Xbox live accounts being hacked?

By Scraggles
in Xbox

 Share

Recommended Posts

Grand Master

Dotdot

Posted
Posted

I have 2 credit cards on my account and i've never been hacked, i know what phishing is so i know i wont get hacked and have nothing to worry about.

Funny that, im a web designer and have all sorts of I.T knowledge. Yet I still got hacked/phished. Sadly because you know something exists, doesnt mean you wont fall prey.

Grand Master

shakey

Posted
Posted

Funny that, im a web designer and have all sorts of I.T knowledge. Yet I still got hacked/phished. Sadly because you know something exists, doesnt mean you wont fall prey.

Especially when it probably has nothing to do with you doing anything besides having an account. This hasn't been confirmed to be a phishing or scam based break in to peoples accounts. It very well could be a security flaw somewhere in the Live accounts registered with Xbox, customer service leaking details, or another many range of ways.

Grand Master

Dotdot

Posted
Posted

Especially when it probably has nothing to do with you doing anything besides having an account. This hasn't been confirmed to be a phishing or scam based break in to peoples accounts. It very well could be a security flaw somewhere in the Live accounts registered with Xbox, customer service leaking details, or another many range of ways.

Yip, my account was for Live only and was setup with the Xbox, had a unique password and well Im just not conciously dumb enuff to go handing out my details. Not to mention that I wouldnt of had any reason to enter the details into anything but the damn Xbox. Its not as if I used the account for Live Mail or Messenger, so at no point would I of stored or had these details entered into my PC, other than of the day of creation. Even then I probably used the Xbox itself.

To be honest the only thing stopping me selling my Xbox is Forza 4, and a few arcade games I own. I dont like to hand a company money when they dont give a crap about there customers as clearly proven by my own experience. What I find even worse is that at no point did anyone try to compensate me for the hassle and phonecalls I had to make, i.e no eextra month free or a few hundred points to shut me up. Just excuses.

To this day they havent contacted me about what happened and if I hadnt phoned the Bank again Id still be -?50 thanks to Microsoft.

Keep in mind they had escalated my case to there highest level and promised to phone me back. No phone calls, no money, just hassle.

Grand Master

BajiRav

Posted
Posted
Funny that, im a web designer and have all sorts of I.T knowledge. Yet I still got hacked/phished. Sadly because you know something exists, doesnt mean you wont fall prey.

Your web designer experience and "all sorts of I.T. knowledge" doesn't make you impervious to fishing. I have seen most elaborate phishing scams especially with BoA and one page was really convincing. I was saved thanks to my habit of looking at the site certificates.

Grand Master

Hedon

Posted
Posted
This hasn't been confirmed to be a phishing or scam based break in to peoples accounts.

Actually, it has. Microsoft confirmed phishing is the cause.

http://www.thesixthaxis.com/2011/11/22/microsoft-claim-phishing-is-cause-of-recent-hacks/

Grand Master

BajiRav

Posted
Posted
Just because Microsoft says it phishing doesn't make it so. I know in my case that did not happen.

Let's turn your argument around.

Just because you say that it did not happen in your case doesn't mean it did not happen in your case.

Grand Master

+Audioboxer Subscriber²

Posted
  • Subscriber²
Posted

Let's turn your argument around.

Just because you say that it did not happen in your case doesn't mean it did not happen in your case.

Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mailspoofing or instant messaging,[1] and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.

I'm pretty sure people using Neowin would know if they entered their unique Xbox password somewhere other than on their Xbox.

Grand Master

BajiRav

Posted
Posted
I'm pretty sure people using Neowin would know if they entered their unique Xbox password somewhere other than on their Xbox.

really? I wouldn't be too sure of that...

Warning to all PSN users though, there is a Phishing scam going on... http://gamingbolt.co...g-sent-to-users But it is unrelated to this... Still, beware. I actually clicked the link before I read about this, and had looked at what seemed to be my account.. So i'm off to change my password now via ps3... brb :p
Grand Master

shakey

Posted
Posted

really? I wouldn't be too sure of that...

Ya :p Some of the methods are actually down right devious. That email had everything that it needed. Let me see if I can find it and post a screenshot of it real quick. Though, it was the only time I ever fell for anything as such, and luckily, I was able to find out instantly after what it was. *going to check trash in email*

It didn't help that I was doing everything via my phone, which only made the fonts smaller and me more less likely to pay attention to such things. But it did get me for a second, which was enough. I was able to secure everything right after, but the emails are pretty "official" looking.

post-51448-0-16396100-1326320066_thumb.j

Grand Master

shakey

Posted
Posted

Yeah I'm sure you can trust Microsoft on this. These are the same people who issued denial after denial about the RROD until it was so overwhelming that they finally had to admit to it.

As well as those who state that they don't even use the email or haven't checked or gone to anything via email. MS likes to hide behind what they can, until they can't hide anymore. Most companies work that way.

Grand Master

Emn1ty

Posted
Posted

As well as those who state that they don't even use the email or haven't checked or gone to anything via email. MS likes to hide behind what they can, until they can't hide anymore. Most companies work that way.

Or they may be avoiding the issue until they can actually make an official statement regarding the manner.

Mentor

S00N3R FR3AK

Posted
Posted

By any chance did you play FIFA 12? it's not Microsoft who are to blame - it seems to be a vulnerability with EA's online system and FIFA 12 in particular. It's happened before and people have reported someone playing FIFA 12 on the console. Unfortunately, the lock-out is part of Microsoft's policy but they will refund you, so no worries there.

I did not play FIFA 12 but my information was stolen in that way. Just got the investigation started yesterday.

Grand Master

+Audioboxer Subscriber²

Posted
  • Subscriber²
Posted

really? I wouldn't be too sure of that...

And the people on Neowin saying they haven't entered their password anywhere? My point is you don't tend to enter your password somewhere and forget you did. If you've never used the password anywhere but on your Xbox, like a few members on here have said what do you say to that? Just call them liars?

GAF is full of the same situation, unique passwords not used anywhere else.

Grand Master

Hedon

Posted
Posted

Are people forgetting that people can actually (and have) Phish Microsoft (as well as Sony and other companies) directly for this information via phone?

LOL, Gaf. I still don't know why I visit that cesspool daily.

Grand Master

BajiRav

Posted
Posted

And the people on Neowin saying they haven't entered their password anywhere? My point is you don't tend to enter your password somewhere and forget you did. If you've never used the password anywhere but on your Xbox, like a few members on here have said what do you say to that? Just call them liars?

GAF is full of the same situation, unique passwords not used anywhere else.

What makes you think all people act sensible on Internet? It's not impossible for people to get fooled by a phishing attack and then forget about it, just ignore it or not realize they're "phished". I laugh at people who claim they've never used the xbl account outside of Xbox. That means only one thing to me - they failed to properly secure their accounts with additional safeguards such as password reset questions or text alerts. I won't call them liars but will stop short of saying dumb.

Grand Master

(Spork)

Posted
Posted

Yip FIFA 12 hack. Phone your Bank/CC company if theyve taken funds, and also contact MS. Tho if your experience is anything like mine, be prepared for aa very very very long wait.

i have contacted MS and nothing was changed they just used 6800 points to purchase market items

Grand Master

+Audioboxer Subscriber²

Posted
  • Subscriber²
Posted

Last week we asked if

Xbox Live had been hacked. We used the detailed account of Xbox Live fraud victim Susan Taylor to suggest that yes, it had.

After publishing the article, Eurogamer was approached by half a dozen other readers who had experienced similar exploitation on Xbox Live.

All the while, Microsoft staunchly denied any such security breach on Xbox Live.

But now we may have discovered how those Xbox Live accounts were broken into.

Eurogamer was contacted recently by "Jason", a man who claimed to know how to hack into Xbox Live accounts. He offered us an explanation via email last night. But our efforts to validate his claims were cut short by website

AnalogHype, which today posted an uncannily similar "how-to", based on information provided by a source named Jason Coutee.

The same Jason? Probably.

Coutee and Eurogamer's "Jason" point the finger at Xbox.com - the website. This allows eight password attempts at a Windows Live ID before CAPTCHA is triggered - the system that presents those squiggly words. A simple password-generating script can apparently be used to exploit this system before CAPTCHA kicks in.

The Windows Live IDs come from playing Xbox 360 games online. Gather Gamertags and Google search them in the hope you'll find related email addresses. Try these as Windows Live IDs and the Xbox.com website will let you know if they're valid - "the email address or password is incorrect" - or not - "That Windows Live ID doesn't exist."

Using these methods you can apparently brute force your way into a near-limitless supply of Xbox Live accounts and use their saved banking details to buy Microsoft Points. That's how it sounds. We haven't tested this, naturally.

Eurogamer has contacted Microsoft about this issue. Microsoft is aware of the issue and Eurogamer is waiting for a formal response.

AnalogHype says that Jason Coutee is a network infrastructure manager who had his own Xbox Live account hacked and used to fraudulently buy 8000 Microsoft Points. He called Xbox Support, who offered to freeze his account but couldn't refund him. He declined the offer and investigated himself, eventually stumbling upon the answer.

Since publishing Susan Taylor's account of Xbox Live fraud, Eurogamer has been contacted by half a dozen other people who were victims of similar exploitation. Thank you, those who have written in. And please do keep letting us know if you've had your Xbox Live account fraudulently used.

Source: http://www.eurogamer...x-live-accounts

xbox-live-hack-exposed-1.png

From what started as a supposed Fifa 12 hack, turns out to be more then that. Xbox Live has a serious security flaw and Microsoft ignored it for way to long. We have uncovered how easy it is for hackers or anybody with some free time to hack your Xbox Live account.

I spoke with Jason Coutee, a network infrastructure manager who had his Xbox Live account hacked. 8000 Microsoft points were purchased on his account, so he did what anyone of us would do and call Xbox support. A transaction for Xbox Live Family Pack was in the middle of being processed and he was able to cancel it before it went through. Unfortunately Xbox couldn?t refund him for the 8000 Microsoft points but offered to freeze his account for 30 days to investigate. Jason declined to the investigation so that he can do his own investigation. For the next couple of weeks Jason went searching for vulnerabilities that may have caused the hack. He then found Xbox 360?s Achilles heel, Xbox.com

The first step was to gather the Windows Live ID?s of gamertags. So after a round of Halo Reach, he gathered a list of gamertags and enter them individually on Google. Thanks to Facebook, Twitter, or any other links that have their email advertised, hackers now have a potential list of Windows Live ID?s. Now the hackers check to see if the email is a valid Windows Live ID. To do this, hackers headed to Xbox.com Typing in the email and a random password like blah.

If the hacker got the error message ?account is invalid? they move on to another email.

xbox-live-hack-exposed-2.png

When the hacker comes across the error message ?password is wrong? then that account is in trouble.

xbox-live-hack-exposed-31.png

Now with a simple script, hackers can brute force their way into your Xbox Live account. The script would batch run a list of potential password, which anybody can find online with a simple Google search. The script will attempt to enter these potential passwords until it gets in. Xbox allows you to enter your password incorrectly 8 times on the website, then it asks for a CAPTCHA code. When hackers get to that CAPTCHA code, there is a link for ?try with another Live ID?. Clicking this link resets the CAPTCHA code and hackers can continue to force their way in 8 more times before they need to click the link again. This process can easily be automated by a skilled hacker. Once a hacker is in your account, nothing is safe. Hackers will take your credit card info, Netflix, Hulu Plus, the works.

So what are hackers going to do with your hacked account? Most likely purchase games and Microsoft points, change your gamertag and the email associated with then sell it online. For extra kicks they might also purchase a Xbox Family pack to add 3 more gamertags to their arsenal. Hackers are known to do this several times a day. Making several hundred dollars a day off of Microsoft?s laziness and your money.

Jason Coutee attempted to call Microsoft to report his findings and Microsoft Headquarters gave him the run around. Instructed him to email [email protected] He also tried calling 1-800-4-MY-XBOX where he spoke with a supervisor. The supervisor instructed him to take it to the Xbox.com forums. His latest attempt was with the Piracy and Phishing department at Microsoft who wouldn?t help him with anything Xbox related. Everybody at Microsoft refused to acknowledge the issue and because of that, gamertags are still being hacked. Microsoft can easily fix this issue by sending an email to people when there are more than X amount of failed login attempts and by by storing session id?s.

Source: http://www.analoghyp...ored-the-truth/

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Microsoft confirms Recycle Bin bug across all versions of Windows

      By spacelordmaster · Posted

      ...and the problems continue.
    • Weekend PC Game Deals: Cyberpunk 2077, Split Fiction, Sonic Racing, and more

      By LoneWolfSL · Posted

      Weekend PC Game Deals: Cyberpunk 2077, Split Fiction, Sonic Racing, and more by Pulasthi Ariyasinghe Weekend PC Game Deals is where the hottest gaming deals from all over the internet are gathered into one place every week for your consumption. So kick back, relax, and hold on to your wallets. The Epic Games store brought along two games from wildly different genres this week for PC gamers to claim. Robobeat is a rhythm-based action game that lets you become a bounty hunter that can wall run, slide, and bunny hop around his opponents. All you have to do is stick to the beat for the built-in or custom songs. Next, Citizen Sleeper is a sci-fi RPG adventure taking place in a ruined space station. It uses tabletop RPG-inspired elements like dice rolls and timers to change up how players approach its activities, factions, and storylines. The Citizen Sleeper and Robobeat giveaways end on June 25. On the same day, RollerCoaster Tycoon 3 and Voidwrought will become the next freebies. The bundle space expanded with two more collections from Humble this week too. The June 2unes bundle is up first, carrying plenty of rhythm games. This carries Kill the Music and Rhythm Witch in the $5 starting tier, followed by Trombone Champ, Spin Rhythm XD, and Thumper in the $7 tier. Paying at least $12 gets you the complete bundle, which adds on Kalpa: Cosmic Symphony, Everhood 2, NOISZ, and Sixtar Gate: StarTrail. The next bundle is for virtual reality fans. This carries Among Us 3D: VR and Zero Caliber VR for $10. The next tier brings in Tactical Assault VR, Ancient Dungeon, and Arizona Sunshine Remake for $15. VTOL VR, Zero Caliber 2 Remastered, Metro Awakening, and Thief VR land to finish things off for $18. Free Events It's a big week for free event fans, as Valve kicked off another one of its Next Fest events. This one carries thousands of gameplay slices from upcoming indie games The promotion is set to run until June 22. Standard free events are also ongoing this weekend. This includes the sci-fi grand strategy experience Stellaris from Paradox and the hit SEGA management game Two Point Museum. Asymmetric multiplayer horror title Dead by Daylight and the hit mech shooter MechWarrior 5: Mercenaries are also free-to-play over the weekend. Big Deals The Steam Summer Sale is a week away from launch, but there are plenty of publishers already putting their wares on sale to prepare for the event. Here's our hand-picked big deals list for this weekend: Battlefield 6 – $34.99 on Steam Sonic Racing: CrossWorlds – $34.99 on Steam Split Fiction – $32.49 on Steam Arma Reforger – $27.99 on Steam Sniper Elite: Resistance – $24.99 on Steam DayZ – $22.49 on Steam Two Point Museum – $20.09 on Steam Atomfall – $19.99 on Steam No More Room in Hell 2 – $19.49 on Steam Cyberpunk 2077 – $17.99 on Steam Sonic Frontiers – $17.99 on Steam Dinkum – $15.99 on Steam Stellaris – $14.99 on Steam Hi-Fi RUSH – $14.99 on Steam My Little Puppy – $14.99 on Steam FINAL FANTASY XII THE ZODIAC AGE – $14.99 on Steam SONIC X SHADOW GENERATIONS – $14.99 on Steam EA SPORTS FC 26 – $13.99 on Steam STAR WARS Jedi: Survivor – $13.99 on Steam FINAL FANTASY VII REMAKE INTERGRADE – $13.99 on Steam FINAL FANTASY XV – $13.99 on Steam It Takes Two – $11.99 on Steam FINAL FANTASY X/X-2 HD Remaster – $11.99 on Steam Axiom Verge 2 – $9.99 on Steam [REDACTED] – $9.99 on Steam Sniper Elite 5 – $9.99 on Steam Holdfast: Nations At War – $9.99 on Steam Arma 3 – $8.99 on Steam The Callisto Protocol – $8.99 on Steam A Way Out – $8.99 on Steam LIGHTNING RETURNS: FINAL FANTASY XIII – $7.99 on Steam MechWarrior 5: Mercenaries – $7.49 on Steam Slackers - Carts of Glory – $7.14 on Steam MIMESIS – $6.99 on Steam Need for Speed Unbound – $6.99 on Steam FINAL FANTASY XIII – $6.39 on Steam Sniper Elite 4 – $5.99 on Steam Tyranny – $5.99 on Steam Immortals of Aveum – $5.99 on Steam Far Cry 3 – $4.99 on Steam Zombie Army 4: Dead War – $4.99 on Steam Sonic & All-Stars Racing Transformed Collection – $4.99 on Steam Mass Effect Legendary Edition – $4.79 on Steam Titanfall 2 – $4.49 on Steam SimCity 4 Deluxe Edition – $3.99 on Steam Far Cry 3 - Blood Dragon – $3.74 on Steam Wreckfest – $2.99 on Steam Crime Boss: Rockay City – $1.99 on Steam theHunter: Call of the Wild – $1.99 on Steam The Saboteur – $1.99 on Steam Battlefield 1 – $1.99 on Steam Sonic Mania – $1.99 on Steam Golf With Your Friends – $1.49 on Steam Sid Meier's Alpha Centauri Planetary Pack – $0.99 on Steam Dungeon Keeper 2 – $0.99 on Steam Populous: The Beginning – $0.99 on Steam Citizen Sleeper – $0 on Epic Store ROBOBEAT – $0 on Epic Store DRM-free Specials The DRM-free store GOG has already kicked off its own summer sale. Here are some highlights: S.T.A.L.K.E.R. 2: Heart of Chornobyl - $41.99 on GOG Indiana Jones and the Great Circle - $41.99 on GOG Cronos: The New Dawn - $35.99 on GOG SILENT HILL 2 - $34.99 on GOG SILENT HILL f - $34.99 on GOG Kingdom Come: Deliverance II - $29.99 on GOG MENACE - $29.99 on GOG Cairn - $23.99 on GOG Frostpunk 2 - $22.49 on GOG The Alters - $20.99 on GOG Resident Evil Classic Bundle - $20.99 on GOG System Shock 2: 25th Anniversary Remaster - $17.99 on GOG Banishers: Ghosts of New Eden - $16.99 on GOG Legacy of Kain: Defiance Remastered - $16.25 on GOG METAL EDEN - $15.99 on GOG REPLACED - $15.99 on GOG Hollow Knight: Silksong - $14.99 on GOG Tomb Raider I-III Remastered Starring Lara Croft - $11.99 on GOG Chants of Sennaar - $11.99 on GOG Alpha Protocol - $9.99 on GOG DREDGE - $9.99 on GOG Crow Country - $9.99 on GOG Warhammer 40,000: Dawn of War - Anniversary Edition - $2.99 on GOG Keep in mind that availability and pricing for some deals could vary depending on the region. That's it for our pick of this weekend's PC game deals, and hopefully, some of you have enough self-restraint not to keep adding to your ever-growing backlogs. As always, there are an enormous number of other deals ready and waiting all over the interwebs, as well as on services you may already subscribe to if you comb through them, so keep your eyes open for those, and have a great weekend.
    • Acronyms....

      By WiltshireHam · Posted

      Lilly-Livered American Media Are Scared
    • Nothing kills CMF Phone 2 Pro's successor due to rising memory prices

      By Fleet Command · Posted

      Really? Despite the memory price rises, nothing can kill it? I thought something would.
    • Microsoft confirms Windows 11 26H2, urges IT admins to prepare for release

      By xillibit · Posted

      I think there will be a 27H1 for actual users of 26H1 The 25h2 supports ARM too : Snapdragon X, Snapdragon X Plus and Snapdragon X Elite

  • Recent Achievements

    • Week One Done
      Genuinetonerink- Dubai earned a badge
      Week One Done
    • One Month Later
      Genuinetonerink- Dubai earned a badge
      One Month Later
    • One Year In
      hhgygy earned a badge
      One Year In
    • One Month Later
      AMV earned a badge
      One Month Later
    • Week One Done
      AMV earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      514
    2. 2
      +Edouard
      171
    3. 3
      PsYcHoKiLLa
      84
    4. 4
      Steven P.
      74
    5. 5
      Michael Scrip
      72
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!