Xbox live accounts being hacked?

[DR3AMxCATCHER]

Just looked at the profile out of curiosity and it looks like they did play FIFA through my account. Well I contacted Xbox Live Support this morning and had my account begin the Unauthorized Access Investigation. The $100 isn't a big deal, but I hope they figure out how this breach happened.

Here was the old account I played on. I want you guys to look at this: I don't own Monopoly, Bayonetta, or Mass Effect 2. You can also see that the region/country was changed as well.

[Scraggles]

As mine has battlefield 3 on it now which I don't own.

[+Audioboxer Subscriber²]

Seems the UK press starting to join in on this - http://www.politicshome.com/uk/article/40110/the_sun_tuesday_22nd_november_2011.html

http://www.neogaf.com/forum/showthread.php?t=451055&page=5

[Hedon]

As usual, it's been debunked by Microsoft. Nothing to see here. Xbox Live has not been hacked.

http://www.mcvuk.com/news/read/microsoft-responds-to-the-sun-claims/087499

UPDATE: Microsoft has added the following, categorical statement.

"Xbox Live has not been hacked. Microsoft can confirm that there has been no breach to the security of our Xbox Live service."

[matt4pack]

They're lying about this being a phishing attack. It wasn't as I got my Games for Windows Live account hacked when I haven't used it in a year. The only reason I created it was to download Age of Empires for free and haven't touched it since.

[oceanmotion]

It could be anything though. People use the same email address for lots of things along with a password that they may use more than once so all it takes is one online breach on something you created an account for and that allows hackers to test that email and password combo across numerous other services, XBL being one of them. Also can't rule out phishing of XBL call centre staff who may be duped into giving too much detail, that's what I would like more clarification on because it does happen.

[Hedon]

They're lying about this being a phishing attack.

Actually, they are not.

[ILikeTobacco]

How long did it take. I've got bills to pay and I can't wait '25 days' unless Microsoft is willing to pay any late fees.

You have a few options with your bills. Anyone looking to get money that is owned to them has ways of canceling late fees. A while back, a paycheck was delayed by a week that was a direct deposit paycheck. I found out, called various locations that I had bills to pay at, and explained the situation. In your case, tell them that your bank account was compromised and due to this, won't be able to make certain payments. Most companies don't give a damn about getting a late payment as long as they know they are getting it. Obviously try and get as much paid as you can but missing $80 isn't too bad. I had my car payment for $500 put off a week in my situation which solved it for me.

[margrave]

Just got hacked!

Been on the phone with Microsoft....

[George P Global Moderator]

People have posted saying they got hacked and they don't even own a Xbox, so how does that work out?

[spudtrooper]

A friend of mine just had 80 years of XBL purcahsed on his account.. 80x59.. you do the math.. not sure how they would allow that.

People have posted saying they got hacked and they don't even own a Xbox, so how does that work out?

That is odd..

[+Audioboxer Subscriber²]

Hah Geoff Keighley was hit

Fun times - looks like one of my XBOX Live accounts was just hacked and someone had fun buying a lot of "GOLD JUMBO PACKS" today.

Just talked to Xbox Live support - My Xbox Live account will now be locked for *25 DAYS* while they conduct an investigation!

Regarding by Xbox hack, yes, someone played FIFA 12 and earned 3 achievements. Did the same happen to you? Seems like an issue.

Source: https://twitter.com/.../geoffkeighley/

[blachole]

My GF had the same thing happen to her account about 2 weeks ago. She came home on MW3 launch loaded up xbox and realized all these weird purchases and that she played FIFA12, but she never played that game. She called Microsoft and they locked her account and refunded the charges, but of course locked for 25 days while they investigated. She mentioned to Microsoft on the phone that this hacking seemed to be going on because of FIFA after I sent her some links to other people with the exact same issue. They claimed it had something to do with EA and FIFA, but they were still not sure how it was being done. I guess they will eventually find out.

[George P Global Moderator]

MS probably has a good idea but if it's a EA and FIFA related thing etc they're not going to flat out say so since EA is one of their big partners.

[DirtyLarry Veteran]

People have posted saying they got hacked and they don't even own a Xbox, so how does that work out?

Correct me if I am wrong but you do not need to just own an XBox to have a Windows Live account no?

[+Audioboxer Subscriber²]

XBOX CYBER FRAUD

There seems to be a great deal of misinformation floating around about the ?FIFA hack? at the moment, so here?s a post to answer some questions so that people don?t need to keep asking them. Yes, I mean you, I know you think you?re being really clever but 8,000 people have already come to the same (probably wrong) conclusion you did, and we don?t need to hear about it again.

What is the ?FIFA hack??

It?s something of a misnomer, really. The act of the hacking itself has nothing to do with FIFA, but FIFA is something of a symptom. Your Xbox account details are compromised by some means, and the hacker gets hold of them. Normally this would allow a hacker to do, well, not much. They could change the password and load up the account with Microsoft Points before selling the account, but the market for these is small and the risk is great.

FIFA Ultimate Team (which comes as part of recent FIFA games) allows the trading of players for in-game coins, and those in-game coins you collect can be traded with other gamers for better players. Coins can be earned by either selling players to another gamer, or by buying them with Microsoft Points. This is where the hacker is able to monetise their hack. They load up the hacked accounts with Microsoft Points, spend all the Microsoft Points on coins in FIFA UT, and then sell the coins on eBay or the like. They then trade the coins in the game for one of the buyer?s players. The buyer gets their coins, the hacker gets the money, and you pay for it.

So, as I say, FIFA is a symptom. In order to buy and trade the coins the hacker has to play FIFA on the account that has been hacked, lending it the ?FIFA hack? moniker. That?s why FIFA always appears on the ?played games? list of accounts that have been hacked and why the victims always earn some achievements in FIFA whether they own the game or not. The achievements earned are generally the following two:

New Club in Town ? Create your FIFA 12 Ultimate Team club

I?ll have that one ? Open your first pack in FIFA 12 Ultimate Team

Both achievements related to Ultimate Team, both necessary if the hacker is to trade with another played in-game.

I?ve never played FIFA, does that mean I?m safe?

No. What? Are you even listening? The hacker plays FIFA, whether or not the person that has been hacked has played FIFA has literally no relevance at all. You?re no more or less likely to be hacked if you play FIFA, as far as current information suggests.

So why aren?t Microsoft admitting they?ve been hacked?

Because at present, there is literally not a single piece of evidence to suggest that Microsoft has been hacked. It?s very easy to assume that they?re responsible, but very stupid to say things like ?MICROSOFT HAS DEFINITELY BEEN HACKED? because there is no way on Earth that you have enough information to make that claim. Even should it turn out to be true, you certainly don?t know it right at this moment.

There are certainly things Microsoft could do better. Currently a gamer that has been hacked will lose access to their accounts for upwards of 30 days while it is ?investigated?, which is simply not acceptable. During this time the gamer is unable to play online or earn achievements, lending their Xbox 360 about as much function as a paperweight for really large sheets of paper.

This isn?t an issue if you?re in the media. If this is you, contact Stephen Toulouse (Director of Xbox LIVE Policy and Enforcement at Microsoft) who will ensure that your Gamertag is restored immediately. Again, this only applies to those in the media whose ?investigations? can be fast-tracked, since they only take a few minutes really. Paying customers are not important, and will have to go through the traditional support channels and wait a month to have their accounts restored.

So whose fault is it, then?

Well, as much as there?s no evidence to suggest it?s Microsoft, that doesn?t mean it isn?t them at fault. You?d have to assume that they would be quick to admit fault were it them, both for legal reasons and from a customer service perspective.

Other people have pointed the finger at EA but again, there?s no evidence to suggest that EA are at fault either. The only evidence that points to EA is anecdotal, and this isn?t nearly enough to make a substantial claim that it?s their fault.

But it seems to be happening to a lot of people with EA accounts!

That?s because basically every gamer in the entire world has played an EA game at some point.

The simple fact is that there are so many ways a hacker can get hold of a password today that almost anything could be the cause, or there could be hundreds of different causes working alongside each other. Phishing. Keylogging. Social engineering. Hacking. There?s no suggestion it?s a concentrated hack, there?s no suggestion it?s not. This is the main issue, here. Everyone?s quick to blame Microsoft because nobody knows who else to blame. The fact remains though, that until some evidence points to a root cause, the only thing the hackings have in common is FIFA, and that leads us no closer to discovering who?s responsible, if indeed any one thing is.

This is worse than the PSN hack, people are actually having money stolen here, why aren?t Microsoft doing anything?

Look, again, if Microsoft?s systems haven?t been hacked, there isn?t anything more they can do to prevent the hacking happening. They can (and should) take some steps to make monetising the hacks more difficult, but that won?t stop the hackers having your account information.

At the moment there?s no evidence to suggest that this is anything like the PSN hack, in which PSN was physically hacked and the unencrypted information of tens of millions of people stolen.

Links between the two events are completely worthless.

http://fivehundredad...ox-cyber-fraud/

And I've seen quite a few posts like this

My brother-in-law's account got hacked today. 5000 Allards. It isn't phishing or "social engineering" for sure. He isn't on facebook, twitter or any other kind of social networking website. The only people who have him on Live are myself and his two brothers. I'm certain it isn't through email because his XBL email isn't his main email and he said he only uses it for XBL and made it specifically for XBL in 2007 when he bought a 360.

He's going to ring Xbox support tomorrow morning...

Alright, lets go ahead and end the social engineering rumor right now.

I haven't even accessed the email tied to by xbox live account in since the xbox 1 came out.

I have never entered my xbox live account information or password into any email, website, anything of that sort. The only time I have ever given my account info out is when I called MS after I got hacked.

My xbox password is unique.

So it's time to drop the social engineering rumor and get to the bottom of this.

Now that that's cleared up...

MS and EA owe me and everyone else affected by this an apology and compensation. MS should be ****ing ashamed that it takes 25 days to complete an "investigation." And I can't play any of my saved games during that time. In comparison, I called my credit card company and got the charges taken care of within 10 minutes.

I've probably spent $100 on XBLA games since the xbox 360 came out. Do they really think I would buy and spend $120 worth of points all at once for a ****ty soccer game? Why can't the customer service rep look at the account and see that it was accessed from somewhere other than where I live? Why is this process so drawn out? It's completely unacceptable.

http://www.neogaf.co...4&postcount=446

The lack of information on this considering the amount of accounts hit with fraudulent transactions is pretty strange and/or worrying.

[helios01]

If the network was breached, MS points would be the least of the worries, as was the case with PSN. I guess people who have nothing to spend on xlive have nothing to worry about.

[George P Global Moderator]

Correct me if I am wrong but you do not need to just own an XBox to have a Windows Live account no?

No, but you're have to link that same Live ID to your Xbox Live gamertag/account. The only thing shared is the email address etc, if you don't have a Xbox then you haven't made a Xbox Live account or gamertag and if you don't have an Xbox then how and when did you link a credit card to the Xbox Live account you haven't made in the first place?

The fact people get a email to their Live ID address saying they spent $$ on Xbox Live without even owning an Xbox or making a gamertag/account is suspect and, if true, shows that the problem is not specific to the Xbox Live service since that would only target people who have made gamertags/accounts and linked a credit card to them specifically.

[BajiRav]

I think Microsoft should come clean on this including specifics of what exactly is happening with these "hacked" accounts. That is the only sure way to sort this mess out. Are all hacked accounts from UK?

[Hedon]

Glad the hacking was debunked, lol. Still fun to watch the FUD.

[Ayepecks]

I think Microsoft should come clean on this including specifics of what exactly is happening with these "hacked" accounts. That is the only sure way to sort this mess out. Are all hacked accounts from UK?

I'm sure if they knew the specifics, they'd announce them. I can't imagine them willfully not giving us the information after the PSN fiasco.

I do find it interesting that nothing's really been said publicly about it yet, though. During the same time this has been happening, I know quite a few friends and relatives who have had their Gmail and Yahoo! Mail accounts hacked (people that aren't stupid with where they input their information). I think there's something to that, personally... wonder what hackers/crackers have thought of now.

[George P Global Moderator]

I'm sure if they knew the specifics, they'd announce them. I can't imagine them willfully not giving us the information after the PSN fiasco.

I do find it interesting that nothing's really been said publicly about it yet, though. During the same time this has been happening, I know quite a few friends and relatives who have had their Gmail and Yahoo! Mail accounts hacked (people that aren't stupid with where they input their information). I think there's something to that, personally... wonder what hackers/crackers have thought of now.

This is interesting since your Live account is basically your email account, so if that info gets hacked from some other source and all these hackers are doing then is trying it on Live to see if they work, then that'd explain it.

[Dotdot]

Lets see

Hacked,

then locked out of Live for 30days, then wait 10days for refund to be processed, then wait 30days for it show up in bank. Fyi im now into my 38th day since MS completed there investigation and still no refund, despite them clearly telling me they are. Ive phoned 3 times now and all I get is "be patient".

Total and utter ****ing joke. Im off live after my 2 free months are up. MS your customer service is total ****!!

[Ayepecks]

This is interesting since your Live account is basically your email account, so if that info gets hacked from some other source and all these hackers are doing then is trying it on Live to see if they work, then that'd explain it.

Yeah, that's what I'm saying. I know it's anecdotal, but I find it strange that numerous friends and family members have had their Gmail and Yahoo! Mail accounts hacked around this same time, when I've never had any friends or family members say it's happened to them before. My dad's Yahoo! Mail account got hacked, for instance, and he only uses it for work-related stuff (it's different than his work e-mail, I mean, but he uses it mainly for work). He's pretty tech savvy, too.

I'm not making excuses for Microsoft, because if this happened and it's their fault, then own up; I just think it's too similar to be coincidence.

[BajiRav]

I'm sure if they knew the specifics, they'd announce them. I can't imagine them willfully not giving us the information after the PSN fiasco. I do find it interesting that nothing's really been said publicly about it yet, though. During the same time this has been happening, I know quite a few friends and relatives who have had their Gmail and Yahoo! Mail accounts hacked (people that aren't stupid with where they input their information). I think there's something to that, personally... wonder what hackers/crackers have thought of now.

I agree, I just meant to say that if this is not their fault - they should not take heat for any of their partners, EA or whatever (they did this in a stupid way taking blame for the Yahoo data hog bug on WP7). If this is a problem in their service - Windows Live ID compromised etc. then make it clear and swiftly.