Xbox Live Hacked?

[Craorach]

Compromise.

I had my Xbox Live account "hacked" (ie, I was an idiot) not to long ago. Over a week after reporting it to Xbox support I still have no response.

Xbox Support is disgusting, not only to they expect me to call during working hours for support for a 24 hr service, but they also expect me to wait over a week for any response at all. Fortunately my bank is more understanding and have cancelled the credit card and dispatched a new one.

 

[Sparcrypt]

Use the same password for everything? If so... yeeeeah bad idea.

See the part of my post where every password is different and 12 characters long, oh and I've got one email address that is ONLY ever used for setting up accounts with TRUSTED companies and never published anywhere. Hell I didn't even use that email address to set up my Escapist account, it's only used for stuff that involves money.

So I have ZERO clue how they got into my account, and I'm frankly REALLY pissed off about it. Microsoft say they are investigating, and my bank needs to wait a few days before doing the charge back, in the mean time the points are being sold on a dodgy website for a 1th their value and some criminal is laughing... oh and I get to use the cash I was given for my birthday last week to pay my bills rather then using it to enjoy myself like I'd planned.

Actually you didn't say anything about using different passwords for everything, just that the one you did use was secure.

I know it's frustrating, but the odds of the breach coming from someone getting into Microsofts secure servers and nobody being informed about it (which they legally have to do) are much lower then you slipped up at some point with your account details.

It may well be at their end, but thus far there hasn't been any indication of anything other then you and a few other people had their accounts breached.. this happens every day and there are many many ways for it to happen.

 

[FuktLogik]

I haven't read any report on anyone losing money over PSN.

Yeah, they don't want things like that catching the public eye. It's bad for the image.

I personally know someone who only used their credit card on PSN, and two days after the attack they were notified by VISA that someone was using his number to buy cellphone cards in Paris, only he lived on in B.C.

 

[intheweeds]

Ouch. First of all, I am very sorry. That is a terrible situation.

I use a pre-paid credit card for my online purchases for this very reason. No one can drive up charges on my card. There is never more than a few dollars on there for more than the hour or so it takes to get back home from my bank and make the purchase. Sometimes I just purchase from my smartphone before I even get home.

It won't help if my account gets locked, but at the very least, I don't have to worry about my money being stolen.

 

[instantbenz]

And that, my friend, is why I dont trust these companies with my credit card details. I always buy things with paysafecards and the likes when I can.

funnily enough i purchase the cards with my debit card ... which is also putting me at risk hahahaaaa...shit

anyway i agree, i'm playstation all the way, but i still don't trust to put my card on there ... so they don't get as prompt of purchases from me on the psn anymore.

 

[barbzilla]

Now, back onto the original topic. Just reading through this thread I have seen 3 people post who have had fraudulent charges placed, and 2 or 3 others who know someone personally who has been hacked. That many people in such a relatively small group (even considering that they would be more inclined to post than some random person who has never had a problem with XBL) tells me that there is something for Microsoft to look into. At the very least there is a severe problem with their response time and reactions to the complaints when they are filed, and possibly even an issue with how they verify charges to saved payment methods. It really isn't that hard to set your system up to require an account holder to enter the security code from their card and/or the billing zip-code at purchase. The only time you can't feasibly do that is with a recurring payment (like a Gold subscription) but even then that info should be stored on their servers separate from they account info. (i.e. you should be able to have a subscription set up for Gold service without having the card info saved to your account for future purchases.)

I agree completely, I literally CAN NOT remove my credit card details from the XBOX Live account, I've tried several times over the years, and it refuses to let me without setting up some other option such as paypal.

I've got a few accounts with other places that let me save my credit card, but they wont put any transaction through without me entering the CSV (the 3 digit code on the back of the card) as they refuse to save that. Works well IMO, because it saves the hassle of entering the CC number every time, and 3 numbers is really easy to remember.

If Microsoft had something similar how much hassle could have been saved?

Couple of things here
1 not all that hard to cancel your XBL account. I just did mine about 5 minutes ago and it took me all of 30 seconds to sign in on the website and go to my account and click cancel. Not a "nightmare" as you described it, so why keep paying for a service you aren't using?

2 You can remove your credit card after the subscription tied to that card is canceled. Because of automatic renewal the card stays linked to the subscription. Once again took me about 2 minutes to remove my credit card (took me a minute to find it).

I really feel like you are upset at microsoft for something else or maybe you just want to have someone to point a finger at, I am not sure, but you are just making yourself look silly throwing accusations about XBL being hacked when it was just your account.

 

[Mouse_Crouse]

Couple of things here
1 not all that hard to cancel your XBL account. I just did mine about 5 minutes ago and it took me all of 30 seconds to sign in on the website and go to my account and click cancel. Not a "nightmare" as you described it, so why keep paying for a service you aren't using?

2 You can remove your credit card after the subscription tied to that card is canceled. Because of automatic renewal the card stays linked to the subscription. Once again took me about 2 minutes to remove my credit card (took me a minute to find it).

I really feel like you are upset at microsoft for something else or maybe you just want to have someone to point a finger at, I am not sure, but you are just making yourself look silly throwing accusations about XBL being hacked when it was just your account.

Pretty much this, I don't understand why so many people think this is so hard. Months ago when I had to cancel my gold for a while, 5 mins on the phone and I had my account deactivated and the card info removed.

 

[Akihiko]

I've heard of this happening a lot recently. There was quite a big thread on neogaf about it( http://www.neogaf.com/forum/showthread.php?t=442986 ). Considering how many people seem to be affected, I'm finding it hard to believe that it's just a coincidence.

 

[DeathWyrmNexus]

Well I'm assuming that these people gifted themselves? If that's the case you're working with some genius hackers...

You Gift of XBOX Live Time has been accepted
You Gift of Microsoft Points has been accepted
You Gift of Microsoft Points has been accepted
You Gift of Microsoft Points has been accepted

If that isn't the case and I misread then its more likely to be a glitch...Now that I think about it it has to be a server glitch or something. What is the point of hacking and using the credit card when nothing will come of it...Oh wait. This is the internet and I'm just remembering LulzSec >_>


EDIT: I'm a Gold Member and I haven't had any notifications or credit card usage.

EDIT EDIT: Also, a password is a great deterrent but with enough persistence a 12 character password with symbols, uppercase/lowercase and numbers can be broken.

I am also alright. Seems to be a glitch on their end.

 

[Jwyrd]

Accidentally double posted, the second post contains the spoilers. Removing this to save confusion.

 

[Jwyrd]

I noticed there was some talk about password strength, and I felt it appropriate to bring this up now.

I am unsure if anyone else here is familiar with XKCD, but the author and artist (same person) is greatly interested in math, science, computers, and astronomy (given that he is a former employee of NASA) and writes little stick figure comics detailing instances that he finds interesting. A relatively recent post had to do with internet security and password strength.

Here is a direct link to the page in question. If you do not feel up to following the link, the next spoiler tag will contain the comic in question.

Spoiler

http://xkcd.com/936/

The comic in question.

Spoiler

Hopefully this will help with future password and account issues.

Best of luck in resolving your issues with your credit card.

Edit: Removed double post, and edited small grammatical error.

 

[ZephrC]

I had a really similar thing happen to me a couple months ago. My only advice is to call. Their customer service is way better over the phone. Really though it sounds like you've already done pretty much everything that can be done.

It could be worse though. The guy who got my account info changed the region on my account to Russia, and for some reason Microsoft allows accounts to change their region to Russia, but not to the US. So I had to make a whole new gamer tag.

 

[Aroth Khashar]

So yeah I'm confident in blaming Microsoft for this.

It has nothing to do with microsoft and everything to do with YOUR account being hacked. If there is profit in it then any account no matter where it is is vulnerable to being hacked. Shit happens call either microsofts support or your bank and they will deal with it. From what I have seen it takes around three or four weeks possibly longer.

While Microsoft is not to blame for an individual account being hacked, a 3 to 4 week (or longer) response time for a fraudulent charge complaint is NOT ACCEPTABLE.

Also, you can't just assume that the user screwed up. It is possible that someone on Microsoft's side screwed up and a portion of their user database was left with the account info vulnerable. When a larger than average group of people suddenly show up in a short period of time with their accounts being hacked (or just a larger proportion of accounts with credit card info than usual) that is typically a good sign that something was left unsecured on the server side.

 

[Findlebob]

See this is why you never leave your card details on a online site. It is a pain to put them back in every time you buy something but what is a hacker going to do once he gets on. Password change that can be fixed easily.

Im ps3 by the way so im not sure about how the payment system works on xbox.

 

[Blow_Pop]

I'm more a PSN player since I don't have a 360 but my thing with the PSN/Xbox LIVE/Steam is that I have a "credit card" (I use that term loosely) I use that has just my name on it. Doesn't have any other personal information, isn't linked to any bank accounts, I have to take money out of my bank account and put it on the card. So the card doesn't have money unless I put it on. I think right now it has $5 on it. Or I buy PSN cash cards/Xbox LIVE points at Gamestop and use those. But then I'm a bit paranoid about that. However, upon checking my email, I have nothing of the sort in my email about my Xbox LIVE account. And upon consultation upon my best mate she doesn't either.

 

[Atmos Duality]

What? XBL became a central point of failure? You mean Microsoft's little user-monopoly-system was attacked and COMPROMISED? Why would anyone do such a thing?!

I mean, holy shit! That's never happened before! Somebody better warn Sony to make sure they don't...ooooohhh...right. Yeah, I guess Microsoft didn't get the memo.

Then again, on a system that large, someone was eventually going to find the cracks in their security to slip through. In network security, the only 100% proven defense against all attacks is to not go onto the grid at all.

And really, I'm sorry for you because now you get to deal with the circus that is Microsoft Customer Service.
I hope that situation gets sorted out for you quickly, but based on my own experience with Microsoft's customer service they will drag their heels and deny responsibility at every possible turn.