Xbox live accounts being hacked?

By Scraggles
in Xbox

 Share

Recommended Posts

Rookie

WalleO

Posted
Posted

I can confirm that this also happened to me... twice now. just yesterday i was charged for a game i never authorized. i also had it happen about a month ago for the first time. i was charged 3 seperate charges on the same day for games i didnt approve. I was also locked out my live account with my password changed. i had to reset my password to log into my email only to discover the charges. i immediately called microsoft and remove my card on file. it took some 30 days before they finally unlocked my account and i had my bank refund my money while they opened an investigation. It was just last week i added a new card on file so i could buy some DLC content and now ive been hacked again. Ive decided to permanently take off any CC i have on my account and just buy the points offline.

Grand Master

mattmatik

Posted
Posted

This is interesting since your Live account is basically your email account, so if that info gets hacked from some other source and all these hackers are doing then is trying it on Live to see if they work, then that'd explain it.

That could be the case but that also means my Gmail was hacked initially. I don't use that email for anything else. So its either on Google or MS.

But in my case, my gamer tag was also changed, and they changed my preferred language (from English to Spanish). In addition to the charges made. I really would suggest to everyone to pull your CC info and just buy online points/LIVE renewal cards.

Grand Master

shakey

Posted
Posted

This sounds a lot worse than the PSN hack.

PSN hack = your name, email, maybe password, and address where taken, but no one lost money.

360 hack - they got the same info, but you also lost out on money

Both systems now showing downtime for each.

Grand Master

Astra.Xtreme

Posted
Posted

This sounds a lot worse than the PSN hack.

PSN hack = your name, email, maybe password, and address where taken, but no one lost money.

360 hack - they got the same info, but you also lost out on money

Both systems now showing downtime for each.

Yeah this one is worse than the PSN hack, but the difference is that this one is only person-to-person whereas the PSN hack took down the system for everybody.

And on top of that, the PSN hack occurred just as Portal 2 came out which prevented people from activating it for a few weeks.

Grand Master

Gotenks98

Posted
Posted

SO MAD RITE NOA!!!!! :angry: I can confirm something has happened. My account had a second 1 year sub added as well as 5600 MS points. All of this was transfered to another account. I called them and had my account frozen and credit cards removed. I will be getting a refund in a few days. I think this will end up worse than the Sony thing because these guys are buying all kinds of crap on Xbox live. I do information security as my job so I know all the do's and dont's in terms of account stuff. What gets me is I had a really hard password. What I think is happening is these guys are bypassing authentication all together and just ganking accounts as they see fit. Some of the others I have seen this happened to dont even own a computer and just entered their card info just on the console only. That makes me think the system has been hacked.

Grand Master

Ayepecks

Posted
Posted

Nothing's happened to me, but I'm removing my credit card from my profile just to be safe (even though it's expired; it's since been renewed, but not sure how much information they'd be able to utilize from the expired information). I only used it once anyway -- I buy all my points and whatnot through prepaid cards.

Proficient

XPGoD

Posted
Posted

This is super interesting to watch unfold. It would appear that someone knows something that someone else is not wanting to discuss as they are really unware of the facts. I know that sounded odd... but from my "digging" it appears they are using a flawed "recover your account" feature to hack accounts.... this is super simple for them to trace if they needed to. This actually reminds me of the flaw in TMobile Sidekicks back when Paris le Hilton's crap was leaked.... oh the good ole days...

All in all, it would appear that all they need is a gamertag... nothing else.... BUT, they may be using the system for more... if they can say, reset the LiveID password, they can then give this info out for pillaging and internets...or 9000 emails to be sent on your behalf.

It would appear this is the "same" flaw that caused the graphic images to show up in Facebook... as the two appear to be related in their method.

I know I don't post on here alot, but I have funny little ways of connecting the dots.. and you'll see...it is totally a Microsoft issue with XBL... not your emails getting hacked then XBL.

Grand Master

BajiRav

Posted
Posted

For people who are facing these "hacks", would you mind posting links to your gamertag on Xbox.com?

This sounds a lot worse than the PSN hack. PSN hack = your name, email, maybe password, and address where taken, but no one lost money. 360 hack - they got the same info, but you also lost out on money Both systems now showing downtime for each.

They didn't get info on all members. :huh: WTF are you talking about? PSN was ****ed to hell compared to this. There is also a good chance that some people will end up being victims of id theft as a result of PSN hack.

Grand Master

shakey

Posted
Posted

For people who are facing these "hacks", would you mind posting links to your gamertag on Xbox.com?

They didn't get info on all members. :huh: WTF are you talking about? PSN was ****ed to hell compared to this. There is also a good chance that some people will end up being victims of id theft as a result of PSN hack.

First, anyone that is getting their Xbox Live account hacked, is most likely getting the same information that was taken from PSN users. Your live account most likely has your email, address, and other information linked to it. So yes, they are getting that.

Second, if you actually had your facts correct, you would know that Sony did encrypt the really sensitive information, and as of today, there has still not been a single report of someone having their credit card information stolen and used. Also, Sony provided 1 year free credit protection, so that if somehow, the encrypted info was taken and decrypted, you can keep track of your credit.

Third, tons of accounts on Live have already been charged for hundreds to thousands of dollars of items. Seeing how PSN didn't, I would count this as a more damaging incident.

You can be a fanboy all you want, but don't ignore the real issues, and you may want to better educate yourself on what exactly happened with the PSN hack.

My friend had his account hacked just the other day. He is ****ed, as rent is now due, but he doesn't have the funds. Luckily his girlfriend can front him the money... but this is hurting users a lot, and MS needs to get a hold of the issues pronto. At least Sony took the right step in shutting the whole network down to insure nothing else would happen. MS seems just dandy letting it happen, and not doing much to actually stop the hacking. It's good they are investigating it, but they need to do something more preventative.

Grand Master

AbandonedTrolley

Posted
Posted

I mentioned this in a Sony thread when someone was badmouthing PSN saying it wasn't safe.

To date I still don't know any real life occurances of anyone having had their details used for fraud or theft from the PSN hack. This hack hasn't been proven to be directly linked to the 360 and Live service but it's certainly linked to Microsoft as a company. People are getting in hurt a lot more financially by this than they did with the PSN downtime.

Fallout from Sony hack - Network downtime, (no publicised cases of fraud yet)

Fallout from Microsoft hack - People having money taken from accounts, gametags suspended and having to wait for refunds.

Tell me which is worse please?

Grand Master

+Audioboxer Subscriber²

Posted
  • Subscriber²
Posted

Tell me which is worse please?

Whatever happens to the console you don't like :p

Individually, there's absolutely no doubts in my mind having actual fraud carried out on your account is worse than cancelling cards just in case. If people want to bring up the PSN hack fine, but from the time it happened till now I can't see anywhere reporting fraud like whatever is going on here. The troubling thing though isn't bitching between 360 and PS3 owners, it's how on earth is this happening and why isn't there more communication about it?

Grand Master

Ayepecks

Posted
Posted

I mentioned this in a Sony thread when someone was badmouthing PSN saying it wasn't safe.

To date I still don't know any real life occurances of anyone having had their details used for fraud or theft from the PSN hack. This hack hasn't been proven to be directly linked to the 360 and Live service but it's certainly linked to Microsoft as a company. People are getting in hurt a lot more financially by this than they did with the PSN downtime.

Fallout from Sony hack - Network downtime, (no publicised cases of fraud yet)

Fallout from Microsoft hack - People having money taken from accounts, gametags suspended and having to wait for refunds.

Tell me which is worse please?

Except the credit has all been refunded, either through Microsoft or through the credit card company.

Let's say the theories about all this are correct. Let's say they've gotten into accounts by finding a way to bypass the authorization system or recover a gamertag system. In either case, they don't actually have information regarding your credit card besides the last four digits. The only thing they can do is purchase things through your account -- nothing more. (And, again, to restate, this is likely the worst-case scenario.)

I've already said before that I think Sony handled the PSN hack as well they could have, for the most part. But all information other than credit card information was available to whoever made that hack. It wasn't a few isolated users, it wasn't a hundred or a thousand users, it was everyone's information. Only an idiot wouldn't change all their credit card information (and their password) after that happened.

If you're asking me which situation of the two I'd rather have happen to me, I'm going to go ahead and say the Microsoft situation, even though both scenarios are crap, obviously. But everyone's going to have a different opinion on which is more invasive.

Grand Master

mattmatik

Posted
Posted

Except the credit has all been refunded, either through Microsoft or through the credit card company.

Let's say the theories about all this are correct. Let's say they've gotten into accounts by finding a way to bypass the authorization system or recover a gamertag system. In either case, they don't actually have information regarding your credit card besides the last four digits. The only thing they can do is purchase things through your account -- nothing more. (And, again, to restate, this is likely the worst-case scenario.)

I've already said before that I think Sony handled the PSN hack as well they could have, for the most part. But all information other than credit card information was available to whoever made that hack. It wasn't a few isolated users, it wasn't a hundred or a thousand users, it was everyone's information. Only an idiot wouldn't change all their credit card information (and their password) after that happened.

If you're asking me which situation of the two I'd rather have happen to me, I'm going to go ahead and say the Microsoft situation, even though both scenarios are crap, obviously. But everyone's going to have a different opinion on which is more invasive.

I agree. As a victim of the Live hack, I'd much rather have gone through what I did than the whole lot of my info get out. And if I would have just used points cards/Live renewal cards in the first place, it wouldn't have been a big deal. With PSN, theres no telling how far that would go and to what extent.

Grand Master

BajiRav

Posted
Posted
First, anyone that is getting their Xbox Live account hacked, is most likely getting the same information that was taken from PSN users. Your live account most likely has your email, address, and other information linked to it. So yes, they are getting that. Second, if you actually had your facts correct, you would know that Sony did encrypt the really sensitive information, and as of today, there has still not been a single report of someone having their credit card information stolen and used. Also, Sony provided 1 year free credit protection, so that if somehow, the encrypted info was taken and decrypted, you can keep track of your credit. Third, tons of accounts on Live have already been charged for hundreds to thousands of dollars of items. Seeing how PSN didn't, I would count this as a more damaging incident. You can be a fanboy all you want, but don't ignore the real issues, and you may want to better educate yourself on what exactly happened with the PSN hack. My friend had his account hacked just the other day. He is ****ed, as rent is now due, but he doesn't have the funds. Luckily his girlfriend can front him the money... but this is hurting users a lot, and MS needs to get a hold of the issues pronto. At least Sony took the right step in shutting the whole network down to insure nothing else would happen. MS seems just dandy letting it happen, and not doing much to actually stop the hacking. It's good they are investigating it, but they need to do something more preventative.
I mentioned this in a Sony thread when someone was badmouthing PSN saying it wasn't safe. To date I still don't know any real life occurances of anyone having had their details used for fraud or theft from the PSN hack. This hack hasn't been proven to be directly linked to the 360 and Live service but it's certainly linked to Microsoft as a company. People are getting in hurt a lot more financially by this than they did with the PSN downtime. Fallout from Sony hack - Network downtime, (no publicised cases of fraud yet) Fallout from Microsoft hack - People having money taken from accounts, gametags suspended and having to wait for refunds. Tell me which is worse please?

This is not being a fanboy but jumping the gun when "we don't know" (echoing Audioboxer's favorite stance that only Sony/Microsoft know what happened) what exactly is going on. Microsoft says this is a phishing scam so let's take it at facevalue for now until more details come out.

I am not going to call this "hack" any worse than sony's if it ends up being a genuine **** up by Microsoft.

shakey - so what exactly happened with your friend? was he a EA/FIFA customer as well?

Grand Master

shakey

Posted
Posted

Well, seeing how nothing has been reported from Games for Windows Live users or Zune users who have purchased content, It seems directly linked with the 360 and what services it offers.

MS should be shutting their services down, as to not have anyone else have stolen information, and figure out what is happening. It does not good to just keep letting users get money stolen and accounts hacked. Whether it is being done over the telephone with MS support, through some gamertag recovery option, or other service, it is only happening to those with the 360.

And the information stolen from the PSN hack, again, is the same information that millions of us put on our facebook accounts, phonebooks, and give out willy nilly to companies when we buy products. All credit card information was secured and encrypted in some form.

With MS not taking a proactive stance to stopping this, and just going into each incident at a 1 by 1 basis, is going to end up hurting more people in the long run. They need to secure their services and figure out how to stop this before it happens, not after.

Grand Master

shakey

Posted
Posted

Since forums somehow screwed up font size in prev. post, going to re-post it below,

shakey - so what exactly happened with your friend? was he a EA/FIFA customer as well?

LOL, what did happen with that font size. I didn't even see it until you mentioned it.

Didn't get the full details, as he was at work last night , hes a club bouncer, so our hours to interact are skewed. But he doesn't play Fifa games. EA is sort of a give in, as he plays Battlefield and Mass Effect.

But that's the thing. If the xbox live system is being used to fraudulently buy hundreds of dollars of content, they need to shut the service down until they can figure out how to stop this. But keeping it up, and having users keep on having this happen, is probably the worst strategy possible.

Hell, they wouldn't even need to shut online access down, just take the store down until it is figured out. It may be a inconvenience, but it is much less of one than having funds on hold or lost, account on hold for a month, and other headaches that comes from this.

Grand Master

AbandonedTrolley

Posted
Posted

I agree. As a victim of the Live hack, I'd much rather have gone through what I did than the whole lot of my info get out. And if I would have just used points cards/Live renewal cards in the first place, it wouldn't have been a big deal. With PSN, theres no telling how far that would go and to what extent.

Well if you decided to use cards on 360 to have avoided this then you could have done the same on the PS3 and avoided that on there too.

Sorry but I refuse to believe anyone thinks that having your account compromised and money actually taken from you bank and having to wait for a refund is not worse than maybe having to cancel a credit card.

Grand Master

Ayepecks

Posted
Posted

Well if you decided to use cards on 360 to have avoided this then you could have done the same on the PS3 and avoided that on there too.

Sorry but I refuse to believe anyone thinks that having your account compromised and money actually taken from you bank and having to wait for a refund is not worse than maybe having to cancel a credit card.

No you don't. You're just supporting the console you bought and won't listen to anyone who doesn't share your view.

For me, having all my data compromised (while not being able to use PSN for about 30 days) is far more worrying than having someone make an illegal transaction on my credit card and having my Xbox Live account frozen for 30 days. Not saying everyone has to feel that way, though. Shocking, isn't it?

Grand Master

shakey

Posted
Posted

No you don't. You're just supporting the console you bought and won't listen to anyone who doesn't share your view.

For me, having all my data compromised (while not being able to use PSN for about 30 days) is far more worrying than having someone make an illegal transaction on my credit card and having my Xbox Live account frozen for 30 days. Not saying everyone has to feel that way, though. Shocking, isn't it?

What if it becomes compromised again? Since they aren't taking any prevention towards it happening, and only fixing what problems occurs from it, it could easily happen again. Then you are without funds for another month, and without a live account for another month.

Their best plan of action would be to just take down the store and make it impossible, until the issue is resolved, to buy anything. Sure, it might hurt sales, but it will save customers.

Grand Master

+Audioboxer Subscriber²

Posted
  • Subscriber²
Posted

No you don't. You're just supporting the console you bought and won't listen to anyone who doesn't share your view.

For me, having all my data compromised (while not being able to use PSN for about 30 days) is far more worrying than having someone make an illegal transaction on my credit card and having my Xbox Live account frozen for 30 days. Not saying everyone has to feel that way, though. Shocking, isn't it?

What data is this, your name and address? Correct me if I'm wrong but if someone gets access to your Live account and attached credit card, don't they also have that info? You also have to wait for MS to refund you, which in this topic seems to be taking longer than 30 days.

Grand Master

Ayepecks

Posted
Posted

I guess I should have expected the two people I blocked for trolling the 360 section would immediately start talking up a storm and responding to me as soon as any sort of negative news comes out on the 360 :laugh: Not falling for it, guys. Don't care what you're writing.

Grand Master

shakey

Posted
Posted

What data is this, your name and address? Correct me if I'm wrong but if someone gets access to your Live account and attached credit card, don't they also have that info? You also have to wait for MS to refund you, which in this topic seems to be taking longer than 30 days.

They do have access to all that same information. They just keep ignoring it though. This isn't on the same User Scale as PSN, but as far as what is worse, this is far more destructive. And that nothing preventative is being done about it would worry the hell out of me if I had a 360 with my CC information on it.

Gotta love his response... Trolling when we are posting relevant and factual information :p

  • MightyJordan
  • Like 1
Grand Master

BajiRav

Posted
Posted

What data is this, your name and address? Correct me if I'm wrong but if someone gets access to your Live account and attached credit card, don't they also have that info? You also have to wait for MS to refund you, which in this topic seems to be taking longer than 30 days.

They do have access to all that same information. They just keep ignoring it though. This isn't on the same User Scale as PSN, but as far as what is worse, this is far more destructive. And that nothing preventative is being done about it would worry the hell out of me if I had a 360 with my CC information on it.

Gotta love his response... Trolling when we are posting relevant and factual information :p

who said that "they" have access to credit card infomation? You two are going down your usual path now. :s It's nice how sony had encrypted credit card info but on microsoft's side, they must be storing everything in plain text, right?

Grand Master

Ayepecks

Posted
Posted

Don't feed them. :laugh:

I will say this, though: Even if someone gains access to your Xbox Live profile, they don't have access to your credit card information besides the last four digits. So it's pretty much worthless on anything but Xbox Live, and it takes maybe 5 minutes to get your credit card company to remove those charges.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Nearly 70% of Steam users now run Windows 11

      By WaltC · Posted

      Never had a problem with TPM and started using that many years ago in Win10. Through several motherboards and OS versions, it just does what it does without complaint. My games library doesn't even know it's there. Secure boot does a lot more than support anti-cheat, as it came along long before anti-cheat software. I've used it religiously since before I started using TPM, and I always liked it for being able to nullify virus contagions that try their best to come in underneath the firmware during boot, so that the OS doesn't see them, etc. That is its purpose, imo. I'll never understand why people who elect to use another OS feel compelled to run down Windows... I guess they need to do that to feel secure about their choices? I run Windows because it supports all the software (including games) natively that I want to buy, and I've never had to run down another OS to make me feel better about it. (Although it's certainly possible to do that, of course...) Win10 is on a ventilator atm, and Win11 is very close to being free, and I finally got to stop running StartAllBack as I moved to the Experimental/Dev channel and my 26300.8553 build supports the moveable taskbar and it's running fine at the top of the screen! Finally, my last major dislike of Win11 is being rectified! So, I'm not at all surprised to see Win11's share of the Steam survey hitting 70%.
    • AMD 9070XT

      By Mindovermaster · Posted

      I can answer about the Linux bit. I only used AMD GPUs. I currently have a 9060XT (8GB) that fits my needs, I'm not a gamer, so I don't need that much GDDR. But lately, NVIDIA has grown a lot in the recent years. Oh, the horrors of NVIDIA drivers not working. But they have been getting better. I know a lot of members onm here that are running cachyOS and other distros, and are fine with a 4090/5090 variants. Really, though, I would stick with AMD variants.
    • Microsoft is making Windows 11's context menus faster, simpler, and configurable

      By spacelordmaster · Posted

      Everything they say you can already do yourself on the registry by changing some things.
    • An actual cosmic "Eye of Sauron" had been looking straight at us all along

      By WaltC · Posted

      Artist's renderings are so much nicer to view than the real thing, don't you think?
    • WildBit Viewer 6.20 released; no further updates planned

      By Copernic · Posted

      WildBit Viewer 6.20 released; no further updates planned by Razvan Serea WildBit Viewer is a popular, fast, and extensive image viewer offering a comprehensive suite of tools for photographers, designers, and image enthusiasts. It includes a powerful Viewer, Slide Show, Editor, Search, Profile Switcher, and Multi-Screen Viewer. The Viewer provides blazing-fast folder, file list, and thumbnail navigation with customizable headers, full-screen view, and a shell toolbar to organize favorite folders. It supports all major graphic formats (over 70), including JPEG, TIFF, PNG, BMP, GIF, PCX, TGA, and RAW formats. Detailed Image Info shows EXIF, IPTC, and XMP metadata, with rotation based on EXIF orientation, wallpaper setting, image comparison, geo-tag viewing, color labels, and CMS-aware color management. The Slide Show module offers 176 transition effects, multi-monitor support, custom shows with per-image settings, image marking, zoom, rotate, and desktop hiding for a professional viewing experience. The Editor supports advanced image manipulation, including crop, resize, color adjustments, curves, edge detection, effects, batch processing, retouching, layer support, and printing. Users can apply mass renaming, update or clear metadata, and work with multi-page TIFFs and animated GIFs. Search allows filtering by name, location, date, size, attributes, and metadata, while the Profile Switcher saves and loads custom layouts for all modules. The Multi-Screen Viewer opens multiple windows on available monitors, allowing simultaneous image viewing with independent zoom, pan, and rotation. WildBit Viewer also supports portable operation, 32- and 64-bit versions, Unicode, high-DPI displays, and multiple Windows styling options. With its combination of speed, versatility, and rich feature set, WildBit Viewer is an indispensable tool for managing, editing, and showcasing images efficiently. WildBit Viewer key features: Blazing-fast folder, file list, and thumbnail browsing Supports 70+ image formats including JPEG, TIFF, PNG, BMP, GIF, and RAW Full-screen view with multi-monitor support Explorer-style file handling with customizable headers Thumbnail Browser with sorting, view change, and fast size adjustment EXIF, IPTC, and XMP metadata viewing and editing Automatic rotation based on EXIF orientation Shell toolbar for organizing favorite folders Image Compare to calculate similarity between images Mass renaming and batch metadata updates File List Generator (HTML, CSV, RTF, TXT, Unicode) Rating and color labels, CMS-aware color management Video playback (AVI, MPG, MPEG, WMV) Animated GIF, multipage TIFF, Camera RAW support Slide Show with 176 transition effects and custom settings Editor: crop, resize, rotate, flip, canvas resize, and retouching tools Batch processing and image format conversion Multi-Screen Viewer: multiple windows with independent zoom, pan, and rotate Profile Switcher: save, load, reset, delete module profiles Portable operation, 32-/64-bit support, Unicode, and high-DPI ready WildBit Viewer 6.20 changelog: Viewer, Slide Show, Editor, Search, Profile Switcher & Multi Screen Viewer. Updated ImageEn to 15.0.0 version. Viewer, Slide Show, Editor, Search, Profile Switcher & Multi Screen Viewer. Updated Jedi JCL&JVCL. Viewer - Image Geo Info, OpenStreetMap removed. Slide Show Remote Mode removed. Note! This means that WildBit Slide Show Remote is now officially EOL. Editor - Shortcut keys for Capture removed. Optimized code. Note! This version includes help what supersedes all previous releases. plus Lots of bug fixes and changes, check Readme files for details. WildBit Viewer End‑of‑Life WildBit Viewer has reached its final release with version 6.20. As development comes to a close, no further feature updates are planned. WildBit Slide Show Remote reached End-of-Life on 06 June 2026, while WildBit Viewer will reach End-of-Life on 30 June 2026. Downloads will remain available until the end of July 2026 (possibly extending into early August). After End-of-Life, the software will no longer receive updates, security fixes, or technical support. Download: WildBit Viewer 64-bit | Portable 64-bit | ~70.0 MB (Freeware) Download: WildBit Viewer 32-bit | Portable 32-bit Links: WildBit Viewer Homepage | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware

  • Recent Achievements

    • Proficient
      Eric Biran went up a rank
      Proficient
    • Dedicated
      Conjor earned a badge
      Dedicated
    • Week One Done
      Windows Guy earned a badge
      Week One Done
    • Dedicated
      Mark Spruce earned a badge
      Dedicated
    • Collaborator
      conkir earned a badge
      Collaborator

  • Popular Contributors

    1. 1
      +primortal
      479
    2. 2
      PsYcHoKiLLa
      252
    3. 3
      Steven P.
      71
    4. 4
      +Edouard
      69
    5. 5
      FloatingFatMan
      68
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!