AndyMoogle
Member
So don't lock your gamertag to your own console. Options are great.PKrockin said:
-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
Wow was my Windows live/ Xbox account just hacked?
- Thread starter Teknoman
- Start date
Universaldamps
Neo Member
Some more funny occurrences. I noticed today after my bank had refunded my money that microsoft also refunded me too. I called them up after I noticed, and the guy was surprisingly helpful. He sent me 500 MS points as an appreciation of my honesty, and said that the double refund was normal and it'd be adjusted (I don't know how they're going to do that, but anyway..)
TheExecutive said:
Microsoft likes to play it down. It's actually scary how many people have their accounts social engineered. I remember AOL use to have a horrible problem with this. Seriously, it's a crime that companies can get away with hiding information like this from authorities to help keep peoples personal information and money safe.
good to be back.Speedymanic
Banned
Zoe said:
I still think it is. Not enough accounts being hit for if to be a hack.
VeryGooster
Banned
I wrote a post about this a few weeks back because it happened to my friend and a lot of GAF members and I'm trying to get it passed around because seriously, "games journalism lolzz" should actually serve some purpose for a change:
[Link]
To be honest, if this is violating GAF's terms of service then I apologize, but I just want to get this problem made aware as much as possible and maybe GAF can get the word out better than I.
[Link]
To be honest, if this is violating GAF's terms of service then I apologize, but I just want to get this problem made aware as much as possible and maybe GAF can get the word out better than I.
Open Source
Banned
I'm pretty sure that the majority of hacks are a result of hackers getting email and hashed passwords from forums and then using rainbow tables or other means to get the actual passwords.
MS reinstated my account today but without my Gold sub and minus 80 points I had before the hack. I'll give them till Monday then will try to get those back.
MS reinstated my account today but without my Gold sub and minus 80 points I had before the hack. I'll give them till Monday then will try to get those back.
Metal Gear?!
Member
Even though the gaming enthusiast media is deathly scared of covering this, The Consumerist has finally picked it up:
http://consumerist.com/2011/10/i-watched-live-as-id-thieves-spent-my-money-on-xbox-live.html
http://consumerist.com/2011/10/i-watched-live-as-id-thieves-spent-my-money-on-xbox-live.html
Fortinbras
Member
I've been reading more and more about these hacks lately. In the past few days some threads popped up in German gaming forums, even a writer for Gamepro Germany lost control over his account:
http://www.gamepro.de/news/spiele/ps3/sport/fifa_12/2561319/fifa_12.html
http://www.gamepro.de/news/spiele/ps3/sport/fifa_12/2561319/fifa_12.html
shadyspace
Banned
Patrick Klepek over at Giant Bomb is looking for people's stories of being hacked. Hopefully he'll give this debacle the coverage it deserves. Email him at patrick@giantbomb.com if you're interested.
Speedymanic
Banned
I love how people are so manner of factly claiming it's a hack when there's absolutely no proof of MS being compromised.
Speedymanic said:
I think people just lob it all in the term hack, people say they get the facebooks hacked all the time when its just social phising and such. I have a feeling this will be along those lines with the email used for live being used for so many other things with it being a live or a hotmail or something along those lines it leaves it open to being "hacked".
Speedymanic
Banned
madmackem said:
The danger is that if/when sites start to report on this and claim that MS have been hacked and it's found that they in fact weren't hacked, won't those sites be knee deep in a barrel of shit for making erroneous claims?
And I have to agree, as much as people protest that they haven't used the same email anywhere, it's pretty obvious that they did and either forgot about it or don't want to admit that it might, partly, be their own fault.
It's anecdotal, but myself and many others I know haven't had our accounts compromised, but then we were smart enough to use a unique hotmail account and to change our passwords every couple of months.
Metal Gear?!
Member
Yes we know it's technically cracking, not hacking. No one cares.Speedymanic said:
The Faceless Master
Member
you can't really compare the gaming media to consumer advocates like the consumerist staff, it's not fair.Metal Gear?! said:
test_account
XP-39C²
While there is a chance for it, i wouldnt say that this is obvious. For some reason it seems to be affecting Xbox Live customers much more than other services. If it was simply the case of people being careless with the use of the same email and password several of places, then i think we would see more stories about abuse on Steam and PSN as well recently.Speedymanic said:
Speedymanic
Banned
test_account said:
It could be related to phising scams where you punch in your details for 'free' points. I've known many a person who should know better to fall for it.
Maybe it's related to hotmail? Who knows, the problem is that there's no proof MS have been hacked, it's wrong and irresponsible to continue to use that word/level those accusations without proof. People will naturally panic when false claims of MS being hacked hit gaming sites.
Metal Gear?! said:
They should. There's a world of difference between cracking and hacking. Reporting on one won't get you into trouble, reporting on the other without proof will get in you quite a bit of shit.
matrix-cat
Member
I had my account hacked a couple of weeks ago, I didn't realise it was turning into a thing. I woke up to some e-mails confirming my purchase of two lots of 6000 points and two 12 month live subscriptions, to the tune of about $330 Australian. I called the number and spoke to an American lady who immediately suspended my account but not a whole lot's happened since then. A couple of days ago the fraud squad from my bank called me to let me know that someone in America has just been straight up buying things with my Credit Card, so that's pretty great.
Speedymanic
Banned
So it looks like it might be a EA server related issue,
http://www.eurogamer.net/articles/2011-10-14-xbl-accounts-hacked-to-buy-fifa-packs
http://www.eurogamer.net/articles/2011-10-14-xbl-accounts-hacked-to-buy-fifa-packs
Speedymanic said:
Here's an anecdote from a friend of mine that got hit. I've known him for over ten years, and he's written for various gaming publications since the 90s. So I consider him a reliable source of information.
He had an Xbox Live account that had only ever been used/accessed from the console. Strong password, and one that was unique to the account--never used on PSN, or anywhere else. And yet, his account was compromised, same MO as all the various reports in this thread. I find it wildly unlikely that crackers are brute-forcing strong passwords, and he insists that the only place he's ever typed the password is on his console. He's never played FIFA. He, at least, is convinced that there is a security hole on Microsoft's end. His (and other people's) stories were enough to convince me, as well. I called Microsoft last week and cancelled my Gold account so that I could remove my CC info from my account.
BTW, how crazy is it that you have to call MS customer support to cancel your Gold membership and edit payment information, and yet someone from China can log onto a North American Xbox Live account and start spending points willy-nilly, and the service doesn't even bat an eye? There's a pretty damning story here even if you avoid drawing any conclusions about hacking. My personal prediction: There's a scandal brewing that will end up being at least as bad as the RROD fiasco.
Speedymanic
Banned
Ben Sones said:
Looks like it's a fault on EA's end. It might not be Fifa related, maybe their servers are just unreliable? (still unconfirmed though, but it does look like that's where the breach has taken place)
And I absolutely agree. It's very depressing MS doesn't employ some kind of IP checker every time you log on. At the very least they should temp freeze an account until you've confirmed that you logged in from China, Russia, etc.
I don't know about any of the tech that they'd need, but surely it exists and it can't be that expensive in comparison to how much they earn from XBLG and the potential losses if they were to ever the subject of a mass hack like PSN was.
Ardenyal said:
You mean something like this? http://popwatch.ew.com/2011/10/12/playstation-network-hacked-sony/
Speedymanic
Banned
Ardenyal said:
There are reports of PSN being hacked, no idea if it's related.
And I'm pretty sure it's different with PSN, to buy content with a CC, you need to enter your 3 digit security pin every time...XBL doesn't have that requirement which makes it easier for those who've compromised the accounts to buy content.
AndyMoogle
Member
I believe that you can choose any email that you want to associate with EA on PS3, but on 360 you have to use the same email as your gamertag is using.
At least that's how I remember it, but I might be wrong.
At least that's how I remember it, but I might be wrong.
Add my name to the list. Got hit with an email yesterday that a 6000 point purchase failed since my card was incorrect (numbers had changed when I got a new card). I logged in and changed my Live password.
I do have an EA account but for Mass Effect, never have played FIFA.
Edit: Apparently I had Mass Effect, Dragon Age, and NFS Hot Pursuit on my EA account. Changed my password there as well.
I do have an EA account but for Mass Effect, never have played FIFA.
Edit: Apparently I had Mass Effect, Dragon Age, and NFS Hot Pursuit on my EA account. Changed my password there as well.
Jeff, over at giantbomb.com, does a Premium Video where he talks about user questions. In the middle of the video, he received a SMS message and went all "hmm... interesting..." looked at the camera "I'm not gonna say what that said.... look out for your xbox live accounts... uhm... some weird stuff with the Fifa Ultimate Team.. it started anecdotaly with some people saying "hey, somebody stole my account" and it became more and more widespread"
Back in July my account was hacked and used to buy a shitload of Fifa stuff. Microsoft gave me back my account in two weeks, refunded my CC and MSPoints. I wonder if these are related. I already changed my password and everything, should I do it again?
Back in July my account was hacked and used to buy a shitload of Fifa stuff. Microsoft gave me back my account in two weeks, refunded my CC and MSPoints. I wonder if these are related. I already changed my password and everything, should I do it again?
ars technica covering it
http://arstechnica.com/gaming/news/...-hacked-accounts-fifa-11-and-12-purchases.ars
http://arstechnica.com/gaming/news/...-hacked-accounts-fifa-11-and-12-purchases.ars
V
Vilix
Unconfirmed Member
Like Sony, Microsoft will never EVER admit there's a problem until this becomes way more wide spread, and common knowledge. <_<
AndyMoogle said:
Nope mine is different from my live email account and you can change it anytime in an ea game, infact when you first boot up an ea game it will ask you if this email is still the right one. Its the way i got my ea account back that was using an email account i no longer had access too.
To anyone that's had this happen to them, Patrick Klepek from GiantBomb put out the call for emails from people who've been hacked on his twitter. It's possible he's going to do a story on it.
patrick@giantbomb.com
patrick@giantbomb.com
I just emailed him my story, even tho he asked for "Recently" and my account was stolen back in July. However, the MO is the same as the hacks happening now.
A friend of mine who just had his account compromised two days ago also. We are pretty sure that our passwords were the same as the PSN passwords we used (we both don't really have a PS3, so we never use our PSN accounts and we can't quite remember what our passwords were at the time of the hack). So maybe the PSN password list has been released? I don't know.
We'll see what's Patrick's story
A friend of mine who just had his account compromised two days ago also. We are pretty sure that our passwords were the same as the PSN passwords we used (we both don't really have a PS3, so we never use our PSN accounts and we can't quite remember what our passwords were at the time of the hack). So maybe the PSN password list has been released? I don't know.
We'll see what's Patrick's story
xemumanic
Member
I'm pointing a finger of blame at EA for a lot of this. They should have NEVER been allowed to run their own Xbox Live servers. I remember when everyone was saying how stupid it was that MS wanted sole control of them. Now look at this BS that's going on.
I'm not saying that MS can't possibly be to blame for whats going on, none of us really know the truth, but the more details I see, the more I think EA is at fault here.
I'm not saying that MS can't possibly be to blame for whats going on, none of us really know the truth, but the more details I see, the more I think EA is at fault here.
This just happened to one of my friends about 2 weeks ago. They purchased 10,000 ms points and downloaded a bunch of DLC. MS must be getting really good at cleaning this up by now because he got his account back in about a week and was refunded the money. He said he gets to keep all the stuff that was purchased too. Just to tie this into that EA server thing, he does play a lot of Madden.
xemumanic
Member
chubigans said:
Not very well thought-out. Thing is, a lot of these hackers are kids (younger than 18). They don't really see the consequences.
It doesn't explain all of them, but yeah, there's little logic in any of this. Reminds me of the one GAFer whose account was stolen, and someone who claimed he bought it CALLED him. That he'd be an asshole if he had it banned.
If it's the same thing that happened to me, picture Trading Cards.chubigans said:
FIFA has a thing where you can buy (with money) some Trading Cards. It's random what you get, but you can get rare players for your soccer team. Those cards can then be traded with other players (as far as I know).
Now imagine if somebody hacked into somebody elses account, used their points to buy a shitload of those cards (it was 44 purchases on my account), and then sell/trade those cards away?
That's what happened on my account, I believe.
Disclaimer: I don't play FIFA, never did, so I don't know. All I know is that Fifa 10 had that mechanic, just like Fifa Free has it on PC.
Danexmurder
Member
chubigans said:
They're selling Fifa coins on ebay.
A Twisty Fluken
Member
My guess is it's a two part equation. The account is compromised, then sold for earth dollars to another person, who redeems the points as if they were their own. There are several sketchy marketplaces on the Internet where these kinds of transactions could take place, and for the person on the ultimate end of this, they're spending a few dollars and getting a pile of points.chubigans said:
That's another thing. That's when they steal somebody elses account, charge a buncha points in it, share that account to somebody else, then that person can buy whatever they want in the marketplace wit hthose points.A Twisty Fluken said:
That account later gets reclaimed, but the person that bought the games still has them on their HD and they're the full version of the game. They can't ever delete them, but they already got them.
It's not the same thing and somebody hacking your account and buying millions of fifa coins/trading cards