March 20, 2007 6:15 PM PDT

Microsoft probes possible Xbox Live fraud

Microsoft is investigating possible fraud on its Xbox Live online gaming service, the company said Tuesday.

The investigation comes after gamers reported having their Xbox Live accounts hijacked and their credit cards used to buy "Microsoft Points," the virtual currency on Xbox Live, which has more than 6 million users.

"Recently, there have been reports of fraudulent activity and account theft taking place on the Xbox Live network," a Microsoft representative said in a statement provided to CNET News.com. "Security is a top priority for Xbox Live, and we are actively investigating all reports of fraudulent behavior and theft."

Gamers have been reporting the incidents for some time in online forums--including on Xbox.com--and to Microsoft's Xbox help desk. Many users of the Microsoft console have been frustrated with the software giant's response to date.

"My Xbox Live account was hacked and all credit card info was stolen and used to run up points...Microsoft says: 'Oh, well, better call your credit card companies, nothing we can do,'" one user wrote on the Xbox Web site last month.

Security researcher Kevin Finisterre was playing Halo on a recent night with several friends when some of their opponents threatened to steal their accounts, he said.

"Literally the next day my girl's account was locked out," Finisterre wrote in an e-mail Tuesday. "I received a message on my Xbox that said: 'We are sorry we must log you out of Xbox Live because someone else is using your Gamertag.'" The account was banned. A "Gamertag" is a person's account name on Xbox Live.

Finisterre said that calling Microsoft was no help and that he got the runaround from the support people who answer 1-800-4MY-XBOX, the official help line. "My account is currently being investigated after about seven frustrating calls," he wrote. An edited recording of several calls he made is available on Finisterre's Web site.

While some users believe the security of Xbox Live was breached, others suggest that users were tricked into giving up enough information while in a game so fraudsters could call Microsoft to change the account information. Users may also have been duped into giving up their account information through phishing scams.

Microsoft asks any Xbox user with a question about the security of their Xbox Live account to call in. "An Xbox customer service representative will help them understand our security policies and procedures," the representative said.

See more CNET content tagged:
Xbox Live, Microsoft Xbox, fraud, credit card, representative

63 comments

Join the conversation!
Add your comment
MS and Security
"Security is a top priority for Xbox Live,..."

Just like it is with their operating systems, office applications and web browsers... nuff said.
Posted by MadKiwi (153 comments )
Reply Link Flag
Security requires you to be smart too!
I am waiting to find out just how many accounts were compromised. With a gamertag, there's more to it than just the tag and your passcode. They also have to be able to get past a few other security questions (more than it takes to get into my bank account online even after they added additional security). If this were only 10 out of 6 Million, is MS to blame, or the users for giving up too much information?

Social Engineering is a key flaw in any security model. I don't care what OS you have, who provided your security software, or even how smart you think you are. Chances are someone knows enough about you to make educated guesses at your account names and passwords.
Posted by FusedAndCondazed (26 comments )
Link Flag
MS and Security
Just like it is with banks, the government, Linux, Apple, Sony, Home Security, dog food...the list goes on an on but I am not surprised, its the "cool" thing to slam Microsoft on everything.

You try supporting thousands upon thousands of configurations with people with the education level of a 5th grader. Let me know how that works out for you. Until PEOPLE evolve security is always going to be a problem.
Posted by krushyou (92 comments )
Link Flag
M$ does the best it can
While Windows security flaws are well known, OS X and linux have their own prblems but they will never be discovered as long as M$ owns 90%+ of the OS market. There is simply no profit for fishing scams, spyware or viruses with such few users. And those that do use windows should be smart enough not to click on everything they see online. I run Windows XP with no anti-virus and as long as I dont do anything stupid, I have no problems.

As for Xbox LIVE, I do not yet know of anybody that as had this problem but with all the mods I've seen so far, I'm sure that it's possible but I still often laugh at the empty threats given by angry punks that I pwn at GoW about having my acount shut down. I would'nt suggest that you give your credit card number to M$ and instead you should just opt for the prpaid cards sold in store.

If you share my views, wish to play with me or steal my account :),add Dino360 to your friends list!
Posted by dahwai (3 comments )
Link Flag
Expected
Of course something stupid like this happens, just when Sony is starting to tie its shoes, it all falls apart. We all know that cnet publishes biased reviews for sony, so I'm betting this is all just Sony propaganda.
Posted by theprof00 (50 comments )
Reply Link Flag
And here y'all thought that only happened to PC gamers...
*gasp* ...and I suppose that some craven soul will start using aimbots and game cheats next! Oh NOES!

I'll stick with my old-school computer-based first-person-shooters, thanks. As a bonus, it doesn't cost me anything to play 'em.

/P
Posted by Penguinisto (5042 comments )
Reply Link Flag
so what
some people live to play silly video games and post on these silly discussion flame boards
Posted by eeemang (217 comments )
Link Flag
get PS3, no CC Req. / Free
Get a Play Station 3, network service is free and no credit card is required, unless you want to buy things. You can do many of the things that you do with the Xbox Live and some extra.

And eevery year as it passes, network service is free, not $50 a year.
Posted by RompStar_420 (772 comments )
Reply Link Flag
Too bad it's behind
The XBOX Live service is far better than PS3s market place. As free as it is, it's not as fun. Also the CC is only required for the subscription, and you only have to buy the other stuff if you want to buy it (sounds like PS3). You pay for the quality of service.

Not saying PS3s won't develope, but right now Xbox has a huge lead. I know people who took their PlayStation 3's back just so they could play XBOX Live.
Posted by AdamMoore (49 comments )
Link Flag
The ultimate hacker's tool:
Stupidity.

If you're a stupid consumer, a hacker doesn't need to use fancy tools. They can just hustle the information out of you. This is especially true with females who get friendly with "that hot guy" who actually is just an identity thief.

I maintain that social engineering is the easiest way to hack anything consumer-based. Having been a mini-hacker about 10 years ago, I know all too well how easy it really is. And it's all because some people are just stupid. Additionally, some are way too trusting with information. I've been in a number of relationships and never have I given out my account information for anything. I refuse to, doesn't matter how long we've been together, doesn't matter if we're married.
Posted by ReVeLaTeD (755 comments )
Reply Link Flag
LOL!
Look people, the bottom line is this: anyone who is stupid
enough to trust Micro$loth with their personal data after
decades of security issues like this deserves to have this happen
to them. Period. Think "social Darwinism".

It's like leaving the doors and windows wide open to your house
and then whining that someone stole all your stuff.

Can any of you actually tell me this is a surprise to you without
lying?
Posted by Dalkorian (3000 comments )
Reply Link Flag
Update for you all...
Since all the MSFT bashing continues, its been known that these Windows Live ID's were hijacked after bungie.net website got hacked. This has nothing to do with xbox live service or msft in any way. The problem is msft will need to clean up the mess.
Posted by romo828 (4 comments )
Reply Link Flag
Why would Microsoft...?
Why would Microsoft share credit card information with this bungie.net? If Microsoft does, That would be a big security breach.

The most they would need to share would be scores.
Posted by ralfthedog (1589 comments )
Link Flag
Re:Update
Who do you think owns Bungie?!
Posted by Thomas, David (1947 comments )
Link Flag
Pretexting is always wrong.
And microsoft shouldn't say that anyone else was duped but themselves. In many cases all you need is a name and phone number to get started at microsoft.
Posted by mattumanu (599 comments )
Reply Link Flag
Interesting conclusion.
Why is it that Microsoft ONLY probes possible flaws but NOT actual flaws. (* CHUCKLE *)

Is it because they're just slow on the security job or because they're in total denial or what?

Bottom Line: Microsoft needs to stop Probing and start patching...

Walt
Posted by wbenton (522 comments )
Reply Link Flag
Bank account hacked
My sons Xbox live account was hijacked yesterday and when I checked my bank account to-day,over £200 was missing. I contacted my bank who confirmed this money had been used to purchase something from microsoft xbox so I contacted Xbox who were very helpful and have located the person responsible. My question is this......if microsoft have had so many problems in the past,why is it still happening?
Posted by mentalas1 (1 comment )
Reply Link Flag
how did you get them to give you your money back? My mom is going through the same thing and I am trying to help here. Please let me know. Thank you
Posted by autumn8101 (2 comments )
Link Flag
I think that those of us that are being mishandled by xbox live's breach of our credit card info should start a class action lawsuit to get our money back! Anyone interested in joining me?
Posted by kimbracmoore (2 comments )
Reply Link Flag
My mom's account just got hacked about 600 dollars and xbox is playing around and it's got to stop....if you are serious I am sure we could find enough people!!
Posted by autumn8101 (2 comments )
Link Flag
This message is intended as a warning or alert to other Xbox Live subscribers so you can be aware of this situation and take action before your account is hacked too and you are defrauded. Here is our experience and some background. My son is an avid Xbox Live player and he has been carefully schooled not to reveal any personal information about himself or his whereabouts online. He is 11 years old, does not know our email address and has no access to any type of credit card information. His Xbox Live account has parental controls in place. The other day, my son alerted me to the mysterious appearance of two Xbox themes which were mysteriously downloaded to his Xbox desktop late at night when he was asleep. A short while later our home email received an advice from Xbox Live thanking us for and confirming the purchase of 1000 Xbox points which were charged to my credit card. The credit card number was stored in a Windows Live account. The password of this Windows Live account was changed and I could no longer access it. I Googled "Xbox Live" and "fraud" and immediately pulled up numerous blogs, messages and alerts with very similar circumstances reported as far back as 2006 and with an alarming number of news reports dated March 21 2007 saying Microsoft was investgating possibility of fraud. I immediately called my credit card company and cancelled my credit card. I then contacted Xbox Live support to report the issue. My son was immediately blamed by Xbox Live Support for the incident. We had carefully validated and cross checked his story before contacting Xbox LIVE Support. The person I was dealing with was insistent my son was to blame. I clearly explained the circumstances, told them my son had zero to do with it and referenced the body of information available on the web under the same circumstances to support my story. The tone changed. I was put on hold, then given a trouble ticket number, then told to ask for a supervisor and passed over to another help desk number. After a lengthy wait I was put in touch with a very helpful individual at the supervisory level who reviewed my story, acknowledged the possibility that my son's account had been hacked and gave me detailed instructions and assistance in resetting the password on my Windows Live account - which was done online while they waited. Once that was accomplished, I was told there would be a lengthy delay while Microsoft processed a refund of the amount defrauded from my charge card - at which point I let know my credit card company was coming after them for a chargeback! As part of the overall process, my son's Xbox Live account was suspended for 15 business days - so he has to cool his heels and he can't play online. I pointedly and clearly asked how Microsoft, being self-professed leaders in web security and ecommerce could allow this problem to have continued to happen after being aware of the security breach for over 18 months and done nothing to correct the problem, failed to alert their loyal subscribers to the potential problem, and merely issued a low-key notice that they (Microsoft) were looking into it (oh, and very recently issued a report saying there was no merit to, or findings of any fraud! (Wankers!)). Needless to say, this line of question was deflected and the supervisor said she "really couldn't comment" and was "in no position to do so" (quite right too, I guess), but the bottom line remains there is no official acknowledgement that a problem even exists. This superisor who, I have to say in their defence was young, sympathetic and trained in "what not to say" despite clearly wanting to say what they were trained "not to say". So, I changed tactics and asked how Microsoft (as leaders in their field) officially expected me to be able to subscribe to their Xbox Live service and not have this problem occur again. There was a brief silence, then I was asked to hold the line - which I agreed to do. The supervisor came back on the line but clearly on different kind of connection, was walking away from their area/workstation where they took my original call where as they walked advised my in a quiet voice NOT to use the Windows Live account, NOT to use my credit card there, not to store themy credit card information there but and the only safe thing was TO USE the pre-paid card service with a pin number to subscribe . They went on to say, that "they" and their friends don't / won't use their credit card to subscribe to Xbox Live !. Incredible.

So in summary, my Windows Live account (only used for the Xbox Live subscription and to buy the occaisional bunch of Xbox points) was hacked, taken over and the password changed.
My credit card was fraudently accessed used to authorize purchase of 1000 Xbox Live points.
My son's Xbox 360 account was hacked to received two Xbox theme downloads never requested.
Microsoft knows of the problem and has done little or nothing to alert their subscribers or deter the perpetators of the theft
Microsoft cannot prevent the hack and is exposing millions of accounts and credit cards to abuse.
My 11 year old is without the use of a favoured activity.
Some hacker(s) have their middle fingers up and LOL.
Not impressed. Be warned and be on your guard. Remove your credit card info from your Windows Live account. Microsoft can't and won't protect you in this matter
Posted by wrath_of_khan (1 comment )
Reply Link Flag
Sir. My name is Jared Spotts I live in PA. I am currently filing charges against microsort xbox live . If you'd like my number is 8144821088 i can update you and let you know how I'm doing and if we can make a class act suit out of this if we get enough people they have no right to cost us gammers all the time and money we invested. I filed with local police , FTC, and district and state attorney. I'm not entirely sure if I'm really going to get anywhere but I'm more then happy to let you know just let me know who you are mind I'm 22 have alot of things going on now sueing microsoft is another one...
Posted by Jared41886 (2 comments )
Link Flag
Yea to you #%$#%$ WHO think the people getting hacked are doing things wrong why would they have a privacy statement. It's like you get somebody telling you yea we will protect your car but hey if we leave the window down and it's stolen that's not us at all.. But I am bringin charges to microsofts doorstep I lost a rough estimate of about $8,000. Time and money was seriously invested into my 360. I don't drink, I don't smoke, I don't go drinking, I PLAY XBOX ,
Posted by Jared41886 (2 comments )
Reply Link Flag
My sons xbox live account was stolen .credit card card charged for xbox points..run around by support.He never gave anyone any information.
Posted by x-sposed (2 comments )
Reply Link Flag
My sons xbox live account was stolen .credit card charged for xbox points..run around by support.He never gave anyone any information.
Posted by x-sposed (2 comments )
Reply Link Flag
Hes Lying. sorry.
Posted by ITStheirFault (2 comments )
Link Flag
This has not happened to me yet but I have been threatened so I did a little investigating... evidently, if you are playing with a "hacker" it is very easy for him/her to turn on an IP sniffer which will sniff out peoples IP addresses as they die. Then you take that IP address and log into xboxlive.com or Windows live to change the persons password to whatever you want, and then you can log into their account on your xbox. The trick is to not have a saved password associated with your IP address. In other words, that little box that asks you to remember your computer, you really need to not click that. This is just one way to protect your info... but I am pretty sure it is impossible to protect your xbox live account indefinitely.
Posted by idamon (1 comment )
Reply Link Flag
Watch out for this scammer on xbox live - BDS xSCOPEZx He just scammed my son.
Posted by watchoutforthisscammer (1 comment )
Reply Link Flag
OK IVE GOT THE KEY TO KNOWLEDGE PEOPLE LISTEN UP. IT IS THE PERSONS FAULT IF THEY THEIR ACCOUNT STOLEN!!!! They GAVE AWAY THEIR PASSWORD AND INFO ok? they did it, if it wasent for their stupidity they would be fine! sure microsoft needs to improve the verification process but guess wont THEY WONT. either way they still make money from the thiefs purchases with your card and the person that got their account jacked will probably buy more xbox live(NEARLY DOUBLING MICROSOFTS'S PROFIT) u think their gunna help you when its your fault. GET REAL. ps. its like giving a theif the key to your house, if youre not stupid-------IT WONT HAPPEN=)
Posted by ITStheirFault (2 comments )
Reply Link Flag
are you kidding me look at the guy that had no xbox and got his card reeped read all conments before you speak this is a huge problem in 06 07 there was also a problem of the same and when i called on my crap with them they had nothing to say i bet you work for them. thats my opion this is an inside job and i know this because of the way they reacted no conment thats all they said robots thats it
Posted by george12047 (5 comments )
Link Flag
are you kidding me look at the guy that had no xbox and got his card reeped read all conments before you speak this is a huge problem in 06 07 there was also a problem of the same and when i called on my crap with them they had nothing to say i bet you work for them. thats my opion
Posted by george12047 (5 comments )
Link Flag
Opinions like that are what's wrong with society today. These people are thieves and they prey upon children and people that don't know better. The victims are not stupid, they are uninformed. Using the logic you posted above you could say that a rape victim or a victim of some other violent crime is at fault for being in the wrong place at the wrong time or wearing suggestive clothing. Criminal are criminals; period. And there is a special place that is very hot for scum like that.
Posted by YouAreTheProblem (2 comments )
Link Flag
I, just today, talked to 6 people with Microsoft only to be told that they agree that someone has my information but that they cannot refund me for games bought with my Debit card info. I understand they have to investigate whats going on but their customer support is suffering. The funny thing is that the only person that lives with me is my 4 year old boy and I haven't told ANYONE my information or even as to my name or email address. The problems started when I opted to buy a 3 month membership over the Xbox with my Debit Card. With the Debit card linked to my Xbox live account, i guess someone found a way to access it. It very well could be legitimate fraud.
Posted by mnkybboy (1 comment )
Reply Link Flag
Well someone hacked into my sons live account, and charged right at $400.00 onto my debit card. I called Xbox lives support #, and they were of ZERO help. They asked me a bunch of stupid questions like "Do you know how to play xbox, or will this detour you from ever playing a xbox?" WTH does that have to do with my credit card fraud complaint. They 1st told me they would credit the money back, and then the support rep says he put it through and microsoft denied the request to credit the money back. He gave me a ref#. I then called my banks fraud dept. THEY are going to credit the money back to me, and I will be sure to put down on my complaint form how incompetant xbox/microsoft is in handling credit card fraud complaints.
I am with whomever wants to file a class action suit against them. They wiped all but $16.00 out of my account, and luckily the checks I had written out for bills cleared.
Posted by Madparent (1 comment )
Reply Link Flag
I am dealing with XBox live fraud but I do not own an Xbox! I have never used the service yet a charge appeared on my credit card bill. I called up Xbox live and they said they didn't know anything about it, and I disputed it with my credit card company. A month later, the reversal was reversed and I was charged again. My credit card company sent me the "proof" the charge was legitimate (sent by Xbox Live), which included account information with my name and address, but plenty of information that was obviously fraudulent. I have to submit in writing why this is fraud, and I called XBox Live and talked to a customer service agent and they agreed it was fraud.

So you can get charged even if you do not have the service! I do not know how my credit card info was obtained, it was either hacked inside Microsoft or some other way. I use antivirus on all my windows machines and am vary careful about phishing scams.

Microsoft should be able to track down the person who performed this fraud through the XBox Live! account, and they should go to prison, or more likely, juvenile hall. Get enough people who do this thrown in the slammer and I think this problem would go away quickly. It's probably some 15 year old script kiddie. Of course, if the fraud comes from outside the country that becomes a PITA to prosecute.
Posted by Clouseau2 (329 comments )
Reply Link Flag
my nine year old sons account was hacked at the begining of the mounth i take care of his account and watch him closely they changed the name on the account changed the phone number all to ones and took off my credit card and i called xboxlive and they said they would look into it well after 20 fourm request and a ton of calls getting 5 different reffrence numbers ther still saying that he did somthing wrong... today i called again and the person on the phone walked me in circles. after 40 circles i asked for a supervisor 10 more mins of waiting a guy gets on the phone and says my son might of got in to the wrong lobby and got hacked so they took his gamer points achevments and marked him as a cheater this all happend over night. so while talking to the supervisor i told him i wanted to go higher on the invetigation so i got my 6th refrence number and hung up mad.5 mins later he calls back and tells me there gonna lock his gamertag while they investigate for the 6th time. i said forget it im going to ps3 there is somthing really wrong with xbox and there way of handling things my son is 9 years old what could he have done to get all of his achevments and gamer score taken and marked cheater,and it still says cheater. no email no phone call nothing to say why they did this poor modirators poor quailty. i give up on xbox when the moneys right ps3 here i come. xbox get it together.it you not us yours truly mad customer.
Posted by george12047 (5 comments )
Reply Link Flag
im all for a class action suit all for it thank got i had no money on my debit card at that time.
Posted by george12047 (5 comments )
Reply Link Flag
ok update now my account of silver is marked cheater i dont ever use this account they are taking retalation on my accounts for me and my kids dont call xbox live and complain they will make you pay one way or another. this just happend i looked on my account page and there it was cheater and a zero follow my other conments.i got of the phone just now and the guy on the other line says and sounded lost to why this happend .retalation thats what it is class action here i come. i call and follow up on my sons account give him my email and now my gamer score and achevment are at zero and im a silver and havent used it in mounths hello..? somthing is wrong class action period
Posted by george12047 (5 comments )
Reply Link Flag
Someone on Xbox Live recently offered to sell me 6,000 Microsoft Points for $20. They said upon payment I would be given the log in info for a gamertag that I could recover and the points would be available using that account. If you are offered something similar, please decline. Even if you get a good deal on a large amount of Microsoft Points, they are points that are purchased using stolen accounts and stolen credit card info.
Posted by YouAreTheProblem (2 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.