Xbox Live Hacked?

[instantbenz]

And that, my friend, is why I dont trust these companies with my credit card details. I always buy things with paysafecards and the likes when I can.

funnily enough i purchase the cards with my debit card ... which is also putting me at risk hahahaaaa...shit

anyway i agree, i'm playstation all the way, but i still don't trust to put my card on there ... so they don't get as prompt of purchases from me on the psn anymore.

 

[barbzilla]

Now, back onto the original topic. Just reading through this thread I have seen 3 people post who have had fraudulent charges placed, and 2 or 3 others who know someone personally who has been hacked. That many people in such a relatively small group (even considering that they would be more inclined to post than some random person who has never had a problem with XBL) tells me that there is something for Microsoft to look into. At the very least there is a severe problem with their response time and reactions to the complaints when they are filed, and possibly even an issue with how they verify charges to saved payment methods. It really isn't that hard to set your system up to require an account holder to enter the security code from their card and/or the billing zip-code at purchase. The only time you can't feasibly do that is with a recurring payment (like a Gold subscription) but even then that info should be stored on their servers separate from they account info. (i.e. you should be able to have a subscription set up for Gold service without having the card info saved to your account for future purchases.)

I agree completely, I literally CAN NOT remove my credit card details from the XBOX Live account, I've tried several times over the years, and it refuses to let me without setting up some other option such as paypal.

I've got a few accounts with other places that let me save my credit card, but they wont put any transaction through without me entering the CSV (the 3 digit code on the back of the card) as they refuse to save that. Works well IMO, because it saves the hassle of entering the CC number every time, and 3 numbers is really easy to remember.

If Microsoft had something similar how much hassle could have been saved?

Couple of things here
1 not all that hard to cancel your XBL account. I just did mine about 5 minutes ago and it took me all of 30 seconds to sign in on the website and go to my account and click cancel. Not a "nightmare" as you described it, so why keep paying for a service you aren't using?

2 You can remove your credit card after the subscription tied to that card is canceled. Because of automatic renewal the card stays linked to the subscription. Once again took me about 2 minutes to remove my credit card (took me a minute to find it).

I really feel like you are upset at microsoft for something else or maybe you just want to have someone to point a finger at, I am not sure, but you are just making yourself look silly throwing accusations about XBL being hacked when it was just your account.

 

[Mouse_Crouse]

Couple of things here
1 not all that hard to cancel your XBL account. I just did mine about 5 minutes ago and it took me all of 30 seconds to sign in on the website and go to my account and click cancel. Not a "nightmare" as you described it, so why keep paying for a service you aren't using?

2 You can remove your credit card after the subscription tied to that card is canceled. Because of automatic renewal the card stays linked to the subscription. Once again took me about 2 minutes to remove my credit card (took me a minute to find it).

I really feel like you are upset at microsoft for something else or maybe you just want to have someone to point a finger at, I am not sure, but you are just making yourself look silly throwing accusations about XBL being hacked when it was just your account.

Pretty much this, I don't understand why so many people think this is so hard. Months ago when I had to cancel my gold for a while, 5 mins on the phone and I had my account deactivated and the card info removed.

 

[Akihiko]

I've heard of this happening a lot recently. There was quite a big thread on neogaf about it( http://www.neogaf.com/forum/showthread.php?t=442986 ). Considering how many people seem to be affected, I'm finding it hard to believe that it's just a coincidence.

 

[DeathWyrmNexus]

Well I'm assuming that these people gifted themselves? If that's the case you're working with some genius hackers...

You Gift of XBOX Live Time has been accepted
You Gift of Microsoft Points has been accepted
You Gift of Microsoft Points has been accepted
You Gift of Microsoft Points has been accepted

If that isn't the case and I misread then its more likely to be a glitch...Now that I think about it it has to be a server glitch or something. What is the point of hacking and using the credit card when nothing will come of it...Oh wait. This is the internet and I'm just remembering LulzSec >_>


EDIT: I'm a Gold Member and I haven't had any notifications or credit card usage.

EDIT EDIT: Also, a password is a great deterrent but with enough persistence a 12 character password with symbols, uppercase/lowercase and numbers can be broken.

I am also alright. Seems to be a glitch on their end.

 

[Jwyrd]

Accidentally double posted, the second post contains the spoilers. Removing this to save confusion.

 

[Jwyrd]

I noticed there was some talk about password strength, and I felt it appropriate to bring this up now.

I am unsure if anyone else here is familiar with XKCD, but the author and artist (same person) is greatly interested in math, science, computers, and astronomy (given that he is a former employee of NASA) and writes little stick figure comics detailing instances that he finds interesting. A relatively recent post had to do with internet security and password strength.

Here is a direct link to the page in question. If you do not feel up to following the link, the next spoiler tag will contain the comic in question.

Spoiler

http://xkcd.com/936/

The comic in question.

Spoiler

Hopefully this will help with future password and account issues.

Best of luck in resolving your issues with your credit card.

Edit: Removed double post, and edited small grammatical error.

 

[ZephrC]

I had a really similar thing happen to me a couple months ago. My only advice is to call. Their customer service is way better over the phone. Really though it sounds like you've already done pretty much everything that can be done.

It could be worse though. The guy who got my account info changed the region on my account to Russia, and for some reason Microsoft allows accounts to change their region to Russia, but not to the US. So I had to make a whole new gamer tag.

 

[Aroth Khashar]

So yeah I'm confident in blaming Microsoft for this.

It has nothing to do with microsoft and everything to do with YOUR account being hacked. If there is profit in it then any account no matter where it is is vulnerable to being hacked. Shit happens call either microsofts support or your bank and they will deal with it. From what I have seen it takes around three or four weeks possibly longer.

While Microsoft is not to blame for an individual account being hacked, a 3 to 4 week (or longer) response time for a fraudulent charge complaint is NOT ACCEPTABLE.

Also, you can't just assume that the user screwed up. It is possible that someone on Microsoft's side screwed up and a portion of their user database was left with the account info vulnerable. When a larger than average group of people suddenly show up in a short period of time with their accounts being hacked (or just a larger proportion of accounts with credit card info than usual) that is typically a good sign that something was left unsecured on the server side.

 

[Findlebob]

See this is why you never leave your card details on a online site. It is a pain to put them back in every time you buy something but what is a hacker going to do once he gets on. Password change that can be fixed easily.

Im ps3 by the way so im not sure about how the payment system works on xbox.

 

[Blow_Pop]

I'm more a PSN player since I don't have a 360 but my thing with the PSN/Xbox LIVE/Steam is that I have a "credit card" (I use that term loosely) I use that has just my name on it. Doesn't have any other personal information, isn't linked to any bank accounts, I have to take money out of my bank account and put it on the card. So the card doesn't have money unless I put it on. I think right now it has $5 on it. Or I buy PSN cash cards/Xbox LIVE points at Gamestop and use those. But then I'm a bit paranoid about that. However, upon checking my email, I have nothing of the sort in my email about my Xbox LIVE account. And upon consultation upon my best mate she doesn't either.

 

[Atmos Duality]

What? XBL became a central point of failure? You mean Microsoft's little user-monopoly-system was attacked and COMPROMISED? Why would anyone do such a thing?!

I mean, holy shit! That's never happened before! Somebody better warn Sony to make sure they don't...ooooohhh...right. Yeah, I guess Microsoft didn't get the memo.

Then again, on a system that large, someone was eventually going to find the cracks in their security to slip through. In network security, the only 100% proven defense against all attacks is to not go onto the grid at all.

And really, I'm sorry for you because now you get to deal with the circus that is Microsoft Customer Service.
I hope that situation gets sorted out for you quickly, but based on my own experience with Microsoft's customer service they will drag their heels and deny responsibility at every possible turn.

 

[Space Spoons]

This happened to me just last month. Xbox Live customer service was very helpful; I just had to give them my account name and the serial number of my Xbox, and they were able to see immediately that their system had flagged my account as being the victim of what they called "unauthorized access". They locked my account down and told me that I'd have my money back as soon as possible.

Now, the downside is that "as soon as possible" turned out to mean "two weeks later", but by them, I was just glad to have the money back and the whole mess behind me.

 

[Aroth Khashar]

While Microsoft is not to blame for an individual account being hacked, a 3 to 4 week (or longer) response time for a fraudulent charge complaint is NOT ACCEPTABLE.

Also, you can't just assume that the user screwed up. It is possible that someone on Microsoft's side screwed up and a portion of their user database was left with the account info vulnerable. When a larger than average group of people suddenly show up in a short period of time with their accounts being hacked (or just a larger proportion of accounts with credit card info than usual) that is typically a good sign that something was left unsecured on the server side.

Its not actually a larger portion of accounts suddenly being hacked though. Sure their has been an increase in the last few months but thats it. Xbox Live accounts are constantly being hacked all the time. They are really popular to hack these days, kind of like battle.net accounts. They are not hard to hack into and its profitable.


I wont say much about the responce time other then they are apparently really busy right now so that is why.

There is no excuse, at all, for taking a month to respond to a customer service complaint about a hacked account. Especially if the account has a credit card attached to it. Those types of complaints should be prioritized to receive responses asap, not after the 150+ complaints about yet another penis related gamer-tag.

Also, even if the number of accounts being hacked each week isn't fluctuating by a large degree, it would certainly seem that the percentage of those accounts with linked credit card info has been on the rise in recent weeks. That alone should be raising a red flag over at Microsoft.

While I can see one week having more accounts with cards hacked than the week before every so often, a constant increase from one week to the next, over the course of several weeks, suggests that somehow the hackers know that those accounts have card info saved to them. Occam's Razor would suggest that someone at Microsoft either slipped up and left something out where they shouldn't have, or else blatantly sold the info.

 

[theevilgenius60]

I hope it hasn't been hacked, but it's not like I'm Captain Multiplayer anyway. My brother would be pretty livid though. This is why I don't have any credit cards attached my Xbox Live or PSN accounts. I just get those little cards at the store if I want dlc. I had a buddy who used to laugh at me buying the little cards. He stopped laughing when PSN got attacked and his information was laid bare in front of God-knows-who. He buys them right alongside me now.
Here's hoping it doesn't go down. Gears 3 co-op has been a blast so far and it would be just my luck to have it go down just when VALVe decides to bring out the Portal 2 dlc.

 

[dickywebster]

Im a ps3 user so idk the state of xbl, but im sorry to say the first thing that springs to mind is that this is very ironic and will probably wipe the smile off a few xbox lovers i know.
But remember what happened when the psn was hacked, unless its a noticeable problem, which it sounds like it is, then you might not hear from microsoft for ages if ever.
On the otherhand, it does sound too targeted and widespread to be just a system glitch, unless the whole system is playing around?

My exact thoughts on the very ironic situation. Don't get me wrong, I don't hate Xbox Live or its users, but maybe with this going on, Xbox users will quit patronizing me for using a PS3, talking about how PSN was hacked and whatnot.

Yeah, got nothing against the xbox itself (beyond the red ring and its fans), but if it is like the ps3 one, then maybe itll shut them up, though pointing out that the group who hacked the psn hacked the american gov didnt, so who knows.

 

[feeqmatic]

I just had this happen to me today, and the person was also playing fifa for some reason which is something that i saw several other people say... any further info on this?

 

[WMCMAH20]

I just got hacked too. Got to spend the entire night on the phone with XBL (XBox Live) billing support. The guy ran up around 70usd worth of points purchases and the XBL people were like "oh don't worry, the account's been put on hold" and I'm left there going yea right and calling up the bank to close my damn card and change my passwords. RAWRPWNZROMFG!

Edit: The only thing I have been doing online lately is the Battlefield 3 Beta which makes me wonder if there is a security gap in the beta since all of these hacking incidents happen to occur with the release of the BF3 Beta

And the guy was playing FREAKIN FIFA11!!!

 

[Hisshiss]

Not this morning, but around semptember 10th, my live account got hacked, they only got away with about 150 bucks worth of microsoft points though, since that's all the cash that was on my card at the time. I called their customer support directly, and after about an hour long conversation they..did something, I dont know. The account got suspended, and they said it would take 25 business days to get it back. Which lands around october 20th. So far I have had no contact from them at all, and the money that was stolen still hasn't been refunded.

I wasn't aware it was happening to anyone else, that may explain why its taking so long.

Edit: To clarify, they didn't actually submit the account until the 17th, which is where I got october 20th. there was a 7 day grace period that they didn't do anything, because apparently the person i called the day it happened just forgot to do anything other than suspend the account, and I called back a week later.

 

[Jamash]

I just had this happen to me today, and the person was also playing fifa for some reason which is something that i saw several other people say... any further info on this?

Do you have an EA account and use the same password for your EA account and X-Box Live account?

Word on the street is that these hackers have managed to compromise some people's EA accounts, then from that gain access to their X-Box Live accounts (in cases where the log-in details are the same).

I don't know how much truth there is in this rumour (I've also heard people who've been 'hacked' say they used the same log-in details for their X-Box Live and PSN accounts), although people seem to be making the EA connection because these hackers play EA games and charge people's credit cards with purchases for EA Sports items (or MS points with which they purchase EA Sports DLC), so it could just be a coincidence or something more...