Xbox live accounts being hacked?


Recommended Posts

I can confirm that this also happened to me... twice now. just yesterday i was charged for a game i never authorized. i also had it happen about a month ago for the first time. i was charged 3 seperate charges on the same day for games i didnt approve. I was also locked out my live account with my password changed. i had to reset my password to log into my email only to discover the charges. i immediately called microsoft and remove my card on file. it took some 30 days before they finally unlocked my account and i had my bank refund my money while they opened an investigation. It was just last week i added a new card on file so i could buy some DLC content and now ive been hacked again. Ive decided to permanently take off any CC i have on my account and just buy the points offline.

This is interesting since your Live account is basically your email account, so if that info gets hacked from some other source and all these hackers are doing then is trying it on Live to see if they work, then that'd explain it.

That could be the case but that also means my Gmail was hacked initially. I don't use that email for anything else. So its either on Google or MS.

But in my case, my gamer tag was also changed, and they changed my preferred language (from English to Spanish). In addition to the charges made. I really would suggest to everyone to pull your CC info and just buy online points/LIVE renewal cards.

This sounds a lot worse than the PSN hack.

PSN hack = your name, email, maybe password, and address where taken, but no one lost money.

360 hack - they got the same info, but you also lost out on money

Both systems now showing downtime for each.

This sounds a lot worse than the PSN hack.

PSN hack = your name, email, maybe password, and address where taken, but no one lost money.

360 hack - they got the same info, but you also lost out on money

Both systems now showing downtime for each.

Yeah this one is worse than the PSN hack, but the difference is that this one is only person-to-person whereas the PSN hack took down the system for everybody.

And on top of that, the PSN hack occurred just as Portal 2 came out which prevented people from activating it for a few weeks.

SO MAD RITE NOA!!!!! :angry: I can confirm something has happened. My account had a second 1 year sub added as well as 5600 MS points. All of this was transfered to another account. I called them and had my account frozen and credit cards removed. I will be getting a refund in a few days. I think this will end up worse than the Sony thing because these guys are buying all kinds of crap on Xbox live. I do information security as my job so I know all the do's and dont's in terms of account stuff. What gets me is I had a really hard password. What I think is happening is these guys are bypassing authentication all together and just ganking accounts as they see fit. Some of the others I have seen this happened to dont even own a computer and just entered their card info just on the console only. That makes me think the system has been hacked.

Nothing's happened to me, but I'm removing my credit card from my profile just to be safe (even though it's expired; it's since been renewed, but not sure how much information they'd be able to utilize from the expired information). I only used it once anyway -- I buy all my points and whatnot through prepaid cards.

This is super interesting to watch unfold. It would appear that someone knows something that someone else is not wanting to discuss as they are really unware of the facts. I know that sounded odd... but from my "digging" it appears they are using a flawed "recover your account" feature to hack accounts.... this is super simple for them to trace if they needed to. This actually reminds me of the flaw in TMobile Sidekicks back when Paris le Hilton's crap was leaked.... oh the good ole days...

All in all, it would appear that all they need is a gamertag... nothing else.... BUT, they may be using the system for more... if they can say, reset the LiveID password, they can then give this info out for pillaging and internets...or 9000 emails to be sent on your behalf.

It would appear this is the "same" flaw that caused the graphic images to show up in Facebook... as the two appear to be related in their method.

I know I don't post on here alot, but I have funny little ways of connecting the dots.. and you'll see...it is totally a Microsoft issue with XBL... not your emails getting hacked then XBL.

For people who are facing these "hacks", would you mind posting links to your gamertag on Xbox.com?

This sounds a lot worse than the PSN hack. PSN hack = your name, email, maybe password, and address where taken, but no one lost money. 360 hack - they got the same info, but you also lost out on money Both systems now showing downtime for each.

They didn't get info on all members. :huh: WTF are you talking about? PSN was ****ed to hell compared to this. There is also a good chance that some people will end up being victims of id theft as a result of PSN hack.

For people who are facing these "hacks", would you mind posting links to your gamertag on Xbox.com?

They didn't get info on all members. :huh: WTF are you talking about? PSN was ****ed to hell compared to this. There is also a good chance that some people will end up being victims of id theft as a result of PSN hack.

First, anyone that is getting their Xbox Live account hacked, is most likely getting the same information that was taken from PSN users. Your live account most likely has your email, address, and other information linked to it. So yes, they are getting that.

Second, if you actually had your facts correct, you would know that Sony did encrypt the really sensitive information, and as of today, there has still not been a single report of someone having their credit card information stolen and used. Also, Sony provided 1 year free credit protection, so that if somehow, the encrypted info was taken and decrypted, you can keep track of your credit.

Third, tons of accounts on Live have already been charged for hundreds to thousands of dollars of items. Seeing how PSN didn't, I would count this as a more damaging incident.

You can be a fanboy all you want, but don't ignore the real issues, and you may want to better educate yourself on what exactly happened with the PSN hack.

My friend had his account hacked just the other day. He is ****ed, as rent is now due, but he doesn't have the funds. Luckily his girlfriend can front him the money... but this is hurting users a lot, and MS needs to get a hold of the issues pronto. At least Sony took the right step in shutting the whole network down to insure nothing else would happen. MS seems just dandy letting it happen, and not doing much to actually stop the hacking. It's good they are investigating it, but they need to do something more preventative.

I mentioned this in a Sony thread when someone was badmouthing PSN saying it wasn't safe.

To date I still don't know any real life occurances of anyone having had their details used for fraud or theft from the PSN hack. This hack hasn't been proven to be directly linked to the 360 and Live service but it's certainly linked to Microsoft as a company. People are getting in hurt a lot more financially by this than they did with the PSN downtime.

Fallout from Sony hack - Network downtime, (no publicised cases of fraud yet)

Fallout from Microsoft hack - People having money taken from accounts, gametags suspended and having to wait for refunds.

Tell me which is worse please?

Tell me which is worse please?

Whatever happens to the console you don't like :p

Individually, there's absolutely no doubts in my mind having actual fraud carried out on your account is worse than cancelling cards just in case. If people want to bring up the PSN hack fine, but from the time it happened till now I can't see anywhere reporting fraud like whatever is going on here. The troubling thing though isn't bitching between 360 and PS3 owners, it's how on earth is this happening and why isn't there more communication about it?

I mentioned this in a Sony thread when someone was badmouthing PSN saying it wasn't safe.

To date I still don't know any real life occurances of anyone having had their details used for fraud or theft from the PSN hack. This hack hasn't been proven to be directly linked to the 360 and Live service but it's certainly linked to Microsoft as a company. People are getting in hurt a lot more financially by this than they did with the PSN downtime.

Fallout from Sony hack - Network downtime, (no publicised cases of fraud yet)

Fallout from Microsoft hack - People having money taken from accounts, gametags suspended and having to wait for refunds.

Tell me which is worse please?

Except the credit has all been refunded, either through Microsoft or through the credit card company.

Let's say the theories about all this are correct. Let's say they've gotten into accounts by finding a way to bypass the authorization system or recover a gamertag system. In either case, they don't actually have information regarding your credit card besides the last four digits. The only thing they can do is purchase things through your account -- nothing more. (And, again, to restate, this is likely the worst-case scenario.)

I've already said before that I think Sony handled the PSN hack as well they could have, for the most part. But all information other than credit card information was available to whoever made that hack. It wasn't a few isolated users, it wasn't a hundred or a thousand users, it was everyone's information. Only an idiot wouldn't change all their credit card information (and their password) after that happened.

If you're asking me which situation of the two I'd rather have happen to me, I'm going to go ahead and say the Microsoft situation, even though both scenarios are crap, obviously. But everyone's going to have a different opinion on which is more invasive.

Except the credit has all been refunded, either through Microsoft or through the credit card company.

Let's say the theories about all this are correct. Let's say they've gotten into accounts by finding a way to bypass the authorization system or recover a gamertag system. In either case, they don't actually have information regarding your credit card besides the last four digits. The only thing they can do is purchase things through your account -- nothing more. (And, again, to restate, this is likely the worst-case scenario.)

I've already said before that I think Sony handled the PSN hack as well they could have, for the most part. But all information other than credit card information was available to whoever made that hack. It wasn't a few isolated users, it wasn't a hundred or a thousand users, it was everyone's information. Only an idiot wouldn't change all their credit card information (and their password) after that happened.

If you're asking me which situation of the two I'd rather have happen to me, I'm going to go ahead and say the Microsoft situation, even though both scenarios are crap, obviously. But everyone's going to have a different opinion on which is more invasive.

I agree. As a victim of the Live hack, I'd much rather have gone through what I did than the whole lot of my info get out. And if I would have just used points cards/Live renewal cards in the first place, it wouldn't have been a big deal. With PSN, theres no telling how far that would go and to what extent.

First, anyone that is getting their Xbox Live account hacked, is most likely getting the same information that was taken from PSN users. Your live account most likely has your email, address, and other information linked to it. So yes, they are getting that. Second, if you actually had your facts correct, you would know that Sony did encrypt the really sensitive information, and as of today, there has still not been a single report of someone having their credit card information stolen and used. Also, Sony provided 1 year free credit protection, so that if somehow, the encrypted info was taken and decrypted, you can keep track of your credit. Third, tons of accounts on Live have already been charged for hundreds to thousands of dollars of items. Seeing how PSN didn't, I would count this as a more damaging incident. You can be a fanboy all you want, but don't ignore the real issues, and you may want to better educate yourself on what exactly happened with the PSN hack. My friend had his account hacked just the other day. He is ****ed, as rent is now due, but he doesn't have the funds. Luckily his girlfriend can front him the money... but this is hurting users a lot, and MS needs to get a hold of the issues pronto. At least Sony took the right step in shutting the whole network down to insure nothing else would happen. MS seems just dandy letting it happen, and not doing much to actually stop the hacking. It's good they are investigating it, but they need to do something more preventative.
I mentioned this in a Sony thread when someone was badmouthing PSN saying it wasn't safe. To date I still don't know any real life occurances of anyone having had their details used for fraud or theft from the PSN hack. This hack hasn't been proven to be directly linked to the 360 and Live service but it's certainly linked to Microsoft as a company. People are getting in hurt a lot more financially by this than they did with the PSN downtime. Fallout from Sony hack - Network downtime, (no publicised cases of fraud yet) Fallout from Microsoft hack - People having money taken from accounts, gametags suspended and having to wait for refunds. Tell me which is worse please?

This is not being a fanboy but jumping the gun when "we don't know" (echoing Audioboxer's favorite stance that only Sony/Microsoft know what happened) what exactly is going on. Microsoft says this is a phishing scam so let's take it at facevalue for now until more details come out.

I am not going to call this "hack" any worse than sony's if it ends up being a genuine **** up by Microsoft.

shakey - so what exactly happened with your friend? was he a EA/FIFA customer as well?

Well, seeing how nothing has been reported from Games for Windows Live users or Zune users who have purchased content, It seems directly linked with the 360 and what services it offers.

MS should be shutting their services down, as to not have anyone else have stolen information, and figure out what is happening. It does not good to just keep letting users get money stolen and accounts hacked. Whether it is being done over the telephone with MS support, through some gamertag recovery option, or other service, it is only happening to those with the 360.

And the information stolen from the PSN hack, again, is the same information that millions of us put on our facebook accounts, phonebooks, and give out willy nilly to companies when we buy products. All credit card information was secured and encrypted in some form.

With MS not taking a proactive stance to stopping this, and just going into each incident at a 1 by 1 basis, is going to end up hurting more people in the long run. They need to secure their services and figure out how to stop this before it happens, not after.

Since forums somehow screwed up font size in prev. post, going to re-post it below,

shakey - so what exactly happened with your friend? was he a EA/FIFA customer as well?

LOL, what did happen with that font size. I didn't even see it until you mentioned it.

Didn't get the full details, as he was at work last night , hes a club bouncer, so our hours to interact are skewed. But he doesn't play Fifa games. EA is sort of a give in, as he plays Battlefield and Mass Effect.

But that's the thing. If the xbox live system is being used to fraudulently buy hundreds of dollars of content, they need to shut the service down until they can figure out how to stop this. But keeping it up, and having users keep on having this happen, is probably the worst strategy possible.

Hell, they wouldn't even need to shut online access down, just take the store down until it is figured out. It may be a inconvenience, but it is much less of one than having funds on hold or lost, account on hold for a month, and other headaches that comes from this.

I agree. As a victim of the Live hack, I'd much rather have gone through what I did than the whole lot of my info get out. And if I would have just used points cards/Live renewal cards in the first place, it wouldn't have been a big deal. With PSN, theres no telling how far that would go and to what extent.

Well if you decided to use cards on 360 to have avoided this then you could have done the same on the PS3 and avoided that on there too.

Sorry but I refuse to believe anyone thinks that having your account compromised and money actually taken from you bank and having to wait for a refund is not worse than maybe having to cancel a credit card.

Well if you decided to use cards on 360 to have avoided this then you could have done the same on the PS3 and avoided that on there too.

Sorry but I refuse to believe anyone thinks that having your account compromised and money actually taken from you bank and having to wait for a refund is not worse than maybe having to cancel a credit card.

No you don't. You're just supporting the console you bought and won't listen to anyone who doesn't share your view.

For me, having all my data compromised (while not being able to use PSN for about 30 days) is far more worrying than having someone make an illegal transaction on my credit card and having my Xbox Live account frozen for 30 days. Not saying everyone has to feel that way, though. Shocking, isn't it?

No you don't. You're just supporting the console you bought and won't listen to anyone who doesn't share your view.

For me, having all my data compromised (while not being able to use PSN for about 30 days) is far more worrying than having someone make an illegal transaction on my credit card and having my Xbox Live account frozen for 30 days. Not saying everyone has to feel that way, though. Shocking, isn't it?

What if it becomes compromised again? Since they aren't taking any prevention towards it happening, and only fixing what problems occurs from it, it could easily happen again. Then you are without funds for another month, and without a live account for another month.

Their best plan of action would be to just take down the store and make it impossible, until the issue is resolved, to buy anything. Sure, it might hurt sales, but it will save customers.

No you don't. You're just supporting the console you bought and won't listen to anyone who doesn't share your view.

For me, having all my data compromised (while not being able to use PSN for about 30 days) is far more worrying than having someone make an illegal transaction on my credit card and having my Xbox Live account frozen for 30 days. Not saying everyone has to feel that way, though. Shocking, isn't it?

What data is this, your name and address? Correct me if I'm wrong but if someone gets access to your Live account and attached credit card, don't they also have that info? You also have to wait for MS to refund you, which in this topic seems to be taking longer than 30 days.

I guess I should have expected the two people I blocked for trolling the 360 section would immediately start talking up a storm and responding to me as soon as any sort of negative news comes out on the 360 :laugh: Not falling for it, guys. Don't care what you're writing.

What data is this, your name and address? Correct me if I'm wrong but if someone gets access to your Live account and attached credit card, don't they also have that info? You also have to wait for MS to refund you, which in this topic seems to be taking longer than 30 days.

They do have access to all that same information. They just keep ignoring it though. This isn't on the same User Scale as PSN, but as far as what is worse, this is far more destructive. And that nothing preventative is being done about it would worry the hell out of me if I had a 360 with my CC information on it.

Gotta love his response... Trolling when we are posting relevant and factual information :p

  • Like 1

What data is this, your name and address? Correct me if I'm wrong but if someone gets access to your Live account and attached credit card, don't they also have that info? You also have to wait for MS to refund you, which in this topic seems to be taking longer than 30 days.

They do have access to all that same information. They just keep ignoring it though. This isn't on the same User Scale as PSN, but as far as what is worse, this is far more destructive. And that nothing preventative is being done about it would worry the hell out of me if I had a 360 with my CC information on it.

Gotta love his response... Trolling when we are posting relevant and factual information :p

who said that "they" have access to credit card infomation? You two are going down your usual path now. :s It's nice how sony had encrypted credit card info but on microsoft's side, they must be storing everything in plain text, right?

Don't feed them. :laugh:

I will say this, though: Even if someone gains access to your Xbox Live profile, they don't have access to your credit card information besides the last four digits. So it's pretty much worthless on anything but Xbox Live, and it takes maybe 5 minutes to get your credit card company to remove those charges.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.