AndyMoogle
Member
So don't lock your gamertag to your own console. Options are great.PKrockin said:but that will slightly inconvenience me because i log into my friend's xbox to track my frags in halo (which invented fps)
So don't lock your gamertag to your own console. Options are great.PKrockin said:but that will slightly inconvenience me because i log into my friend's xbox to track my frags in halo (which invented fps)
TheExecutive said:Wow there are a lot of people in this thread claiming theft in a very short amount of time
KevinRo said:Microsoft likes to play it down. It's actually scary how many people have their accounts social engineered. I remember AOL use to have a horrible problem with this. Seriously, it's a crime that companies can get away with hiding information like this from authorities to help keep peoples personal information and money safe.
Zoe said:You still think this is social engineering?
I received 2 emails from billing@microsoft.com. 1 was for 4000 Microsoft XBOX Live Points ($49.99) and the other for 6000 Points ($74.99). I am sitting at work so I know I didn't make these purchases. Maybe my cat did at home. He is pretty smart.
Thinking this was a scam, I typed in microsoft.com and navigated to their billing page (NEVER CLICK ON LINK IN AN EMAIL THAT LEADS TO LOGGING IN OR GIVING PERSONAL INFO LIKE THIS) and verified that both charges were made to my XBOX Live account and thus charged to my credit card I had on file.
I immediately called XBOX Live Support/Billing and told them about what was happening and the gentleman was very helpful. He immediately locked my account so now more purchases (cash purchases) could be made. However the thief could still spend all the MS Points that were on my account. Also, he said that he put a ticket in and their systems would start tracking the IP address of the thief while he was making the purchases.
This last point doesn't really mean all that much. I am a very knowledgeable computer security individual and know that for someone to do this as quickly as they are, I am sure they are in a hotel under a false name and credit card so it can't be traced back to them.
I was informed that I would need to call Microsoft back when I get home with the Serial # and ID # of all my XBOX's (I have 3) so they can verify that the purchases were not made on my systems... I just hope someone didn't break in to my condo and steal them. Once I give Microsoft that information, they will review it and within 25 days they will refund my money.
I watched from my computer as the account went from 10,680 MS Points down to 70. There is nothing on XBOX Live Market Place that is under 120 points ($.99) so I am sure they left it at that and are moving on to the next victim.
Speedymanic said:I love how people are so manner of factly claiming it's a hack when there's absolutely no proof of MS being compromised.
madmackem said:I think people just lob it all in the term hack, people say they get the facebooks hacked all the time when its just social phising and such. I have a feeling this will be along those lines with the email used for live being used for so many other things with it being a live or a hotmail or something along those lines it leaves it open to being "hacked".
Yes we know it's technically cracking, not hacking. No one cares.Speedymanic said:I love how people are so manner of factly claiming it's a hack when there's absolutely no proof of MS being compromised.
you can't really compare the gaming media to consumer advocates like the consumerist staff, it's not fair.Metal Gear?! said:Even though the gaming enthusiast media is deathly scared of covering this, The Consumerist has finally picked it up:
http://consumerist.com/2011/10/i-watched-live-as-id-thieves-spent-my-money-on-xbox-live.html
While there is a chance for it, i wouldnt say that this is obvious. For some reason it seems to be affecting Xbox Live customers much more than other services. If it was simply the case of people being careless with the use of the same email and password several of places, then i think we would see more stories about abuse on Steam and PSN as well recently.Speedymanic said:And I have to agree, as much as people protest that they haven't used the same email anywhere, it's pretty obvious that they did and either forgot about it or don't want to admit that it might, partly, be their own fault.
test_account said:While there is a chance for it, i wouldnt say that this is obvious. For some reason it seems to be affecting Xbox Live customers much more than other services. If it was simply the case of people being careless with the use of the same email and password several of places, then i think we would see more stories about abuse on Steam and PSN as well recently.
Metal Gear?! said:Yes we know it's technically cracking, not hacking. No one cares.
A number of Xbox 360 owners have reported their accounts compromised and credit cards used to buy FIFA-related content.
Reports suggest FIFA Ultimate Team content packs are the target for those who have gained access to accounts.
Eurogamer was first alerted to the issue by reader Speedjack, who on 11th October found his gamertag had been "recovered" to someone else's machine.
"I then find out that I've had 5000 then 500 MS points bought on my credit card. Better yet, all the points including the 120 I had already on my account are gone... all spent on FIFA 12 content packs yesterday afternoon while I was at work.
"Not only that, but my account now has 35 FIFA 12 achievement points on it!!! Never played the game in my life - hate football."
Speedjack spoke to Microsoft support, which suggested there exists an issue with EA's servers that leaves XBL accounts vulnerable.
It is important to note that at this stage there is no evidence to support this claim, and it is unclear exactly how widespread the issue is.
However, Speedjack is not alone in having his XBL account compromised and used to buy FIFA-related items.
A detailed report on the Goosterblog recounts how one user suffered an XBL account hack - also used to buy FIFA Ultimate Team packs.
The report offers a number of explanations, including one specific to FIFA that involves hackers emailing EA support and the EA server then sending over the victim's Xbox and EA account information.
There is also a similar report on forum Facepunch, and multiple users' reports on the Xbox.com forum.
Microsoft support is freezing accounts affected for up to 30 days as it investigates complaints.
EA was unable to comment on the situation when contacted by Eurogamer, but the company did point our readers towards the EA forum, which offers advise on how to protect user accounts.
It contains information on fake emails and copycat websites, phishing, redirects, scare tactics and password integrity.
Microsoft advises any users affected to contact its Xbox support service. Its Account Security page has more information.
Speedymanic said:Maybe it's related to hotmail? Who knows, the problem is that there's no proof MS have been hacked, it's wrong and irresponsible to continue to use that word/level those accusations without proof. People will naturally panic when false claims of MS being hacked hit gaming sites.
Ben Sones said:Here's an anecdote from a friend of mine that got hit. I've known him for over ten years, and he's written for various gaming publications since the 90s. So I consider him a reliable source of information.
He had an Xbox Live account that had only ever been used/accessed from the console. Strong password, and one that was unique to the account--never used on PSN, or anywhere else. And yet, his account was compromised, same MO as all the various reports in this thread. I find it wildly unlikely that crackers are brute-forcing strong passwords, and he insists that the only place he's ever typed the password is on his console. He, at least, is convinced that there is a security hole on Microsoft's end. His (and other people's) stories were enough to convince me, as well. I called Microsoft last week and cancelled my Gold account so that I could remove my CC info from my account.
BTW, how crazy is it that you have to call MS customer support to cancel your Gold membership and edit payment information, and yet someone from China can log onto a North American Xbox Live account and start spending points willy-nilly, and the service doesn't even bat an eye? There's a pretty damning story here even if you avoid drawing any conclusions about hacking. My personal prediction: There's a scandal brewing that will end up being at least as bad as the RROD fiasco.
Speedymanic said:Looks like it's a fault on EA's end. It might not be Fifa related, maybe their servers are just unreliable? (still unconfirmed though, but it does look like that's where the breach has taken place)
Zoe said:How would EA servers have access to Xbox login info though?
If EA really was breached wouldn't there be reports of similar activity on PSN? I don't think there would be much of a difference with how EA stores their customers accounts whether it's on XBL or PSN.Speedymanic said:Looks like it's a fault on EA's end. It might not be Fifa related, maybe their servers are just unreliable? (still unconfirmed though, but it does look like that's where the breach has taken place)
Ardenyal said:If EA really was breached wouldn't there be reports of similar activity on PSN? I don't think there would be much of a difference with how EA stores their customers accounts whether it's on XBL or PSN.
Grecco said:IIRC EA Servers need your email/xbox account. With those 2 things you can social engeneer the password.
Ardenyal said:If EA really was breached wouldn't there be reports of similar activity on PSN? I don't think there would be much of a difference with how EA stores their customers accounts whether it's on XBL or PSN.
Zoe said:There are many places where people could find email addresses. Why would EA be the one?
We don't know if that hack is related to this, could be that Sony has improved their security and they could prevent the charges made on CC or it's an unrelated hack.Grecco said:You mean something like this? http://popwatch.ew.com/2011/10/12/playstation-network-hacked-sony/
Speedymanic said:It could be related to phising scams where you punch in your details for 'free' points. I've known many a person who should know better to fall for it.
Maybe it's related to hotmail? Who knows, the problem is that there's no proof MS have been hacked, it's wrong and irresponsible to continue to use that word/level those accusations without proof. People will naturally panic when false claims of MS being hacked hit gaming sites.
They should. There's a world of difference between cracking and hacking. Reporting on one won't get you into trouble, reporting on the other without proof will get in you quite a bit of shit.
Speedymanic said:And I'm pretty sure it's different with PSN, to buy content with a CC, you need to enter your 3 digit security pin every time...XBL doesn't have that requirement which makes it easier for those who've compromised the accounts to buy content.
Ars Technica has received a number of reports from Xbox Live customers complaining about hacked accounts, unauthorized purchases, and a slow response from Microsoft itself. The pattern is weirdly specific: gamers notice that unauthorized purchases have been made using their credit card information or existing points, and FIFA Soccer 11 or 12 has been played on their account.
"Yesterday, my live account got hijacked and charged just over $100. Specifically, two large purchases of points followed by the download of FIFA 12, which had 2 achievements unlocked for the game, and every MS point spent on Gold Premium Packs and DLC," one reader wrote. His Xbox was turned off, and he learned of the breach from confirmation e-mails sent to his workplace.
Another gamer blogged about his account being breached:
"Sure enough, all of the Microsoft points that were stored in my XBL account had been spent on in game items for FIFA 11(I dont own that game hell, I dont even like soccer video games) and whoever spent my MS points had then tried to purchase more. Presumably, when that purchase failed, they abandoned my account and went on to steal from some other unsuspecting gamer."
These online reports are becoming increasingly common, and Microsoft's response has been to lock down affected accounts for 25 days while the company investigates the charges. We've e-mailed Microsoft for comment, and have yet to hear back. For now, the best course of action is to keep a close eye on your account, and contact Microsoft if you see any fraudulent charges or notice FIFA-related activity in your achievement points or history.
AndyMoogle said:I believe that you can choose any email that you want to associate with EA on PS3, but on 360 you have to use the same email as your gamertag is using.
At least that's how I remember it, but I might be wrong.
chubigans said:So...whats in it for the hackers exactly when they spend all this money on marketplace DLC?
If it's the same thing that happened to me, picture Trading Cards.chubigans said:So...whats in it for the hackers exactly when they spend all this money on marketplace DLC?
chubigans said:So...whats in it for the hackers exactly when they spend all this money on marketplace DLC?
My guess is it's a two part equation. The account is compromised, then sold for earth dollars to another person, who redeems the points as if they were their own. There are several sketchy marketplaces on the Internet where these kinds of transactions could take place, and for the person on the ultimate end of this, they're spending a few dollars and getting a pile of points.chubigans said:So...whats in it for the hackers exactly when they spend all this money on marketplace DLC?
That's another thing. That's when they steal somebody elses account, charge a buncha points in it, share that account to somebody else, then that person can buy whatever they want in the marketplace wit hthose points.A Twisty Fluken said:My guess is it's a two part equation. The account is compromised, then sold for earth dollars to another person, who redeems the points as if they were their own. There are several sketchy marketplaces on the Internet where these kinds of transactions could take place, and for the person on the ultimate end of this, they're spending a few dollars and getting a pile of points.