Dealspwn

HOME > Microsoft: Xbox Live Has No...

15Oct2011

Author:: Jonathan Lester
Category:: News
Tags:: Hackers, Microsoft, Xbox Live

"Evolving Threats" From External Source

We recently reported that a number of Xbox Live accounts have been hacked in order to purchase FIFA 12 Ultimate Team DLC using the attached payment schemes... but Microsoft are certain that the problem isn't on their end. In a recent statement, the Redmond giant suggests that the personal details used in a "limited number" of incidents haven't stemmed from a weakness in their online service and that they're working directly with the affected parties.

We do not have any evidence the Xbox Live service has been compromised. We take the security of our service seriously and work on an ongoing basis to improve it against evolving threats.

However, a limited number of members have contacted us regarding unauthorised access to their accounts by outside individuals. We are working with our impacted members directly to resolve any unauthorised changes to their accounts.

As always, we highly recommend our members follow the Xbox LIVE Account Security guidance provided at www.xbox.com/security to protect your account. - Microsoft representative to Eurogamer

We'll keep you updated, and we wish the very best of luck to the players who have had their accounts violated. We know that at least one of our readers has been affected, and please do get in touch if you've suffered a similar experience.

Add a comment22 comments

My sons Xbox live account was hacked last week. The password was changed and the games list shows FIFA12; he hasn't got this game. Billing information shows two sets of 5000 points were bought at £42.50 each then lots of the same purchase made for 250 points each. This login information could only come from Microsoft. No other fraudulent payments have been made to any other company. So when is Microsoft going to re-imburse me ?

Was on phone to MS today to get card details removed. According to the CS guy people have been getting scam emails and signing in to the link thinking it's XBL...so it's a phishing scam basically

My Xbox Live account was hacked on 5th October. Exactly the same outcome, two strange transactions, and the "last played game" being FIFA '12, which I don't even own! I obviously contacted Microsoft as soon as I found out and they are investigating.

The real odd thing is that all my points went, even though I had quite a strange number due gaining some through Xbox Rewards.

I only found out today that I'm not the only one effected, all very peculiar.

So basically it's more morons who don't know how to use computers properly! They deserve it, idiots :P

Who's the idiot ????
Microsoft/ EA are screwing us.... Hope you're next KCAJJONES !!!!

Check out all those videos on YouTube of how to get thousands of coins for fifa12....follow the information....it takes you to EAs servers as "staff"....

This is also nothing to do with scam emails.... That's just MS covering their backsides !!!

The fact that you put your card details on your son's account says it all. Things like this only happen because of stupidity, one way or another.

Oh, not to start a console war or anything, but at least if this was on PSN then they couldnt use the card details due to the fact that its tied to the console you own and they will not have the security code for the card to re-assign it to another console. Just sayin'.

After the ballsup Sony made I seriously doubt that

Since I saw this news yesterday I haven't been able to get onto xboxlive.com. Wonder why?

@kcajjones & ODB_69

At no point have I received a phishing email or made my account details available to anyone. This is not a case of "morons who don't know how to use computers properly!" as I am an IT Security Professional and quite resent your kneejerk trolling. As I understand it EA have not been authenticating requests for personal information correctly and have given out innocent users' information without their knowledge - as has happened to me. Fortunately as I am not an "idiot" and do know how to use my computer I had disabled my PayPal account link and all they got was the MSPs stored on my account.

@adrianbarker I also had an odd amount taken so not sure how they did that.

@EAHacked...how am I trolling? I stated exactly what MS have told me

Comment about trolling was aimed at kcajjones, comment about phishing for ODB_69. Apologies for any confusion.

Just been hacked. Exactly as mentioned by others, above...

I've just logged into my xbox360 and got a message telling me that my last login was on a different machine. (I've not been on another machine.)
It also says the last game I played was Fifa 12 (not true - I traded the game in months ago), that I've earned 2 new achievements on it (oh joy, I have 15 new GS), and that I've paid around 3800 msp to purchase premium content.

How the hell are hackers getting away with this three months after the story broke?

Of course, I've not given any account details to anyone.

Just been hacked. Exactly as mentioned by others, above...

I've just logged into my xbox360 and got a message telling me that my last login was on a different machine. (I've not been on another machine.)
It also says the last game I played was Fifa 12 (not true - I traded the game in months ago), that I've earned 2 new achievements on it (oh joy, I have 15 new GS), and that I've paid around 3800 msp to purchase premium content.

How the hell are hackers getting away with this three months after the story broke?

Of course, I've not given any account details to anyone.

Wow, sorry to hear that Late. I won't insult you by asking whether you responded to a fake Hotmail/Windows Live alert, sure you're too savvy for that. It is amazing that Microsoft - and EA (the FIFA 12 connection is too strong to ignore) - haven't properly clamped down on this yet.

What have Microsoft agreed to do about it? Have you received any compensation?

Last edited by JonLester, Jan. 13, 2012 at 12:43

No, as you correctly assume, I've not had any account details for live, hotmail, ea, or other "phished". I have today changed my password for live.

For security reasons (pfft!) they can only deal with account/billing problems over the telephone between 8am and 9pm, so I've only just had a chance to phone them now.
They agree it looks like my account has been compromised and are suspending my account and forwarding all details to their fraud team - I should hear back from them within 25 days. (My gold account has also been put on hold in the interim.)

There's a definite dodgy link with EA/Fifa12, but if someone's accessed data from EA's servers I can't imagine how they're able to use that to get into someone's xbox profile on another console.

__________________

Practically speaking, in terms of my gaming, the upshot is I can still use the console but not my profile. Should be able to continue with Skyrim next month if I still have my enthusiasm for the game then (it's pretty much all I've played in the last 6 weeks or so), but unless I want to restart that game's on hold (ditto every other game I've played).
Bought LA Noire and Saints 3 just before xmas, and bought the online pass for Noire while it was on offer. Haven't started either yet, so they're the obvious things to do while I'm on a temporary account (or more accurately I'll use the wife's account) - but the online pass is presumably linked to the account that bought it so there's no point starting Noire.

Saints 3 here I come...

Ah, I've misunderstood. I can use my profile - just can't go online. I'm happy with that.

Not happy with my account being compromised, but I've no complaints with Microsoft's resolution:

4 days to sort out, which is a lot better than expected.
3800 msp returned to me.
2 months free gold.

For anyone who's bored/interested, emails from Microsoft here:
email1
email2

That's not bad at all. Have a friend who also got hacked for FIFA 12 Ultimate Team packs. MS sorted it in 3 working days, gave him 2 months of Gold too and he got a load of his points back as well.

No, as you correctly assume, I've not had any account details for live, hotmail, ea, or other "phished". I have today changed my password for live.

For security reasons (pfft!) they can only deal with account/billing problems over the telephone between 8am and 9pm, so I've only just had a chance to phone them now.
They agree it looks like my account has been compromised and are suspending my account and forwarding all details to their fraud team - I should hear back from them within 25 days. (My gold account has also been put on hold in the interim.)

There's a definite dodgy link with EA/Fifa12, but if someone's accessed data from EA's servers I can't imagine how they're able to use that to get into someone's xbox profile on another console.

__________________

Practically speaking, in terms of my gaming, the upshot is I can still use the console but not my profile. Should be able to continue with Skyrim next month if I still have my enthusiasm for the game then (it's pretty much all I've played in the last 6 weeks or so), but unless I want to restart that game's on hold (ditto every other game I've played).
Bought LA Noire and Saints 3 just before xmas, and bought the online pass for Noire while it was on offer. Haven't started either yet, so they're the obvious things to do while I'm on a temporary account (or more accurately I'll use the wife's account) - but the online pass is presumably linked to the account that bought it so there's no point starting Noire.

Saints 3 here I come...

This might come off as a bit of a stupid question but did you email them using the email support on the Xbox website. The same thing happened to me recently though apparently it was 6000 msp to purchase several dlc for fifa. As right now, calling them isn't an option for me, so I'm trying to get in contact with them via email but I'm not sure if I'm sending the emails to the right place.

Ouch @ 6k points.

You'll get no joy by email, bud. I originally tried that route (or more accurately I submitted a web form on xbox.com) and got an email reply telling me the only way they could look into it was if I 'phoned them.

UK numbers and "opening" times here, including weekends, if that's any use to you...

Last edited by Late, Jan. 18, 2012 at 15:43

Yeah I just got that email telling me to phone, but thanks for the information, it's definitely useful.

Trackbacks

http://www.dealspwn.com/glance-weekly-roundup-10th-16th-october-2011-80402

Leave a Trackback from your own site