If you click on a link and make a purchase we may receive a small commission. Read our editorial policy.

FIFA Ultimate Team XBL account hijacks were "not a hack"

Microsoft insists user security is "ingrained in its DNA".

A recent spate of Xbox Live account hijackings involving unauthorised FIFA Ultimate Team pack purchases are not due to a system exploit or hack, Microsoft has clarified.

Speaking in an interview with Eurogamer, Microsoft's online safety director Doug Park insisted that the problem didn't represent "a new attack vector".

"It's not a hack, it's really just a different way to monetise stolen accounts," he explained.

"Any service has compromises. Facebook has compromises, WOW has compromises. What they're really doing is trying to make money off those compromises. So FIFA is a very popular title - it's just a new way for the bad guys to make money. It wasn't, based on our investigation... we didn't see anything new. It was just a different avenue."

When pushed for more information on exactly what the thieves are up to, Park suggested that a run-of-the-mill data phishing scam was the cause, though wouldn't go into specifics.

"I'm not getting into super detail on that, but there are the basics of account compromise. There's phishing, there's social engineering, there's malware. Based off of the industry today, most of it comes off malware and phishing. If they get the accounts, they sell it," he said.

"That's really all they were doing. Whether it's FIFA, or an account with a PlayStation subscription, or an account with a Live subscription, it's all basically the same thing."

So, what is Microsoft planning to do to ensure it doesn't happen again? Xbox communications director Craig Cincotta chimed in, insisting that protecting its users from security threats is "ingrained in the DNA" of Microsoft's business.

"You come in every day and try to stay ahead of these things. There are teams of people who are thinking about this day in, day out," he explained.

"You try to get to the place where you're most prepared and most well informed. That's a constant state. It's not like it's, 'Oh, we've solved that security thing'. No. You just constantly do it.

"Part of it is the responsibility to our user base. If we're going to provide people with the types of functionality and experiences they want, it's our responsibility to stay ahead of the types of exploits that we need to protect people from."

The FIFA issue first raised its head last month, when a significant number of users reported that their accounts had been taken over by cyber thieves and were being used to purchase FIFA Ultimate Team content packs, presumably for re-sale.

At the time, Microsoft announced that it was "working with our impacted members directly to resolve any unauthorised changes to their accounts."

Will you support Eurogamer?

We want to make Eurogamer better, and that means better for our readers - not for algorithms. You can help! Become a supporter of Eurogamer and you can view the site completely ad-free, as well as gaining exclusive access to articles, podcasts and conversations that will bring you closer to the team, the stories, and the games we all love. Subscriptions start at £3.99 / $4.99 per month.

Tagged With

About the Author

Fred Dutton avatar

Fred Dutton

Contributor

Fred Dutton was Eurogamer's US news editor, based in Washington DC.

Comments

More News

Latest Articles

Supporters Only

Eurogamer.net logo

Buy things with globes on them

And other lovely Eurogamer merch in our official store!

Eurogamer.net Merch