Is Xbox.com to Blame for Frequent Xbox Live Account Hacks?

An Xbox Live user believes he has pinpointed the cause of the problem.

By Chris Pereira, 01/13/2012

Update: Microsoft has responded to our questions on the matter. Regarding the method outlined below, which I referred to as a "loophole," a Microsoft spokesperson told 1UP, "This is not a 'loophole' in Xbox.com. The hacking technique outlined is an example of brute force attacks and is an industry-wide issue."

And as for the attacks themselves, Microsoft continues to assert that there is no breach in Xbox Live's security. The full statement follows:

Microsoft can confirm that there has been no breach to the security of our Xbox Live service. The online safety of Xbox LIVE members remains of the utmost importance, which is why we consistently take measures to protect Xbox LIVE against ever-changing threats. Security in the technology industry is an ongoing process, and with each new form of technology designed to deter attacks, the attackers try to find new ways to subvert it. We continue to evolve our security features and processes to ensure Xbox LIVE customers information is secure. Online fraud and identity theft are industry-wide problems, and as such people using any online services should set strong passwords, not share those passwords across multiple services and refrain from sharing any personal details that could leave them vulnerable. As always, we highly recommend our members follow the Xbox LIVE Account Security guidance provided at http://xbox.com/security to protect your account.

Original Story: The recent spate of Xbox Live account hacks might be due to a loophole that's been discovered on Xbox.com.

Over the past several months, there have been countless reports of Xbox Live users having their accounts compromised. Hacked accounts are used to purchase downloadable content and play games, and in some cases the accounts themselves are sold to other users. Downloadable content for FIFA 12 seemed to be a common link in many incidents, though EA and Microsoft have tried to downplay the suggestion that FIFA itself is to blame for the accounts being hacked.

When Xbox Live user Jason Coutee found his account had been hacked and 8,000 Microsoft Points ($100) purchased, he contacted Microsoft only to be told the points could not be refunded. An offer to lock down his account for 30 days so an investigation could take place (a common practice in these situations) was turned down by Coutee, who chose to make use of his professional experience as a network infrastructure manager to conduct an investigation himself.

He has now revealed his findings to AnalogHype, seemingly exposing Xbox.com as the weak link in Xbox Live's security. Once you've obtained one or more email addresses, a user can attempt to log in to them through Xbox.com. When logging in with an incorrect password, an error message will be produced that states whether the account is not a Windows Live ID (used to sign in to Microsoft's Live services, including Xbox Live) or if the password used was wrong. In the latter case, you know you're onto a potential Xbox Live account and can proceed to enter passwords until you've found the right one.

This is where a properly-secured website would get in the way. After a certain number of login attempts, many sites would temporarily lock the account down so as to prevent a hacker from forcing his or her way in. After eight failed attempts, what Xbox.com does is offer up a CAPTCHA, those hard-to-read jumbles of letters and numbers that are used to prove you are a human and not a computer program trying to access an account. This might be an effective deterrent if it were foolproof, only Coutee found there is a very easy way to reset that count, meaning hackers could create a script that tries a handful of random passwords and avoids dealing with a CAPTCHA by simply clicking on a link.

Considering many Xbox Live users have credit card information attached to their accounts for renewing Xbox Live or purchasing Microsoft Points, security should be absolutely critical in a case like this. Based on these findings, that doesn't appear to be the case. While these hacks continue -- which Microsoft has suggested are not out of the ordinary -- some users recommend removing credit card information from Xbox Live and using Microsoft Point cards for making purchases until the hacks are not quite so common.

Coutee claims he attempted to share this discovery with Microsoft, only his attempts to speak with someone were continually pushed onto the desk of someone else; an email suggested he make a call, then when he called and spoke to a supervisor, he was told to take it to the Xbox.com forums.

While we can't confirm that particular portion of Coutee's story, Edge reported it was able to reproduce exactly what he was referring to on Xbox.com. Initially I was unable to do so myself, as the CAPTCHA seemed to persist even after doing what Coutee explained, though I was able to log in shortly thereafter without entering a CAPTCHA code despite using the wrong password 10 times..

1UP has requested a comment from Microsoft on this situation. We'll provide an update once we've heard back.

Comments (60)

').insertBefore('#userComments'); } });

master chief
Posted: userComment.createdDate by� smile_kill

requires a strong password

Flag | Reply

simple solution
Posted: userComment.createdDate by� BrianJJ

�I don't care who is to blame.� Just lock the account for 30min after 10 failed attempts and send an email to the user that their account security has been breached.� If it happens twice lock the account and require a call to customer service and a password reset.� Simple and solved. Just do it MS.�
�
The problem may be that if they change their policy it would be admiting that there was a flaw in their old one.

Flag | Reply

Conspiracy Theory
Posted: userComment.createdDate by� Mr.LametoWatch

Sega has hired all these�XBL and PSN hackers to give both parties a bad name so they cane rise above the mess and introduce the unhackable Dreamcast 2 to the public.

Flag | Reply
- Do actually
  Posted: 01/21/2012 by� j0eStER
  
  believe the words that comes out of your mouth?
  
  Flag

earn money online
Posted: userComment.createdDate by� MelinaMM

I make $85/hour on the computer. Last month paycheck was $7917 just working on the computer for a few hours. Read more on this site...MakeCash18.c�m

Flag | Reply

xbox to blame
Posted: userComment.createdDate by� meistria17

my friend's mother made $263164 so far just working on the laptop for a few hours. Read more here Makecash7. c�m

Flag | Reply

Remember when
Posted: userComment.createdDate by� larryface

Everyone rallied in support of Microsoft because PSN got hacked and xbox live didn't? I remember that.

Flag | Reply

you know
Posted: userComment.createdDate by� Togegawa1

that the latest security breaches are precisely why they changed the terms of service so that one cannot sue them for damages. The thing is that if it�can be proven taht the new Eula was developed to hide known issues with the product then they still can be sued under the RICO statute and since the Eula was devivered through the internet, they would also be chargable for wire fraud.

Flag | Reply

I got hacked also
Posted: userComment.createdDate by� WhiteMasterChief

My account just got hacked on Jan 13 2012 and the bastards stole all my points to buy, Live gold Jumbo and live gold premium and some rare player bullshit. I wish I could find who did it. I'm sure alot of you guys feel the same way.

Flag | Reply
- So ya
  Posted: 01/16/2012 by� WhiteMasterChief
  
  I just checked my achievements and guess what!! FIFA 2012 a game I never have played. Two new achievements!!! I had my account locked and started an investigation.
  
  Flag
- Crazy...
  Posted: 01/18/2012 by� Stumanji
  
  My account was hacked on the 14th - exact same thing. Except I got 4 achievements from FIFA 12 (also a game I've never played).�
  
  Flag

Microsoft is full of crap
Posted: userComment.createdDate by� DarkSideSol

3 years ago I had my account hijacked and it was an original Xbox Live Beta Tester account. �To make it worse it was linked to an original Pre-Microsoft Hotmail account. �In there utter stupidity they told me that could not confirm it was my account. �I said you don't keep track of account changes as in what the account was previously linked to etc? �They had no answer for that. �When I asked to have my account returned to my control they claimed the account had been locked down and that I would have to create a new one. �Never mind the 20,000 gamer score I lost with that account. �The best part is after a couple of years that account and many others were re-released to the wild without informing us who lost those accounts, so we never even got a chance to get them back.
They suck, I've been less and less inclined to use Xbox live since. �But, hey I was not all that surpised, this is the same company that never puts security first, which is why their Oses always need patches.

Flag | Reply
- There's just one problem with your "theory..."
  Posted: 01/18/2012 by� Eldritch_Eric
  
  If you even knew half of what you claim to know you would also know that Linux and Apple both have frequent patches each month as well. You have no understanding of exactly how complex an OS is, do you? It would take a team of at least thousands of programmers and hackers working around the clock for decades to fully patch even one version of Windows, a Linux distro, or Apple's OSes. The fault lies with no one but the people that are stupid enough to fall into such security holes in the first place.
  For the record, my laptop runs on a vanilla copy of XP SP3 with no firewall and only Avast Free Antivirus and it has NEVER been hacked, given a virus, or been infected with spyware. It's called safe computing. Pull your head out of your ass and try it sometime.
  
  Flag

seriously microsoft?
Posted: userComment.createdDate by� jediassassin420

I hate how microsoft has everyone by the balls. Their games are too good not to play but their customer service has been absolutely horrendous in the 4 or 5 years I've had one. I think microsoft needs to seriously look at themselvs before the next systems come out or I wont be buying one and niether will a lot of people in my opinion.
�

Flag | Reply

If there's no security issue with XboxLIVE...
Posted: userComment.createdDate by� blankPerson

Then were some peoples' accounts compromised? Even if it was a brute force attack, loophole, etc, it was because of a security issue, albeit simple one. Security is security. Its just a shame MS try to downplay it. Maybe that have to for morale's sake, but still.
Oh and my� account was actually compromised, now that I think about it. About...2 months ago? Maybe? I cant quite remember. All I know, I logged onto my bank account, and saw that 5 dollars was missing. I was like, eh, what? and it said Something about XboxLIVE. Anyway, freaking the hell out, I goto xbox.com and was able to log in fine. NOTE: At this time, I had already sold my Xbox360 a few months prior and knew that shouldnt have been the issue. I wiped it clean.
Anyway. I log onto xbox.com without any issue and check my account stuff and couldn't find proof of this five dollars anywhere on there. Then I checked if I had a credit card on there and the only one posted was an old credit card that was expired!(and canceled lol) so I knew that couldn't have been it, because well its not tied to my bank account. Utterly confused, I get ahold of my bank, and they tell me to get ahold of MS. I call them and they're like, "i dunno lol". The dude just told me to do all the password reset stuff, which I was waaay ahead of that cat. And he didn't really know what was going on after that point anyway.
Needless to say, I got my five dollars back from my bank and stuff, but even in that off-the-wall case my account seemed to be compromised in some way, shape or form, I was just lucky they didn't steal all my content(not that I care much anymore since I dont' even own an xbox).
And people like to talk about Sony...

Flag | Reply
- People like to talk about Sony...
  Posted: 01/16/2012 by� GoKickyFastOK
  
  ... because their entire network was taken offline for a very long period of time, affecting each and every PS3 owner, not just the few directly affected. �In addition, the self-righteous hackers claimed it to be in response to Sony's latest rationalization of the removal of yet more functionality from their consoles (the new EULA). �This just appears to be random individual hackers looking for some free money, and not an organized, mass effort with some asinine, self-righteous cause.
  Certainly not downplaying MS's responsibility here, but that is a pretty huge difference...
  
  Flag
- You do have a point.
  Posted: 01/17/2012 by� blankPerson
  
  I didn't really think of it that way. There is a huge difference sure. But you could look at it this way: Sony pulled the plug on the service to prevent more attacks and such, and to fix it, etc, but at least they more or less admitted it.
  Even if its just random people wanting money, hacking is still hacking and its silly that MS wont own up to the "loophole" and whathaveyou.� Funny thing is, I've never felt worried about my account info with Sony. Even during the whole fiasco that occured last year. Sure, if my account info was compromised, I would perhaps feel different, but even during it all, I wasn't worried about my stuff getting stolen. Thankful it didn't happen, I am.
  It just humors me how people seem to LOOOOOOVE XboxLIVE.
  
  Flag

This hardly seems like much of a "loophole"
Posted: userComment.createdDate by� Man_In_Black_77

Being able to trick the CAPTCHA into disappearing is minimally useful for hacking an account.� They're still just trying random passwords.� If you have an even remotely decent password on your account, the ability to "brute force" your account with automated scripts running random guesses is still unbelievably unlikely to successfully crack an account.

Flag | Reply
- Honestly
  Posted: 01/15/2012 by� Klocknov
  
  As time goes on so does the power of bruteforce programs. They are getting pretty close ot being DDoS attacks in all reality and that is a BIG loophole. As well with the captcha remover you can get it to where your bruteforcing a good 1000 passwords a minute. Now you may say a good strong password works wonders against that but at that point you are liking at mixed cases and numbers to somewhat stand a chance and more then likely would want symbols in there as well for an added line of security.
  But you know what it all comes down to memorization, most people don't look to use passwords they can't memorize as well very rarely do I see people running with capitols in their passwords. Thus is why it is a major loophole that many other places have looked at great ways to deal with. Steam has the safe-login setup to where you have to go through an added layer of security to say good and Sony has a limit. And even a limit is a great defense. Being able to press in passwords to infinity not being a loophole may have been normal three years ago and that is pushing it. Hell even then any forum I used had at leasta� 10 time limit before you either had to email the admins or wait a day.
  
  You have to remember as time goes not only is security evolving but so is the programs used to hack.
  
  Flag
- Math is the Enemy of opinion...
  Posted: 01/15/2012 by� B1663r
  
  Assuming the minimum password security for xbox...� A six letter/digit upper and lower case password, that is
  62^6 possible password combinations� or roughly 5.68 *10^8 possible combinations
  Assuming your figure of 1000 password guesses a minute and a bunch more math, it should only take about 100 years to guess the minimum possible strength password with a brute force attack.� By the way, I checked, you can't hit the xbox login prompt anything like 1000 times a minute even with some type of script automation.� By my back of the napkin calculations ~maybe~ 30 times a minute.� So really we are looking at something like a 1000 years or more.
  Do you see how silly your argument is?
  Oh by the way, Steam was hacked, Xbox live has not been hacked.
  On Edit:� Oh, I found a better way to do this, rather than running this all on my home computer, I could buy rackspace virtual servers.� So what I would do it rent 365,000 Rackspace instances for one hour and crack ~anyones~ six digit password, and it would only cost me about $11,000 to brute force which I could then sell for $50 on that polish website.� This of course assumes a six digit password.� I guess I would lose money on each one, maybe I could make it up in volume?
  
  Flag

this just figures...
Posted: userComment.createdDate by� ActivisionStoleMy360

honestly, its why my cc info never goes online, and i only buy the gamecards for my sub. and points. Hackers will always find their way into what they are seeking, no security if flawless, but to deny anything and to down play it is silly. I can understand keeping corrections on the DL, to tout them as super successful is like challenging the internet to break them.
This shift to console hacking is no surprise, as consoles become more popular for people, they are easier targets than linux or unix secured servers that some PC users and gamers put together.

Flag | Reply

eat a %^$ M$
Posted: userComment.createdDate by� Lame_Spartan

Everything MS creates is god awful.

Flag | Reply
- Correct
  Posted: 01/16/2012 by� Co-Assassin
  
  Excatly
  
  Flag
- Disagree
  Posted: 01/18/2012 by� Sweetbread
  
  Thank you being such a Fanboy! H8R!
  
  Flag

Their wonderful customer service and refunds
Posted: userComment.createdDate by� Klocknov

When it comes to customer service I would much rather deal with Sony then Microsoft any day. Between Zune Market and XBox360 I have had two accounts hacked and one locked to where I can't use any services on it. My other I recovered and lucky it didn't have anything on it other then games which I then had to re-transfer ownership to my console. The second time I got hacked though was bigger then just XBox Live but that was still the first account to be hit.
=
The first time I got hacked they somehow grabbed my information as I was signing up for a 14-day trial for the Zune Marketplace sub. From there I noticed my after it I got charged after filling the information that I didn't want to continue at ten days and ended the subscription then since I didn't want to deal with the DRMed music and be stuck using Zune player to use my music. So four days later I got charged and as I didn't receive my bank statement till two weeks later I didn't realize till then that I was charged. As well I went further to get on my account to find out it was hacked and thus called tech support and they then ended the subscription again but said they couldn't refund me as well as changed my password for me. Well to no avail the next month they ended up charging my account again and being as I could use the service for two weeks I called them up and they said they could refund me and also give me back the money for the two weeks I didn't use it since it they made a mistake. Well instead of refunding me they charged me what they said they were going to refund me. I then called again and they said oh that was the ballance I had due left and that there is nothing they could do about it even after I explained everything. Thankfully explaining what happened with the bank I got most my money back minus the first months payment. Which you know being as the second month with the unplanned payment over-drafted then re-overdrafted my account so instead of a 15$ amount I ended up losing 75$... yeah was not a good month.
=
So morale of the story, trust microsfot with credit info be prepared to be screwed. The second time I was lucky that I only stuck a pre-paid on there to get my gold and the games I bought on the market.

Flag | Reply

lazyness.
Posted: userComment.createdDate by� ifoughtpiranha.

I have never understood why people wont just get off their lazy a$$ and go buy a points card once a year. What is the sense in putting credit card info on the net?

Flag | Reply

well that sucks
Posted: userComment.createdDate by� thebluewind

That is why I always buy the cards with points or gold accounts and not use my credit card phew. Though microsoft should acknowledge this problem with xbox.com so other players can take care of their accounts
�

Flag | Reply

I hope gaming sites keep reporting about this so something gets done.
Posted: userComment.createdDate by� kenshin_esca

My account was recently hacked too.� Fortunatly only my remaining points were stolen and nothing else charged to my account.� MS needs to get their shit together.� I would gladly enter my credit card info everytime I make a purchase rather than having all my information on my account for anyone to us.

Flag | Reply

Microsoft you are a joke.
Posted: userComment.createdDate by� yardstick77

Microsoft trying to say this is a "industry wide problem" is hilarious.� MS you have a poorly designed site, with little to no security.� Stop trying to downplay your incompetence.� Fix your problem and stop sucking please.

Flag | Reply

I never understood why companies keep C.C. data indefinitely in their databases
Posted: userComment.createdDate by� mista_hedonista

I never understood why companies keep C.C. data indefinitely in their databases. If only someone purchases from them once or twice a year, why do they keep the very vulnerable, 50's-magnetic-stripe-only data on their very unsecured naively managed servers? I love the GOG.COM services for this reason. Wanna buy a game? Insert/input data. No questions asked. That's the very reason why C.C. theft is highest in the USA. Applying the Not-Invented-Here-Thus-Will-Shun is only derimental to your security loophole. As DHS/TSA will ever solve this, hii hi hi hi hi hi hi hi hi hi hi�

Flag | Reply

Yes.
Posted: userComment.createdDate by� manwithnoname

Just, yes.

Flag | Reply

Microsoft pisses me off
Posted: userComment.createdDate by� Frizzle Fry

How dare they dismiss this situation?� They should step up and address this issue properly and NOT say bullshit lines like "there has been no breach of security through Xbox.com".� I feel that this shit is going to come bite them in the ass.�

Flag | Reply

#1 Internet Tip
Posted: userComment.createdDate by� AStrangeDisease

Don't use a credit card for anything online.
�
That is all.
�
�

Flag | Reply

Of course hackers are douches...
Posted: userComment.createdDate by� spanky_mcnasty

...bored ones at that.
Why else�do they do what they do?

Flag | Reply

Wait.....isn't this Sony's fault?
Posted: userComment.createdDate by� colinmccarthy16

A few months ago all you heard was how Sony brought this on themselves and you didn't see Live getting hacked because you get what you pay for, etc.
I mean, if it's not Sony's fault then Hackers are just a bunch of douchebags who indiscriminately�target anybody they want if they can profit from it or have a few laughs�and make everyone's life worse, and we all know that's not true...the hackers are our friends! They're fighting corporate corruption!

Flag | Reply
- Cool straw man bro
  Posted: 01/13/2012 by� Brave
  
  Hackers aren't a single group, dude. �Different hackers do things for different reasons. �The ones who attacked Sony were a specific well known group who exploited a huge hole in Sony's paper-thin security. �This is random accounts being stolen by random people off a site that doesn't make it nearly as easy (though still not as hard as it should be).
  
  Flag
- Even if they hacked PSN just to prove how easy it was...
  Posted: 01/13/2012 by� colinmccarthy16
  
  ...so what? I don't think that makes them any better. Should I break into your house while you're gone to prove that your front door isn't "secure" enough? Somehow i doubt you'd thank me for it.
  �
  
  Flag
- so the point is
  Posted: 01/13/2012 by� Masta_C
  
  The point is that it doesnt matter the motivation, the level of security or the company involved. Only the hackers can be blamed.
  
  Flag
- No, the point is
  Posted: 01/13/2012 by� colinmccarthy16
  
  that if your motive is showing company X that they have a secuirty flaw even if it means making thousands of people sweat about having their credit cards or personal info stolen, then you're a dick.
  
  Flag

Right on the money..
Posted: userComment.createdDate by� nipsen

And a funny non-technical excuse from MS. They just push this to their holding company, who operate with a relatively large amount of fraud like this (because it's common, and with credit cards you expect a certain sum to disappear).
But how do all these e-mail addresses get "lost" in the first place. And why is the access to the store allowed through the web at all?
MS should probably change how this works.
Had the same thing with Sony. The accounts that people lost money from were those linked to Sony Online Entertainment. Probably same with the Steam breach as well - that they used the secondary system to validate potential account names to break into.

Flag | Reply

My account got hacked
Posted: userComment.createdDate by� imercenary

But I was lucky. I was actually playing at the time so when the hacker(s?) used my account, I got booted off Xbox Live (MY PROGRESS! /rage). Confused, I logged onto the website and saw my MS points had gone down so I panicked and called Microsoft (luckily, I hadn't given Microsoft my credit card information before :P ). Half an hour later, my points were refunded to me, my password was changed and I never had a problem with it again...
But I vowed NEVER, EVER to give my credit card information to Microsoft.

Flag | Reply
- You are lucky
  Posted: 01/15/2012 by� Darklore
  
  You got lucky when they refunded everything to you right away. I received an email saying I purchased $120 MS points. I logged into my bank account, I saw the transactions as "Pending" so I called my bank to cancel/block them. I was told I had to speak with MS directly so they can refund it to me.�
  Long story short, it took 30 days to get my gamertag back, the money was refunded and I am constantly reminded that I got hacked because I can't get rid of that god damn Fifa achievements. Any one know how to get rid of it?�
  To the below poster: I still have the two emails. They were crafty enough to charge my account two times: one for 4000 and 6000 points. I called MS right away and the points were long gone.�
  
  Flag
- Cool Story Bro
  Posted: 01/16/2012 by� B1663r
  
  Do you still have the email?� Maybe you could post an image of it, and blot out all the critical privacy bits.� It is just out of curiosity, because I can't figure out how they got a $120 charge there on your cc.��
  
  Flag

They almost got me!!!
Posted: userComment.createdDate by� ArturoRRG

I was on the street when I recieved an email (on my Live email account) offering me free Call of Duty Elite membership. I was using my smartphone and I accidently opened the email, I read it and it looked fake to me so I closed the email. Half and hour later I try to refresh my email and I am not able to, the screen says my password is incorrect. So I ran into my office and got to my PC, I tried to login directly on hotmail�s web site and I can�t. So I retrieve my password with another email that I got registered, got into my email and I wasn�t able to see anything strange. All my emails were there and no emails were sent. My problem began one day later when I tried to login to Xbox, first I wasn�t able to login but then I remembered that I changed the password, after I set the correct password I finally login to Xbox Live on my console and notice that my 400 MS points were gone, also all my bought games licenses were transfered some other console, so I can�t play them off line any more. I started to freak out and I run to my PC to check my Credit card balance online, at least there were no extra charges, look like they didn�t have the time to buy more MS. I don�t want to think about what could have happened if I didn�t drive like crazy to my office and reset my password on time. A friend of mine says that you can find Xbox Live accounts for sale with tons of games and thousands of MS points on ebay�s style websites from latin america.

Flag | Reply

Dear Hackers...
Posted: userComment.createdDate by� P1xel8ed

Please stop hacking gamers, we are you.

Flag | Reply
- No.
  Posted: 01/13/2012 by� Scoob79
  
  Hacking is the game!
  
  Flag
- @Scoob79
  Posted: 01/13/2012 by� jhawk28
  
  You say:
  "Hacking is the game!"
  Can you tell me one thing, sir, that makes hacking so damn "cool"? Really, what kind of person would want to sit around and figure out the nuts and bolts of a website for hours just so they could hack it?
  �
  
  Flag
- Why
  Posted: 01/13/2012 by� luminaire28
  
  don't they go after corruption, governments that try to censor information, the 1%, etc... instead?
  
  Flag
- @jhawk28
  Posted: 01/13/2012 by� Scoob79
  
  I don't know what makes hacking "so damn cool". �Never said it was, you might want to ask someone who thinks it's cool. �Some people like it, some don't. �I'm not going to judge.
  My somewhat sarcastic quip (it helps if you voice it like a kid in a 1980s GI Joe commercial, or maybe Boba Fett in Episode II when he's cheering on Jango during his fight with Obi Wan) was just stating the fact that not all hackers play video games, and that their "game", so to speak, is breaking computer systems.
  
  Flag
- @Scoob79
  Posted: 01/13/2012 by� jhawk28
  
  Sorry about that, my bad. :( Didn't realize your comment was made in jest, shouldn't have jumped on it. Can be hard to tell intent sometimes on these message boards. Guess I'm just kind of venting because my twitter account was hacked recently, to quite my embarassment.�
  In any event, I just don't see the allure of all this hacking that has been taking place over the last year or so.� Even if I had some kind of beef with some major corporate entity or government, etc., I would never resort to this to make my statement. I guess it's some kind of Twenty-First Century thrill for some people that we should get used to, huh??
  �
  �
  �
  �
  �
  �
  �
  �
  �
  �
  �
  �
  
  Flag

Probably the .live integration
Posted: userComment.createdDate by� Scoob79

Rather then using our e-mail address for a log in, it might have been a better idea just to keep the service limited to our user IDs as it was several years back. �It's easy enough to phish out a hotmail, msn, live, etc address from unwary people. �Doesn't take much beyond that to figure out if it's an XBL account as well.

Flag | Reply

There is definitely something wrong
Posted: userComment.createdDate by� Merex760

I'm a very computer literate person. My major is even MIS and I work in networking. All my PCs are very secure and I choose very difficult passwords. I'm not careless with what sites I visit. My Xbox LIVE account fell victim to the "FIFA Hack" in the first week of December (Merry fucking Christmas to me right?) and my balance of 890 MS Points was cleaned out, in addition to $120 from my bank account.
Not only is there a serious flaw in Microsoft's system that is being ignored, the pace at which they resolve these cases is SLOW AS FUCK. It took THREE WEEKS for my MS Points to be refunded, and it will take an additional 1-2 FULL BILLING CYCLES (2 months) to get my $120 back. Now, what fucking company in the world takes TWO MONTHS to refund $120. I can't think of one besides Microsoft. It's ridiculous.�

Flag | Reply
- Sorry About Your Luck
  Posted: 01/13/2012 by� Unkn0wn3ntity
  
  Isn't it funny how companies can remove money so quickly from your account (often the same day), yet when it comes to you getting a refund it takes them 4-8 weeks? Now why do you think that is?
  
  Flag
- Same here
  Posted: 01/13/2012 by� ninshua
  
  My gamertag was stolen in November. I don't share my information on any sites and I don't even tell my XBL friends much about me. I've worked in the computer industry for years so I know the do's and don'ts. None of that matters though... some child got into my live account and even called my phone telling me what he was doing. It took me 21 days to get my account back...
  
  Flag
- You know
  Posted: 01/13/2012 by� Zacek
  
  I work for Citigroup as a Fraud Prevention Specialist, and if you don't get the refund ind 20 days, it's WRONG.
  
  Flag

MS sucks.
Posted: userComment.createdDate by� andyrew

I understand they like forcing you to keep a credit card on file so they can automatically renew your Live subscription or have it there so you impulsively buy from the marketplace, but all it would take is a simple "delete billing information" button on your account and this would be a significantly smaller issue. Idiots.
When I asked them to remove mine, they told me you had to completely cancel your Live account to do so. This may have changed, I don't use it anymore...

Flag | Reply
- same issue
  Posted: 01/13/2012 by� chinpokoman
  
  i was able to remove my CC recently by buying an XBOX Live Gold Card and renewing my membership that way. it was still a pain as i had to call and get help, but my CC info is no longer on my XBOX Live account.�
  
  Flag
- ......
  Posted: 01/13/2012 by� San_Andreas
  
  ....I still wouldn't trust them even at that.
  But yeah, it should not be such a pain in the ass to get personal info off of any kind of subscription service. Auto-renew should also not be the default option for any subscription service. That should be optional, and you should be able to revoke it at any time.
  I like how all these companies have links you can click for removing CC info or disabling auto-renew on their websites, only to lead you to a screen that says "you must call customer service." Half of Xbox.com's links regarding cancelling services are broken.
  And then, calling customer service makes you want to go out and hurt people, because the phone rep makes�every effort to piss you off as much as they can before they finally do it, probably as part of a tactic to frustrate you so much that you'll give up.
  
  Flag
- MS customer service...
  Posted: 01/13/2012 by� andyrew
  
  Don't get me started on those assclowns. Because they source out customer service, if Jose or Balbir don't understand English properly, they accidentally input an address that doesn't exist, but once the order is actually in the hands of the repair facility, it's too late to correct it FOR THE WHOLE TRANSACTION. I had to drive 20 minutes to get the prepaid box to mail off the 360 in, then had to drive that same 20 minutes when the repaired one arrived. I tried to have it corrected after I dropped off my broken system, and before they shipped the replacement, but nope. Outsourcing basically flipped me off.
  The irony was this was shortly after Peter Moore went on about "we know everybody's Xbox will break, but we make up for it with our amazing customer service!" If you're going to blow just as hard with customer service as with manufacturing quality, don't say anything. It's better than lying and looking like an even bigger tool. To top off the whole situation, they had my 360 for 6 weeks, and sent me a 1-month Live card. Thanks. If I had a sister, they'd have probably tried to bang her.
  
  Flag

Every company that offers online services...
Posted: userComment.createdDate by� learningKnight

...should have an email address (or, if they're worried about spam, a 1-800 number) specifically set aside for people who discover security flaws.� And when someone reports a flaw, it should be followed up on IMMEDIATELY.� This is how you run a responsible company.� And besides, isn't that more pleasant than informing your customers that their credit cards have been stolen, or that the service is going to be down for a month, and then trying to win them back by giving away a bunch of free stuff?� This isn't the first time I've heard of somebody discovering a security flaw and trying to warn the company in question-- and being turned away, ignored, and not taken seriously.

Flag | Reply