My gamertag was hacked ten days ago and the credit card used to purchase 5000 and 6000 MS points these points were then used to do something on fifa 12 a game i have never played and dont even own, i informed the credit card company (card was of course cancelled) and microsoft support who told me that a fraud investigation would be carried out, they also said that the gamertag would be suspended until this was complete, they sounded very efficient and i felt a bit better about the whole affair, however when i changed my password and recovered the GT to my xbox it says it is suspended because of payment options so i decided to come to this website and look through the forums and now i dont feel quite so confident about microsofts efficiency, it seems many users have suffered the exact same thing that happened to me and it could be some considerable time before i can use my GT again, at the moment my xbox is totally useless i cant access my arcade games, dlc or movies and the gold i have already payed for is just wasting away. My question really is why does it take so long, microsoft have my console details and surely they can detect where my GT was downloaded to or at the very least the GT that the fifa stuff was transferred to. Most of my spare time is spent gaming and at the moment i am missing out on GOW3, rage and bf3,MW3 are fast approaching its not helping my disposition at all.
So sorry to hear this, but it will take up to 30 days for the investigation to be complete. Once that's done, you should be able to access your account and all of it's content again. :)
Emily - Program Manager @ Xbox, Xbox One Preview Program
My guess would be because there's so many accounts they have to look into and not enough people to look into all of them.
But that's just a guess.
R2-D2, you know better than to trust a strange computer.
this is probably the tip of an iceberg. many more will get stolen, judging by how many come here and post, there must be many who do not even come here. MS blame EA accounts saying the emails and passwords are the same but if one company can be compromised then surely another can? unless we're to assume that it's EA staff doing it and if EA staff can be bad then so can any other companies employees.
The routine is, buy points buy gold premium, buy game and dlc, play 10 minutes and disappear. I've emailed Stepto and others at MS and suggested a safeguard to stop our money being used without our permission.
If they used my safeguard suggestion or one of their own then account theft would become pointless (for the thief instead of MS pointless for us victims ;-) ).
As no money could be taken there would be no need to close the account for up to 6 months, you simply change the password and you're set to go.
Remove your payment card details from your account, remove auto renewal if you have it AND tell everyone willing to listen to do the same. I'd guess that is what the thieves want anyway, they are targeting MS but making us suffer. It's a tiny insignificant matter for MS considering they have 7 million users but if a large enough number stopped auto renewal they would act.
Everyone needs to start taking account security seriously. If your account has been COMPROMISED, not hacked, then you should take a look at all the possible ways that someone could have got a hold of it. Until you know for sure how it was compromised I would hold off on placing blame on anyone, including blaming MS.
There are a limited number of ways anyone can gain access to your account:
-you give out your personal information including e-mail and password (this is most commonly associated with people trying to obtain an illigitimate rank in a game without actually earning it)
-you are phished (this is common amongst the free ms points/generators that you see offered around the internet)
-you are socially engineered (this happens when a player engages another in seemingly senseless chit chat about their lives, but turns out to be a 20 questionsession trying to gain your personal information so they can steal your account)
-you use an unsecure PC (typically you will want to have your encryption turned on if using wireless and be running a good anti-virus, anti-spyware, anti-malware program as well)
-you use the same e-mail address and password for your XBL account that you use for other websites/services (for maximum security you should be using ane-mail address and password just for XBL that you do not use anywhere else)
-you thought it would be a good idea if your friends/family knew your log in information (you know, in case they want to play)
In addtition to the above the following are ways someone can get a hold of your credit/debit information:
-if you don't shred your mail (bank/credit statements) before you bin them.
-if you shop online using an unsecure PC.
-your bank/credit institution security is compromised (happened a few years ago to several banks)
Check out the NEW XBL Account Security FAQ
@Temhotabot. I'm not blaming anyone for my account theft, and although your example of how most accounts probably get compromised and how to protect them are wise words... they do not show all the ways.
That said the victims (especially those who own xboxes) suffer badly. Safeguards set in place to prevent accidental purchases (I've read someones child or sibling have bought DLC using the account without permission) and unauthorised purchases can AND should be brought in. If I ran my own company I would feel it my duty of care to the customer to protect their details in any way I could. If adding a small safeguard to stop account theft being rendered virtually pointless, I'd do it. Xbox victims do lose a lot of time and a safeguard would end that, they could just change their password and be playing again immediately.
If I owned a company I wouldn't want to put up a big warning saying "The only protection this account has is a password and regardless of how that is bypassed, once it is compromised no safeguards exist. You are responsible for deciding whether or not you want to keep your payment details here".
I'd probably hide them away in the small print but a simple safeguard would be the best option.
If renewals, and only renewals could be done without verification both sides can be happy as nobody can purchase anything once in the account and MS can still continue auto renewal without need of the account owner having to log in.
Obviously that should have said " If adding a small safeguard WOULD MAKE account theft virtually pointless, I'd do it." ;-)
Hey I'm old and just about to leave for my night shift so you'll have to make allowances for by addled brain.
thanks for the reply's guys, i have started playing dark souls offline on a silver account to keep me busy. No achievements for my Von lucky GT but nevermind.
@ Miss Portia, i appreciate there is a process but with something as serious as credit card fraud 30 days seems like an awful long time and a lot of posts on this forum are from people in the same situation who have been waiting longer than 30 days, and at the very least the perp/s get a minimum of 30 days use from the fruit of their criminal acts.
@Temhotabot, none of the things in your list could apply to me apart from maybe having the same password on my EA account i honestly cant remember it was so long ago, but i will hold my hands up and say it is quite possible i am bad at remembering passwords and if i write it down usually lose the piece of paper.
@strigoi1958, couldnt agree more seems like a no brainer to me, i am slighty annoyed at MS anyway because they wouldnt let me remove the credit card from my account when i tried a while ago even though i pay for my live and MS points using the scratch cards and auto renewal is turned off, if they had removed it many many months ago when i asked this would have never happened, anyway its not a mistake i will make again MS will never have my credit card details again.
@Von Lucky - I certainly do understand your frustration. Your account will be frozen during the process so that no one can use it, including the person who has gain access to it. Also, 25-30 days is actually quite the norm for these cases; it's actually quite rare the investigations take longer than that.
If remembering passwords is a problem it's worth looking into the concept of root word based passwords. The idea behind it is you have a common word that's in all your passwords and then combine it with a unique word for each site. For example - 1. I choose my root word as Slake and then change some of the letters to numbers to get Sl8k32. For my XBL account I take Sl8k3 and combine it with the word Limbo (yes that's a reference to the book) so I get Sl8k3Limbo. 3. I then change some of the letters in Limbo to numbers to get L1mb0. 4. My password is then Sl8k3L1mb0. 5. I then repeat the process with other sites, continuing to use Sl8k3 as a common thread but combining it with unique words for each site. Impossible for a hacker to guess or social engineer out of you and bruteforcing it will take years. All you need is a word that can't be linked to you personally and to jumble it up with a few numbers. Before anyone asks Sl8k3L1mb0 isn't my password anywhere, I'm not that stupid.
Ryder Cup: 10-6 up and you blew it? hahahahahahahahahahahahahaha. Oh wait you serious? Let me laugh even harder BWAHAHAHAHAHAHAHAHAHAHA!
Just got my credit card statement through and noticed the same charges as everyone else. I'm not sure if I should be reassured that I'm not the only one who's been affected, or worried that nearly two weeks after what was clearly an organized and widespread case of fraud there's been no statement from Microsoft advising people to check for unusual activity.
Has anyone actually received any information about what action is being taken? I'd quite like my account restored to the way it was before. As grateful as I am for the three FIFA 2012 achievements, I think I'd rather they disappeared. Oh, and I suppose getting my money back is important too. Possibly even more important, unless I find a way to survive without purchasing food.
If only I could spend microsoft points on groceries.