Nightz Posted March 21, 2007 Share Posted March 21, 2007 March 20th, 2007Xbox Live hacked, accounts stolen Posted by Ryan Naraine @ 2:01 pm Online gaming forums are buzzing with reports that Xbox Live accounts linked to Microsoft's Windows Live ID service are being hijacked by malicious hackers. Kevin Finisterre, a security researcher at Digital Munition, raised the issue on the Full Disclosure mailing list over the weekend, calling attention to rumors that Microsoft's Bungie.net was the victim of a breach that exposed a portion of Xbox Live. "Some folks are having their Microsoft points stolen and or points purchased via their stolen gamer tag," Finisterre said. A quick search of user forums at xbox.com and other gaming sites turned up multiple messages from Xbox Live users complaining about hijacked accounts, which typically link gamer tags to Windows Live ID (formerly .NET Passport). xbox live hijacks According to Finisterre, there is a group online called "Infamous Clan" brazenly offering to "jack" Xbox Live accounts and boasting about successful account theft. Several Xbox Live users contacted me to confirm the rumors and make it clear that the stolen accounts are being used for nefarious purposes. One reader writes: "I have been involved with Microsoft Support for days on this exact issue and have spent many hours on the phone trying to prove to them that, first, my Windows Live ID was stolen and, second, the ID and password associated with my ID were changed; two actions that Microsoft swears can NEVER happen; and third that the thief was able then use my credit card information associated with one of my Windows Live ID accounts to purchase over $800 of Microsoft products. Thank goodness for other websites that still contained my old Windows Live ID information and also the fact that, in order to gain access to those other websites, you NEED a Windows Live ID. After spending over 20+ hours on the phone with support and finally getting them to realize that I did indeed have a Windows Live ID, after pointing them to the other websites, I was told by a supervisor that "Yes, in fact, we have heard of some instances where a user's Windows Live ID had been compromized!" After finally getting this confirmation and having a case number assigned and forwarded to Microsoft Security Investigations, they, also, confirmed it as a breach, issued me another Windows Live ID and then reinitialized the stolen Microsoft Products that were associated with the old ID over to the new ID." Another gamer wrote in with an identical complaint, warning that Microsoft's product support staff have been unhelpful. "They admit this is an issue but say there's nothing they can do about it," he added. Digital Munition's Finisterre also made a note about the lack of support from Microsoft: I just got off the phone with a Microsoft Tech for Xbox live that has confirmed this to with me and they have stated that accounts are being stolen and that "Hackers have control of Xbox live and there is nothing we can do about it." Microsoft did not respond to a request for comment. source: zdnet you guys might want to check your accounts for unwanted charges. Link to comment Share on other sites More sharing options...
Roger H. Veteran Posted March 21, 2007 Veteran Share Posted March 21, 2007 well good i don't use my credit card on live... just bought my points and other things via cards. Makes it safer for me too as with a credit card linked i'd go spending like crazy without thinking about it, if i have to get up off my butt to go to the store to buy points i might think do i really need this? Sux for those people tho... i'll check my points tho in a lil bit. Link to comment Share on other sites More sharing options...
DELTETHISACCOUNT Posted March 21, 2007 Share Posted March 21, 2007 I have to take off my payment plan when I get home... Link to comment Share on other sites More sharing options...
Spartan_X Posted March 21, 2007 Share Posted March 21, 2007 After finally getting this confirmation and having a case number assigned and forwarded to Microsoft Security Investigations, they, also, confirmed it as a breach, issued me another Windows Live ID and then reinitialized the stolen Microsoft Products that were associated with the old ID over to the new ID." :laugh: :rofl: :p oh boy what this world has come to!!! :rolleyes: first off, when you can prove your WLID has been compromised the procedure is to deactivate the account and then make a quick search of account activity; if the account shows an unusual behavior like a "shopping spree" or a ?password change? a security investigation is started and criminal charges will be filed once we reach the suspect because we can trace ANY IP around the world and we'll have no mercy with such criminals. then, as an internal policy we never ?issue new WLIDs? to ANYONE! we can?t do that as you will need to go all over the place and start changing your profiles linked to that ID; what we do is to reset your password and give that new temporary password to the account owner and if the criminal bought goods using your WLID the charges will be lifted from the account and a ?compensation? will be given to the account owner as an apology. I love to see how urban legen:rolleyes:n? :rolleyes: Link to comment Share on other sites More sharing options...
FreqFace Posted March 21, 2007 Share Posted March 21, 2007 Actually, I did want to know this before I read this, but how the hell do you delete credit card info from Xbox Live, I can't seem to find a way to remove it! Link to comment Share on other sites More sharing options...
Spartan_X Posted March 21, 2007 Share Posted March 21, 2007 A quick search of user forums at xbox.com and other gaming sites turned up multiple messages from Xbox Live users complaining about hijacked accounts, which typically link gamer tags to Windows Live ID (formerly .NET Passport). just drop by http://forums.xbox.com/ and make a quick search for this issue and you'll see the results... :rolleyes: Link to comment Share on other sites More sharing options...
bdsams Veteran Posted March 21, 2007 Veteran Share Posted March 21, 2007 S-X do you know how there doing it/ will this mayhem be stopped soon hopefully? Link to comment Share on other sites More sharing options...
PL_ Veteran Posted March 21, 2007 Veteran Share Posted March 21, 2007 <snip> Well, sometimes these call centers do give misleading/wrong information, so something might've happened there. Link to comment Share on other sites More sharing options...
Spartan_X Posted March 21, 2007 Share Posted March 21, 2007 S-X do you know how there doing it/ will this mayhem be stopped soon hopefully? All this thing is just the most purest scent of BS I?d ever seen, just look at the original post on the Xbox.com forums. This Morning I went to go on my xbox and right when i was going to log in it said somebody else recovered my gamertag. Thankfully i went and got this fixed by my brother changing my password and everything. I know who it was his name is XxHSCDARKNESSxX HSC stands for Head Shotz Clan and they are sponsored by Microsoft so when i went to report him they said there is no evidence (clearly because he is the leader they will not bann him.) So That is why im posting this please File A Complaint on Him and get him banned before this happens to you. If you file a complaint just Post on this thread and i will give you positivive feedback. He Deleted Everybody on My friend list and all my messages and my parents credit card was on there so he bought over 20,000 Microsoft points and bought everything in the Marketplace with that 20,000 Microsoft pts. Left Over i have no idea on what he was planning to do with my account with out my hard drive but please try and get him banned. He Also Stole Somebody Elses and resulted him in making a new name. Im trying to change my name before he comes bak on and hacks it but because he bought to much stuff i have to wait over 24hrs to change my name. Note not to long ago he got caught cheating on gamebattles to make his clan the top Ranked Clan so he could get extra Microsoft points from Microsoft. Please File A Complaint Or Do Anything To Help me And yourself from your Gamertag getting stolen. Gamertag= SMILEATMYSCOPE http://forums.xbox.com/8947506/ShowPost.aspx now, after reading all that do you still believe the story?:rolleyes:s: Link to comment Share on other sites More sharing options...
MadFerIt Posted March 21, 2007 Share Posted March 21, 2007 Oh well. Whether it's true or not, I guess I'll know if my points jump higher all of a sudden or I'm locked out of my account lmao. Link to comment Share on other sites More sharing options...
ynnoj Posted March 21, 2007 Share Posted March 21, 2007 HSC stands for Head Shotz Clan and they are sponsored by Microsoft :rolleyes: Link to comment Share on other sites More sharing options...
Rodrigo Posted March 21, 2007 Share Posted March 21, 2007 Lmao. Well, some people will get in trouble for spawning all this bull****. Link to comment Share on other sites More sharing options...
MillionVoltss Posted March 21, 2007 Share Posted March 21, 2007 You can password your Xbox live account so when you switch your console on you can play offline ASAP but to login Xbox live you need to input a simple 4 button command on the joypad. You can modify your details for Xbox live until youve put the combination in or play online. This is different to the login Live password which is needed to acess the account and id say it would be worth doing as it only takes 2 seconds to do. Link to comment Share on other sites More sharing options...
Spartan_X Posted March 21, 2007 Share Posted March 21, 2007 Microsoft probes possible Xbox Live fraud Reports of hijacked accounts prompt Microsoft to investigate its online gaming service. Microsoft is investigating possible fraud on its Xbox Live online gaming service, the company said Tuesday. The investigation comes after gamers reported having their Xbox Live accounts hijacked and their credit cards used to buy Microsoft Points, the virtual currency on Xbox Live, which has more than 6 million users. "Recently, there have been reports of fraudulent activity and account theft taking place on the Xbox Live network," a Microsoft representative said in a statement provided to CNET News.com. "Security is a top priority for Xbox Live, and we are actively investigating all reports of fraudulent behavior and theft." Gamers have been reporting the incidents for some time in online forums--including on Xbox.com--and to Microsoft's Xbox help desk. Many users of the Microsoft console have been frustrated with the software giant's response to date. "My Xbox Live account was hacked and all credit card info was stolen and used to run up points...Microsoft says: 'Oh, well, better call your credit card companies, nothing we can do,'" one user wrote on the Xbox Web site last month. Security researcher Kevin Finisterre was playing Halo 2 on a recent night with several friends when some of their opponents threatened to steal their accounts, he said. "Literally the next day my girl's account was locked out," Finisterre wrote in an e-mail Tuesday. "I received a message on my Xbox that said: 'We are sorry we must log you out of Xbox Live because someone else is using your Gamertag.'" The account was banned. Finisterre said that calling Microsoft was no help and that he got the runaround from the support people who answer 1-800-4MY-XBOX, the official help line. "My account is currently being investigated after about seven frustrating calls," he wrote. An edited recording of several calls he made is available on Finisterre's Web site. While some users believe the security of Xbox Live was breached, others suggest that users were tricked into giving up enough information while in a game so fraudsters could call Microsoft to change the account information. Users may also have been duped into giving up their account information through phishing scams. Microsoft asks any Xbox user with a question about the security of their Xbox Live account to call in. "An Xbox customer service representative will help them understand our security policies and procedures," the representative said. By Joris Evers -- News.com Posted Mar 21, 2007 12:27 pm CT Story from GameSpot: http://www.gamespot.com/news/6167801.html Copyright ?2006 CNET Networks, Inc. All Rights Reserved. Link to comment Share on other sites More sharing options...
ToneKnee Posted March 21, 2007 Share Posted March 21, 2007 Sorry, but I think a Trojan of somekind is doing it, the ones which have keyloggers. Windows Live ID's are stolen, and the Xbox Live accounts linked get hijacked, coincidence? Link to comment Share on other sites More sharing options...
neoadorable Posted March 22, 2007 Share Posted March 22, 2007 damn the connection with the PC is ruining the 360 faster than i thought. and this Windows Live thing isn't really full on yet. Spartan, what's the gives on this one? are we safe or what? Link to comment Share on other sites More sharing options...
ToneKnee Posted March 22, 2007 Share Posted March 22, 2007 damn the connection with the PC is ruining the 360 faster than i thought. and this Windows Live thing isn't really full on yet.Spartan, what's the gives on this one? are we safe or what? I think you are a little confused. The problem is Windows Live ID (You know, the same ID used for Windows Mail/Hotmail etc), and people who have linked the Xbox Live gamerstag to the Live ID. These people have had their Live ID stolen by some sort of Trojan/Keylogger, misuse of passwords, giving their accounts to others etc etc etc, could be a huge number a reasons. It doesn't seem to be an actual security problem at Microsoft. Link to comment Share on other sites More sharing options...
Trong Posted March 22, 2007 Share Posted March 22, 2007 Is it just me or is the Xbox.com website freakin' out on me? Link to comment Share on other sites More sharing options...
planetik Posted March 22, 2007 Share Posted March 22, 2007 Is it just me or is the Xbox.com website freakin' out on me? It must be you. Link to comment Share on other sites More sharing options...
neoadorable Posted March 22, 2007 Share Posted March 22, 2007 well neoflux that's what i'm saying: users with Win Live ID's tied to their XBL accounts proved to be the path of least resistance to hacking. thus it's the connection to the PC that's allowing this sort of activity an in. not saying 360-only accounts are impervious, but prob that much harder to get at. Link to comment Share on other sites More sharing options...
yardmanflex Posted March 22, 2007 Share Posted March 22, 2007 I think some of these poeple are victims of phlishing! Link to comment Share on other sites More sharing options...
NightmarE D Posted March 22, 2007 Share Posted March 22, 2007 I think some of these poeple are victims of phlishing! Or maybe even phishing! :p Link to comment Share on other sites More sharing options...
+dnast Subscriber² Posted March 22, 2007 Subscriber² Share Posted March 22, 2007 http://www.pcmag.com/article2/0,1895,2106680,00.asp Hmm...I wasn't really worried about it at first, but I think I might consider taking my CC# out for the time being. Link to comment Share on other sites More sharing options...
Recommended Posts