Skip to main content

Microsoft: Xbox Live has not been hacked

Gamers suffering from "malicious" phishing scams.

Microsoft has once again insisted Xbox Live has not been hacked.

The company issued a statement today following an article published on the front page of today's The Sun newspaper titled: "XBOX CYBER FRAUD."

The Sun alleged thousands of Xbox Live accounts have been hacked into and millions of pounds have been stolen, with an average loss to UK gamers of around £100.

In response, Microsoft blamed the issue on phishing scams.

"The security of Xbox Live members is of the utmost importance, which is why we consistently take measures to protect Xbox Live against ever-changing threats," a Microsoft spokesperson said.

"Xbox Live has not been hacked. Microsoft can confirm that there has been no breach to the security of our Xbox Live service.

"In this case, a number of Xbox Live members appear to have recently been victim of malicious 'phishing' scams (ie. online attempts to acquire personal information such as passwords, user names and credit card details by purporting to be a legitimate company or person). As a result, we are currently:

  • Working closely with affected members who have been in touch with us to investigate and/or resolve any unauthorized changes to their accounts resulting from phishing scams;
  • Warning people against opening unsolicited e-mails which may contain spyware and other malware that can access personal information contained on their computer without their knowledge or permission;
  • Reminding all customers that they should be very careful to keep all personal information secure whenever online and never supply e-mail addresses, passwords or credit card information to strangers.

"Microsoft remains vigilant at all times regarding the security of Xbox Live customers."

It advised those affected to call Xbox Live Customer Service on 0800 587 1102 or visit www.xbox.com/security.

Earlier this month Microsoft told Eurogamer the recent spate of Xbox Live account hijackings involving unauthorised FIFA Ultimate Team pack purchases were not due to a system exploit or hack.

Microsoft's online safety director Doug Park insisted that the problem didn't represent "a new attack vector".

"It's not a hack, it's really just a different way to monetise stolen accounts," he explained.

"Any service has compromises. Facebook has compromises, WOW has compromises. What they're really doing is trying to make money off those compromises. So FIFA is a very popular title - it's just a new way for the bad guys to make money. It wasn't, based on our investigation... we didn't see anything new. It was just a different avenue."

Park suggested that a run-of-the-mill data phishing scam was the cause, though wouldn't go into specifics.

The FIFA issue first raised its head last month, when a significant number of users reported that their accounts had been taken over by cyber thieves and were being used to purchase FIFA Ultimate Team content packs, presumably for re-sale.

At the time, Microsoft announced that it was "working with our impacted members directly to resolve any unauthorised changes to their accounts."

Read this next