Xbox Live Account Hacked

[Jolteh]

Over the weekend I got an email through confirming the purchase of 5000MSP from the card attached to my account. My xbox was off at the time, so it was clear that it wasn't me who purchased them. I checked my account to find the password had been changed, and once I'd reset it found the MSP were still in my account. I changed the password again and left it, hoping to get a refund today as the support line was shut at the time.

Prior to ringing XBL support today, I checked my account once more to find that the password had been changed again, and once I'd reset and got in, the points had been spent. In the process of getting back in I also noticed that the security question on my account had been changed, so this is presumably how they got access the second time.

On the phone to XBL support I was told it would take at least 14 days (!) for them to run an investigation to see if I am due a refund. I'm kind of annoyed about this, because it seems like an unduly long amount of time, plus I had been trying to remove my card from the account last month, but wasn't able to because of their silly billing system saying I was in arrears (despite having renewed the day before.)

I'd urge you all to remove any cards you've got attached to your XBL accounts and use codes.

 

[point decay]

am i having a deja vu, or was there not another, very similar thread the other week..

 

[Dannyb01y]

I just deleted my dedit card off my account on the xbox live website but it wouldnt let me take my paypal off because I have some of those £1 month thiingies that wont be in use until 2013 :/

Im sure there was a post by someone else having been hacked recently.

 

[andshrew]

I had something similar with my PSN account a while back - money was loaded on using the debit card I had stored and then whoever had access went on a spending spree purchasing over priced PSP games. Sony did sort it out though the money was refunded within the week. Whatever you do don't go directly to your bank to try to reclaim the money that way as you'll likely end up in breach of the terms of service for your Xbox account which will result in them suspending the account... let them do whatever investigations they need to do and they'll get the amount back to you.

If your not already I'd be looking at changing your passwords for things such as e-mail, especially if you use one of the webmail systems. They may well have reset the password using the changed secret question the second time, but I'm fairly sure it would have required the new reset password to have been sent to the e-mail address associated with the account.

 

[Tephnos]

This is why I always buy cards for my xbox live account. I doubt anyone could get in, but just in case.

 

[Jolteh]

So my Xbox Live account is now locked down, meaning I can't log in or anything. I've had to even make a new account to play movies. I've checked everything else, all my email accounts have only been accessed by my IP in te last month, none of my other game accounts have any activity and nothing unusual on any of my cards.

I was kinda surprised by how XBL were. They said that even if the points hadn't have gone, they'd still have gone through all this process and I'll be waiting 2 weeks at least to access XBL and have the chance of a refund (and they stressed it was only a chance.) I'm baffled as to why I need to be locked out of my account and they can't just refund the cost of what is essentially virtual currency. I doubt they pay their indie developers on a daily basis, so enacting a refund should be pretty simple. The guy I spoke to on the phone was actually pretty nice, but the whole situation has left me feeling as if the blame is being put on me, despite it being me who put my trust in them with my card details. I seems foolish to have a purchase system where people can spent the best part of £50 without needing my card security code.

I'm trying now to emo-rage about it, but this is happening a month after I got a new 360 after my second RROD. Most of my friends have moved over to PS3 since their 360s also RROD'd. I think I'm going to have to join them.

 

[Metalface Mark]

Did they spend the points on your account? What did they buy?

 

[Mr Men]

I'm trying now to emo-rage about it, but this is happening a month after I got a new 360 after my second RROD. Most of my friends have moved over to PS3 since their 360s also RROD'd. I think I'm going to have to join them.

Good idea, Sony is much more secure with your data

 

[Kiyoshi]

My girlfriend's Live account was hacked a few weeks ago. Not sure how they did it, they'd got access to her e-mail account assigned to the Xbox Live account, reset her password and also changed her secret question/answer to some asian characters.

They'd spent ~4000 MS points on some Fifa cards and traded them off (not really sure, I've never played Fifa but it showed in her buy history on their site), I Googled it and it seems to have happened fairly often to other people too.

It was strange because a few days before my friend asked when my girlfriend got Fifa because he saw her online playing it, and she appeared on some leaderboard or something. I said he must have been looking at the wrong person because we don't have Fifa.

 

[SonicUK]

Hacker scumbags. I'm sorry this has happened to you. I hope you manage to get it sorted out friend.

 

[Alpherah]

Its not specifically your XBL account which gets hacked but your email account.
Since its tied to your hotmail/live account and people through key loggers, stupidity or just too easy passwords end up having these hacked on a regular basis, they then have access to your XBL account too.

 

[d_brennen]

My girlfriend's Live account was hacked a few weeks ago. Not sure how they did it, they'd got access to her e-mail account assigned to the Xbox Live account, reset her password and also changed her secret question/answer to some asian characters.

Wish people wouldn't use the word hacked all the bloomin time. You didn't get hacked people - your XBL/Facebook/Hotmail/paypal/<insert online service> account did not get hacked, you gave your passwords away somewhere

Sony, now they got hacked

 

[finite]

Some hacking would have occurred, but it is more than likely some other easily exploitable site like a forum where the exact same details have been used.

 

[Kiyoshi]

Wish people wouldn't use the word hacked all the bloomin time. You didn't get hacked people - your XBL/Facebook/Hotmail/paypal/<insert online service> account did not get hacked, you gave your passwords away somewhere

Sony, now they got hacked

I actually thought about choosing another word or saying 'hacked' with quote marks instead, but hoped everybody would know what I meant and wouldn't be pedantic or start splitting hairs about terminology.

 

[K1LLSW1TCH]

I actually thought about choosing another word or saying 'hacked' with quote marks instead, but hoped everybody would know what I meant and wouldn't be pedantic or start splitting hairs about terminology.

Just say compromised instead, at least the picky people can't have a go at you for that.

 

[Jolteh]

Wish people wouldn't use the word hacked all the bloomin time. You didn't get hacked people - your XBL/Facebook/Hotmail/paypal/<insert online service> account did not get hacked, you gave your passwords away somewhere

Sony, now they got hacked

I definitely didn't give my password away anywhere. I'm pretty savvy about this and have done stints working in both identity theft and IT security. Phishing emails very rarely make it through gmail's junk filter and I'd never give my details out in response to an email.

Also, go and look up the meaning of the work 'hack' when used in relation to computers, it has a very broad definition and it encompasses a lot of things, including this. It isn't just restricted to the sort of methods you'd use to 'hack the gibson'.

PS: Lulzsec who did a 'real hack' on Sony are pretty widely known for using really basic methods that are barely above using a security question to reset an email password (and in some cases that is exactly what they did.)

 

[Kiyoshi]

I don't really know how they got my girlfriend's account. We both work in IT and I would say are pretty computer savvy. She wouldn't have (knowingly) clicked a random link or installed dodgy software. She keeps her AV and antispyware up to date, etc but they got in somehow /shrug

MS refunded the points which was some good news, advised her to reset her password and such which she had already done anyway. They locked her account for 2 weeks the same as the OP but all was well in the end

 

[V4NT0M]

I'll leave my card on there but I'll keep my login details safe, thanks.

 

[Jolteh]

Thanks for your passive-aggressive reply.

The guy who dealt with my call at Xbox Live told me that even he didn't leave his card details attached to his account, but I'll ring him back and let him know that someone with enough internet cool and spare time to accumulate over 14,000 posts on OcUK thinks it's probably okay to do

 

[Goodie]

I was just coming on here to make the same post. Had two emails on Saturday from Microsoft, the first to comfirm that I had purchased 6000 XBL points at a cost of £51 and the second to confirm that I had changed my region from the UK to Poland. There is no chance that I have given my accound details and passwords to anyone. My PC is clear of keyloggers etc. And my passwords are changed every couple of months to keep safe, so I'm not quite sure how this has happened. Microsoft stated that it could take up to 3 weeks for the fraud investigation to be resolved and my bank are investigating also to get the money returned to my account.

I havent even been on my xbox for months, sucks. Hope you manage to resolve your issue Jolteh, keep us updated on how you get on so I can have an indication of the way that my fraud case is going to go!