LaP Posted January 14, 2012 Share Posted January 14, 2012 I do not fail to realise anything. Did i say those accounts was brute forced ? Absolutely not. I said from an outsider perspective the security looks to be bad. And i still don't understand why people here lose time saying otherwise. Those are basic things about security. Generic error messages. Freezing an account after too many bad login attemps. Ask for secret question when someone login from a different system and/or from a different country. Ask for CC 3 digits security code. This is not rocket science this is the basis students learn in school. 1 layer of security aint enough and will never be. If the security looks bad from the outside then why all people assume this is impossible some of those accounts got compromised from MS side and not from clients side? I'm not naive enough to assume all those are phishing. If i still had my XBox Live account i would remove my CC from it asap. Link to comment Share on other sites More sharing options...
XPGoD Posted January 14, 2012 Share Posted January 14, 2012 https://www.neowin.net/forum/topic/1036915-xbox-live-accounts-being-hacked/page__st__45__p__594491271#entry594491271 Repeat... Link to comment Share on other sites More sharing options...
Brian M. Veteran Posted January 14, 2012 Veteran Share Posted January 14, 2012 [Threads Merged] Link to comment Share on other sites More sharing options...
Fourjays Veteran Posted January 14, 2012 Veteran Share Posted January 14, 2012 It's simply not plausible in a short amount of time. It really depends on the password. But like you I don't think it is plausible with the number of people being affected. Even if they can try a new password every 10 seconds, it would take quite some time unless the user was using a dictionary word with no variation. I don't buy into the phishing explanation either. Usually when there is phishing going on someone is able to point to the culprit site. Given the scale of the "hacking" I find it very hard to believe that no-one has noticed that an email purporting to be from Xbox/Live/Microsoft has actually come from and is directing them to another address. Would have to be a fairly advanced form of phishing. May be possible by using one of these new domains that allows non-latin characters to be used? Remember some comments at the time they were started that they could be used for phishing due to similar non-latin characters. Link to comment Share on other sites More sharing options...
(Spork) Posted January 18, 2012 Share Posted January 18, 2012 i got my account unlocked last night .. all points returned and another free month of xbox live ( 2 months total ) Link to comment Share on other sites More sharing options...
shakey Posted January 18, 2012 Share Posted January 18, 2012 No clue how relevant this is, but from the past few years, brute force hacking become increasingly easier and faster. http://www.mandylionlabs.com/PRCCalc/BruteForceCalc.htm Link to comment Share on other sites More sharing options...
Hedon Posted January 18, 2012 Share Posted January 18, 2012 I can't believe they don't have anything better to do. Link to comment Share on other sites More sharing options...
BajiRav Posted January 19, 2012 Share Posted January 19, 2012 No clue how relevant this is, but from the past few years, brute force hacking become increasingly easier and faster. http://www.mandylionlabs.com/PRCCalc/BruteForceCalc.htm I haven't bothered to read through that site but if it's about any of those theoretical gpu based crackers then that won't work with Xbox or any other websites. They are limited by the websites ability to process request and even for Microsoft it's not in millions/s. Link to comment Share on other sites More sharing options...
Dotdot Posted January 22, 2012 Share Posted January 22, 2012 Well if anyones been reading this thread from the start you,ll have seen some of my posts and the endless hassle ive had in getting myy cash back. The saga continuess... yip thats right Back for the sequel, tho this times it seems the bank has finished there investigation and contacted Microsoft/Xbox. Microsoft told them, they had refunded me and the case was closed. So bank took back the money. So back again now wrestling with Microsoft. Watch this space..... Link to comment Share on other sites More sharing options...
margrave Posted January 24, 2012 Share Posted January 24, 2012 On November 22, 2011 my XBLA account was compromised. I was billed for $54.61 for MS points I did not purchase. Since then I have been trying to get the money back via phone support. They have been unable to aid with this. They keep telling me that all phone support can do is give one month of xbox live gold. With phone support like this I don't trust them at all anymore! If they have no power, why do they even have jobs? That could be an automated system and be this effective. Every time I talk to support, I'm told the investigation is still ongoing, but that there's no new notes on the case. This investigation was suppose to take 30-31 days, but it's been 63 now. I have been trying this whole time to get my money back and them take their points back!!! They will not do it!!! As it stands, my account is frozen, and I still do not have my money back. As of now I have NO faith in xbox support as this has taken months and nothing has been done. I urge everyone to stop using XBLA for any purchases! If you get compromised/hacked, Xbox, Microsoft, will just keep your money! Link to comment Share on other sites More sharing options...
Ayepecks Posted January 24, 2012 Share Posted January 24, 2012 Contact Xbox Support on Twitter. If they don't get your money back, cause a big stink about it. Don't threaten to sue, but make sure they know you'll go to the Better Business Bureau, blog about it, tweet about it, etc. Link to comment Share on other sites More sharing options...
matt4pack Posted January 24, 2012 Share Posted January 24, 2012 Hacked on October 31st and I've still got nothing back yet. It's only $25 but I'm tried of having to deal with this. Called about 5 times now and every time they make note that I called and say it's being escalated or being sent to a supervisor and I should get a call back in a few days. Yet every time it just disappears into a black hole and I never hear anything. It was held up in the past because they needed an xbox serial # when I only have a games for windows account which they knew the first time. They don't call to let you know this of course. The latest excuse is that they needed an email address not tried to my account. Everyone is nice and apologizes but they don't seem to know what's happening with the fraud department. The whole system they have in place to deal with this needs to be fixed. Link to comment Share on other sites More sharing options...
oceanmotion Posted May 26, 2012 Share Posted May 26, 2012 How and why your Xbox Live account are hacked Good read. Link to comment Share on other sites More sharing options...
+InsaneNutter MVC Posted May 26, 2012 MVC Share Posted May 26, 2012 How and why your Xbox Live account are hacked Good read. Sucks it can be exploited in that way by anyone who wanted to put a bit of time in to it, I can believe it too. I remember back in 2004 all you needed to "jack" someones UK Hotmail account was to know there last name, favorite food or colour. That was it you could easily reset someones password just by knowing the answer to a simple pre defined question. In comparison US accounts had all this additional security such as asking for your address, phone number and other info. Hopefully Microsoft will look in to that as it sounds like a pretty major issue if that article is true. Could explain how someone managed to hack Major Nelson's account the other year: http://kotaku.com/5504145/xbox-live-directors-account-hacked-are-you-next Link to comment Share on other sites More sharing options...
johnnyq3 Posted May 26, 2012 Share Posted May 26, 2012 Actually I just noticed yesterday that it was asking me for a code to authenicate my laptop. Link to comment Share on other sites More sharing options...
+Audioboxer Subscriber² Posted May 27, 2012 Subscriber² Share Posted May 27, 2012 How and why your Xbox Live account are hacked Good read. Very interesting read, what a well targeted and thought out process :o :cry: The internet.... You just knew everyone screaming phishing scams (MS included) last year were talking out of their arse. Link to comment Share on other sites More sharing options...
The Teej Posted May 28, 2012 Share Posted May 28, 2012 The annoying part about all this is not being able to use my CC to pay for stuff on my Windows Phone - meaning I have to run it through my operator's phone bill. Thankfully there's no charge, but it's annoying to realise your bill is ?5-?10 higher then you expected because you forgot your paid for some apps on your second day into the bill. All CC info is tied to the account so if I add my CC info to use on my Windows Phone, jackers can then grab that info via my XBL GT. Very frustrating. Link to comment Share on other sites More sharing options...
BajiRav Posted May 29, 2012 Share Posted May 29, 2012 Very interesting read, what a well targeted and thought out process :o :cry: The internet.... You just knew everyone screaming phishing scams (MS included) last year were talking out of their arse. Wait - if true, this again pretty much echoes what MS had been saying all along that the XBL network was not hacked? This is classic social engineering/phishing, just that MS never admitted that it was occurring with their support staff. :shiftyninja: So.. You just knew everyone screaming OMG Xbox Live is TEH HACKED!!!11!! last year were talking out of their arse. ZakO 1 Share Link to comment Share on other sites More sharing options...
djnv2010 Posted May 29, 2012 Share Posted May 29, 2012 I woke up this morning to check my bank account(payday) and realized my total balance was smaller than my expected paycheck. I clicked to look further into the account and found that I was billed almost 80$ from microsoft. I immediately got on the phone with them. While on hold I checked my email to find 4 emails from them. 3 regarding points purchases, and a 4th titled 'Account Switch Confirmation'. That email stated that my region was successfully changed to Russia from the US. Well. Currently Microsoft locked my account, pending an investigation. I've found that 4 of my friends also had their information stolen and used last night. I'm in New York, 2 are in the same town as me, 1 in maine, and 1 in california. Microsoft claims the investigation will take roughly 25 days. I'm ****ed. They claim I'll be 'compensated'. I'm planning on getting my money back, and terminating any financial connection I have with them. If they were half a decent company would compensate me immediately. They guy claimed 'Well we have to make sure you didn't do it.' A) he could see that my xbox was used from the US last night. B) Another xbox with a matching serial number was accessed from Russia at about 7am. Then at 10am the SAME xbox was accessed from New York again. I told him "Well spaceman, I have to use more primitive forms of travel and as of right now it is impossible for a middle class new yorker to travel that fast." While he found that funny, 25 ****ing days. I'd highly suggest that if you don't purchase stuff on a daily basis on xbox live, remove your credit card information just to be safe. it happened to me a few months back, 3 days later thank god it was just points, got them back, oh and 3 different 1 month codes for xbox live gold lol!! no worries it shouldn't take long Link to comment Share on other sites More sharing options...
Unrealistic Posted May 30, 2012 Share Posted May 30, 2012 Wait - if true, this again pretty much echoes what MS had been saying all along that the XBL network was not hacked? This is classic social engineering/phishing, just that MS never admitted that it was occurring with their support staff. :shiftyninja: So.. You just knew everyone screaming OMG Xbox Live is TEH HACKED!!!11!! last year were talking out of their arse. And your point? So it wasn't hacked, but the fact remains that it is Microsoft's fault and the issue needs to be resolved. A simple change in authentication ala what Apple does with their ID's would solve this for the most part. Link to comment Share on other sites More sharing options...
BajiRav Posted May 30, 2012 Share Posted May 30, 2012 And your point? So it wasn't hacked, but the fact remains that it is Microsoft's fault and the issue needs to be resolved. A simple change in authentication ala what Apple does with their ID's would solve this for the most part. My point? Just keeping audioboxer's facts straight because he loves to hammer that somehow Xbox live was hacked and in the same manner as PSN. You can calm down now :p A better option would be two factor authentication similar to google and a good number of people raised it to MS guys in that hotmail thread. ZakO 1 Share Link to comment Share on other sites More sharing options...
Anthony Tosie Veteran Posted May 30, 2012 Veteran Share Posted May 30, 2012 And your point? So it wasn't hacked, but the fact remains that it is Microsoft's fault and the issue needs to be resolved. A simple change in authentication ala what Apple does with their ID's would solve this for the most part. I think his point was Xbox Live wasn't hacked, as many sites and users had erroneously assumed. Doesn't make the situation any better for those who had their accounts stolen, but the network as a whole wasn't hacked. Link to comment Share on other sites More sharing options...
jagowar Posted May 30, 2012 Share Posted May 30, 2012 Actually I just noticed yesterday that it was asking me for a code to authenicate my laptop. When logging in on xbox.com? It was talked about a while ago on the major nelson podcast that they were going to a 2 factor auth (like gmail) but I have yet to see it on mine.... tried it just now and still was able to get right in on my account from a new computer. Link to comment Share on other sites More sharing options...
+Audioboxer Subscriber² Posted May 30, 2012 Subscriber² Share Posted May 30, 2012 My point? Just keeping audioboxer's facts straight because he loves to hammer that somehow Xbox live was hacked and in the same manner as PSN. You can calm down now :p A better option would be two factor authentication similar to google and a good number of people raised it to MS guys in that hotmail thread. Ehh I said nothing about it being the same as PSN, cause, it's not. I was commenting on the whole finger being pointed at people and MS saying "your fault, you signed your password away on some dodgy site/email", when it was as clear as daylight it wasn't as simple as that. Link to comment Share on other sites More sharing options...
Recommended Posts