Xbox Live Account Hacked for... FIFA '12 Gold Packs?

[Aptos]

So I go to spend some of my 8k MS points I recently acquired from that buy.com sale in the beginning of October, and my account says I have 20 left...

I checked my points receipts in the account management area of xboxlive.com and what do you know? All of my points have been spent on FIFA '12 Premium Gold Packs! I don't even own this game!

The craziest part is that I haven't even had to recover my Xbox Live account, so I don't know how someone was able to do that.

The silver lining: I have 3 achievements for FIFA '12... :/

Anyone know what's going on? I couldn't find any other posts about this.

Info I have found:
http://www.joystiq.com/2011/10/14/fifa-loving-hackers-accessing-users-xbox-live-accounts-to-buy-d/2
http://www.insidegamingdaily.com/2011/10/14/xbox-live-accounts-hacked-in-the-name-of-fifa-love/
http://forums.xbox.com/xbox_forums/xbox_support/f/12/t/97215.aspx

 

[UltimaPooh]

Same thing happened to me... I called Microsoft... still waiting for them to finish their investigation.

 

[Darklord]

I still can't believe after all this time MS or anyone else hasn't figured out where all the hacking is happening from.

 

[commish]

Sony notifies, MS is silent.

 

[Nelo Ice]

This random xbl hacking is getting ridiculous. Changed my password and im glad the card on file is expired and I don't plan on fixing it.

 

[Speedymanic]

MS isn't silent. They've made it clear that the breach isn't on their end. What more do you and other wants? Empty statements? Them telling the world that accounts are being breached but as there's nothing wrong on their end, they don't know why it's happening? You must be insane if you think any company would publicly make a statement like that.

Anyway, OP. Have you ever played any EA games? Mass Effect 2? Dead Space 2? Bad Company, etc.

 

[Luckyman]

I still can't believe after all this time MS or anyone else hasn't figured out where all the hacking is happening from.

phishing or password/emails leaked from some big site

 

[Aptos]

Anyway, OP. Have you ever played any EA games? Mass Effect 2? Dead Space 2? Bad Company, etc.

Yea, ME2, BF2, BF:BC2, and BF3 Beta. From the info I've found around the web, it does seem like everyone with this problem has an EA account. However, I wonder if there's anyone who doesn't?

 

[inky]

Sony notifies, MS is silent.

More like Sony got breached, Microsoft didn't.

 

[Speedymanic]

Yea, ME2, BF2, BF:BC2, and BF3 Beta. From the info I've found around the web, it does seem like everyone with this problem has an EA account. However, I wonder if there's anyone who doesn't?

There are a few reports of people who claim they haven't played an EA game before being 'hacked'. In those cases, they were probably phished/engineered, but of course they'll swear blind they weren't.

If I could be bothered, I'd ask them to prove it by posting their GT but that rarely ends well.

 

[GarthVaderUK]

Has anyone from EA commented on this yet?

 

[Rapstah]

Is the reason that these hacks always involve FIFA that that's a way of indirectly gifting points between unrelated accounts?

 

[Speedymanic]

Has anyone from EA commented on this yet?

EA's response is just as bland and noncommittal. "We haven’t seen a spike or increase in reports of FIFA 12 players having their accounts hacked," a company representative told GiantBomb. “With the launch of FIFA 12 it likely has just shifted renewed focus onto this particular game."

Unlike MS, they don't clearly say that there wasn't a breach or that the problem isn't on their end.

Microsoft contacted us with a statement, and requested that we add it to our original story. "We do not have any evidence the Xbox LIVE service has been compromised. We take the security of our service seriously and work on an ongoing basis to improve it against evolving threats," the company stated. "However, a limited number of members have contacted us regarding unauthorized access to their accounts by outside individuals. We are working with our impacted members directly to resolve any unauthorized changes to their accounts. As always, we highly recommend our members follow the Xbox LIVE Account Security guidance provided at www.xbox.com/security to protect your account."

 

[Relaxed Muscle]

I can't believe this is still happening and no one gave a proper answer, it's getting too common to be just normal social engineering.

 

[commish]

More like Sony got breached, Microsoft didn't.

Oh, let's not be naive. You really think every company that gets breached notifies people? I know firsthand that that is definitely NOT the case. Companies will bend over backwards not to notify the public.

MS isn't silent. They've made it clear that the breach isn't on their end. What more do you and other wants? Empty statements? Them telling the world that accounts are being breached but as there's nothing wrong on their end, they don't know why it's happening? You must be insane if you think any company would publicly make a statement like that.

Um... Sony just did this 2 weeks ago. People's accounts were being accessed through no fault of Sony's and Sony notified people.

 

[Grecco]

I can't believe this is still happening and no one gave a proper answer, it's getting too common to be just normal social engineering.

Not really.


Anyways to the OP its to sell these http://www.ebay.com/sch/i.html?_fro..._nkw=Fifa+Gold+pack&_sacat=See-All-Categories and it wouldnt shock me if most of those listed were from stolen accounts. EA makes it easy fr people to sell stuff from their game which makes it something rich for fraud.

So it's pretty obvious it's an EA thing, what with FIFA being played by people who don't even own it and all that gold pack stuff but why?

What is a gold pack? Is there a way for people to turn that into real money? Why would people hack accounts just to buy FIFA gold packs?

Check my previous parragraph.

 

[Zomba13]

So it's pretty obvious it's an EA thing, what with FIFA being played by people who don't even own it and all that gold pack stuff but why?

What is a gold pack? Is there a way for people to turn that into real money? Why would people hack accounts just to buy FIFA gold packs?

EDIT: just read the post that was posted as I was posting. So that explains why FIFA12 is used and why gold packs are bought.

 

[Aptos]

The worst part is that they lock your account so you can't do anything with MS points, so I can't rent movies or do anything with my cheap points. In addition to that, they told me at some point they'd suspend my account so I can't even play Xbox Live...

 

[Speedymanic]

Um... Sony just did this 2 weeks ago. People's accounts were being accessed through no fault of Sony's and Sony notified people.

Nope, their SOE service was 'hacked' if I'm not mistaken.

http://www.next-gen.biz/news/sony-hacked-again-93000-accounts-breached

And it's completely different to what's happening with regards to the current spate of Live breaches.

 

[Grecco]

What was that Buy.com sale?

 

[Luckyman]

I think this is from the same issue that Sony notified people.

Big list of emails/passwords got leaked and they just randomly try to loggin to every service. Setup a different email for these services and don't use the same pass

 

[Zomba13]

The worst part is that they lock your account so you can't do anything with MS points, so I can't rent movies or do anything with my cheap points. In addition to that, they told me at some point they'd suspend my account so I can't even play Xbox Live...

Well when my PSN account was hacked and had purchases made Sony wouldn't do a damn thing, they wouldn't refund my money and said they'd ban the account if I filed a charge back with my bank. I obviously did though and they took like a week+ to eventually ban my account.

 

[Aptos]

What was that Buy.com sale?

25% off 4k point cards, IIRC. I bought 2.

 

[test_account]

Not really.

I wonder why we hear so many stories about XBL. If it was normal social engineering, wouldnt we hear about many stories from PSN and Steam etc. etc. as well?


Have anyone had their XBL account hacked like this and only use the e-mail and password exclusively on XBL?

 

[commish]

Nope, their SOE service was 'hacked' if I'm not mistaken.

http://www.next-gen.biz/news/sony-hacked-again-93000-accounts-breached

And it's completely different to what's happening with regards to the current spate of Live breaches.

They werent' hacked at all in this instance. And the issue is very much the same - accounts are being improperly accessed.

I think this is from the same issue that Sony notified people.

Big list of emails/passwords got leaked and they just randomly try to loggin to every service. Setup a different email for these services and don't use the same pass

Yeah, exactly. Seems similar.

 

[Brandon F]

There are a few reports of people who claim they haven't played an EA game before being 'hacked'. In those cases, they were probably phished/engineered, but of course they'll swear blind they weren't.

If I could be bothered, I'd ask them to prove it by posting their GT but that rarely ends well.

Went through this in the other thread, but it's a he said, she said situation.

MS and EA swear it isn't them, victims also swear it wasn't them either. Why is one statement more substantive? You keep pushing the fault towards the victims based purely on heresay. MS or EA have yet to give credible evidence beyond a reasonable doubt that imthey lie in error. A statement merely saying "not us!" is no different from us victims pleading the same.

 

[Kyoufu]

My friend's XBL account just got hacked too. Good job MS!

 

[KoreanBarbecue]

This literally happened to a friend of mine last week. Now his account is locked with an estimated 25 day wait period to get it back.

I'm mostly curious, though, about how MS works this out with EA. Since EA is the publisher, they're cutting a majority of the actual cash that's behind sales of these stupid card pack things. If the funds used to buy them are stolen, I wonder how that money is actually reported/reimbursed/disregarded in terms of revenue for EA. I can't imagine that they would just take the money if it was clearly stolen.

 

[Grecco]

I wonder why we hear so many stories about XBL. If it was normal social engineering, wouldnt we hear about many stories from PSN and Steam etc. etc. as well?


Have anyone had their XBL account hacked like this and only use the e-mail and password exclusively on XBL?

Can you buy Fifa gold packs and sell them on ebay on PC?

 

[commish]

Went through this in the other thread, but it's a he said, she said situation.

MS and EA swear it isn't them, victims also swear it wasn't them either. Why is one statement more substantive? You keep pushing the fault towards the victims based purely on heresay. MS or EA have yet to give credible evidence beyond a reasonable doubt that imthey lie in error. A statement merely saying "not us!" is no different from us victims pleading the same.

It's not about who is at fault - even if MS isn't at fault, it KNOWS that MANY of its users' accounts are being improperly accessed and credit cards abused, yet it doesn't even email XBL users to tell them to change their passwords or that there is a risk.

 

[test_account]

Nope, their SOE service was 'hacked' if I'm not mistaken.

http://www.next-gen.biz/news/sony-hacked-again-93000-accounts-breached

And it's completely different to what's happening with regards to the current spate of Live breaches.

It doesnt say anything about SOE servers being hacked there as far as i can see. It only says that the SOE accounts that were matched (where the attackers found the right login/password) were locked.

Can you buy Fifa gold packs and sell them on ebay on PC?

I have no idea.

 

[alr1ght]

Well if it is solely an EA account issue, wouldn't PSN users also be getting phished?

Password hint questions are a bad idea.

 

[Tomasooie]

MS isn't silent. They've made it clear that the breach isn't on their end. What more do you and other wants? Empty statements? Them telling the world that accounts are being breached but as there's nothing wrong on their end, they don't know why it's happening? You must be insane if you think any company would publicly make a statement like that.

Are you fucking kidding me? Yeah, because MS PR always reveals all...they would never try to hide a huge problem currently affecting an increasing number of users. Look at your damn tag. What is wrong with you?

http://arstechnica.com/gaming/news/2...1#comments-bar

The community manager at Activision had his account hacked, as well as others in the industry. Element here on GAF, who used to work for Microsoft, had his account hacked with no idea how it happened.

In fact, a lot of the victims have said that they practice safe computer security (complex passwords, never opening untrusted sites/emails). Some have even said that they've never even used their Windows Live ID on anything other than the Xbox itself.

It is NOT phishing. There's definitely something different about this series of hacks. I'm guessing account details were hacked and leaked/sold. I don't think it has much to do with FIFA or EA. That must just be an endpoint that has spread amongst the account thieves because of how easy it is to just sell the FIFA content for real money on eBay (or other sites).

 

[adriano999]

Not really.


Anyways to the OP its to sell these http://www.ebay.com/sch/i.html?_fro..._nkw=Fifa+Gold+pack&_sacat=See-All-Categories and it wouldnt shock me if most of those listed were from stolen accounts. EA makes it easy fr people to sell stuff from their game which makes it something rich for fraud.

What you just linked it's a dlc code they gave you if you preordered FIFA12(4 or 3 packs a month for 6 months), it doesn't have anything to do with the hacking.
You can't sell "gold packs", but you can sell(via the in-game trading system) or trade the cards you just got by stealing people's account.

 

[commish]

Well if it is solely an EA account issue, wouldn't PSN users also be getting phished?

Password hint questions are a bad idea.

An excellent point.

 

[mygu]

Related thread: http://www.neogaf.com/forum/showthread.php?t=442986
This has been going on for quite some time now...

 

[Speedymanic]

Went through this in the other thread, but it's a he said, she said situation.

MS and EA swear it isn't them, victims also swear it wasn't them either. Why is one statement more substantive? You keep pushing the fault towards the victims based purely on heresay. MS or EA have yet to give credible evidence beyond a reasonable doubt that imthey lie in error. A statement merely saying "not us!" is no different from us victims pleading the same.

Actually, only MS are 'swearing' it wasn't them. EA are pretty aloof about the whole thing, which leads me to believe that they are the source of this leak.

You only need to google a few keywords to see how easy it is to access someone else's account through their godawful EA live service...

 

[kodt]

What do the hackers get out of this?

Seems like they hack your account, then buy Fifa DLC... for your account.

Then you find out and change the password...

What did they get out of it other than just annoying you and spending your points? Do they transfer the content somehow or is it just to troll people?

 

[Vamphuntr]

Thank god my gold expired today and I was able to remove my card from XBL live. These threads are becoming more and more frequent. I'm at the stage where I write all my passwords on a piece of paper. Can't even trust these passwords managing app/sites since that one was hacked.

 

[Kyoufu]

Are you fucking kidding me? Yeah, because MS PR always reveals all...they would never try to hide a huge problem currently affecting an increasing number of users. Look at your damn tag. What is wrong with you?

http://arstechnica.com/gaming/news/2...1#comments-bar

The community manager at Activision had his account hacked, as well as others in the industry. Element here on GAF, who used to work for Microsoft, had his account hacked with no idea how it happened.

In fact, a lot of the victims have said that they practice safe computer security (complex passwords, never opening untrusted sites/emails). A few have even said that they've never even used their Windows Live ID on anything other than the Xbox itself.

It is NOT phishing. There's definitely something different about this series of hacks. I'm guessing account details were hacked and leaked/sold. I don't think it has much to do with FIFA or EA. That must just be an endpoint that has spread amongst the account thieves because of how easy it is to just sell the FIFA content for real money on eBay (or other sites).

Are you sure this is because of FIFA? My friend who doesn't even touch his 360 got hacked.

 

[Tomasooie]

Are you sure this is because of FIFA? My friend who doesn't even touch his 360 got hacked.

No, read my post, not just the article. I don't think it's FIFA.

 

[Victrix]

Don't worry, crack investigative gaming journalists are on this

 

[Speedymanic]

Are you fucking kidding me? Yeah, because MS PR always reveals all...they would never try to hide a huge problem currently affecting an increasing number of users. Look at your damn tag. What is wrong with you?

http://arstechnica.com/gaming/news/2...1#comments-bar

The community manager at Activision had his account hacked, as well as others in the industry. Element here on GAF, who used to work for Microsoft, had his account hacked with no idea how it happened.

In fact, a lot of the victims have said that they practice safe computer security (complex passwords, never opening untrusted sites/emails). Some have even said that they've never even used their Windows Live ID on anything other than the Xbox itself.

It is NOT phishing. There's definitely something different about this series of hacks. I'm guessing account details were hacked and leaked/sold. I don't think it has much to do with FIFA or EA. That must just be an endpoint that has spread amongst the account thieves because of how easy it is to just sell the FIFA content for real money on eBay (or other sites).

Are you fucking kidding me?

Why are you dismissing the most obvious clue? How aren't EA or FIFA to blame? What are people buying with their illegally accessed accounts? Did you even read the comments on that site? Do you not see how easy it is for someone to engineer EA live to access others details?

Your willingness to let EA off the hook is baffling.

 

[Conflict NZ]

Yea, ME2, BF2, BF:BC2, and BF3 Beta. From the info I've found around the web, it does seem like everyone with this problem has an EA account. However, I wonder if there's anyone who doesn't?

Is your EA account password the same as your XBL password? That might explain it, EA got hacked and people are spamming XBL to see if passwords work.

 

[Grecco]

Are you sure this is because of FIFA? My friend who doesn't even touch his 360 got hacked.

FIFA is only what they sell, you can buy it on xbl and resell it elsewhere. The game itself isnt really relevant.

 

[Kyoufu]

Are you fucking kidding me?

Why are you dismissing the most obvious clue? How aren't EA or FIFA to blame? What are people buying with their illegally accessed accounts? Did you even read the comments on that site? Do you not see how easy it is for someone to engineer EA live to access others details?

Your willingness to let EA off the hook is baffling.

Like I just posted, someone who doesn't even turn his 360 on for months gets hacked. Is that really EA's fault?

 

[Speedymanic]

It doesnt say anything about SOE servers being hacked there as far as i can see. It only says that the SOE accounts that were matched (where the attackers found the right login/password) were locked.

I stand corrected, but as Sony were breached earlier this year, it is probable that the latest attempted breach was, in some part, related to said earlier breach.

 

[Icelight]

I'd like to chime in and say I had the same thing happen to me recently. (Happened closer to the beginning of October but I just noticed earlier)

I hadn't booted my 360 (or logged into my account) in like a month prior to the unauthorized purchases, never played any EA game online via the 360, and had a unique, secure password for my account...

 

[Kikarian]

They mainly target people with 6k + MSP on there account. Because they either buy gold packs or sell the account. http://www.dhgate.com/wholesale/search.do?act=search&searchkey=6k+account&catalog=#search

It's going to happen for a while because these 'Hackers' are getting money easy. They also commit CC fraud, to sell these 6k accounts.

 

[adriano999]

What do the hackers get out of this?

Seems like they hack your account, then buy Fifa DLC... for your account.

Then you find out and change the password...

What did they get out of it other than just annoying you and spending your points? Do they transfer the content somehow or is it just to troll people?

They get the cards that are in the packs, they can easily transfer them to their accounts.