Xbox Live going crazy? EDIT: I was HACKED

[quote name='XzMrHitDatHoezX']There's an inside man who works as a M$ customer service representative who can get your password and email.believe me I know[/QUOTE]

:imwithst::imwithst::imwithst::imwithst::imwithst::imwithst::imwithst::imwithst::imwithst:
 
Everyone needs to make sure they run the account security tool after they change their password. If you don't, hackers can still log on even though the password is changed.
 
[quote name='JasonTerminator']They have the ability to lock all marketplace transactions without closing the account. That's what they did for me, since my hack happened the week BF3 came out, so I could still play on LIVE while they performed their investigation. And they still gave me the free month code.

You can call them to double-check about if your account is marketplace locked, but chances are the investigation is underway and calling XBL Support too much might delay your investigation further.[/QUOTE]

Well the CS never mentioned that, he said a straight lockdown. Would it give an error if I tried to buy something? Maybe a demo? I don't want to download a single thing if it means it could stuff up the investigation process.
 
[quote name='nnthomas']Well the CS never mentioned that, he said a straight lockdown. Would it give an error if I tried to buy something? Maybe a demo? I don't want to download a single thing if it means it could stuff up the investigation process.[/QUOTE]

I didn't try actually buying anything as I was worried that might send a red flag that I was still compromised or something, but I did redeem my BF3 online code and that seemed to work.
 
Yikes, I saw this when my 360 was having trouble connecting to Live. Thankfully it looks like nothing out of the ordinary happened, but I changed and beefed up my password just to be sure. Sorry for your bad luck j, but thanks for giving the rest of us an alert.
 
[quote name='Javery']Do you no longer have "control" over your account? I mean, can you no longer log in, etc.? I was able to change my windows live password and everything and get back online on my console and I was going to just let the $40 in points go but then I decided to call customer support and see if I could get my points back.[/QUOTE]
When they hacked my account. I lost control, could not do a thing.
Could not change my password, because they change the windows ID ( email) to there own private email.
 
[quote name='not2worried']When they hacked my account. I lost control, could not do a thing.
Could not change my password, because they change the windows ID ( email) to there own private email.[/QUOTE]

Thankfully I was at home and on the computer with MSN messenger signed in when I got hacked.

So I saw the e-mail from MS confirming my account migration to Russia pop up and right away went and changed my Windows Live password and then called MS.

So I never lost control of my Windows Live account. They locked down purchasing ability right away on my Xbox Live account, but it took a couple weeks for them to fully lock the account down. With foreign migrations the system can't lock it down automatically, it has to be done manually and thus takes a while for them to get to it.

In any case, it's getting old. I'm getting tempted to just make the temp account my main account. My main account gold subscription runs out in a month or two anyway I think, and I have a 12 month code waiting.

Hate to give up my gamerscore though, and have a couple game saves on my main account for games I haven't finished yet. Plus, with Murphy's Law, I'd dump 20 hours into Skyrim on the other account and then get my old account back. So I'll just keep waiting and playing some Wii games in the meantime for a while. Not in much of a gaming mood lately anyway.
 
Just got some emails from MS saying they finished their investigation, and they gave me my points back and another month. They added my alternate email and made me do a password reset (they also changed my secret question for some reason, but I changed that back). But looks like my problem is taken care of, thankfully.
 
[quote name='dmaul1114']Thankfully I was at home and on the computer with MSN messenger signed in when I got hacked.

So I saw the e-mail from MS confirming my account migration to Russia pop up and right away went and changed my Windows Live password and then called MS.

So I never lost control of my Windows Live account. They locked down purchasing ability right away on my Xbox Live account, but it took a couple weeks for them to fully lock the account down. With foreign migrations the system can't lock it down automatically, it has to be done manually and thus takes a while for them to get to it.

In any case, it's getting old. I'm getting tempted to just make the temp account my main account. My main account gold subscription runs out in a month or two anyway I think, and I have a 12 month code waiting.

Hate to give up my gamerscore though, and have a couple game saves on my main account for games I haven't finished yet. Plus, with Murphy's Law, I'd dump 20 hours into Skyrim on the other account and then get my old account back. So I'll just keep waiting and playing some Wii games in the meantime for a while. Not in much of a gaming mood lately anyway.[/QUOTE]

If you really want to play Skyrim just go ahead and play it. No point in waiting. I say this, knowing full well that Murphy's law will win out.
 
[quote name='bfauble83']Insult to injury, I just received an email from EA welcoming me to Fifa 12[/QUOTE]

I got the same exact email this morning. I wanted to murder someone. Thanks to someone here I got a free month of Gold on a second account so I'm back up and running even though I don't really want to make progress on my games on a secondary account but I can get into Netflix which is awesome. I'm going to play Portal 2 for the 4th time I think - It will be fun to get some of those achievements again!
 
[quote name='kill3r7']If you really want to play Skyrim just go ahead and play it. No point in waiting. I say this, knowing full well that Murphy's law will win out.[/QUOTE]

Yeah, that's just the issue. I'd rather have the game save on my main account, as if I get it back I'll want to use that again as that's what all my XBLA games etc. are on. Plus I'd rather earn the gamerscore on my main account.

In any case, I more in a movie watching phase than game playing phase right now, and have a couple of Wii games I need to finish off. I'm swamped with work right now and probably shouldn't start up a life consuming game like Skyrim right now anyway I suppose! :D

If I don't have my main account back when those are out of the way, I'll probably just say screw it and move to a new account permanently.
 
Wife got hit yesterday. Thankfully, they only took 4,000 points. No other charges. I was able to retake control, so they said the investigation should be rather quick.

Thing to note for all concerned: you can add a mobile # to your account. Doing so will send texts to said number when account changes take place. Just learned about that last night. Very good to know.
 
it seems to be all over the place on to how they are doing this...but now I am reading more and more about them using brute force to get accounts...I hear people say they have a good password...but my question is how long was your password if you had your account stolen? As someone said above....having a strange combination is not as important as length..

if you are a victim, could you let us know how long the password was?
 
[quote name='Javery']Mine was 16 characters.... but not anymore![/QUOTE]


if it was 16 characters long...and your account was taken...I don't care what anyone says..it was not brute force that took it...
 
yeah, I don't think they guessed my password - I think there is some loophole in the security that they are exploiting. Since I was online when the hack happened I was able to quickly go to Windows Live and change my password. When I logged back in there were still 1300 points in my account. Then within about 30 seconds I was forcibly kicked off of XBL again... so I changed it again and logged back in to find all of my points gone. There's just no way they had my password and then guessed an entirely new one in like 1 minute.
 
[quote name='Javery']yeah, I don't think they guessed my password - I think there is some loophole in the security that they are exploiting. Since I was online when the hack happened I was able to quickly go to Windows Live and change my password. When I logged back in there were still 1300 points in my account. Then within about 30 seconds I was forcibly kicked off of XBL again... so I changed it again and logged back in to find all of my points gone. There's just no way they had my password and then guessed an entirely new one in like 1 minute.[/QUOTE]

Actually, if you didn't run that security tool IMMEDIATELY, they don't need your new password to get back in if they've already logged in on a 360. Have you ever changed your password on Live or Hotmail and noticed that you don't have to put in the new password when you logged on using the 360? Yeaaap. I'm still sticking to my original theory that they're somehow using Xbox.com to get to people.
 
For fuck's sake, this is getting out of hand. I'm convinced it has nothing to do with weak passwords anymore. Microsoft should kick EA and Fifa the hell off Xbox Live already.
 
There is clearly some kind of security issue here. Not ALL of these people who have been getting hacked can be that careless. If it was a few people, I'd definitely be quick to blame them for being idiots, but this is getting out of hand now, and Microsoft should step up and admit there's a major issue.

By the way, this thread made me paranoid, and I tried to log into Xbox.com, and I couldn't get the page to load. Oh boy! Luckily, I just logged on my Xbox. Whoa...
 
fuck...I hope MS/EA finds a fix quick. I don't want to be next.

Anyone know how to change the email address tied to your XBOX Live account? I should change it just to be safe.
 
I took my gamertag sig off of this website, just in case, as this would also potentially be a way for hackers to grab people's usernames and try them out on xbox.com.
 
Add me to the list, 5000 points gone. This blows. I can tell you I've never given out my gamertag, don't have Paypal, and have a strong password too.

Guess I can be thankful nothing was charged to my credit card, which I've since deleted from the Live site.
 
Not much you can do if you've followed every step to protect yourself it seems just hope you don't see FIFA 12 on your gamercard one day =/
 
Yeah I was on for the first time this week and saw my points were drained down to 20. Looked through the Download history and saw a dozen downloads last week which I obviously didn't make, though nothing from FIFA!

I will say calling Xbox was painless. Very few questions, told me what they've said to everyone else, and that it'd take 12-25 days. No biggie, I've got some other things to do in the meantime ;)
 
[quote name='MrPiggles']If you're unsure on what to do, I made a fancy little guide about it: http://www.cheapassgamer.com/forums/showthread.php?t=312463

Definitely run the Xbox 360 Protection Tool ASAP too.[/QUOTE]

Dude, this was extremely helpful. My account got broken into yesterday, and I called in and everything. The representative seemed to know exactly what was going on and walked me through the steps: the very first thing he had me do was to reset my Windows Live ID password. He said it would be 10-15 days, but reading the other posts here and elsewhere, I'll take that with a grain of salt.

He had told me that online access to my account would be blocked for the duration of the investigation, but when I went to the Profile Protection page in your guide (under #2), it showed a console had been logged into my account today. It also showed two yesterday (one of which was mine, of course) that required login. I hadn't logged into my console today AT ALL, not even offline. :censored:

I don't know if those two "strangers" were the "FIFA 12 bandits" or not, and I hope that it wouldn't be Xbox Live Customer Service console... they can do their investigation without sticking another console on my account, right? Hopefully I don't have to go to that page everyday and find that another console which doesn't require login has popped up on my account! :wall:

I found this page by searching the forum for "FIFA 12". As you guys can see, it's on my gamercard info even though I've never played it. Anyway, I highly recommend the others here to go to that guide Mr. Piggles set up. Even if your account hasn't been broken into, it's better to be safe than sorry (as I've learned a bit late). :roll:

The only sticking point is that I can't remove the card linked with my account, but I've already canceled that one and ordered a replacement card, and will NOT be linking that one.

Thanks for the help, you guys :applause:
 
Jesus fucking Christ a lot of people are getting their shit broken into from this site.

Yesterday I ran the protection tool, changed my password to something totally unique from all my other online accounts (that is not a "dictionary word" that can be brute-forced), removed all publicly displayed instances of my gamertag online for now, changed my privacy settings to "blocked" or "friends only" depending on the item, and removed my Paypal account from XBL association (never had a CC associated).

I guess all that's left for me to do is pray a lot of stuff comes out soon I want to spend points on so I can get my account zeroed. I don't have that many already, thankfully, but anything stolen is too much stolen.
 
I have over 2000 points I'm saving for the right DOTWs, if my account gets hacked I'm gonna be pissed. The fact this is still happening and MS/EA hasn't come out with an apology / plan to stop it is pissing me off as well.
 
[quote name='doubledown']sounds like there is not much you can do except remove cc and points based on the articles above[/QUOTE]

Indeed. Just have to stay vigilant. It's up to Microsoft now to admit that they a problem and fix it. Why you can try EIGHT times to enter your password for an account that possibly has payment information saved on it is beyond me. I mean, it's not a freaking message board. Just dumb.
 
[quote name='doubledown']sounds like there is not much you can do except remove cc and points based on the articles above[/QUOTE]

Only other things are:

1. Make a new Windows Live ID and don't use it for anything but Xbox Live and never post it anywhere online.

Sounds like they're getting Windows Live IDs and then brute forcing passwords. Could have happened to me for sure as I use my hotmail account for lots of different sites--with different passwords.

2. Use a complex password. At least make it harder to brute force attack it.

Other than that, it's just a matter of dumb luck right now in hoping they don't get your ID and hack your password.
 
Last edited by a moderator:
[quote name='dmaul1114']Only other things are:

1. Make a new Windows Live ID and don't use it for anything but Xbox Live and never post it anywhere online.

Sounds like they're getting Windows Live IDs and then brute forcing passwords. Could have happened to me for sure as I use my hotmail account for lots of different sites--with different passwords.

2. Use a complex password. At least make it harder to brute force attack it.

Other than that, it's just a matter of dumb luck right now in hoping they don't get your ID and hack your password.[/QUOTE]

Got paranoid last night and:

- made a new email with my ISP which is nothing like any of the other accounts(gmail, yahoo) I use, and that's now my Windows ID.
BTW - make sure you REMOVE your old email associated with your Windows ID. I noticed even after I changed mine it kept my old email as a backup contact.

- changed password so it's not a variation of the one I use on the others

- changed my security question & answer to be unrelated to each other (i.e. Q: Mom's birthplace? A: Lemonade)

- I still can't remove my credit card(stupid $1/month offer! :lol:). Not a huge deal since the CC company will cover any stoelen charges.

Now I just need to go through all the sites I use and remove my GT.
 
You can remove the credit card, but it's a pain.

There are apparently 2 ways to do it.

1. Call up customer support, have them remove your card and cancel your gold account and issue you prepaid Live codes for remaining time. Then use those to reactivate your gold account.

2. Turn off auto renew (you can do that online at Xbox.com again now). Wait for your gold account to expire and turn to Silver. Go in and remove your card (or call in). Then sign up for gold again using a prepaid card and never enter a credit card again.
 
Yeah, I did 5 months for $1 each, but it's showing as not expiring until Dec. 2013. I have that deal plus multiple 12 month cards, plus a random month card here and there. I assume they are used in the order in which you input them so god only knows when each one kicks in. :lol:

I did turn off auto-renew though.

Also, anyone who uses Raptr, you can hide your email address from everyone.
 
[quote name='GUNNM']If I get hacked the only thing I worry about is them changing my gamertag. =/[/QUOTE]

The email I got from MS said they will give you 800 points to change your tag if it's messed with.
 
I noticed that there has been some coverage on this issue lately on some of the blogs. It must be picking up some steam and becoming more widespread. I hate not being online - I'm realizing now how much MS really has me by the balls.
 
[quote name='nnthomas']The email I got from MS said they will give you 800 points to change your tag if it's messed with.[/QUOTE]

That will let you make a new tag, but not just switch back to your old one, from what I've seen on other forums.

When you pay to change it you have to pick a tag that's never been used. So people where having to fight with MS to try to get their old tag back if they hacker changed their tag to something else.
 
[quote name='nnthomas']The email I got from MS said they will give you 800 points to change your tag if it's messed with.[/QUOTE]
well my gamer tag is mega man I kinda don't want a new one =[
 
[quote name='nnthomas']The email I got from MS said they will give you 800 points to change your tag if it's messed with.[/QUOTE]
Well that's shitty I kinda like the one I have.
 
If you change your GamerTag I assume you still keep all of your friends and stuff, right? I'm thinking about losing the "h" and capitalizing the "j" on mine. $10 is ridiculous though.
 
[quote name='Javery']If you change your GamerTag I assume you still keep all of your friends and stuff, right? I'm thinking about losing the "h" and capitalizing the "j" on mine. $10 is ridiculous though.[/QUOTE]
Yeah you keep your friends the only thing is changed is your name.
 
I can't wait until next month when I can FINALLY remove my CC. I jumped on a deal around the time Halo Reach came out, 29.99 for a year of Live. Problem is, I need to keep auto-renew on for it to properly activate. The second that happens, I'm removing the CC and making sure I don't keep a bunch of MS points in my account.

Wouldn't a 2 step verification process fix everything? C'mon, MS.

Also, does this have anything to do with Windows? Anyone on OS X get hacked? I'm just wondering if something in the background is downloading to your OS and pulling information.
 
[quote name='seanr1221']I can't wait until next month when I can FINALLY remove my CC. I jumped on a deal around the time Halo Reach came out, 29.99 for a year of Live. Problem is, I need to keep auto-renew on for it to properly activate. The second that happens, I'm removing the CC and making sure I don't keep a bunch of MS points in my account.

Wouldn't a 2 step verification process fix everything? C'mon, MS.
[/quote]

Might as well wait it out now sense it's only a month, but you could always have called in and got the CC off the account.

They'd cancel your gold, and issue you codes for the remaining months so you could sign back up with those and not have a CC on file.

But no point in bother with a month left. Might as well wait it out and let it revert to silver and remove the card then sign back up with a new 12 month card.

Also, does this have anything to do with Windows? Anyone on OS X get hacked? I'm just wondering if something in the background is downloading to your OS and pulling information.
Click to expand...

Yeah, others have posted on other forums that they were Mac users. It doesn't seem like it's any widespread malware/keylogger type of problem.

The best posted explanation is the one showing that if they get valid windows live IDs, they can brute force the passwords due to a loophole on Windows Live that allows unlimited password attempts.
 
If that's the case, then MS really does need 2 step verification, similar to Gmail.

I've also read it's much harder for your password to be guessed if it's various words, rather than a word and a bunch of numbers.

HorseToesTurtleDress or something would be a very strong password.

EDIT and no, that's not my password. I don't even like turtles. I like dogs.
 
Yeah, I've read that t0o. Apparently the programs hackers use to brute force passwords tend to focus on random strings of letters, numbers and symbols as their guess, and thus are less likely to get strings of words.

Though it's suggested to use a string of words like that and also mix in some numbers and symbols. And make caps random rather than the first letter of each word etc.

When I get my account back I'm going to make a new Windows Live e-mail that I use for nothing but Xbox Live and keep totally private. And put a pretty long password like that on it. As well as enable all the newish Windows Live security features like adding a cell phone number and requiring a SMS code to change things etc.
 
[quote name='seanr1221']If that's the case, then MS really does need 2 step verification, similar to Gmail.

I've also read it's much harder for your password to be guessed if it's various words, rather than a word and a bunch of numbers.

HorseToesTurtleDress or something would be a very strong password.

EDIT and no, that's not my password. I don't even like turtles. I like dogs.[/QUOTE]

DogToesDogDress!! Quick change your password!!
 
[quote name='dmaul1114'] As well as enable all the newish Windows Live security features like adding a cell phone number and requiring a SMS code to change things etc.[/QUOTE]

Wait this is possible?

Please explain.
 
You must log in or register to reply here.
bread's done
Back
Top