent unauthorized on xbox live after being hacked has now cleared and shown up on my transaction history. But guess what?! I've been charged again for the exact same amount just today. Even AFTER I canceled the card 3 days ago. In total, 677.84 Australian dollars has effectively gone missing from my account. Happy days!
razgriz417
Member
Stop putting your credit cards on live, stick with time cards and point cards, it may cost a tad more but I really think that not getting fraudulent charges is a pretty good tradeoff
sixghost said:
About $600 cheaper by current reports.
To universaldamps: your account is an aussie one I assume? Mine is, and I was able to remove my CC via the web (about 10 months ago). I strongly advise you do that too if you havent already. Just go prepaid only, it's clear that there are serious problems with their network security and policy atm.
Universaldamps
Neo Member
I removed the card from my Xbox account promptly when I first realized the problem, which is why I was so baffled as to how it was happening again.
Anyway, some progress. Called up my bank and explained the situation. I was told the second lot of money that was missing was because I had canceled my credit card and requested a new one. Apparently the transactions got carried over to the new card and doubled up. They'll automatically be fixed once I activate the new card (once I receive it) according to the person I spoke to on the other end.
The banking assistant then lodged a fraudulent dispute against the transactions in question. I was told that the system had come up with a notification saying that there were series of similar disputes from other banking customers. Apparently this is pretty wide spread. In any case, because it's happening to so many other people, I should see my hard earned dollars back in three days. This problem needs far more public attention than it's getting.
Anyway, some progress. Called up my bank and explained the situation. I was told the second lot of money that was missing was because I had canceled my credit card and requested a new one. Apparently the transactions got carried over to the new card and doubled up. They'll automatically be fixed once I activate the new card (once I receive it) according to the person I spoke to on the other end.
The banking assistant then lodged a fraudulent dispute against the transactions in question. I was told that the system had come up with a notification saying that there were series of similar disputes from other banking customers. Apparently this is pretty wide spread. In any case, because it's happening to so many other people, I should see my hard earned dollars back in three days. This problem needs far more public attention than it's getting.
Called today for my update, original incident happened early Sept. Account's unlocked and credit card charge reversal for full amount is in the works, shouldn't be more than 3 weeks. Got a free 3 month gold code. Maybe took a little long, but they had to deal with a lot of this, so it's understandable. Also has xbox always used Americans for customer support? (I know Microsoft proper uses India) Honestly not a bad customer service experience at all, pretty happy with it.
The Faceless Master
Member
iirc, some of their call centers are in the USA, but not all.Borgnine said:
Speedymanic
Banned
Question for those who've been hacked...
Did you use the same email address/password for PSN before it was hacked? Considering the number of people who are being hacked (and it seems to be growing, so it can't be solely down to social engineering), I'm wondering if this is an unexpected side effect from the PSN hack?
Did you use the same email address/password for PSN before it was hacked? Considering the number of people who are being hacked (and it seems to be growing, so it can't be solely down to social engineering), I'm wondering if this is an unexpected side effect from the PSN hack?
Fox Mulder
Member
my brother got hacked, same kind of stuff as in here.
I noticed he got on for the first time in a while and I sent him a message that went unanswered. It was rather odd for him to be playing cod black ops, so I called him up and he said he was hacked and they had bought a bunch of MS points with his card.
I guess it's time to just buy point cards for everything, I've heard this happen with itunes as well.
I noticed he got on for the first time in a while and I sent him a message that went unanswered. It was rather odd for him to be playing cod black ops, so I called him up and he said he was hacked and they had bought a bunch of MS points with his card.
I guess it's time to just buy point cards for everything, I've heard this happen with itunes as well.
Same here. Sunday evening someone purchased 4000, 4000, 1600, then spent them along with 800 of my existing balance on Crysis, MoH, and Sims 3. I noticed around midnight and did chat support with MS who indicated I should call back this morning which I did and started "the investigation". My bank says they'll reverse the charges as soon as they show up (not yet).
It seems odd my password wasn't changed (I changed it last night after I noticed the hax).
It seems odd my password wasn't changed (I changed it last night after I noticed the hax).
test_account
XP-39C²
It could be, but i actually think that it is something with Xbox Live's security that is faulty somewhere. It has to be concidering how many that get affected by it, i dont think that all of these people had/have a PSN account. I think that someone has also said that they used an unique password for Xbox Live.Speedymanic said:
EDIT: It is fully possible that everyone in this thread who was hacked had/have a PSN account, but i dont think that it is likely that all of them used the same password on the Xbox Live and PSN even after when PSN was hacked.
Princess Skittles
Prince's's 'Skittle's
I take it there is minimal to worry about this if you don't have and have NEVER had a credit card tied to your Live account?
Yeah so totally weird. Unauthorized purchase of 10000 MS Points over the weekend, but the money was immediately (same day, few seconds later) deposited by MS/LIVE back into my bank account. Literally no change in the bank balance. And I cant find a single thing that was purchased onto my account, anywhere. No avatars, no packs, no DLC, no license transfers, nada. Anyone seen this before?
Princess Skittles said:
Still possible for them to migrate your account to a different country, change your secret security question, profile password, gamertag to a new dummy profile, and leave you with the faint hope that MS can sort their shit out during a minimum 25-business day wait period.
Without a CC attached, you just won't be charged for those lucrative EA points packs or other such downloadable games that are often reflected on hacked accounts during this process. Lots of reports I've been reading of hacked accounts that do not have CC's attached either, or expired cards where obviously failed attempts were made to charge the card.
Speedymanic
Banned
Thoraxes said:
That's that theory out the window.
A few people on another forum mentioned that it might be Raptr related. Anyone hacked have a Raptr account?
Open Source
Banned
I got hacked today. $125 in 2 purchases and FIFA stuff. Almost never use my live login anywhere. Don't download anything that would typically contain malware, and have AV running all the time. Really disturbing.
Well I can now finally report that MS has fixed my account. I am back on Live at the moment and fortunately all of my account migration(to the UK) was reversed properly without that headache.
I have attached my account to a brand new Windows Live ID(completely unique from my current e-mail address) with a password that is listed as 'Very Strong'. I have turned off auto-renew, and will be buying point cards for online purchases from now on.
I was given two free months of Live, but all of my previous MS points that were stolen(before the hackers bought the 6000 and 4000 point packs) were unfortunately NOT refunded. Essentially around $10 of leftover points I had from buying Bastion before the hack are still gone. The stolen $130 was refunded, though that probably is direct to my bank as they already refunded my card a month ago.
I hope the rest of you have your cases resolved soon. I completely understand how frustrating this has been.
I have attached my account to a brand new Windows Live ID(completely unique from my current e-mail address) with a password that is listed as 'Very Strong'. I have turned off auto-renew, and will be buying point cards for online purchases from now on.
I was given two free months of Live, but all of my previous MS points that were stolen(before the hackers bought the 6000 and 4000 point packs) were unfortunately NOT refunded. Essentially around $10 of leftover points I had from buying Bastion before the hack are still gone. The stolen $130 was refunded, though that probably is direct to my bank as they already refunded my card a month ago.
I hope the rest of you have your cases resolved soon. I completely understand how frustrating this has been.
A Twisty Fluken
Member
No raptr account here.
Universaldamps
Neo Member
Got contacted via email today from MS. They unlocked my account, waffled on about account security etc. It's funny, as soon as I get my money returned to me after going through the bank, MS actually start doing things. They included 2x 3 month gold prepaid codes in the email.
So as other have mentioned, if your account gets hacked and you're out of pocket - call your bank asap. Yes, call Microsoft and tell them what has happened, but to don't hold your breathe if you want your money back in a prompt fashion. I still have no idea how my account was compromised. I don't share account details, I use a separate email for my gamer tag, and I have a fairly strong password. /boggle
So as other have mentioned, if your account gets hacked and you're out of pocket - call your bank asap. Yes, call Microsoft and tell them what has happened, but to don't hold your breathe if you want your money back in a prompt fashion. I still have no idea how my account was compromised. I don't share account details, I use a separate email for my gamer tag, and I have a fairly strong password. /boggle
A Twisty Fluken
Member
My account has been locked since Sept. 7th. Called for status after Oct 5th deadline hit with no word and was asked for my console ID and name again and that they'd get back to me "pretty soon." World class support staff there. Though judging by this thread if they're inundated I'd KIND OF believe it. Still, that is about a month. Whoooooo.
Got two emails saying I bought 4k and 6k Microsoft Points and my online purchasing history shows "Silver upgrade" "Gold pack" "Premium Gold pack", whatever those are (clicking them leads to a broken link), and a Gears 3 weapon skin download. Joe Cool also seems to enjoy Fifa '12 according to my played games history.
Weird thing is my Live password was 8-character arbitrary letters and numbers. Guess that means I have a keylogger or something, but I don't know where I could have picked that up.
No raptr or PSN account.
Weird thing is my Live password was 8-character arbitrary letters and numbers. Guess that means I have a keylogger or something, but I don't know where I could have picked that up.
No raptr or PSN account.
I haven't posted here in forever, but I feel like I need to leave an imprint on this thread with as much information as I have available.
I have never in my life had an account compromised. For the most part, I use different passwords for any account that could possibly be tied to financial data, I live alone, so all of my hardware is completely under my control. I don't log on to public terminals, I don't store any account passwords on my smartphone, and the two computers I use (one at home, one at work) are virus/rootkit free and are scanned often out of paranoia.
That said, on Sunday, Sept 3rd, I received some emails regarding a 4000/6000 points package purchase from my XBL account, and then an hour later, an email notifying me that my XBL account had been transferred to Brasil. Of course I phoned XBL support right away and reported it, and the lady I spoke with told me that points are not normally transferrable, but what some people have been doing lately to get around this is to assign the stolen account as a child under a family account, and then merge it in. Bunch of shit.
The security question on the associated Windows Live account was also changed, but I was able to get back into it via their advanced account recovery thing that asked me several questions about the account.
Three weeks later the $120 or so was refunded to my credit card, and I got a code for a free month of Gold with the notice that "I may be contacted again with in 30 days" - meanwhile, I still don't have my gamertag back and probably won't get it back unless I do some creative chain escalation, which I probably will do once my case has been completely closed out, if it doesn't result in complete restoration.
---
I have a pretty damn good idea of where my credentials got ganked from. When the Gawker breach occurred, I indeed found my email address (the same one that was assigned to my XBL account) in the database, along with the password that I haven't used for anything in years... ...well, the password had been saved to my XBox for years as well and I'd never gotten around to changing it. The password was encrypted in the database, but anyone with a bit of time on their hands could crack it if they wanted.
On the other hand, a friend of mine who's also pretty paranoid recently had the same exact thing happen to his XBL account, and his attached email address was NOT in the Gawker database, so I don't know what the hell.
No Raptr account here either. The service that got hacked must have been around a while, because the password I was using for my XBL account was one that I hadn't assigned to any new account in probably 2 years or so.
I suspect that the people who actually performed the unauthorized purchases on our ganked accounts probably bought the entire accounts from some underground reseller - the majority of account transfers I'm seeing are going to Russia and Brasil.
Edit: hopefully the last edit. I'm stuck on the Gawker breach theory because I remembered I got an email from Facebook telling me "welcome back!" to which I thought "the hell is this phishing attempt shit?" - I'd deactivated my Facebook account about as many years ago and it too used the same password, so it seems that whomever had decided I was next on the scrubbing list made the rounds.
Reading through the last few pages, though, it seems that many of you had used XBL passwords that were completely unique, so I don't know what the hell to think.
I have never in my life had an account compromised. For the most part, I use different passwords for any account that could possibly be tied to financial data, I live alone, so all of my hardware is completely under my control. I don't log on to public terminals, I don't store any account passwords on my smartphone, and the two computers I use (one at home, one at work) are virus/rootkit free and are scanned often out of paranoia.
That said, on Sunday, Sept 3rd, I received some emails regarding a 4000/6000 points package purchase from my XBL account, and then an hour later, an email notifying me that my XBL account had been transferred to Brasil. Of course I phoned XBL support right away and reported it, and the lady I spoke with told me that points are not normally transferrable, but what some people have been doing lately to get around this is to assign the stolen account as a child under a family account, and then merge it in. Bunch of shit.
The security question on the associated Windows Live account was also changed, but I was able to get back into it via their advanced account recovery thing that asked me several questions about the account.
Three weeks later the $120 or so was refunded to my credit card, and I got a code for a free month of Gold with the notice that "I may be contacted again with in 30 days" - meanwhile, I still don't have my gamertag back and probably won't get it back unless I do some creative chain escalation, which I probably will do once my case has been completely closed out, if it doesn't result in complete restoration.
---
I have a pretty damn good idea of where my credentials got ganked from. When the Gawker breach occurred, I indeed found my email address (the same one that was assigned to my XBL account) in the database, along with the password that I haven't used for anything in years... ...well, the password had been saved to my XBox for years as well and I'd never gotten around to changing it. The password was encrypted in the database, but anyone with a bit of time on their hands could crack it if they wanted.
On the other hand, a friend of mine who's also pretty paranoid recently had the same exact thing happen to his XBL account, and his attached email address was NOT in the Gawker database, so I don't know what the hell.
No Raptr account here either. The service that got hacked must have been around a while, because the password I was using for my XBL account was one that I hadn't assigned to any new account in probably 2 years or so.
I suspect that the people who actually performed the unauthorized purchases on our ganked accounts probably bought the entire accounts from some underground reseller - the majority of account transfers I'm seeing are going to Russia and Brasil.
Edit: hopefully the last edit. I'm stuck on the Gawker breach theory because I remembered I got an email from Facebook telling me "welcome back!" to which I thought "the hell is this phishing attempt shit?" - I'd deactivated my Facebook account about as many years ago and it too used the same password, so it seems that whomever had decided I was next on the scrubbing list made the rounds.
Reading through the last few pages, though, it seems that many of you had used XBL passwords that were completely unique, so I don't know what the hell to think.
AndyMoogle
Member
I have a pass code for my Xbox Live account, but apparently the pass code is erased if you recover the gamertag...
I can't believe MS has such shitty protection for their service. You should be able to lock a gamertag to one console, and only with a 2-step verification should you be able to move or recover it.
I can't believe MS has such shitty protection for their service. You should be able to lock a gamertag to one console, and only with a 2-step verification should you be able to move or recover it.
AndyMoogle said:
but that will slightly inconvenience me because i log into my friend's xbox to track my frags in halo (which invented fps)
How long could it possibly take them to resolve this? Ever since I bought the console in 2007 I've only ever logged into Live with my tag on my own original console, whose serial number I just gave the rep, I've been Silver for years, and I've only bought Symphony of the Night from XBLA. You don't need to be Sherlock Holmes to figure out that playing a new game on a new console, getting Gold, and buying and spending $100 worth of microsoft points all in the course of a day is uncharacteristic.
Such BS. Almost makes me appreciate Nintendo's DD "service."
"Full scan results: 0 infections found."
wat