Xbox LIVE hack doing the rounds

[GiantRaven]

I have heard it posited that it's not a person, but some sort of bot doing it. I honestly don't know how likely or easy that'd be, but it makes sense given the mindless repetition of the task. Unless whoever's doing it is a die-hard MMO fan or something, FIFA not withstanding.

And to what end? Congratulations person running this bot; you now have a lot of FIFA 12 DLC over and over again!

 

[Idsertian]

I have no idea to what end. Maybe because they can? To fuck with XBL users/Microsoft? I dunno.

 

[Sangreal Gothcraft]

Hehe i no longer use Gold, Stoped playing Console a while back, Sue thier arses, your money is getting stolen and used for crappy FIFA game DLC... Call the banks Harrasses them for your hard earn cash call MS and harrass the living Crap out of them, Keep calling and keep pressing on them, they will eventually cave in and just refund you back instead of hearing your voice again.

 

[Jakub324]

Thanks for the warning, I just disconnected my console, not that my 80 MS points are worth a whole lot.

 

[Idsertian]

Hehe i no longer use Gold, Stoped playing Console a while back, Sue thier arses, your money is getting stolen and used for crappy FIFA game DLC... Call the banks Harrasses them for your hard earn cash call MS and harrass the living Crap out of them, Keep calling and keep pressing on them, they will eventually cave in and just refund you back instead of hearing your voice again.

No point harassing them during the time period they said they were going to investigate in, just makes me look like an ass and pisses off the support staff. If however, I'm till suspended after 30 days and I haven't heard anything from them, then they will be getting a call. My mood at the time will dictate what kind of call.

Thanks for the warning, I just disconnected my console, not that my 80 MS points are worth a whole lot.

Don't think disconnecting will help you mate, it's like they have access to the database. You can access XBL accounts from anywhere in the world, long as you have a console. Hell, you don't even need that, just a PC to get on the website.

 

[GLo Jones]

The only card tied to my xbl account expired about a year ago. If you want to add points, but don't want to go get a 'points card' then you can just use Paypal like me.

I do have around 2,500 points on my account though, I guess now's the moment I should start spending it.

Dynasty Warriors 7 dlc, I've been eyeing you for a while!

 

[Blunderboy]

Guess I'll be calling my bank to get a new card later.

 

[Idsertian]

@GLo Jones and Blunderboy: Those would definitely be advisable courses of action.

 

[darth gditch]

Just a friendly warning for my fellow Escapists about a hack that's doing the rounds at the moment.

This morning (10/10/2011), I tried to sign into my XBL account for a quick blast of Gears 3 on Insane (yes, I go basic achievement hunting, and yes, I must be a glutton for punishment or something), to be told no less than twice, that my details were invalid. Wuh?

"Okay," thinks me, "it's just the console having a Microsoft moment, I'll just recover the GT, no problem." After waiting ages for my crappy internet to redownload my profile information (thanks a lot, Sky), I finally log in.

What the crap is this? FIFA 12 with two achievements? But I don't own...oh crap. My MS Points are gone. All 2100 of them.

It seems some spoddy little arsewipe, or group of spoddy little arsewipes, is going around jacking people's accounts and emptying them of points by spending them all on "Premium Gold Pack" and "Premium Silver Pack" DLC for FIFA 12, while playing a basic amount to get a couple of achievements. They're also not above using associated bank cards to charge ridiculous sums of MSP's (usually in the order of around 10k points), then empty them on the above DLC. The kicker is, those DLC packs don't appear in your download lists for whatever reason, but they do at least appear on your Billing and Payment page on the XBL site.

This has been going on at least since the back end of last month, and Microsoft don't seem to be doing much about it except on a reactionary level. I.e. nothing gets done until customers phone and complain about their accounts getting hacked. It seems there's absolutely nothing you can do about your account getting jacked, as I have read reports of people spotting the unauthorised purchases and nabbing their account back, changing their password, only to have their account re-jacked in minutes.

This suggests to me that whoever is doing this, has a major door-jam holding open a backdoor to LIVE's database somewhere. What boggles my mind is this has been going on for at least a couple of weeks now and nothing has been done to try and combat it. MS haven't even tried warning customers that this is going on, keeping it all very hush hush. This smacks of the PSN hack a few months ago and the way this is going, it certainly is almost at the same level.

So yes, this a warning to my fellow Escapists that own 360's to disassociate any credit/debit cards that are on your XBL account to avoid any surcharges. To those who don't have cards but do have points, just cross your fingers and hope you don't fall victim.

A couple of threads on this at the XBL forums, just so I don't look like a raving lunatic:

http://forums.xbox.com/xbox_forums/xbox_support/f/12/t/103484.aspx (I have a post in here, first response)
http://forums.xbox.com/xbox_forums/xbox_support/f/12/t/97215.aspx?PageIndex=1

There are more, lots more, but obviously I'm not going to link them all. Damn hackers.

CAPTCHA: buotio Helfmeyer), Mmm, sounds tasty.

Had EXACTLY the same problem a month ago. I have yet to get all of my crap back. In fact, I don't give a damn anymore about the 800 microsoft points that were stolen (canceled the credit card they bought stuff with) I just want my freaking live back after almost 6 weeks of "investigating."

 

[Idsertian]

Had EXACTLY the same problem a month ago. I have yet to get all of my crap back. In fact, I don't give a damn anymore about the 800 microsoft points that were stolen (canceled the credit card they bought stuff with) I just want my freaking live back after almost 6 weeks of "investigating."

6 weeks? I think you need to get on the phone to them again mate, that's just not on. Especially if they've told you it will be shorter than that. I could understand a day or two over 30 days, maybe a week, but not two weeks.

 

[KeyMaster45]

This has been going on at least since the back end of last month, and Microsoft don't seem to be doing much about it except on a reactionary level. I.e. nothing gets done until customers phone and complain about their accounts getting hacked. It seems there's absolutely nothing you can do about your account getting jacked, as I have read reports of people spotting the unauthorised purchases and nabbing their account back, changing their password, only to have their account re-jacked in minutes.

This suggests to me that whoever is doing this, has a major door-jam holding open a backdoor to LIVE's database somewhere. What boggles my mind is this has been going on for at least a couple of weeks now and nothing has been done to try and combat it. MS haven't even tried warning customers that this is going on, keeping it all very hush hush. This smacks of the PSN hack a few months ago and the way this is going, it certainly is almost at the same level.

You give them far too much credit. If the account is getting re-hacked minutes after changing the password then it's more likely they've hacked your e-mail account than busted through Microsoft's defenses, plus you've probably got a virus, most likely a keylogger, that's allowing them to keep breaking into your stuff. When an account gets hacked it's usually because the user inadvertently at some point did something that gave them access. Phishing e-mails are usually a prime suspect, and some of them are damned convincing to.(most are utter crap that you'd be a fool to fall for though)

The point is that the hackers don't have some terrifying foot in Microsoft's back door. They prefer to walk right through the front gates. Run a thorough check of your computer, change the passwords on your e-mail account(s), and then only when you're sure you've neutralized the threat, change the password and e-mail association on your XBL account. My advice is to set up a separate e-mail account specifically for your XBL stuff, use it for nothing else. It's literally the most fool proof way to avoid them getting your info via a hacked e-mail account.

 

[Idsertian]

-snip-

Oh, re-jacking hasn't happened to me, it's just something I read had happened to one or two people over at the XBL forums. That's a more likely situation actually, what you posited.

As for me, I keep very stringent internet security going, including frequent updating and scanning of my system.

 

[gmaverick019_v1legacy]

This has been going on at least since the back end of last month, and Microsoft don't seem to be doing much about it except on a reactionary level. I.e. nothing gets done until customers phone and complain about their accounts getting hacked. It seems there's absolutely nothing you can do about your account getting jacked, as I have read reports of people spotting the unauthorised purchases and nabbing their account back, changing their password, only to have their account re-jacked in minutes.

This suggests to me that whoever is doing this, has a major door-jam holding open a backdoor to LIVE's database somewhere. What boggles my mind is this has been going on for at least a couple of weeks now and nothing has been done to try and combat it. MS haven't even tried warning customers that this is going on, keeping it all very hush hush. This smacks of the PSN hack a few months ago and the way this is going, it certainly is almost at the same level.

You give them far too much credit. If the account is getting re-hacked minutes after changing the password then it's more likely they've hacked your e-mail account than busted through Microsoft's defenses, plus you've probably got a virus, most likely a keylogger, that's allowing them to keep breaking into your stuff. When an account gets hacked it's usually because the user inadvertently at some point did something that gave them access. Phishing e-mails are usually a prime suspect, and some of them are damned convincing to.(most are utter crap that you'd be a fool to fall for though)

The point is that the hackers don't have some terrifying foot in Microsoft's back door. They prefer to walk right through the front gates. Run a thorough check of your computer, change the passwords on your e-mail account(s), and then only when you're sure you've neutralized the threat, change the password and e-mail association on your XBL account. My advice is to set up a separate e-mail account specifically for your XBL stuff, use it for nothing else. It's literally the most fool proof way to avoid them getting your info via a hacked e-mail account.

yeah agreed.

if this is happening to you in that manner, more than likely they have a backdoor to YOUR database, not microsoft's, you gotta do a thorough check of your whole computer/e-mails, and reset your account to a new e-mail with a different password.

 

[Idsertian]

yeah agreed.

if this is happening to you in that manner, more than likely they have a backdoor to YOUR database, not microsoft's, you gotta do a thorough check of your whole computer/e-mails, and reset your account to a new e-mail with a different password.

I already ninja'd you. Interestingly enough, there's a system update available today. Hmmm...

 

[rastlin1985]

Exactly the same thing happened to me, though fortunatley i was offered (imo) a much better option than sending it to the fraud team and loosing the account for 30 days or more!

The bloke on the phone basically said they can take off the cost of your stolen points from your next subsription payment (which in my case was only ~£10 anyway).

Obviously they then gave the usual blargh about account security, though in light of this, i may do as someone suggested above and create a new email account just for xbox live.

 

[Tufty94]

I'm not sure how they're doing it, but to be safe, change your password on your Xbox 360 and make sure you don't sign into a Windows Live website with your Xbox 360 details. It will also help if the password has never been used by another account before.

Then installant AVG free and get something that's not a pile of shit, like MSSE (Free), Norton or McAfee and do a virus scan. I do a virus scan every single day and I've found several key loggers on my computer in the past two years.

 

[Sonicron]

Thank you, paranoia! When the PSN hack happened, two things happened:
1) I thanked my lucky stars I hadn't submitted credit card information to PSN.
2) I pestered MS Support until they agreed to immediately delete the credit card info from my account.
In essence, have fun with my account, filthy hackers, should you decide to nab it - all you'll find are 110 measly MS points and no CC info to abuse.

 

[Enslave_All_Elves]

for fifa? really? well at least it rules out Americans...

good to know. I'll be sure to throw this one at all the x box fan boys I play with. "Oh PSN sucks blahblah." Whatever man, I told you it was only a matter of time until 360 got hit with something. (I play 360, I'm just not a total dingus).

 

[Zantos]

Well, transferred payments over to paypal. Much harder to steal cash from and much easier to get cash back. Should be safe now.

 

[Idsertian]

I'm not sure how they're doing it, but to be safe, change your password on your Xbox 360 and make sure you don't sign into a Windows Live website with your Xbox 360 details. It will also help if the password has never been used by another account before.

Then installant AVG free and get something that's not a pile of shit, like MSSE (Free), Norton or McAfee and do a virus scan. I do a virus scan every single day and I've found several key loggers on my computer in the past two years.

Already done that, no worries. I use Kaspersky btw, which is fairly good. Switched from McAfee because it turned into a shit resource hog. That said, Kaspersky's starting to do the same thing. Bleh.