Xbox Live Hacked?

[tkioz]

-snip-

I don't know why you and the other guy focused so much on the Sony hack. I wasn't making a comment about it.

Just saying that, as far as customers go, we the public were unaffected by the Sony hack. (Besides not being able to use PSN for a longass time). Problems like the OP's is actually hurting customers, though.

Edit: Not saying that 'Only the big bad company got hurt so who cares?', just that it's different.

Edit 2: As for your last paragraph...I know. That's why the end of my post had 'You haven't gone anywhere shady with your Live information, have you, OP?'

Consider I hadn't turned my Xbox on in MONTHS, and only still had my gold membership because it was a nightmare to attempt to cancel it, I don't know what I could have possibly done to bring this on.

Seriously, it's been months since I used either my Xbox or my Windows Live account. I've been playing games exclusively on my PC for a good long while, because of a medical condition that has left me legally blind, I can use a PC if I have the text and details scaled up, but using even my big ass TV that cost me a bloody fortune? Not a chance, any more distance then 2 meters and I can't see crap.

So yea, the only place I recall putting my live tag is here at the Escapist and that was well over two years ago, and I highly doubt they're hacking gamertags for the lulz.

I'm not one of those morons who goes around looking for exploits or hacking tutorials.

Hell I use to work in IT before my eyes went, I know the risks and how to keep yourself safe online; that's why this event is so bloody annoying, because I did everything right, and I still got screwed over.

 

[Ghengis John]

hehehe. Sorry, all I remember from when it happened to sony is allt he x box fanboys saying this shit would NEVER happen on XBL cause they pay more money. EDIT: now admittedly this is small peanuts compared to sony's, but still its just good to see the potential exists, knock a few people off high horses..

Your personal account was broken into, nobody hacked all of XBL.

There's a big difference here in sheer volumes of fuckuptitude. One guy had his account hacked and is jumping to the conclusion the whole network got hacked... versus a whole network getting hacked. Sucks o be the one guy but who knows how they got in. They might not have even hacked his LIVE account directly. If he used the same name and pass for his E-mail or facebook for instance, LIVE could have been a gimmie.

 

[mysecondlife]

sorry to hear that. I hope things get rectified soon as possible.

hehehe. Sorry, all I remember from when it happened to sony is allt he x box fanboys saying this shit would NEVER happen on XBL cause they pay more money. EDIT: now admittedly this is small peanuts compared to sony's, but still its just good to see the potential exists, knock a few people off high horses.

...

actually i shouldnt be so petty. i dont know, sucks for you and all that it happened to I suppose, but I dont feel sorry for you unless you decide to take immediate action.

it depends on how you look at it actually. PSN affected all of us because it went down.. I haven't read any report on anyone losing money over PSN.

 

[Souplex]

I think it's less XBox live, more your XBox.

 

[bojac6]

The charges were made to your account, it wasn't a case of xbox live being hacked, but a case of your account being compromised. Most compromised xbox accounts are compromised because you use the same email/password combo at other websites or other companies who have been compromised (like sony) and your account info was stolen from them. Try calling their support and getting an investigation started on your account for the charges.

Well I've considered that, but I haven't used my Windows Live or XBOX Live accounts for months, I haven't even turned my xbox on for months, my eyes have gone and I can't see the TV to play it so what's the point.

So it wasn't malware.

All my passwords are randomly generated 12 characters long, and never used on more then one site, so that's out.

My email account that is used for accounts is an ISP account that's locked to my IP (slight pain but worth it for security), so they couldn't have got it that way.

So yeah I'm confident in blaming Microsoft for this.

Same thing happened to me with my Steam Account. I hadn't checked it in a while and suddenly my credit card bill had like $500 from Steam on it. When I tried to log in, my password wasn't working. I had to call Valve and verify my Credit Card. Afterwards, they refunded the money, took the games back, and everything worked out.

Well, except there were like 12 extra people on my friend's list and one of them IMed me and asked if I wanted to play. I didn't have the game he wanted to play so I just confronted him outright, and suddenly everybody on my friends list blocked me. So good for them.

This happens. Congratulations, you won the reverse lottery. But any legitimate bank and credit card company will give you your money back.

 

[Chicago Ted]

-snip-

I don't know why you and the other guy focused so much on the Sony hack. I wasn't making a comment about it.

Just saying that, as far as customers go, we the public were unaffected by the Sony hack. (Besides not being able to use PSN for a longass time). Problems like the OP's is actually hurting customers, though.

Edit: Not saying that 'Only the big bad company got hurt so who cares?', just that it's different.

Edit 2: As for your last paragraph...I know. That's why the end of my post had 'You haven't gone anywhere shady with your Live information, have you, OP?'

Not trying to sound too antagonistic mind you on that, just pointing it out that it was worse than an invidual case. The reason most people focus on it as well is because it is one of the biggest scandals to hit gaming in recent memory, with so many effected by it. It's not something that's going to be swept quietly under the rug and forgotten about in 6 months. Not trying to emphasize it here, but it is still something people will draw back to and reference since it is still fairly recent in memory.

And as for the hack not effecting people, well, it did with me and my family, to an annoying degree. Didn't cost us money, but it did cost us time and caused annoyances for us. I'm unaware how many others had this, but I know our bank issued us a new credit card within days after the incident, voiding the old one. Cue having to go back on every account we had connected to it from iTunes to Steam, with the new information.

On note of the first edit: Wasn't trying to say that you were pointing that out or anything, just that there was a cost to it. Not sure of what it cost the public, and I do seem to remember hearing about at least one individual who had their information used (but I can't remember if it was directly confirmed or not to be linked with the Sony issue), but I just wanted to point out that the missing information did cost money.

 

[bojac6]

Use the same password for everything? If so... yeeeeah bad idea.

See the part of my post where every password is different and 12 characters long, oh and I've got one email address that is ONLY ever used for setting up accounts with TRUSTED companies and never published anywhere. Hell I didn't even use that email address to set up my Escapist account, it's only used for stuff that involves money.

So I have ZERO clue how they got into my account, and I'm frankly REALLY pissed off about it. Microsoft say they are investigating, and my bank needs to wait a few days before doing the charge back, in the mean time the points are being sold on a dodgy website for a 1th their value and some criminal is laughing... oh and I get to use the cash I was given for my birthday last week to pay my bills rather then using it to enjoy myself like I'd planned.

Oh yeah, and sorry for the double post, but DON'T PAY THE BILL!

Call your bank, refute the charges, say it was fraud, and stop the bank from paying it. That's the beauty of credit cards, you can do that. You should have a 24 hour 800 number to call and you should do that immediately. You'll probably get a new card with a different number, but it's worth it. So you can spend your birthday money however you like, because it shouldn't be spent on this.

 

[Canadamus Prime]

No, I don't have XBoxLIVE. However if I were you, I'd call Microsoft's support line and not reply and a bloody e-mail.

 

[Shycte]

Is there any proof of XBL being to blame? Cuz' all I'm hearing now is "I got hacked and I want to blame someone".

 

[Exius Xavarus]

Im a ps3 user so idk the state of xbl, but im sorry to say the first thing that springs to mind is that this is very ironic and will probably wipe the smile off a few xbox lovers i know.
But remember what happened when the psn was hacked, unless its a noticeable problem, which it sounds like it is, then you might not hear from microsoft for ages if ever.
On the otherhand, it does sound too targeted and widespread to be just a system glitch, unless the whole system is playing around?

My exact thoughts on the very ironic situation. Don't get me wrong, I don't hate Xbox Live or its users, but maybe with this going on, Xbox users will quit patronizing me for using a PS3, talking about how PSN was hacked and whatnot.

Sorry to hear about your loss. Hopefully your money will be returned soon. :} I don't own and Xbox or have Xbox Live, but my brother does. I haven't heard anything out of him about any hacking, though.

 

[guidance]

Luckly I lost contact with the email account I used for my xbox live account, and have no idea what the password is anymore. I also buy all my codes from best buy so don't have to worry about my credit card, if this is a wide spread problem I hope it gets fixed soon.

 

[Aroth Khashar]

Just one thing I would like to point out to anyone who says that this situation is worse than the PSN incident because credit card info was used to make fraudulent purchases. When Sony first admitted that the PSN was hacked and that an unknown number (at the time) of accounts had been "compromised" there was justified concern from Sony and many end-users that their credit card info had be accessed as well. Then, when everything finally came to light and was sorted out, the ONLY reason credit card info was left intact and compromised was because of who perpetrated the attack. LulzSec simply didn't care about that information so they didn't take it. They took account names and email addresses and left proof of the theft because they wanted to scare Sony. If they had wanted to take the credit card information they easily could have. That alone makes the PSN hack magnitudes worse than any other cyber crime to date.

Now, back onto the original topic. Just reading through this thread I have seen 3 people post who have had fraudulent charges placed, and 2 or 3 others who know someone personally who has been hacked. That many people in such a relatively small group (even considering that they would be more inclined to post than some random person who has never had a problem with XBL) tells me that there is something for Microsoft to look into. At the very least there is a severe problem with their response time and reactions to the complaints when they are filed, and possibly even an issue with how they verify charges to saved payment methods. It really isn't that hard to set your system up to require an account holder to enter the security code from their card and/or the billing zip-code at purchase. The only time you can't feasibly do that is with a recurring payment (like a Gold subscription) but even then that info should be stored on their servers separate from they account info. (i.e. you should be able to have a subscription set up for Gold service without having the card info saved to your account for future purchases.)

Bottom line, there are several things Microsoft could do to help prevent issues like this. Forcing all of they blame onto the end-user for potentially not keeping his info "secure" enough when there are things you can do on the server side to be more secure yourself is just plain wrong and not good business practice.

 

[tkioz]

Now, back onto the original topic. Just reading through this thread I have seen 3 people post who have had fraudulent charges placed, and 2 or 3 others who know someone personally who has been hacked. That many people in such a relatively small group (even considering that they would be more inclined to post than some random person who has never had a problem with XBL) tells me that there is something for Microsoft to look into. At the very least there is a severe problem with their response time and reactions to the complaints when they are filed, and possibly even an issue with how they verify charges to saved payment methods. It really isn't that hard to set your system up to require an account holder to enter the security code from their card and/or the billing zip-code at purchase. The only time you can't feasibly do that is with a recurring payment (like a Gold subscription) but even then that info should be stored on their servers separate from they account info. (i.e. you should be able to have a subscription set up for Gold service without having the card info saved to your account for future purchases.)

I agree completely, I literally CAN NOT remove my credit card details from the XBOX Live account, I've tried several times over the years, and it refuses to let me without setting up some other option such as paypal.

I've got a few accounts with other places that let me save my credit card, but they wont put any transaction through without me entering the CSV (the 3 digit code on the back of the card) as they refuse to save that. Works well IMO, because it saves the hassle of entering the CC number every time, and 3 numbers is really easy to remember.

If Microsoft had something similar how much hassle could have been saved?

 

[Aroth Khashar]

Quite a lot actually. And the fact that you HAVE to put in a replacement option is bullshit. There is no logical reason to require you to contact them to cancel a Gold subscription, and if not for that crap you would be able to remove the card info.

 

[AlexNora]

what articles did you find i'v been looking i cant find any...

i found a few saying many sites where hacked in july but thats it and two of them techmento.com
and www.examiner.com i got virus warnings form my firewall. www.joystiq.com article was fine but again kinda outdated it didnt seem like a big deal.

ill just have to wait and see...

 

[AlexNora]

i found a forum that seems to have better information http://forums.xbox.com/xbox_forums/xbox_support/f/12/p/69404/356952.aspx

lol go figure xbox.com forums why didnt i find that before xD

from what iv read i think i'm fine i was playing live a few days ago with no problems.

 

[Craorach]

Compromise.

I had my Xbox Live account "hacked" (ie, I was an idiot) not to long ago. Over a week after reporting it to Xbox support I still have no response.

Xbox Support is disgusting, not only to they expect me to call during working hours for support for a 24 hr service, but they also expect me to wait over a week for any response at all. Fortunately my bank is more understanding and have cancelled the credit card and dispatched a new one.

 

[Sparcrypt]

Use the same password for everything? If so... yeeeeah bad idea.

See the part of my post where every password is different and 12 characters long, oh and I've got one email address that is ONLY ever used for setting up accounts with TRUSTED companies and never published anywhere. Hell I didn't even use that email address to set up my Escapist account, it's only used for stuff that involves money.

So I have ZERO clue how they got into my account, and I'm frankly REALLY pissed off about it. Microsoft say they are investigating, and my bank needs to wait a few days before doing the charge back, in the mean time the points are being sold on a dodgy website for a 1th their value and some criminal is laughing... oh and I get to use the cash I was given for my birthday last week to pay my bills rather then using it to enjoy myself like I'd planned.

Actually you didn't say anything about using different passwords for everything, just that the one you did use was secure.

I know it's frustrating, but the odds of the breach coming from someone getting into Microsofts secure servers and nobody being informed about it (which they legally have to do) are much lower then you slipped up at some point with your account details.

It may well be at their end, but thus far there hasn't been any indication of anything other then you and a few other people had their accounts breached.. this happens every day and there are many many ways for it to happen.

 

[FuktLogik]

I haven't read any report on anyone losing money over PSN.

Yeah, they don't want things like that catching the public eye. It's bad for the image.

I personally know someone who only used their credit card on PSN, and two days after the attack they were notified by VISA that someone was using his number to buy cellphone cards in Paris, only he lived on in B.C.

 

[intheweeds]

Ouch. First of all, I am very sorry. That is a terrible situation.

I use a pre-paid credit card for my online purchases for this very reason. No one can drive up charges on my card. There is never more than a few dollars on there for more than the hour or so it takes to get back home from my bank and make the purchase. Sometimes I just purchase from my smartphone before I even get home.

It won't help if my account gets locked, but at the very least, I don't have to worry about my money being stolen.