Xbox Hacks Possibly On The Rise (Change Your Password)
A few days ago, I got an email notifying me that I had successfully purchased 6,000 Microsoft Points. I hadn’t logged into Xbox Live in over a week, so this concerned me. A couple minutes later, I got another notification that I had successfully purchased an additional 4,000 Points. I got a bit worried, so I checked my bank account — sure enough, two transactions totaling $125 had taken place.
Of course, I called Microsoft and explained the situation. They disabled my account and told me it’d stay locked for up to thirty days while they investigate it. I called my bank and disputed the charges, and changed my passwords on every site I could think of that I have an account on. “Well, that sucks,” I thought, chalking it up to the stolen password / identity theft that most people have to deal with at one point or another.
A couple days later, a friend of mine on Twitter posted that the exact same thing had just happened to him. A cursory search on Google tells us that this is happening to other people as well (ctrl-F “125″ to see similar complaints). It happened to Nukezilla’s pal Lauren, too!
The part I’m most upset about, more so than the fact that I’ve been Identity Theft’d for the first time in my life, is that while my account is locked down I can’t log into my Xbox Live profile, on or offline. That means I can’t access any of my saved games (I was really close to finishing Bastion!) or save new ones. Thankfully, I recently started a new game of Final Fantasy Tactics on my PS3 so that’ll keep me busy for a while.
I’m not sure if this is linked to any of the recent hacks or database releases by Anonymous and LulzSec, or if there’s even anything major really going on here — it could just be a big coincidence. At this point, however, it’s safe to say that if you haven’t changed your password recently, it’s probably a good time to do so.
If your account has been compromised, or if you’ve got any more information you’d like to contribute, leave a comment here or email me at justin@nukezilla.com with the details.
The exact same thing happened to me on July 22. I received an email saying my account had been charged for 4000 MS points and immediately called Microsoft. They assured me that they locked down the account but while I was on the phone with them, I received another email saying my account had been charged for 6000 MS points.
So after being assured once that the account was locked down, the agent told me that this time the account was really locked and continued taking information from me. 5 minutes later, another email came through saying my account location had been switched from the United States to Russia. Again, I was told that no other changes could take place to the account. I felt like I was getting punked.
Despite the fact that I phoned Microsoft as the hacking was taking place, that my Xbox Live account had not been active for over a year, and that I was pleading with them to remove the payment methods from the account before anything else could be taken, Microsoft still got an extra $75 from me through the hackers before the account was actually closed.
As the call was going on, they had me try and get information via the 360 Dashboard and my system decided to Red Ring. Terrific. He then had me get information on the Live website which was now in Russian when I logged in. When the agent tried to walk me back through changing it back to English, the site told me that you could only change your location once per year. I was told that account technicians would have to take care of it.
Before I hung up, I got a confirmation number and was told it would take up to 3 weeks before the situation would be resolved. They also told me they would only be able to update me via email and that I couldn’t receive emails at my default address because they considered my account to be compromised.
Today was the 3 week mark and I called to see why I hadn’t received any updates on the matter. The customer service agent I spoke with told me that it was still in the queue and there had been no updates. My attempts to get an estimated time to fix the issue was stonewalled and I was unable to get the agent to transfer me to a manager.
So Microsoft still has my $125, the account is still (hopefully) locked, and my 360 sits on my shelf like a giant paperweight. My decision to replace the 360 was going to be based on Microsoft’s customer support on this issue. There’s no way they will be getting another dime from me ever again.
The problem I always had is that I would be forever moving from console to console. Having to enter in a long password using that damned D-pad is just an arse.
Still, I’d rather than than end up hax0red.
@Frank: Yeesh, sucks to hear MS have been so slow in your case. Here’s hoping it gets worked out soon.
I’m a bit too attached to my 360 to stop buying things for it entirely, but I’m definitely removing my payment info from my account after this. Prepaid cards all the way from here on out.
It was horribles :(
This just happened to me today, with the exact same 4000 + 6000 point purchases showing up in my email (I assume 10000 is the max MS will allow you to buy in a short period of time). Luckily I saw the emails come in, and managed to reset the password on the account and recover the gametag before they could lock me out of it.
I still have to wait 3 weeks for MS to refund the $125, but if they’re slow I can just let them deal with my CC company. So far, it looks like I managed to kick them out of the account. I’d definitely recommend everyone change their password and secret question as a precaution. It’s easier to do now than later.
Weeks later and I am still waiting for my refund from Microsoft. A few days after my original post, I got an email saying that they were looking into the issue and that it could be up to another month before I heard back again. Despite the fact that they were informed that my 360 is no longer in service, the email gave me a 30 day code for a temporary Xbox Live gamer tag.
Subsequent phone calls with support agents have been a brick wall, I am simply told that the investigation is ongoing and that eventually I will get a refund. Every time I have asked to speak to a manager, I am told that there are none available to speak to about this issue or they take my information and promise a call back that never comes. It’s this lack of service that will prevent me from buying any Microsoft products in the future, never mind Xbox products.
Update: My account is still locked. They called me a couple weeks ago and asked for my console serial number and ID, I didn’t have them handy so I called back a few days later and gave them the info. As of right now, I still can’t log in to Xbox Live, so I can’t buy anything or watch Hulu Plus (only reason I signed up for it was to watch on my Xbox), and all they’ve given me is a code for a free month of Live.