Microsoft probes possible Xbox Live fraud

Microsoft is investigating possible fraud on its Xbox Live online gaming service, the company said Tuesday.

The investigation comes after gamers reported having their Xbox Live accounts hijacked and their credit cards used to buy "Microsoft Points," the virtual currency on Xbox Live, which has more than 6 million users.

"Recently, there have been reports of fraudulent activity and account theft taking place on the Xbox Live network," a Microsoft representative said in a statement provided to CNET News.com. "Security is a top priority for Xbox Live, and we are actively investigating all reports of fraudulent behavior and theft."

Gamers have been reporting the incidents for some time in online forums--including on Xbox.com--and to Microsoft's Xbox help desk. Many users of the Microsoft console have been frustrated with the software giant's response to date.

"My Xbox Live account was hacked and all credit card info was stolen and used to run up points...Microsoft says: 'Oh, well, better call your credit card companies, nothing we can do,'" one user wrote on the Xbox Web site last month.

Security researcher Kevin Finisterre was playing Halo on a recent night with several friends when some of their opponents threatened to steal their accounts, he said.

"Literally the next day my girl's account was locked out," Finisterre wrote in an e-mail Tuesday. "I received a message on my Xbox that said: 'We are sorry we must log you out of Xbox Live because someone else is using your Gamertag.'" The account was banned. A "Gamertag" is a person's account name on Xbox Live.

Finisterre said that calling Microsoft was no help and that he got the runaround from the support people who answer 1-800-4MY-XBOX, the official help line. "My account is currently being investigated after about seven frustrating calls," he wrote. An edited recording of several calls he made is available on Finisterre's Web site.

While some users believe the security of Xbox Live was breached, others suggest that users were tricked into giving up enough information while in a game so fraudsters could call Microsoft to change the account information. Users may also have been duped into giving up their account information through phishing scams.

Microsoft asks any Xbox user with a question about the security of their Xbox Live account to call in. "An Xbox customer service representative will help them understand our security policies and procedures," the representative said.

[MadKiwi]

MS and Security

"Security is a top priority for Xbox Live,..."

Just like it is with their operating systems, office applications and web browsers... nuff said.

[theprof00]

Expected

Of course something stupid like this happens, just when Sony is starting to tie its shoes, it all falls apart. We all know that cnet publishes biased reviews for sony, so I'm betting this is all just Sony propaganda.

[Penguinisto]

And here y'all thought that only happened to PC gamers...

*gasp* ...and I suppose that some craven soul will start using aimbots and game cheats next! Oh NOES!

I'll stick with my old-school computer-based first-person-shooters, thanks. As a bonus, it doesn't cost me anything to play 'em.

/P

[RompStar_420]

get PS3, no CC Req. / Free

Get a Play Station 3, network service is free and no credit card is required, unless you want to buy things. You can do many of the things that you do with the Xbox Live and some extra.

And eevery year as it passes, network service is free, not $50 a year.

[ReVeLaTeD]

The ultimate hacker's tool:

Stupidity.

If you're a stupid consumer, a hacker doesn't need to use fancy tools. They can just hustle the information out of you. This is especially true with females who get friendly with "that hot guy" who actually is just an identity thief.

I maintain that social engineering is the easiest way to hack anything consumer-based. Having been a mini-hacker about 10 years ago, I know all too well how easy it really is. And it's all because some people are just stupid. Additionally, some are way too trusting with information. I've been in a number of relationships and never have I given out my account information for anything. I refuse to, doesn't matter how long we've been together, doesn't matter if we're married.

[Dalkorian]

LOL!

Look people, the bottom line is this: anyone who is stupid
enough to trust Micro$loth with their personal data after
decades of security issues like this deserves to have this happen
to them. Period. Think "social Darwinism".

It's like leaving the doors and windows wide open to your house
and then whining that someone stole all your stuff.

Can any of you actually tell me this is a surprise to you without
lying?

[romo828]

Update for you all...

Since all the MSFT bashing continues, its been known that these Windows Live ID's were hijacked after bungie.net website got hacked. This has nothing to do with xbox live service or msft in any way. The problem is msft will need to clean up the mess.

[mattumanu]

Pretexting is always wrong.

And microsoft shouldn't say that anyone else was duped but themselves. In many cases all you need is a name and phone number to get started at microsoft.

[wbenton]

Interesting conclusion.

Why is it that Microsoft ONLY probes possible flaws but NOT actual flaws. (* CHUCKLE *)

Is it because they're just slow on the security job or because they're in total denial or what?

Bottom Line: Microsoft needs to stop Probing and start patching...

Walt

[mentalas1]

Bank account hacked

My sons Xbox live account was hijacked yesterday and when I checked my bank account to-day,over £200 was missing. I contacted my bank who confirmed this money had been used to purchase something from microsoft xbox so I contacted Xbox who were very helpful and have located the person responsible. My question is this......if microsoft have had so many problems in the past,why is it still happening?

[kimbracmoore]

I think that those of us that are being mishandled by xbox live's breach of our credit card info should start a class action lawsuit to get our money back! Anyone interested in joining me?

[wrath_of_khan]

This message is intended as a warning or alert to other Xbox Live subscribers so you can be aware of this situation and take action before your account is hacked too and you are defrauded. Here is our experience and some background. My son is an avid Xbox Live player and he has been carefully schooled not to reveal any personal information about himself or his whereabouts online. He is 11 years old, does not know our email address and has no access to any type of credit card information. His Xbox Live account has parental controls in place. The other day, my son alerted me to the mysterious appearance of two Xbox themes which were mysteriously downloaded to his Xbox desktop late at night when he was asleep. A short while later our home email received an advice from Xbox Live thanking us for and confirming the purchase of 1000 Xbox points which were charged to my credit card. The credit card number was stored in a Windows Live account. The password of this Windows Live account was changed and I could no longer access it. I Googled "Xbox Live" and "fraud" and immediately pulled up numerous blogs, messages and alerts with very similar circumstances reported as far back as 2006 and with an alarming number of news reports dated March 21 2007 saying Microsoft was investgating possibility of fraud. I immediately called my credit card company and cancelled my credit card. I then contacted Xbox Live support to report the issue. My son was immediately blamed by Xbox Live Support for the incident. We had carefully validated and cross checked his story before contacting Xbox LIVE Support. The person I was dealing with was insistent my son was to blame. I clearly explained the circumstances, told them my son had zero to do with it and referenced the body of information available on the web under the same circumstances to support my story. The tone changed. I was put on hold, then given a trouble ticket number, then told to ask for a supervisor and passed over to another help desk number. After a lengthy wait I was put in touch with a very helpful individual at the supervisory level who reviewed my story, acknowledged the possibility that my son's account had been hacked and gave me detailed instructions and assistance in resetting the password on my Windows Live account - which was done online while they waited. Once that was accomplished, I was told there would be a lengthy delay while Microsoft processed a refund of the amount defrauded from my charge card - at which point I let know my credit card company was coming after them for a chargeback! As part of the overall process, my son's Xbox Live account was suspended for 15 business days - so he has to cool his heels and he can't play online. I pointedly and clearly asked how Microsoft, being self-professed leaders in web security and ecommerce could allow this problem to have continued to happen after being aware of the security breach for over 18 months and done nothing to correct the problem, failed to alert their loyal subscribers to the potential problem, and merely issued a low-key notice that they (Microsoft) were looking into it (oh, and very recently issued a report saying there was no merit to, or findings of any fraud! (Wankers!)). Needless to say, this line of question was deflected and the supervisor said she "really couldn't comment" and was "in no position to do so" (quite right too, I guess), but the bottom line remains there is no official acknowledgement that a problem even exists. This superisor who, I have to say in their defence was young, sympathetic and trained in "what not to say" despite clearly wanting to say what they were trained "not to say". So, I changed tactics and asked how Microsoft (as leaders in their field) officially expected me to be able to subscribe to their Xbox Live service and not have this problem occur again. There was a brief silence, then I was asked to hold the line - which I agreed to do. The supervisor came back on the line but clearly on different kind of connection, was walking away from their area/workstation where they took my original call where as they walked advised my in a quiet voice NOT to use the Windows Live account, NOT to use my credit card there, not to store themy credit card information there but and the only safe thing was TO USE the pre-paid card service with a pin number to subscribe . They went on to say, that "they" and their friends don't / won't use their credit card to subscribe to Xbox Live !. Incredible.

So in summary, my Windows Live account (only used for the Xbox Live subscription and to buy the occaisional bunch of Xbox points) was hacked, taken over and the password changed.
My credit card was fraudently accessed used to authorize purchase of 1000 Xbox Live points.
My son's Xbox 360 account was hacked to received two Xbox theme downloads never requested.
Microsoft knows of the problem and has done little or nothing to alert their subscribers or deter the perpetators of the theft
Microsoft cannot prevent the hack and is exposing millions of accounts and credit cards to abuse.
My 11 year old is without the use of a favoured activity.
Some hacker(s) have their middle fingers up and LOL.
Not impressed. Be warned and be on your guard. Remove your credit card info from your Windows Live account. Microsoft can't and won't protect you in this matter