I had mine hacked a couple months ago. I started receiving a bunch of “Thank you for purchasing Microsoft Points” messages while I was at breakfast, and I knew it wasn’t me. When I got back to my place I was able to log in to my account and see that the person had spent all the points I had in my account, and they bought $100 more in points and purchased a ton of FIFA content. I was able to change my password (I’m not sure why they didn’t change this first) and get control of my account back. Besides the fifa content, they deleted all my friends.
Now two months later Microsoft is still “investigating”. They already closed the first investigation, and concluded that they would refund me $100 but mentioned nothing of refunding the 2300+ points that I had in my account before. Unfortunately they only refunded $20 of the $100. They made me wait 30 days to make sure that the remaining amount didn’t come through, and that has come and gone, but I’m still out $80 until they finish the follow up investigation. I was told the follow up investigation was supposed to be faster because it was escalated, but it seems slower than the first. They do call me every week to let me know there has been no progress.
The only odd thing that occurred prior to this was a few months back I received a strange thank you email for downloading or registering Age of Empires III. I bought the game during the $0.99 promotion last year, but I never actually downloaded or played it, although I’m sure it is tied to my Windows Live Account. I don’t think it was a phishing email, I think somebody actually activated it.
I also know that an old roommates hotmail account was hacked, I get a lot of spam messages from it, but I never open them. I think he abandoned it a long time ago. I’m thinking Microsoft was hacked, either through Windows Live, hotmail or somewhere. This is just too common a scenario for them to have cracked people with simple xbox live passwords, or a phishing email or site. There must be an exploit of some sort on one of Microsoft’s sites.
This seems to be somewhat common, I found this thread on neogaf.
http://www.neogaf.com/forum/showthread.php?t=442986