Xbox Live going crazy? EDIT: I was HACKED

[quote name='seanr1221']Oh, I don't use a Hotmail account for my Windows Live ID.[/QUOTE]

I wouldn't think that would matter. Should still have the same security options at Windows Live regardless of what e-mail address you have your Windows Live ID tied to.

I'd be hesitant to tie another main e-mail to Windows Live as you risk that getting compromised if Windows Live is hacked, and MS is a big target for hackers obviously.
 
[quote name='Corvin']

- I still can't remove my credit card(stupid $1/month offer! :lol:). Not a huge deal since the CC company will cover any stoelen charges.[/QUOTE]

someone used my moms card number to buy gas last week,

my mother still has yet to get her money back
 
I thought I would drop in my experience of being hacked last year:

I bought the Gears 3 console, went to the midnight launch and picked it up, came home and hooked up the console. That was at 2am launch day. I wake up at 7am because of class, I check my email (like I do every morning when I get up) and I find out that my account was compromised. Called up MS right then and there and had the account locked right then and there. It took 45 days for my account to come back to me because of the spending spree the fucker went on (spending $100 off my college card, which I did get a reimbursement from Microsoft for) and I got my points back plus a extra 800 because my gamertag got changed. A silver lining to my story is that the guy purchased TFU2 and Bulletstorm off of Games on Demand, and they let me keep those games.
 
[quote name='mikeohara']A silver lining to my story is that the guy purchased TFU2 and Bulletstorm off of Games on Demand, and they let me keep those games.[/QUOTE]

Is it safe to use the douche's purchases? I have some purchases on my account from my experience (mostly random XBLA games). I don't want to re-download them and have a red flag go off.
 
Has anyone been getting a lot of 'some XBL services are down' message recently? I got another one today and it was the second time I've gotten it in about a month.

It doesn't seem like anything's been purchased, either. It might be unrelated, but it seems like this is the right place to bring it up.
 
[quote name='nnthomas']Is it safe to use the douche's purchases? I have some purchases on my account from my experience (mostly random XBLA games). I don't want to re-download them and have a red flag go off.[/QUOTE]

I believe so, due to how game sales work in regards to Games on Demand, and more specifically Live Arcade. They can't refund the purchases even if they wanted to.
 
Is it possible to completely remove all forms of payment that are linked to your xbox live account? Or are you required to keep a credit card or paypal linked?
 
Now that was fast. I got the following email today:

Dear Xbox LIVE Customer,
We have completed our investigation of the unauthorized access to your Xbox LIVE account. As part of our investigation, we took temporary control of your Xbox LIVE account and the associated Windows Live ID. This was done to protect your account until you could take back control of it.
Use the following steps to take control of your Xbox LIVE account:
Step 1: Reset your Windows Live ID password
1. Check your email in the next 24 hours for a password recovery email from the Windows Live Team.


2. Use the link in the email to reset your Windows Live ID password. The stronger your password, the better. For tips on creating strong passwords, see Creating a strong password for your email account.

Note If the reset link expires or you can’t find the password recovery email, go to www.accounts.live.com, type in your Windows Live ID, and then click Forgot your Password? You can also respond to this email, and we'll email you the password recovery email again.


3. Update the security information for your Windows Live ID. We strongly suggest that you not skip this step because it will help you protect your account from future attacks. Your security information includes your alternative email, secret question, mobile phone number, and trusted PC.

Once your Windows Live ID password is reset, you’re ready for Step 2.

Step 2: Download your Xbox LIVE profile on your console
For your security we have removed access to your profile from all consoles it was associated to. You must now re-download your profile.
Complete the following steps on your console:
1. If you’re signed into Xbox LIVE with another profile, press the Guide button on your controller, and then press X to sign out.
2. Press the Guide button again, and then select Download Profile.
3. Confirm that you would like to download your profile.
4. Enter your Windows Live ID and password when prompted.
5. Follow the on-screen instructions.




Step 3: Check for unauthorized account changes and purchases
1. Check to see if your gamertag was changed while your account was out of your control. If your gamertag was changed, we’ll give you 800 Microsoft Points so that you can change your gamertag back to what it was originally, or choose a new gamertag.
2. Check your avatar to make sure it wasn’t modified while the account was out of your control. If your avatar was modified, change your avatar so that it doesn’t violate the Xbox LIVE Terms of Use.
3. Check the charges on your account: Learn how to check your Xbox LIVE bill.


Our investigation revealed that purchases were made while your account was out of your control. We refunded 2200 Microsoft Points to your account. Credits can take up to 1-2 billing cycles to appear on your credit card billing statement.


Step 4: Play on! Enjoy a free extension to your Xbox LIVE membership
We’re sorry for any inconvenience this issue may have caused you. To make up for lost gaming time, we’d like to extend the time on your Xbox LIVE membership by giving you the following prepaid code:
Code: 
 1 Mo Live Gold [/FONT]
[FONT=Calibri][SIZE=3][COLOR=#1f497d][SIZE=3][COLOR=#1f497d] [I]Please use the following token to replace any MS Points spent while you did not have control of the account:[/I]
[/COLOR][/SIZE][/COLOR][/SIZE][/FONT][FONT=Calibri]
[CODE]

Redeem this prepaid code on your Xbox LIVE account. ([/FONT][URL="http://support.xbox.com/en-us/pages/xbox-live/how-to/prepaid-codes.aspx"][FONT=Calibri][COLOR=#0000ff]Learn how to redeem a prepaid code[/COLOR][/FONT][/URL][FONT=Calibri][U][COLOR=#0000ff].[/COLOR][/U])[/FONT]  [FONT=Calibri]To learn how to keep your account safe from scams and other attacks, go to [/FONT][URL="http://xbox.com/security"][FONT=Calibri][COLOR=#0000ff]xbox.com/security[/COLOR][/FONT][/URL][FONT=Calibri]. [/FONT]
  [FONT=Calibri]Thanks for your understanding and patience while we resolved this problem, and thanks for being a member of Xbox LIVE![/FONT]
  [FONT=Calibri][B]Sincerely,[/B][/FONT]
  [FONT=Calibri] [/FONT]
  [FONT=Calibri][B]The Xbox LIVE Investigations Team[/B][/FONT]
[/QUOTE]

This was a good ending and a FAST resolution.  This better not happen again.
Click to expand...
 
So I added a cell phone number to my account and changed my security question and password (which is "strong")... is there anything else I can do at this point?
 
[quote name='GUNNM']damn lucky you[/QUOTE]

yeah - I have a feeling they are getting calls by the thousands and can just process it quickly...
 
What if that email is from the hackers, Javery? :whee:

I added my cell to my account, but I'm not sure how that would help in this type of situation. It seems like it's only there to help verify if it's your account, not for a 2 step verification type process.
 
[quote name='Dund3r']Is it possible to completely remove all forms of payment that are linked to your xbox live account? Or are you required to keep a credit card or paypal linked?[/QUOTE]

I have no payment methods on my account. You are not required to have anything linked.

You can't remove a credit card if it's on a currently used subscription, and have to wait until the year is up and you go back to Silver.
 
[quote name='nnthomas']I have no payment methods on my account. You are not required to have anything linked.

You can't remove a credit card if it's on a currently used subscription, and have to wait until the year is up and you go back to Silver.[/QUOTE]

You don't have to wait.

You can turn auto renew off and call in and have them cancel your gold and remove the CC, then they can issue you codes for the remaining time that you can use to sign back up.

So if your subscription is almost up, then it's probably easier to just let it run out and then remove the CC and buy a new 12 month card to sign back up. But if you have a good bit of time left and want the CC removed, it may be worth calling in and doing it that way.
 
[quote name='timesplitt']someone used my moms card number to buy gas last week,

my mother still has yet to get her money back[/QUOTE]

They made a purchase with just her number and not her card? That's pretty suspicious, and I'm sure the CC company would investigate something like that before refunding the charge, seeing that purchases at physical locations should be impossible without the actual card.
 
[quote name='seanr1221']What if that email is from the hackers, Javery? :whee:
[/QUOTE]

Oh no!!!

I think I'm in a position now that is as secure as I can be (which may not actually be secure at all). I'm thinking about blowing my remaining 2200 points on something soon so there aren't any points in my account. There are always RB songs to DL and I've been eying RE4HD for a while even though I have mental problems if I spend even one more penny on that game.
 
[quote name='dmaul1114']You don't have to wait.

You can turn auto renew off and call in and have them cancel your gold and remove the CC, then they can issue you codes for the remaining time that you can use to sign back up.

So if your subscription is almost up, then it's probably easier to just let it run out and then remove the CC and buy a new 12 month card to sign back up. But if you have a good bit of time left and want the CC removed, it may be worth calling in and doing it that way.[/QUOTE]

This is what I did last night. I had a credit card linked to my subscription, which had about 10 months left. They cancelled my subscription, removed the associated credit card, then emailed me codes to get my subscription back. I even gained two weeks of XBL out of the whole process.
 
[quote name='Javery']Now that was fast. I got the following email today:



This was a good ending and a FAST resolution. This better not happen again.[/QUOTE]

I got the same email today too! At least they are getting faster resolving these issues, I feel sorry for the people waiting 30+ days.
 
Just got hack with more than 100 dollars worth of point. fuck!!!!!

EDIT: Will they be able to remove fifa 12?
 
Last edited by a moderator:
For anyone hacked, did you have a form of payment on your account?

This being either:

- A credit card
- PayPal
- A hefty amount of points (anything above 2k I suppose) (I fell under this category - not FIFA related though)

I'm convinced that they really only go for accounts they know have stuff available. Why would they go for accounts that have no form of payment to steal from? The only alternative is to supply a stolen CC# themselves to the account, so really they could snoop your account and just move on because they have no source of payment.
 
[quote name='nnthomas']For anyone hacked, did you have a form of payment on your account?

This being either:

- A credit card
- PayPal
- A hefty amount of points (anything above 2k I suppose) (I fell under this category - not FIFA related though)

I'm convinced that they really only go for accounts they know have stuff available. Why would they go for accounts that have no form of payment to steal from? The only alternative is to supply a stolen CC# themselves to the account, so really they could snoop your account and just move on because they have no source of payment.[/QUOTE]

Well I had Paypal on my account and 300 points.
Got the charges on Paypal back. Never got my 300 points though.

Now I keep nothing on there.
 
[quote name='nnthomas']For anyone hacked, did you have a form of payment on your account?

This being either:

- A credit card
- PayPal
- A hefty amount of points (anything above 2k I suppose) (I fell under this category - not FIFA related though)

I'm convinced that they really only go for accounts they know have stuff available. Why would they go for accounts that have no form of payment to steal from? The only alternative is to supply a stolen CC# themselves to the account, so really they could snoop your account and just move on because they have no source of payment.[/QUOTE]I'd be in the last category, as I've never had Paypal linked to my account and removed my CC from my account when it was an expired one a couple of year ago.

I think I'm going to keep a small amount of points in my account rather than the large amounts I used to, and that should make it "less" attractive to someone trying to hack the account.

I also did the profile download to my console last week, which took longer than I expected, though it should have it locked down to just that console now.
 
[quote name='nnthomas']For anyone hacked, did you have a form of payment on your account?

This being either:

- A credit card
- PayPal
- A hefty amount of points (anything above 2k I suppose) (I fell under this category - not FIFA related though)

I'm convinced that they really only go for accounts they know have stuff available. Why would they go for accounts that have no form of payment to steal from? The only alternative is to supply a stolen CC# themselves to the account, so really they could snoop your account and just move on because they have no source of payment.[/QUOTE]


I had a credit card attached, but didn't get any charges on it. Probably because I called and got my Live account locked down.

I had a little over 2000 points.

However, I don't know that they could target accounts for that reason. How could they tell what someones point balance was, or whether they had a payment method attached, before they hacked the account?

They're probably just randomly hacking accounts, and just not doing anything with the ones that don't have a point balance or attached payment method.

As they don't change anything, the user would never no about the attempt as you only get an e-mail if something was purchased, or something was changed like account region or password etc.


In any case, I'll remove the CC for peace of mind when I get my account back. I never carried a huge point balance, but I do tend to by my points in 4000 point cards as there are usually better deals on those than on the 1600 point cards. So hard to avoid having a 4000 or so balance at some times.
 
It's clear even our "strong passwords" aren't protecting us. And I haven't personally read an account of someone who got hijacked and they didn't spend a thing. Almost immediately the jackers start buying FIFA packs and Family Packs, etc.
 
I am convinced they only want accounts with paypal, MS points or credit card attached. I have no idea how its done but if you don't have a credit card or paypal on your account and no MS points in your account I can't imagine why they would want your account.

This is exactly how I keep my account, no credit card on it, no paypal or bank account information and no MS points in the account. If I buy a points card I use it immediately.

Also I don't have a gold membership so they would have to purchase one to do the FIFA transfers, and since I have no payment information on my account that would be impossible.

I don't think the password matters, as long as its something you don't use anywhere else. I don't see how the strength of the password would matter. They obviously have a way of getting very strong passwords.
 
Just went through this process(FIFA Hack) and I gotta give M$ some credit here. My account was down for about 3 days and I got two months of Live plus alll my points back.

I would suggest to everyone only use pre-paid cards and have no paypal/cc linked to your xbox. That really minimized the damage done to me. I did have 6000 points on my accoumnt which I'm sure they had a field day with.

I'm just hoping that M$ is tracking the transactions and doing something to these MoFos that are doing this.
 
[quote name='GUNNM']no its like having a baby from a rape its always gonna be there and you hating it[/QUOTE]

Yup. My profile will forever have FIFA12 on there apparently. Sucks but whatever.

[quote name='nnthomas']For anyone hacked, did you have a form of payment on your account?

This being either:

- A credit card
- PayPal
- A hefty amount of points (anything above 2k I suppose) (I fell under this category - not FIFA related though)

I'm convinced that they really only go for accounts they know have stuff available. Why would they go for accounts that have no form of payment to steal from? The only alternative is to supply a stolen CC# themselves to the account, so really they could snoop your account and just move on because they have no source of payment.[/QUOTE]

I had 2230 points and a CC linked that was thankfully expired. They drained all my points down to 30 and tried making a charge with my CC for 6000 MS points. The CSR I spoke with said they usually do a 6000 point transaction followed immediately by a 4000 point transaction because 10000 points is the most you are allowed to buy in a 24 hour period. The second 4000 point charge never happened for me because my CC was expired and the first charge never went through.

[quote name='dmaul1114']They're probably just randomly hacking accounts, and just not doing anything with the ones that don't have a point balance or attached payment method.

As they don't change anything, the user would never no about the attempt as you only get an e-mail if something was purchased, or something was changed like account region or password etc.[/QUOTE]

Agreed. If they can't steal your points or charge a CC or PayPal account then you might never know unless somehow FIFA12 is required for the hack and appears on your profile.
 
[quote name='KaneRobot']Jesus fucking Christ a lot of people are getting their shit broken into from this site.[/QUOTE]

It is an unusually large number. I just went through and counted 14 users that were victims. That's a large damn number for a single site. Makes it seem like this site is a source for Gamertags. Anyone notice any other forums they visit with similar numbers?
 
On my account, I had 8000 points and a cc attached. They drained it down to 20 and spent it on a slew of games (NBA on Fire, couple of other XBLA games, a Queen track from Rock Band -- wtf). This had happened on January 6th but I hadn't noticed until last Friday because I hadn't been on all week.

Guess I can be thankful they didn't do more damage...but I thank MS for being so fast with fixing the problem.
 
[quote name='phantomfriar2002']On my account, I had 8000 points and a cc attached. They drained it down to 20 and spent it on a slew of games (NBA on Fire, couple of other XBLA games, a Queen track from Rock Band -- wtf). This had happened on January 6th but I hadn't noticed until last Friday because I hadn't been on all week.

Guess I can be thankful they didn't do more damage...but I thank MS for being so fast with fixing the problem.[/QUOTE]
bright side you get free arcade games :bouncy:
 
[quote name='Corvin']It is an unusually large number. I just went through and counted 14 users that were victims. That's a large damn number for a single site. Makes it seem like this site is a source for Gamertags. Anyone notice any other forums they visit with similar numbers?[/QUOTE]

Every active game forum I've checked has people discussing being hacked. I haven't done a count though.

I think it's just more an indication that the problem is very widespread rather than they're gathering gamertags from forums.

Just having a gamertag does them no good since you need the Windows Live ID attached to it to even try to brute force the password.

So that would only work for people whose gamertag is their e-mail ID as well, and hopefully most people where smarter than that (I know mine is different and most people who've mentioned it stated that it was different).
 
Crazy thing is I saw this happen. Javery's account logged on an off almost 10-15 times in a row that day. I thought he was on a drugs or one of the kids was playing around.
 
[quote name='bfauble83']I got the same email today too! At least they are getting faster resolving these issues, I feel sorry for the people waiting 30+ days.[/QUOTE]

Same here. It only took three days to get my account back and my points refunded. I think they must finally have enough people working on the investigation end that the turnaround is much faster. It's taking longer to get the refund from the 4000 pts. purchase, but that's because I canceled my card right away and so the credit has to be taken care of via my bank.

I just hope they can find out who the fuck is doing this and put a stop to it already.
 
Yeah, I saw a post on the Xbox support forums where someone said support told them that MS had hired more people finally to work on Unauthorized Access cases and are shooting for 3-4 day turnarounds on cases that didn't get migrated to other countries.

They're trying to speed up the migrated cases as well by using some programs to rebuild the accounts instead of having to rebuild them line-by-line of code apparently. But doesn't do any good for those of us who've been waiting for months already.
 
You must log in or register to reply here.
bread's done
Back
Top