A January account of Xbox Live hacking and fraud

By Robert Purchese Published 6 January, 2012

UPDATE: Microsoft responds, issues refund.

UPDATE #2:Susan Taylor's Xbox Live fraud nightmare is at an end. She detailed the final stages of her case at the weekend.

She's now pledged to use her new found celebrity to help bring other people's cases of Xbox Live fraud into the public eye.

UPDATE: A spokesperson for Microsoft has issued Eurogamer with the following statement regarding the Susan T security breach:

"Microsoft can confirm that there has been no breach to the security of our Xbox Live service. In recent cases, some Xbox Live members appear to have been victims of malicious scams. Unfortunately this is something that affects many internet based services.

"The online safety of Xbox Live members remains of the utmost importance, which is why we consistently take measures to protect Xbox Live against ever-changing threats. However, we are aware that a handful of customers have experienced problems getting their accounts restored once they've reported an issue. We are working directly with those customers to restore their accounts as soon as possible and are reviewing our processes to ensure a positive customer support experience."

The spokesperson added that it was aware of the specific case mentioned in our original story and it had refunded any illicit transactions linked to that account.

"While we do not ordinarily comment on specific cases, Microsoft can confirm that the account in question has been reinstated to its rightful owner and all unauthorised charges are being refunded in full."

ORIGINAL STORY: Has Xbox Live been hacked?

In November we were told no - Microsoft blamed phishers.

Whether hackers or phishers, new evidence has arisen detailing how an Xbox Live account was fraudulently used to buy and then transfer large sums of Microsoft Points.

The Xbox Live account belongs to "Susan T". Her "Hacked on Xbox" diary of events began on 2nd January, when she was emailed confirmation of purchasing 10,000 Microsoft Points and a Gold Family Pack - $214.97 worth of goods. These were then transferred to an unheard of Xbox Live account.

"Susan T" contacted the "Phone Support Team", which forwarded her case to the Xbox Live fraud department. They said her account was now blocked while they investigated. (Copies of the emails are provided on the "Hacked on Xbox" blog.)

On 4th January, the Xbox Live account belonging to "Susan T" was fraudulently used again - and again to buy 10,000 Microsoft Points (around $124.98). These points were transferred to a different unheard of Xbox Live account - "RipplyCorgi16".

"In total (including tax), I have had $366.06 stolen from me. Just how I am going to feed my son this month I just do not know. "

"Susan T"

"Susan T" was told on the phone by Microsoft that, "The fraud department was unable to block your account."

Contacting the Xbox Support Twitter account proved equally fruitless.

"They were about as helpful as everyone else I have been in contact with regarding my stolen money," wrote "Susan T".

"In total (including tax), I have had $366.06 stolen from me. Just how I am going to feed my son this month I just do not know. I can only hope that Microsoft will return my money back to me soon.

"At this point in time I just feel like I am being lead around in circles here. I have spoken to numerous people from Microsoft and the only information I am given is that they will pass it on to the next person."

But on 5th January (mistakenly labelled 5th December on her site, it seems), "Susan T" had a breakthrough.

She managed to log in to her apparently blocked Xbox Live account and found a new friend was online, "RipplyCorgi16" - the account that had received fraudulently bought points.

"Susan T" innocently messaged "RipplyCorgi16" and discovered that the user bought the account on allegro.pl, a Polish eBay-like site.

"His listings all state that you must use the MS points 'as quickly as possible', and that if they disappear it's not his fault, as there was a stated 'warranty' in his auction site listing."

"Susan T" found the auction site for the person who sold the "RipplyCorgi16" Xbox Live account. She found listings of Xbox Live accounts with amounts of transferred Microsoft Points. Some Xbox Live accounts were being sold with a fraudulently bought game.

"His listings all state that you must use the MS points 'as quickly as possible', and that if they disappear it's not his fault, as there was a stated 'warranty' in his auction site listing," she shared.

"If the points have gone you will have to purchase more from him, end of story. The same goes for the games; you must recover the purchased GamerTag, transfer the licenses for the games as quickly as possible or you may miss out."

"Susan T" discovered the seller's contact details but has yet to make contact, and asked that you do the same.

"Susan T" also talked to Microsoft again.

"I have spoken to Microsoft again and the rep I chatted to was appalled that no one else had actually managed to get my account blocked since the moment I first reported the issue on Monday," she wrote.

"He said he is going to (wait for it) 'pass my case onto the Tier 3 team' who will phone me once my account has been blocked and the investigation began.

"I don't have much hope of it getting blocked. I'm beginning to get used to the idea of never being able to use my account again."

Please let Eurogamer know if you have been a victim of a similar hacker or phisher on Xbox Live.

Picture of Robert.

About Robert Purchese

Bertie is Eurogamer's Senior Staff Writer. When he's not hunting down news stories he's often found playing with his kids or gabbling about fantasy games and strange online worlds. @Clert on Twitter.

Read more articles from Robert by visiting the Robert Purchese archive page.

You may also like...

Comments (138) Latest comment 4 months ago

Comments for this article are now closed, but please feel free to continue chatting on the forum!

  • mossychops001 #1 5 months ago

    Post deleted at 11:49:27 04-05-2012

  • wizlon #2 5 months ago

    At first I thought it was idiots being phished, now, I'm not so sure. Time to remove my CC details from my account I think.

    Edit, apparently you can't remove your CC details, wtf! Luckily the card associated with my account has expired so I'm safe regardless.
    Edited by wizlon at 06/01/12 @ 16:27

  • Joco84 #3 5 months ago

    Absolutely appalling service from any company - Microsoft need to take action and FAST

  • woodnotes #4 5 months ago

    Those pesky Poles! First our jobs and now our Xbox accounts!

    Or something.
    Edited by woodnotes at 06/01/12 @ 15:55

  • Machetazo #5 5 months ago

    Microsoft: !?! Whose footprints are these!
    ...

    ...return to patrol route.
    Edited by Machetazo at 06/01/12 @ 15:57

  • Netlon #6 5 months ago

    @wizlon Except you can't remove your cc without cancelling your Gold or Silver account altogether...

  • Skooch #7 5 months ago

    Just imagine if this much focus and attention was given to each of the 70 MILLION PlayStation accounts hacked...we'd be here forever!!!

  • miiiguel #8 5 months ago

    I've seen these accounts for sale on eBay since 2009, and taking solely this example I believe, in this case, it must have been phishing (she seems too innocent, and I mean, who on his/her right mind wouldn't cancel the CC right after knowing something shitty happen to the account).
    Either way, MS has the agility of an obese elephant, but eBay shouldn't allow this and other schemes on their site, it's shameful!
    Edited by miiiguel at 06/01/12 @ 16:01

  • kassmageant #9 5 months ago

    with time, when more and more things will run digitally, situations like that will only get Worse. every computer-security system can be reversed-enginered and cracked - i'll stick to prepay carts on xbox live to be honest, especially that for some reason, here in poland , price for given item bought with cc is TWICE the price of that item bought with pre paid card for official price. makes sense doesn't it?
    Edited by kassmageant at 06/01/12 @ 16:05

  • el_pollo_diablo #10 5 months ago

    I really like these more topic based articles. Thanks EG.

  • miiiguel #11 5 months ago

    @wizlon Except you can't remove your cc without cancelling your Gold or Silver account altogether...

    But you can phone you bank and cancel the CC and pay the Gold sub pre-paid and content with points.


    And, comr to think of it, I could swear you couldn't transfer points from one account to another. I clearly remember reading MS saying they wouldn't allow that for security reasons. Weird...
    Edited by miiiguel at 06/01/12 @ 16:11

  • munkymatt #12 5 months ago

    I'm not sure my account has been hacked but I have a similar experience with xbox support. My tag stopped working when the dashboard updated on the 8th December. I cannot log in from any xbox, the tag is unrecoverable. I have hundreds of pounds worth of dlc and xbla games which I can no longer access.

    One month and 5 calls to support later and the problem still hasn't been fixed. I've been a paying gold member for 5 years, all my save games are associated with the tag as well as my gamer score etc and the only answer they can give me is that it seems to have become corrupt on their server during the update.

  • FogHeart #13 5 months ago

    I would like to think that once you have verified your identity to the phone support team, you should be able to ask to have your own account blocked there and then, no questions asked, just tappity tap on the support contact's keyboard. Block first, investigate later.

  • LastAngryMan #14 5 months ago

    @Netlon Could you change them to something incorrect? Making them worthless if stolen.

  • miiiguel #15 5 months ago

    @Netlon Could you change them to something incorrect? Making them worthless if stolen.

    That's not possible. The system checks the vality of the CC before accepting, you can't even use an expired CC number, let alone a fake one.

  • Bertie Verified Senior Staff Writer, Eurogamer.net #16 5 months ago

    @munkymatt Keep on at them. We're pursuing MS about this. There'll be a reckoning somewhere down the line, given enough exposure

  • George-Roper #17 5 months ago

    Yep, had my Xbox Live account hijacked last month. They used FIFA12 to buy these stupid DLC cards with players and teams which they can then transfer to another account. Used up all my Points, which have now been returned.

    I have zero doubt that MS have a security breach of some kind. I'm about as diligent as you can get with my online service accounts and there's 0% chance I've inadvertently given out my account credentials, unwittingly.

  • weejok #18 5 months ago

    My account was hacked before Xmas, they bought £51 of points using my linked Paypal account. Luckily I was able to recover and secure it before anything more serious happened. I know I was not phised so there is something else going on here, Microsoft need to accept that and do something about it :(

  • Toothball #19 5 months ago

    @miiiguel

    From what I gather the family accounts have an option for parents to buy points and give them to the child accounts, which is why the Family Pack was first on the list.

  • YobRenoops #20 5 months ago

    @Bertie It'll be good to see someone pursue and what I will say is don't take a standard PR denial either.

  • Pastici #21 5 months ago

    @munkymatt Just keep on it, this happened to me too and as I started using a new gamertag I asked for all my points so I could re-buy all my content. It took a while but I got 20,000 points and a 12month gold sub out of it. Plus after a the new dash update my old tag started working again so I got a bunch of free points :D.

  • miiiguel #22 5 months ago

    @Toothball: That makes sense, must have been it. Still, this story is quite peculiar, and maybe there's a strong reason for what she did and didn't do, but it is awkward, that someone took the time to make a site to expose a fraud, but didn't think of picking up the phone and in a phrase ask to cancel a credit card. People are either strange or crave for atention and pity. I'm not saying I'm (we) are safe, but from the 2 cases I know from "hacked" accounts, my friends admited they used Live credentials on shady sites. I don't even wanted to put t on Forza site... I only use it on Xbox and my WP7, but as I said idk... .
    Edited by miiiguel at 06/01/12 @ 16:36

  • kinky_mong #23 5 months ago

    It's frankly disgusting that Microsoft aren't treating this seriously and attempting to brush it under the carpet.

    The restrictions and baffling measures when it comes to managing your own card details on Microsoft is a shambles. Removing your card details from an Xbox account should be something that is easy to do online, not require a lengthy phone call. Not to mention the way Microsoft turn auto-renewal on if you used a pre-paid card to buy a Gold Live subscription, and if you have an expired card associated with the account when it tries to renew it will block the account rather than just reverting it to silver.

  • munkymatt #24 5 months ago

    @Pastici Thats good to hear, I'll make sure to keep on at them!

  • Grump #25 5 months ago

    My account was hacked late last year - some git then used my credit card to purchase about £80 worth of Zune points.

    To be fair the MS team were very helpful - my account was locked for about 3 weeks but I received a full refund for the funds taken.

    I'm still puzzled as to how my details got leaked. Despite what MS says I am 100% certain I was not phished. How can I be phished when I can't even remember my own password most of the time. Especially my Live password which I last entered into my console over 2 years ago!

    I smell a cover-up.

  • SteJosh #26 5 months ago

    Sent a "nice" message to RipplyCorgi16 :D ! lol
    Edited by SteJosh at 06/01/12 @ 16:47

  • MrBelmont #27 5 months ago

    http://allegro.pl/10000-microsoft-points-xbox-360-live-msp-usa-24-7-i2026459008.html

    Anyone for points?

    er.....

  • Rogueywon #28 5 months ago

    I've posted on here about this before.

    Happened to me in August - after I'd changed the password following the Sony security breach. My account was protected by a password that:

    1) Was unique to that account and not shared with any other accounts I had on any other services.

    2) Had only ever entered on the (unmodded) 360 itself.

    3) Was never shared with anybody else. Ever. I have only ever purchased MS Points/games etc via the 360's own shopfront interface.

    4) Was at least reasonably secure - I'm good at memorising random alphanumeric strings.

    The account was used to purchase 5000 MS points, a few hundred of which were spent on Fifa 2010 content. I spotted that it had been compromised very quickly, and MS were able to block it before anything could be transferred off to other accounts. Weirdly, it was also used to play a bit of FIFA and GTA IV.

    MS support blocked the account as soon as I notified them. I spoke to my bank to get the credit card charge refunded (no point dealing with MS over this - go to your bank). The account was locked for around 22 days or so, after which I got instructions via e-mail (to an e-mail address other than the one that I had used to register the account) to enable me to unlock it. I was given a free 2 month extension to my gold subscription. The MS points that were purchased fraudulently were, of course, removed but - rather strangely - nothing was done about 15 achievement points that had been earned for FIFA while the account was compromised.

    Makes me feel a bit dirty, really, knowing I'll forever have FIFA achievements on my profile.

  • Afro_Matt #29 5 months ago

    I call anonymous :)

  • Dreadaxe #30 5 months ago

    Why didn't they reverse charges on the card used?

    Or call the bank and get MS blocked from taking money.

    Don't leave it up to MS to stop someone spending your money.
    Edited by Dreadaxe at 06/01/12 @ 17:32

  • geoneo123 #31 5 months ago

    This is the reason why you should never keep your card details stored on your account!

    > Opens new tab to xbox.com to remove card details :o

  • Psychotext #32 5 months ago

    I find myself asking... just how inept do you have to be that you can't properly lock an account on a system / service that you control in its entirety?

    I can only assume it's that they just don't care to do it properly, because at some point or another any XBL purchase will have to interface with their systems, and it sure as hell could be blocked if they were willing to put the functionality in place.

    That they didn't even bother to contact her so that she could cancel her cards / paypal... disgusting.

  • George-Roper #33 5 months ago

    @Rogueywon

    FIFA is used because they can buy in-game DLC 'cards' that can be valuable.

    They buy the cards DLC, which have random content and then trade them over to another account. I assume they then sell the cards to make some profit.

    http://forums.xbox.com/xbox_forums/xbox_support/f/9/p/140071/721355.aspx

  • Darren #34 5 months ago

    What is really disturbing about this story is that Microsoft were unable to block this account as soon as suspicious activity was reported on it which meant the culprits were able to continue using it fraudulently. That really is shocking IMO.

    I don't believe Microsoft have been hacked myself. It's either some security breach at EA's end, who I understand have some special arrangement with Microsoft regarding Live, clever phishing attempts (does this Susan T have a gullible young son who uses Live?) or even someone guessing the passwords for people's accounts because they aren't very secure (you should always use a combination of upper and lowercase letters plus numbers IMO and the longer the password the better, at least ten characters).
    Edited by Darren at 06/01/12 @ 17:00

  • homerramone #35 5 months ago

    Im curious to know how this would even work.

    If you buy points on a gold account thats where they stay.

    Theres no way that ive found of transferring them to another account.

    You could download stuff on an xbox using a hijacked account and then play them on that xbox even without the hijacked account logging in - but thats not really stealing points and transferring them to another account is it ?

    And if this is what has happened then the xbox that downloaded them will show up to both you via xbox.com and M$. Which I suspect would make it pretty easy to trace.

  • Der_tolle_Emil #36 5 months ago

    Small typo in the article here: "Sysan T" also talked to Microsoft again. Should be "Susan T".

    Anyway, I still have my doubts about MS getting hacked, their security is usually very tight (and please don't mention their OS, that's completely different). It is, however, absolutely appalling that

    a) customer support was unable to block her account
    and
    b) customer support did not tell her to immediately cancel associated credit cards / paypal accounts.

    Maybe they did tell her and she simply did not do it but at any rate how this has been handled so far is worrying - regardless of how her account was obtained.

  • remote #37 5 months ago

    My account was hijacked just before Christmas, which meant no xbox live over the holidays. :( MS told me I could play as normal, but offline, which didn't seem too bad. However, when they then told me my account was fixed, and I had to redownload my gamertag, it wiped any achievements that I'd got during that time, which pissed me off a bit (well, a lot actually, as I won't be able to get those achievements again without 20-30 hours of replaying stuff). To compensate, I do have three new achievements that the hackers got for me while playing with my account (in Fifa12, which is where I'm told the points were spent).

    The hackers bought a total of 8500 MS points, which microsoft say they have now refunded, but I'm still waiting for it to show up on my card. I used a unique username and password combo for live, so I don't think this was from another site being hacked, it has to be xbox live. No one from microsoft will give me any kind of explanation for what happened, they just said something along the lines of "the hackers have very sophisticated methods that I can't go into details about now".

    While it hasn't completely put me off using xbox live, I will no longer keep payment methods stored on there, even though it's a pain to keep adding and deleting them or using prepaid cards. That will probably lead to a lot less impulse buys, due to the hassle involved.

  • Der_tolle_Emil #38 5 months ago

    @homerramone You could download stuff on an xbox using a hijacked account and then play them on that xbox even without the hijacked account logging in - but thats not really stealing points and transferring them to another account is it ?

    Well, it's like paying for something with someone else's wallet - you could transfer the money to your wallet first and then use your wallet but it hardly makes a difference.

  • Penguinzoot #39 5 months ago

    Truly Shocking stuff :/

  • Jay-ITFC #40 5 months ago

    @homerramone FIFA Ultimate Team. Buy packs with MS points, trade valuable cards to regular account, sell cards via eBay and the like. They did it to me in September!

  • Psychotext #41 5 months ago

    @homerramone It's not the points they want, at least not directly. The points are just used to buy Fifa Gold packs (and similar things) which are then sold on eBay. Tracing the packs is one thing, but would only get you the person who bought the packs from the person who stole the account.

    You'd obviously need to work with eBay (or whatever random auction sites are out there) to get the person who actually stole the points / money. Plus, in a lot of cases the person selling the gold packs didn't actually steal the account in the first place, they bought it from someone else (see earlier link with auction site showing hundreds of hacked accounts for sale).

  • captain_Carl #42 5 months ago

    Hopefully they can stop sticking their fingers in their ears and pretending everything is okay

  • VibratingDonkey #43 5 months ago

    Everyone but Microsoft has been saying it for months;
    two-step verification.
    Use it for logins from unverified systems and for changing sensitive details, such as passwords and region migrations.

    It would severely restrict the number of successful hijacks, nigh on extinguishing those done through phishing and social engineering. And just generally make it much less of a hassle for everyone.

    Usage of two-step verification ought to be required by global internet law for sites and services storing card details, funds or digital content licenses.
    Edited by VibratingDonkey at 06/01/12 @ 17:17

  • Gecks #44 5 months ago

    @homerramone they changed the account in question to a family account (or maybe it was already a family account?). family accounts let you transfer points to any accounts you link to it.

  • Der_tolle_Emil #45 5 months ago

    What makes me wonder is how much of a role EA is playing in this. Fifa12 might make hijacking accounts much more lucrative since you are able to trade stuff but even without being able to trade valid XBLA logins would be valuable yet it only really started with Fifa12 to get out of hand.

    @VibratingDonkey: Two step verification makes sense but it seems like there are different standards depending on the region as well. I moved from Austria to Switzerland about four years ago, my account region is still set to Austria - nobody is able to change that. I am not able to buy certain things on XBLA because of that, I cannot even use my credit card because the countries don't match. So some kind of region checking is employed.

    Since my CC is not working I switched to PayPal last year when it became available. I managed to lock myself just last weekend - had a few friends coming over and went a little crazy in the Rock Band store. Locked my own account because I was spending too much money. After asking around it turns out that there is a limit on how much you can spend via PayPal in any amount of time. I think it was 60 Euros (5000 mspoints) every 24 hours to prevent abuse.

    Nothing really replaces asking for the CVV of your CC or having to log in again with PayPal when you want to use it but at least some restrictions are there. In fact both of these restrictions would have prevented what has happened here. Sadly it seems they are only there because they are mandatory in Europe but not in the US.

  • remote #46 5 months ago

    Are these the kind of ebay sales where people are selling stuff which was bought with stolen points? They look pretty dodgy to me..

    http://www.ebay.co.uk/csc/i.html?_nkw=dust%20%2B%20fifa%20coins&rt=nc&LH_Complete=1&_fln=1&_trksid=p3286.c0.m283

  • Nismo400R84 #47 5 months ago

    you can remove your cc details on xbox.com by going to my account ,manage payment options and it will give you the option to remove details (just done it after pooing myself after reading this story)

  • Ford_Assassin #48 5 months ago

    My account was hacked a few years back took my gamertag changed the name and spent £80 on Microsoft points, lost xbla games,game saves, game achievements attached to account nothing Microsoft can do which is rediculous , they refunded money and that was it got back my old gamertag name only due to the person who took it had changed the name, got nothing else back. Severely pissed off at the time.

  • RedRain #49 5 months ago

    I wonder who is right have microsoft servers been compremized or have people entered there details on to a dodgy site

  • George-Roper #50 5 months ago

    @RedRain

    In my case, most definitely not the latter.

    Although, curiously I also had my EA Origin account hijacked a couple of days before my XBL account. Both using different usernames and passwords.

  • Leolian #51 5 months ago

    I had my account hacked a few weeks ago, bought £89 worth of live points and all spent on fifa 12, so slightly different. Microsoft blocked my account for 3 weeks, then returned it, refunded the money and gave me a month of live time free. Not bad service from my point of view. I can appreciate others had different experiences.

  • WinterMute78 #52 5 months ago

    @wizlon I think you can remove your CC details but you have to do it on Xbox.com not on the Xbox it's self. A friend of mine had to remove his after his son kept buying things in his CC and that was how he did it. But that was on the last xbox.com incarnation and things have changed now

  • Monkey_Chops #53 5 months ago

    Guys, if your account has been hacked and your credit card details stolen, cancel your credit card and as your card is insured by the credit card company, they should either reimburse you the money or write it off. Let their fraud team sort out the issue with Micro$oft.

    Obviously, if you've put debit card details on there, you're slightly fucked as that is technically your money down the drain.

  • Sar #54 5 months ago

    I had my Xbox Live account hacked last month, and the fuckers stole £75 from my account by purchasing Points to buy Fifa12 gamepacks.

    I've yet to receive a refund from MS, and I refuse to update my now cancelled bank card I had on the Xbox account in order to stop this from happening again.

  • Promethean #55 5 months ago

    Someone tried to buy MS points with my account, but luckily the only registered credit card was an old expired one and the only reason I found out was due to receiving an email saying my purchase failed to go through.

    I've always bought XBL codes from the likes of cheapxboxlivecodes.com and will never register a credit card on my account again. My friend has his registered and can't remove it, so I had him change a few of the numbers so any attempt at use will fail.

  • darc #56 5 months ago

    Just went through the same thing in November, to the tune of $125. Cancelled the card and the bank should refund the amount loss, but still a hassle.

  • LadyElysium #57 5 months ago

    @miiiguel

    "I believe, in this case, it must have been phishing she seems too innocent"

    Are you only saying that because I'm female?

    The second I realised my money had been stolen I was straight on the phone with Microsoft, my bank and PayPal. Within 30 minutes all three had been contacted and were aware with exactly what was going on. I changed my password to my online banking account, my paypal account and tried (unsuccessfully) to change my Xbox password; but informed Microsoft that it had obviously been changed by the guy who used it. They assured me that they would change it for me.

    How else could I have secured my accounts? What would you have done differently? Sure, I should've unlinked my PayPal account from my Xbox account, but as Microsoft assured me (more than once!) that my account had been blocked from all use, I saw no point. Hindsight is a wonderful thing, isn't it? That is the only thing I could've done differently in this situation.

    And as for the "phishing" comment - I am certainly not that idiotic that I would fall for such a blatant scam. I'm 23yrs old, not 73 after all! I have never handed out my details, I have never clicked on a suspicious link and entered in any sort of personal information and (finally) I have set up my computers to run MSE/CC/SB:S&D/Malwarebytes to run at midday every day so I am pretty confident that no keyloggers were behind this.

    I am, however, completely open to suggestions at how to protect my account from further abuse in the future.

  • homerramone #58 5 months ago

    By the sounds of most of the 'it happened to me' comments here the problem lies largely in the way the fifa 12 pack stuff works...

  • riseer #59 5 months ago

    Lol goes to show even Ms isn't safe..

  • FuzzyDuck #60 5 months ago

    Ah, the digital future.

    Disgusting that Microsoft couldn't (wouldn't?) do more.

  • agparrot #61 5 months ago

    @homerramone "By the sounds of most of the 'it happened to me' comments here the problem lies largely in the way the fifa 12 pack stuff works...
    "

    I thought this was the case originally, too... but I think the reason that Fifa 12 is the method of perpetration is more that it is about the only way on the European versions of Xbox LIVE accounts to turn things you can buy in points into cash money, by selling them to people on the internet.

    I'm not saying that means that some sort of weakness in the way EA's proprietary servers interface with LIVE hasn't caused this, of course. I don't know if Susan T has created an EA account, but it would seem in her case the hack took a very different shape anyway, the hackers focusing on purchasing a Family Pack so that they could buy and then transfer the MS Points to separate LIVE accounts that are then sold, wholesale with points, on the Polish ebay-type sites.

    It just seems that in some cases for FIFA 12, the hackers created EA accounts on the gamertags that they had hacked, rather than hacking the EA account and tracking this back to the gamertag.

  • VibratingDonkey #62 5 months ago

    I'd advise people to change their Live ID to a unique email, use a unique, strong (random 16 character) password, another one for the security question, avoid leaving Microsoft Points lying around, and attempt to remove all payment options from your account.
    https://account.live.com/summarypage.aspx
    https://live.xbox.com/Account
    http://keepass.info/

    One thing that's interesting is that Microsoft does have two-step verification set up, they're just not using it for anything that would actually protect your account or sensitive details/options from unauthorized access. I have absolutely no idea why that is. It is really weird. Flabbergasting even.

    Check it out.
    It is only used for verifying changes made to those specific security details.

    Although it's currently not used very efficiently, it probably still helps a little since having those details makes it easier for customer support to verify identities and such. Although training and policies matter a lot. If reps don't use those details for verification then they're kind of useless.

    Beyond doing the above I've changed my Live password like three times since I first started hearing about the FIFA hack in October. If I'm hacked then all hope is lost.

    ----
    RE removing payment options
    I used to believe you needed to have one payment option on file since auto renewal was on. But now that you can disable auto renewal I still couldn't remove my Paypal account, xbox.com implying because it was associated with an active service. Which I suppose it is since I used it to pay for that service (20 months of Live Gold). Why me having used a payment option to pay for a thing means I can't remove it from my account I do not know.

    So I removed my debit card from my Paypal account, which has and always will have 0 money in it.

    Might help someone, maybe.

  • agparrot #63 5 months ago

    @VibratingDonkey

    "RE removing payment options
    I used to believe you needed to have one payment option on file since auto renewal was on. But now that you can disable auto renewal I still couldn't remove my Paypal account, xbox.com implying because it was associated with an active service. Which I suppose it is since I used it to pay for that service (20 months of Live Gold). Why me having used a payment option to pay for a thing means I can't remove it from my account I do not know.

    So I removed my debit card from my Paypal account, which has and always will have 0 money in it.

    Might help someone, maybe.    "

    Does this mean that there are no card-based payment options on your Paypal account now? That's an interesting way of approaching it, as, like you, I couldn't remove Paypal as a payment option from my account because it was used to purchase a current subscription.

    I'm also a regular password-changer anyway, but the last thing I need is to be hacked, accused of being phished and, worst of all, have FIFA achievements appear on my account.

  • maxb #64 5 months ago

    After the last update I had someone appear on my friends list randomly then dissapear,lucky I have nothing on it for anyone to take.

  • PoorMaryBellows #65 5 months ago

    Both I and one of my friends had our accounts hacked in December, with the hacker racking up 10,000 MS points in moments and locking us out of our own accounts.

    And I can confirm with 100% confidence that neither myself nor my friend ever gave any information to any 'phishers'. In fact, I find it pretty appalling that Microsoft would rather soil the reputation of people who have had their accounts hacked (by saying they must be gullible idiots) than own up to the fact that there's a near-epidemic problem growing here which, from my communications with them, they really seem to have no idea how to stop.

    As for what the hackers did, so far as I understand it, they used the points they bought with my account to buy FIFA 12 team stuff (a game I don't even have) that could be sold for real money.

    The only good news about the whole sordid affair is that my account was ultimately returned to me by Microsoft without any loss of gamerscore. In fact, I had two new FIFA achievements that I would never have been able to get myself...
    Edited by PoorMaryBellows at 06/01/12 @ 19:25

  • VibratingDonkey #66 5 months ago

    @agparrot Does this mean that there are no card-based payment options on your Paypal account now?

    Yup. At first I was going to cancel my Paypal account, but noticed I could just remove my card instead.

    You probably can get your payment option removed from your Live account by messing about with phone support (I hope), but I prefer the path of least resistance. It's hardly a perfect solution though, depends on circumstances if it's a viable option at all. Using Paypal again obviously becomes a hassle.

  • agparrot #67 5 months ago

    @VibratingDonkey Using Paypal again obviously becomes a hassle.

    I think that maybe the hassle of adding a card, doing a transaction, and then removing the card from a Paypal account might be preferable to having money stolen from me.

  • arcam #68 5 months ago

    It's really quite disturbing to see how many people this has happened to even in this small comments section that is just a few hours old.

    I guess no one except MS knows how many people this has happened to, but I get the feeling that if it total numbers were revealed the entire gaming community would be horrified. I really hope EG keeps pressing them, because it doesn't seem like anyone else is.

  • DiamondIce #69 5 months ago

    @Netlon #6

    I called MS Support to remove my credit card this afternoon. They had to set my membership to silver and have sent me two months worth of Gold membership via codes. I have gained a couple of weeks out of this as my subscription was due in the 3rd week of February.

    After reading about this person on the forum I felt that I had to stop being lazy and call MS to get my card removed ASAP.

    I hope the person in this story gets it sorted out very soon. It must be awful having this hanging over them.
    Edited by DiamondIce at 06/01/12 @ 20:26

  • Fargazon #70 5 months ago

    This issue with XBL accounts is around for years.
    One account is hacked, MSP are bought on it and then MSP are transferred to a second (new) account.
    If we are writing here about allegro.pl there is a guy with a nick RESELLER79.
    Many accounts like the one I mentioned are used by the same person.
    He sells accounts with MSP ranging from 6000 to 12000 MSP.
    Let me just say I had some dealings with him.

    Those accounts are used to steal twice from XBL users.
    Like I have written before an account is sold with MSP.
    After 24h the seller is changing the password on it so the user who bought it is locked out of it.
    When few months pass and a substantial number of accounts with content bought on them is gathered, they resell those accounts again on allegro.pl.
    For the last step they usually use a new account to sell it on.

    Why allegro isn't doing anything about it ?
    Why MS isn't doing anything about it since it has been around for YEARS ?

    This problem till recently was "small" but in 2011 it escalated.
    In these new cases FIFA 12 is used to buy ultimate team packs.
    People use a loophole which made stealing accounts easier.

    You can use best security measures regarding your XBL account (unique password only for that account etc.).
    In the end it doesn't matter because every account can be stolen.

  • ballshock #71 5 months ago

    Post deleted at 14:34:07 07-01-2012

  • man.the.king #72 5 months ago

    @arcam

    I really hope EG keeps pressing them, because it doesn't seem like anyone else is.

    True. For some reason, MS gets a pass on gaffes on their end from some Internet sites while Sony gets it up the arse.

    The only website which I saw had the balls to chase this up with MS when there was an outcry on forums was Ars Technica. This was a few months back.

  • Rev.StuartCampbell #73 5 months ago

    So nobody's going to ask about the cat?

  • Machetazo #74 5 months ago

    http://www.destructoid.com/xbox-live-account-hacked-microsoft-is-there-to-not-help--219144.phtml

    A possible explanation of the points transfer process can be found within the comments, there for those asking: Family Gold accounts DO permit point transfer between attached accounts, according to that.

  • AnotherIdiot #75 5 months ago

    If it was phishing they should be responsible and force everyone to reset their passwords. And they should implement something like googles 2 step verification that would allow you to designate what devices are allowed access to your account. So you need an approved device and not just a password. Of course if the service itself has been hacked all of that would be futile, but they say it hasn't been.
    Edited by AnotherIdiot at 06/01/12 @ 20:50

  • Bin216 #76 5 months ago

    My XBL account was hacked early October 2011 and used to buy MS points which were then spent on FIFA 12 content (I presume on the tradable player cards).

    They used all the points on the account (around 4000), then bought a 6000 point bundle, spent those, then a further 2000 bundle, spent them, and finally the next attempt at a second bundle of 2000 points failed, then they transfered 1600 points to an account on my family membership (but not the one they had added).

    Microsoft blocked spending on it almost immediately, but after that the fraud team moved at the speed of an arthritic sloth. After just over 2 weeks they canceled my Gold Family Subscription and exactly 3 weeks from first informing them they released the account back to me, but failed to remove the spending blocks.

    When I spoke to the XBL support line, I was repeatedly told they couldn't remove the blocks, that only the fraud team could and they couldn't even see anything on their system about any progress as the fraud team run their own separate systems to which first line have no visibility.

    It took a further 4 whole weeks (exactly 7 in total start to finish) until my account was unlocked.

    I know for a fact I did not share my live passport login details on any "shady sites". In fact I am sure I did not even log in to the passport except on xbox.com and microsoft.com.

  • VibratingDonkey #77 5 months ago

    Here's an interesting theory.
    http://www.neogaf.com/forum/showpost.php?p=34050057&postcount=365

    @agparrot I think that maybe the hassle of adding a card, doing a transaction, and then removing the card from a Paypal account might be preferable to having money stolen from me.

    Yeah, but at some point it becomes less of a hassle to solve it through Microsoft's phone support. Think I'll manage though. I've basically only ever used Paypal for Humble Bundle and such. And you don't have to use Paypal there I think.
    Edited by VibratingDonkey at 06/01/12 @ 21:26

  • Gossy #78 5 months ago

    I was hacked in August, took two investigations over six weeks to establish that my account had been accessed by someone other than myself. Then took a further 10 weeks to get a refund, despite Microsoft saying it would be showing on my statement within a month. Wasn't impressed with how long they took to refund me - lost considerable amounts of my own time on hold to them, just to establish that the refund hadn't been processed and the entire procedure had to start again. Taken my card off my live account now and will be using cards if I ever decide I want to purchase something off the marketplace. It it wasn't for the amount I'd lost totalling £93.50 I think I'd have given up. Piss poor customer service throughout the entire experience.

  • captain_Carl #79 5 months ago

    Help the girl that was making a fuss to shut her up, then go back to doing fuck all

  • YobRenoops #80 5 months ago

    I'm sorry but this reply from Microsoft isn't good enough. Are 100s and 100s of people really being scammed by malicious websites? Really?

    If you remember they denied RROD for months...

  • americorloliveira #81 5 months ago

    @munkymatt I can not log in to, costumer suport said that forward the problem to a special team and that will take 5 to 21 days to give an answer. I can not log in, can not play with that gamertag and can not access the purchased games

  • George-Roper #82 5 months ago

    In recent cases, some Xbox Live members appear to have been victims of malicious scams. Unfortunately this is something that affects many internet based services.

    Bullshit.

  • dirtysteve #83 5 months ago

    I got a weird receipt telling me I had bought a load of XBOX points a while back, but it was refused because (thankfully) my pre-paid card was empty.
    I messaged MS and I just got the usual 'change your password' spiel.
    There was zero chance of phishing, so II'd quite like to know how they placed the order.

    Maybe I should have been more vocal, how many of us are there? Anyone else here get the same?
    Edited by dirtysteve at 06/01/12 @ 23:23

  • FredD #84 5 months ago

    @man.the.king In our defense, we've spoken to Microsoft a number of times about security issues in the last few months:

    http://www.eurogamer.net/articles/2011-11-10-fifa-ultimate-team-xbl-account-hijacks-were-not-a-hack
    http://www.eurogamer.net/articles/2011-10-14-xbl-accounts-hacked-to-buy-fifa-packs
    http://www.eurogamer.net/articles/2011-11-24-ms-investigating-xbox-live-refund-customer-service-complaints

    Believe me, we've been trying to get more clarity on all this since it first started, and will continue to do so.

  • FortysixterUK #85 5 months ago

    @wizlon
    Actually this is not the case, in November last year my sons XBL account was hacked for £85 from an Abbey national/Santandercard that was 2 months out of date.

    The money went out from my bank despite this.

    Luckily my son was very switched on, saw the issue and the points transfer was cancelled, however, all this time later, despite numerous calls to MS, the money has not been refunded, and he still has 10000 MS points on his XBL account. I have now given up trying to get the money back from MS as their rules on getting things sorted are ridiculous. They were insistent on a USA based fraud investigator speaking to both myself ( the card holder ) AND my son at the same time. Thanks to my varying and long shifts, the only time this was possible was late thursday or late friday afternoons. The three times they rang us to start sorting things out I was at work, and despite giving the relevant people detailed info about times I'd be available, they never seemed to listen, and getting through to these people on our terms proved so problematic, I just gave up.

    Lets not forget the fact that 1) money was taken from my bank due to their error. (2) the card was out of date due to the banks error, (3) my sons XBL account was temporarily closed by MS for 4 weeks.

    From now on, any XBL purchases, including the annual service will be bought with pre paid points cards and pre-paid XBL subs cards. NOT the most convenient purchasing process, as you can imagine.

  • VibratingDonkey #86 5 months ago

    That boilerplate response from Microsoft is growing increasingly frustrating. They've been saying the same thing for months, and guess what, nothing has changed. I can not believe they persist with that shit.

    Fully aware of two-step verification being a highly effective measure against the scams they're claiming is the cause, Microsoft completely ignores this solution, and goes on to mention how much they care about the online safety of their users.

    But awesome Microsoft, good job, you helped this one customer with her problems. Now what about all the others who have not managed to kick up a stink about their case and become a PR problem which requires special treatment?

  • Progguitarist #87 5 months ago

    Microsoft: "LA LA LA LA LA... Its not happening!!".

  • arcam #88 5 months ago

    I guess it's lucky everyone in the US gave up their right to sue them for any reason in exchange for last month's dash update :p

  • steoconnell #89 5 months ago

    Did you just rob this story off Kotaku?

  • michaelius #90 5 months ago

    Bring case to media attention seems to accelerate Microsoft support to hyper speed :D

  • George-Roper #91 5 months ago

    @FredD

    Interesting links, especially the first. This comment in particular from that article...

    Everyone I've seen this happeebn to so far had their EA account hacked, and the personal data attached to that used to reset their xbox live password via customer services...

    I see several steps at which security here can be improved...

    This is exactly what happened to me. EA account went first, then XBL. That cannot be a coincidence!
    Edited by George-Roper at 07/01/12 @ 00:41

  • DodgyPast #92 5 months ago

    So MS know there's a security issue and are systematically lying about it.

    Please let there be a juicy leak that shreds their tissue of lies.

  • Psychotext #93 5 months ago

    What's most concerning about the stock response they keep giving is that they actually seem to believe it. I get the feeling that they've gone into full on head in sand mode and wont even entertain the possibility that there's a weakness (even a small, procedural type of weakness) in the system somewhere.

    Aside from, you know, not being able to properly lock accounts or offer two step authentication that is.

  • FredD #94 5 months ago

    @steoconnell No. Microsoft is entitled to give the same statement to more than one site.

  • Scrapper #95 5 months ago

    It's not a handful of instances. IT IS THOUSANDS OF STOLEN ACCOUNTS.

    The same news story eurogamer have linked to has a website with thousands of accounts up for sale. Microsoft are lying about the seriousness of this just like they did with RROD.

  • man.the.king #96 5 months ago

    @FredD

    Believe me, we've been trying to get more clarity on all this since it first started, and will continue to do so.

    Thanks for that.

    I don't have CC details on my XBL account, but I would like to make sure as well that my account profile details have not been hacked, as in future I may decide, for purposes of convenience, to add them, probably when I buy the next generation console of the XBox. I did update my XBL password when I recently purchased another 360 (Slim with Kinect), and hopefully that will be enough to protect me.

    I actually created an account for my wife as well, back when I purchased my first 360 in 2006, in the hopes that someday she might feel like joining me, a hope which has since proved futile :).
    Edited by man.the.king at 07/01/12 @ 02:46

  • orangpelupa #97 5 months ago

    Thanks EG for giving this issue more attention.
    Shacknews also posting quite detailed article about the hacking issue.

    i need to post xbox hacking news too at news site in my country, ASAP.
    after shacknews's article and now EG's article make me sure there really IS something wrong happening here with attack vector from fifa/xbl.

  • Jay-ITFC #98 5 months ago

    I will reiterate that it's FIFA Ultimate Team that's the driving force behind all of this.

    XBLA titles and game add-ons are somewhat protected in that they are tied to 1 gamertag and 1 console. They have no real value since once MS has recovered a stolen gamertag to the original owner (and he/she could then licence transfer) the hacker is left with nothing.

    When it comes to these UT packs and cards however it's a trading free-for-all not helped by the back door of the web app. Once an account is hacked I imagine the MS points are bought/spent and the valuable cards transferred to a different account all within a matter of minutes, an hour tops. Since UT is all done server side there's no protection - cards or coins can be sold on eBay or similar auction sites and then exchanged via a quick in-game trade offer.

    This has gone on for too long. MS and EA need to get their heads together and work out how they are going to stop this before Euro 2012 and FIFA 13 hit later this year. Not good enough.

  • Arsecake_Baker #99 5 months ago

    "This payment option cannot be removed at this time. Go to the Payment method information page to view services associated with this payment option."

    Completely outrageous!

  • Scrapper #100 5 months ago

    @Jay FTC:

    It's no longer seeming like a case of EA Fifa Ultimate Team that is responsible (though it is possible). It's sounding more and more likely that its an inherent flaw with all of Microsoft's Live ID service, potentially affecting XBL, Hotmail, Zune, and every other "service" they link.

  • sfp_noodle #101 5 months ago

    When this happened to Sony last year they got torn to shreds by both the press and the general gaming public. They deserved it too. So far however, there hasn't been any confirmed reports of even one person having money stolen from them as a result of the lulsec hack, despite the hackers supposedly having access to CC info.

    Xbox Live is a paid for service and should have the best possible security measures. An MS mouth piece even said that they take security very seriously shortly after the PS3 hacks. Considering how much money they take from their members, they better well should take it seriously.

    If that was truly the case, then how the hell has this happened? Sorry MS, but someone losing money through an outside scam when they trusted YOU with their details is being hacked. It's telling that you only started refunding people once this story became more widespread and ignored the many many complaints that people had when they rang you up.

    It's also rather shocking that seemingly no-one has the balls to go after MS when this kind of shit happens. Judging by the comments section, it's been happening for over a year now and MS seem to have plugged their ears and pretended it'll go away like the RROD fiasco. Websites need to give this story as much coverage as possible and only then will MS really sit up and take notice. Stop picking sides and give as much coverage as possible. MS will continue to get a free ride on this sort of thing in the future if it's continuously ignored by journalists. Nothing sparks change like negative coverage.

  • Schlecht #102 5 months ago

    I made an account to post this: I have NEVER entered my login info anywhere. Nor do I use my Live password for anything else. Yet, somehow, somebody got into my account and downloaded themselves a copy of Age of Empires 3 for 3200 MSP, which from what I heard is a computer game. I NEVER use my computer for gaming, and have to hopefully get my account locked tomorrow. The only good news is that I use prepaid codes and haven't ever put in credit card info.

  • Schlecht #103 5 months ago

    @Arsecake_Baker I've heard that people just change their credit card info to a fake number. You might want to try that!

  • Clatoo #104 5 months ago

    My xbox live account has been hacked in early december.
    I am not a victim of phising, I know the ropes, it's my job.
    My Origin account has been hacked as well, but nothing lost there.

    What I find disturbing is that I have no credit card registered with the service, precisely to avoid this sort of situation.

    Of course, Microsoft told me that I do have a card linked to my xbox live account as this is mandatory.

    200 € stolen, 34,000 Mpoints gone and still no refund, no account back.

    Oh ! I did receive a 1 month xbox live gold membership voucher... (that I cannot use for lack of account).

    What a sad joke.

    If this taught me something, it is that there is a huge difference between what happens and what filters to the media when it comes to blue chip companies being hacked.

    ...And of course, that all of a sudden, we are not "that important" to them in the end...

  • Bullet_Tunnel #105 5 months ago

    welcome to capitalism comrade

  • Yossarian #106 5 months ago

    I am so glad I had Microsoft remove the CC details from my account and allow me to use prepaid codes exclusively.

  • waggy79 #107 5 months ago

    Same happened to me, they bought lots if FIFA content and ms points. Was told by support it must have been phishing. My account was locked for about 2 weeks. Take your cc details off and change your password every so often would be my advice.

  • Quine #108 5 months ago

    So this happened to me last September for about 50 quids worth of points. My XBox had been gathering dust in the spare room since Limbo came out and I certainly hadn't clicked on illicit phishing emails about my Live account, so getting an email talking about my points purchase was a bit of a surprise.

    MS certainly don't make it easy to find where to contact after you've been hacked, but I eventually got the right number and got the account locked pending investigation. I wasn't impressed that they *insisted* I give them a second 'non-compromised' email address- I guess in their world everyone uses hotmail/live.com/etc email addresses so they would be automatically be unsafe. Anyway it all got refunded after the standard few weeks Investigtion Time.

    Later that day I got a password reset email from some forgotten Mass Effect 2-era EA account, so there's definitely some sort of weakness on the MS or EA side of things or their trusted third party status on the XBox system. I'd love to hear what went down in their subsequent meetings...

    Edit to add: Also it's flaming obvious that there's suspect activity going on when a dormant account suddenly racks up dozens of small points pack purchases in a very short space of time- it would be easy for MS to monitor and alert for this type of automated behaviour.
    Edited by Quine at 07/01/12 @ 11:39

  • Alex_976 #109 5 months ago

    Well the next thing Eurogamer can do is either ask Microsoft and/or the people with hacked accounts, whether the hacked account was linked up with an EA account and see if there's any correlation there.
    Edited by Alex_976 at 07/01/12 @ 12:13

  • Bulbatron #110 5 months ago

    This is probably a really stupid question, so I apologise in advance, but if you remove any debit or credit card details, then how do you renew your subscription? What happens if you forget to renew it?

  • EuroStalker #111 5 months ago

    Welcome to Xbox Live experience! Pay an annual fee to get robbed.

  • captain_mailinator #112 5 months ago

    Funny that I read this today...this commentator also got his account hacked today (actual video starts at 2.05).

  • remote #113 5 months ago

    I'd love to see numbers on how many people have been effected by this..

    What can we do to try and get a satisfactory response out of MS or EA? I have always found that microsoft really don't give a fuck about whether you're happy with the service or not, any complaints I've had with them are totally brushed aside as I'm just one voice among millions of players.

  • remote #114 5 months ago

    Also, I just want to add that when my account was hacked, I'm glad I specifically asked on the phone how I can reset my password, as otherwise this doesn't routinely get done until a couple of weeks later, when they finish investigating. I assume that would have left the hackers open to continue using my account for the full two of three weeks.

  • Baihu1983 #115 5 months ago

    @Netlon They email you a code to get what ever time you had left from the gold account

  • agparrot #116 5 months ago

    Another theory I have heard suggested is that people are manipulating call centre staff, like they did years ago to get Live account details.

    So I guess my question to MS would be whether they keep records of calls made to their customer support, based on gamertag?

  • VibratingDonkey #117 5 months ago

    Just noticed there's a quote button. Neat.
    @Bulbatron This is probably a really stupid question, so I apologise in advance, but if you remove any debit or credit card details, then how do you renew your subscription? What happens if you forget to renew it?
    Retail subscription cards. Or just the codes.
    http://www.amazon.co.uk/s/ref=nb_sb_noss?url=search-alias%3Dvideogames&field-keywords=xbox+live&x=0&y=0
    http://www.cheapxboxlivecodes.com/
    There are also points cards.

    If auto renewal is off and the subscription runs out I assume you get bumped down to silver.

  • Netlon #118 5 months ago

    @Baihu1983 They do? Oh wow, it would've been nice if the bloke from their customer service would have told me that...

  • Marshall2008 #119 5 months ago

    I think that you will find that the majority of accounts hacked have been done by phishing scams and hotmail/live mail hacks. We see lots of customers who have their hotmail accounts hacked and their live accounts compromised. Live accounts are easily scooped up by malware on windows giving the username and password to hackers. Make sure your systems are secure and use a decent password for your accounts.

  • Slipstream #120 5 months ago

    I can tell you now. Alot of this comes down to people buying consoles and then trading the in with their details still on the console, this happens alot. When I worked at Gamestation I always made a point of asking customers if they had cleared the hard drive and if not would perform the HD wipe infront of them.

    So if you're tradining a console any time soon WIPE that hard drive especially if you've got card details on there because it's just easy purchases for the new owner of that console.
    Edited by Slipstream at 08/01/12 @ 01:45

  • Shane-360 #121 5 months ago

    Sick of seeing us guys being blamed for being got by darn Phishing, I got hacked on the 31st December, Xbox had a not bothered attitude, didn't lock my account down for 3 days after report, 21000 points stolen and spent on Fifa 12 Premium packs... PHISHING IS XBOX LIVES EXCUSE AND MANY OF YOU SUCKERS ARE SUCKING IT UP, Mark my words this will get worse before it gets better... I've contacted a list of news media groups but not one has even bothered to respond

  • WendellB #122 5 months ago

    I was hacked on 10/28/11 at 4am PST. Called MS Support 4 hours later and had my account locked. Only lost 1120 points ($14) when someone bought FIFA 12 items (1 silver upgrade, 7 premium gold packs and one premium gold jumbo pack). Luckily I had no credit card or Paypal associated with the account. Worst part is as of today, 1/8/12, this has still not been resolved by MS and my account/gamertag is still locked. This despite 3 calls to MS support and then I only count the calls that actually have gone through and have not been disconnected by the support person. So far MS have only given me 1 month of free gold membership.

    I have never played FIFA or any other EA sports game. Only EA games I have played is the Battlefield series. Don't think I was phished either as I have only used my Windows ID on the Xbox.com site.

  • Ripper84 #123 5 months ago

    I have had my account hacked, microsoft are currently investigating it, nearly 300 spent on Xbox But iv been reading up on the story above and the FIFA thing, I havent got FIFA but I have got battlefield 3 which I purchased when it was released, but only 2 weeks ago I activated the battlelog, which involved linking my gamertag to my EA gamer account Anyone else seeing a pattern

    I dont think its Microsoft as such thats letting us down but infact EA

    I haven't been phished either!!!

  • layleeloo #124 5 months ago

    I do sympathise with people who get duped like this, but at the same time how utterly stupid do people have to be to fall for shit like this. What is described on these auctions about must use points asap and if they dissapear its not his fault? Are alarm bells not ringing in peoples heads at this? It sounds harsh to say but if people are stupid enough to buy things which are described like this, then they only have themselves to blame for being duped. After all, you'll never eradicate fraud - your only defence is to have half a brain about it which it seems some people, obviously don't have.

  • Shane-360 #125 5 months ago

    @Ripper84 Same thing here ref Battlefiled 3 and the battlelog. but I've had many EA games although not FIFA guss I go back as far as Burnout Revenge...here is my FB page I've mailed to all UK media for what its worth, basically all links I've found regarding this mess http://www.facebook.com/#!/pages/EA-FIFA-12-Xbox-LIVE-hacking-out-of-control/344173915595567

  • rudedudejude #126 5 months ago

    Sounds like an inside job to me.

  • pomegran #127 5 months ago

    I was hacked last November and £85 was taken from my account and spent on FIFA 12 packs. The whole investigation from call into them to refunded money took 3 weeks so well done to Microsoft there. My subscription was still active by the way but I simply couldn't buy anything.

    I must make this point though. You cannot remove your credit card if it is linked to a family pack. Just been through a long call with Microsoft about this and they can't do it. I think this is pretty awful. You have to cancel all the accounts and they give you back individual codes for each so you lose the cost advantage of the family pack.

    You've been warned!!
    Edited by pomegran at 09/01/12 @ 17:05

  • MoonBaseAlien #128 5 months ago

    My stepsons live account was hacked last night. They got over 150.00 from his bank account. We called today and talked to xbox live support, they verifyed he was hacked. Who ever done it changed his password to chinese. With bank charges for overdraft, he has a negitive of more than 200.00. Looks like xbox live is not very secure. I may close my account. They also said he will get a refund after a 15 day investigation.

  • pomegran #129 4 months ago

    @MoonBaseAlien How can they confirm he was hacked without an investigation? These things normally take 2 weeks?

    Just bear with them. It'll take 2-3 weeks to sort but you should be ok.

  • AshNG #130 4 months ago

    Read this a while ago and assumed people fell for some form of phishing scam... Turned on my console and noticed a message at the bottom saying console was last logged on from a different console and what do you know... all my points are gone! I would never give out my password or anything, there must be more to it.

    Last played game Fifa 12 (which I don't own)....

    Ringing MS first thing in the morning, already changed password.

    Just in case I ever forget, new password: DecemBER2012

    Update: 21min 45second conversation with MS, account will be locked for up to 25 days whilst under investigation.

    Update 2: Just rang MS again to get a free month code to use on another account while my account is being investigated!

    Useful information for others
    Contact number: 020 7365 9792 or 0800 587 1102
    http://www.xbox.com/en-GB/Live/Account-Security/What-To-Do
    Edited by AshNG at 12/01/12 @ 14:43

  • Gecks #131 4 months ago

    @layleeloo the auctions are for selling the profits of the hacks, not the origin of them! it's still not entirely clear how the hackers gain access to the profiles initially.

  • Caralon #132 4 months ago

    I just discovered about an hour ago that there was unauthorized use of my microsoft points off my account. Seems like I got lucky and they didn't get to my credit card.

    I called XBOX Support. The first person I spoke to seemed confused and unhelpful but when I talked to a supervisor he was good stuff. That might be a good route.

  • monsieur-Vile #133 4 months ago

    I have had 2,800 points stolen not much help either.

  • Vikingod #134 4 months ago

    This happened to me in October. I don't have an Xbox, but they used my GFWL account which I hadn't used in 22 months. They bought a family Xbox Live subscription and $90 worth of points.

    I will say... though it took a while on the phone, but MS Support was very helpful in getting my money refunded (it helped that I don't have an Xbox and was very insistent). I had my cash the next day. They froze my GFWL account to investigate but nothing came from it. I had to cancel all my credit cards and watch my deposit accounts almost hourly. I won't ever be purchasing anything using their service again, but I will attest to their support.

  • theonlyix #135 4 months ago

    My account was hacked last night, they bought something called "Premium Gold Jumbo" . Funny thing is, im pretty sure they havent "fished" my pwd as i only use it for xbl and windowslive/msn (which im usually not using).

    There seems to be a friend added to my account that i wasnt aware of before, and on the day today, someone logged in on my xbl account from another console although MS assured me it was locked since this morning (and they tried locking it again while on the phone without luck)... damn. Also, while i was on the phone with the Xbox rep, i got an email from EA with the topic "thanks for playing FIFA 12" etc.

    However, ive never played FIFA and i never will!


    My ten cents on the issue is that EA is somehow involved in this, atleast it seems to be the only way for scammers to get cash away from the xbox accounts.
    Edited by theonlyix at 22/01/12 @ 14:35

  • lizzie #136 4 months ago

    My sons xbox live account was recently hacked to the tune of £233.75 on my card (which was kept on his account for auto renewal, and which took a costly phone call to Microsoft to have removed).

    It was used by a thief to purchase Fifa12 packs which I understand can be traded to other accounts. Unfortunately my son does own and play Fifa12, and at the same time as the thief was having fun with my card, my son was also buying a few Fifa12 packs using the points redeemed from an prepaid card xmas gift. I understand this is a common method used by the hackers, loads of small transactions which get mixed up with genuine ones.

    Microsoft are investigating, but their initial response was that my son must have made the purchases. However his download history tells a different story. Please correct me if I'm wrong but how can his history show one item downloaded, yet the billing say he's purchased 20 different things on the same day, or am I missing something here? Plus there were purchases on a day when all the family were out so he couldn't have made purchases. So far 5 calls to Microsoft's 'very helpful, please take your time madam' ,but it is a premium rate number so they dont mind if you are on the phone for an hour; has the case getting a second look and interestingly the latest Microsoft advisor freely stated to me that windows live accounts (linked to xbox live)are really easy to hack!!!

    Just thought I'd share and if I am being dim about sons downloads not matching his billing, please enlighten me. ( Son is trusted he's had the account 3 years with no problem and knows he'd be found out and I'd go mad if he spent money without permission.

  • valyrian #137 4 months ago

    Drop the thiefs details on this site Susan, id be more than happpy to terrorize him for you
    His home or mobile number will do

    Really Trading Standards should be contacting Microsoft and asking if and why they cannot remove credit cards from certain accounts, and when this is comfirmed they should be telling Microsoft to cease all credit card transactions until customers can remove their details
    Edited by valyrian at 27/01/12 @ 16:04

  • Mr #138 4 months ago

    It's still going on. My (security conscious) friend was hacked yesterday and a ton of MS points bought in his name, and the ones already on his account stolen. His account has been frozen now for the foreseeable future.

    I urge all XBL users to remove your credit cards (you have to call M$, who are very weird about the whole thing when you call) from your accounts and change your passwords ASAP.