Giant Bomb News

138 Comments

Hundreds of Dollars Later, One Tragic Xbox Live Story That's Hopefully Almost Over

Susan started off 2012 with a bang that involved Xbox Live, her bank account, and frustrating customer service.

Ringing in the new year with hundreds of dollars pilfered from your bank is a terrible resolution.

I’m intimately familiar with consumers dealing with Microsoft customer service in order to recover their Xbox Live accounts and, all too often, money taken from them in tandem with the account.

There are few stories as upsetting as what happened to Susan from Texas, who started off 2012 with several hundred dollars--$366.06, to be exact--stolen from her via her Xbox Live account.

She's recounted the situation on her Tumblr the last few days.

Her struggles to make things right have gained the rightful ire of the Internet, and reflect the worst parts of the stories I’ve filed here at Giant Bomb (here, here, here) about the exploitation of Xbox Live users.

“I think it’s fair to say that many people would look at Microsoft as a reliable company and absolutely trust them with their bank details,” she wrote. “What makes them any different than Blizzard or Sony? If this level of trust makes me a fool, than so be it, brand me as one. Just know that you are branding a hell of a lot of people with that marker than you probably know and we are not the ones to blame here.”

Susan had linked her Xbox Live to her bank via PayPal, and not a credit card. Traditionally, credit cards have greater protection for consumers in cases like this.

It’s unclear how someone came to access Susan’s account, as she claims to not be the victim of a traditional phishing scheme (which hinges upon tricking users into visiting familiar looking websites), but what happened after is familiar territory. The individual now in control of her account bought a “Family Gold Pack,” purchased an enormous number of Microsoft Points, transferred said points to new, unknown accounts, and sold these accounts elsewhere.

I’ve mentioned the selling of Xbox Live accounts in previous stories, but I’ll admit to not being aware of how common the practice might actually be, and I’m actively looking into the merits right now. Please contact me with your stories.

The reason Susan’s tale is more heartbreaking than most relates to her frustrating interactions with Microsoft customer service, which consistently gave her the runaround, pointing her in other directions, and putting the onus on her to ensure account was taken care of. I’ve heard this from countless other users.

Amazingly, Susan was even able to message the person who eventually purchased--and used--her account!

Microsoft director of policy and enforcement of Xbox Live, Stephen Toulouse, told me over email that his team became aware of Susan’s ordeal last night, and promptly locked her account and a refund should be en route.

I’ve been unable to verify personally with Susan whether the refund has been applied, but in her more recent update, she confirmed the account had been locked.

Toulouse said his team is aware of reselling sites.

“We do look out for them and shut them down where we can,” he said. “The selling of accounts is against our Terms of Use, not to mention the selling of a stolen account is a crime in many places.”

“Both the buyer and the seller of accounts run the risk of a console ban from Xbox Live,” he added.

You can keep tabs on Susan’s ordeal through her Tumblr and Twitter accounts, and if you haven't been keeping up with my coverage of similar issues over the past couple of months, here are some links:

Patrick Klepek on Google+
138 Comments
  • 138 results
  • 1
  • 2
  • 3
Posted by MideonNViscera

@dagas said:

@MideonNViscera said:

Why have your credit card in the first place when Microsoft points are sold at everywhere from Walmart to corner stores? Needless risk.

If you're gonna use one to buy your gold account, just cancel it immediately and you'll get free gold until the card was meant to expire anyway haha

Taking away your credit card seems pretty much impossible. I use time cards so I cancelled the auto-renewal, but it still says the credit card is being used for Xbox Live and cannot be deleted or something like that.

Yeah that's how I discovered this. When I first got my X-Box I didn't have a CC so I used my mom's to sign up for Live, but she kept getting annoyed at me buying points with it and paying her back so she asked me to delete it. I didn't ever manage to figure out how, so she simply cancelled the credit card outright. Then when it came time for my Live to auto-renew, it did, but since the card was cancelled, nobody actually got charged for it. They have a system for recognizing expired cards, but not cancelled ones, it seems.

Edited by EightBitShik

@MattyFTM: Their mom buying Xbox360 games when she doesn't have enough set aside for an emergency is what makes them "fucked" and stupid. If this bitch was working hard everyday and just had a bad job then yeah I can understand it. But don't cry to me about you can't afford to feed your kids when you have a 360. That is a 1st world problem right there "My kids can't afford to eat but holy shit we played Portal 2, Skyrim, Saints row the third, Shadows of the damned" that's my point lol. That is the real world.

It's like me I love the shit out of Giantbomb but I lost my job so I canceled my monthly subscription to the site it pained me but fuck man I wanna eat.

Posted by kurtkless

Something similar happened to me about 6 months ago; about half that amount (a little over a hundred bucks) was bought in ms points from my hijacked account linked to PayPal. My first call to MS support got me nowhere really. Fortunately I work in administration for a large hospital, so I had our staff lawyer contact MS, and what do you know, the money was refunded in less than 48hrs and my account had been restored to me. I’m sure they have a high volume of issues to deal with, but their customer service has really taken a dive in the last couple of years.

Posted by WickedCobra03

I guess its better than nothing patrick, thanks for staying afloat on the story, but it feels like Microsoft is getting the pass, whereas Sony was shredded apart last spring...

And even more, Sony was at least eventually somewhat transparent about the issue after a week or so, but Microsoft is in denial mode again as they were with the RRoD which is even more infuriaring than te problem itself.

Sorry of be kind of critcal of your stories Patrick(usually i love everything that comes from you), but it seems like the press itself seems to be kind of just standing by looking at it from a distance... Geoff Knightly had his account back in shape within hours where others have to wait upwards of months for even a response from Microsoft. This problem shouldnt even be a problem at this point; Microsoft or EA should just disable the packs and say sorry by giving their customers like 400 free points or a refund on the full game or something an dbe done with those packs, but then try to fix the underlying problem as well.

Posted by eccentrix

They can't tell where the points went? How do you even send points to another account?

Posted by FreakAche

I came to this comments section to find outlandish claims that the tone of this article would be different if Sony were the offender. I was not disappointed.

Posted by apoloimagod

This is really scary stuff. What they're not saying is that in a lot of cases they get this info from Microsoft themselves. They call customer service and convince reps to hand out account details...

Posted by Xsheps

people love their consoles so much that they will remain loyal to microsoft, sony, whoever no matter what.

Posted by Doctorchimp

@patrickklepek: Now that it's pretty apparent that the Microsoft "security" team is as inept as it could be when it isn't dealing with industry people that would blow up and complain about this...

How about a follow-up interview?

Posted by Squirrel

@Grimluck343 said:

Don't ever use PayPal for anything, ever.

It’s unclear how someone came to access Susan’s account, as she claims to not be the victim of a traditional phishing scheme

How else would they have gotten the account details?

As someone who had this happen just this week, I'd like to know myself. Because, unlike you're insinuating, I'm not a complete idiot. Phishing scams are transparent as hell and I don't even read e-mails from my own mother. My gamertag was even changed within the last month. I don't use any other service linked to that stupid windowslive ID so I would really like to know where the breach of security that affected MY account came from.

I had no issue with the customer rep I spoke to, or the speed with which they locked my account. I only have issues with how they, and all other big companies that ask for all this personal info, keep blaming us when they are being inundated with the same issue. Hundreds of people, with different account settings, different locations and different internet habits and the only constant is XBOX Live. Hmmmm...

Posted by Doctorchimp

@CornBREDX said:

What annoys me is how I cant leave my debit card info off my XBOX account because my gold is active. And you have to call them to keep it from auto renewing yet the website says you can do it on the websites at a place that DOESN'T EXIST. So annoying. I have to remember to call them this week end, such a pain in the ass.

I let my fucking account expire so I could take the credit card off. I'm waiting on a deal to get LIVE for cheap...although with my PC I'm finding less and less incentive. Especially with stories like these.

This is some despicable shit with how Microsoft is either A) easily fooled by a polish hacker to get into a lady's account or B) they actually got hacked...

Posted by FritzDude

@Squirrel: Maybe some of these?

  • Computer malwares and trojans
  • Unsecure and easily open "hidden" Q&A for your profiles through public websites
  • Weak passwords
  • Same passwords
  • Compromised passwords from other sources
  • Personal target
  • Redirection of websites, links and tabnabbing
  • Phone phishing
  • Image and filter phishing
  • Rogue wi-fi phishing
  • Posted by Jambi86

    My account was just hacked 20mins ago. Saw the emails but couldn't stop it in time. talking to MS and bank atm :( DONT SAVE YOUR CARD INFO ON YOUR ACCOUNT. buy point cards.

    Posted by pickassoreborn

    Just closed my PayPal account. I dislike their encouragement of wanton destruction of vintage violins.

    Posted by selbie

    You should never save CC details with a company. That's like leaving your wallet with a random neighbour and expecting them to keep it secure.

    Posted by Grimluck343

    @Squirrel said:

    @Grimluck343 said:

    Don't ever use PayPal for anything, ever.

    It’s unclear how someone came to access Susan’s account, as she claims to not be the victim of a traditional phishing scheme

    How else would they have gotten the account details?

    As someone who had this happen just this week, I'd like to know myself. Because, unlike you're insinuating, I'm not a complete idiot. Phishing scams are transparent as hell and I don't even read e-mails from my own mother. My gamertag was even changed within the last month. I don't use any other service linked to that stupid windowslive ID so I would really like to know where the breach of security that affected MY account came from.

    I had no issue with the customer rep I spoke to, or the speed with which they locked my account. I only have issues with how they, and all other big companies that ask for all this personal info, keep blaming us when they are being inundated with the same issue. Hundreds of people, with different account settings, different locations and different internet habits and the only constant is XBOX Live. Hmmmm...

    I didn't insinuate shit, keep reading the thread.

    Posted by Shankey

    Made an account to post this, I wish I read one of these articles a few days ago.

    An almost exact same thing happened to me today. About 140$ was spent on points through a paypal account I have attached to my bank and 360. I am in the process of fighting against the charges with Microsoft and Paypal. I will probably cancel my paypal account altogether after this is finished. I would do it now but am unable to until either the payments go through or are cancelled. About 33 or so Jumbo Packs for Fifa 12 were bought using my account and I was able to watch them all pour in as I waited for about an hour to get through to customer support.

    Once through I was asked questions like if I own Fifa (I don't) as well as a ton of other things. I was also told it could take up to 25 business days as mentioned in the other articles around this. The customer support person I talked to was kind and understanding but I guess I'll just have to wait and see what happens.

    However if the case is not resolved and I am not refunded quickly, it will end any future purchases I make for the 360, or their consoles in the future, which would be quite disappointing since I am a game designer working on a game that will coming out on the 360 in a few months.

    Posted by jjacobsson

    I don't get why more services don't use authenticators like Blizzard do. Sure it's a hassle when an authenticator gets lost or stops working or whatever but...

    Posted by Procyon27

    @apoloimagod: This is exactly how most people are getting compromised. They call MS CS and say they lost all of their login info and sometimes...without proper verification...the CS rep gives it out. Maybe not all of it....maybe the hacker just says they forgot what email they used and the CS rep gives that out. Then it's a matter of cracking the email account....and if you have a shitty password....you are pretty much screwed.

    SOCIAL ENGINEERING.

    That is the culprit here....not traditional hacking.

    Posted by zef40

    I just kacked myself signing into xboxlive website and saw my gamertag was different, then I realized I'd used the wrong email.

    Anyway, wtf is that guy saying the person who has done this risks their account being banned....really?.....really?

    Beyond lame.

    Posted by Procyon27
    Posted by TheHakku
    Posted by KaneRobot

    @RoyCampbell said:

    "Oh people are starting to notice; let's help this one user and then everything will be ok."

    Bingo.

    Posted by DS23

    Anyone that gives MS(or Sony, etc.) their credit card info is asking for trouble.

    Posted by Phoenix778m

    Never use paypal. They are not a bank and therefore are not under the same legal regulations as one.

    Edited by DagobahDude

    This happened to me weeks ago. Someone spent my remaining credits, then purchased maybe $90-worth more before doing whatever these people do with them (transfer them to other accounts for sale it sounds like).

    Anyway, there is probably (my best guess) some kind of login-credentials-revealing exploit going on with the Fifa games/perhaps other EA games. EA has their own online services for many Xbox games, and I made the stupid mistake of using the same password as I had used for Xbox Live (I did not use this password for anything else).

    I have relative faith that Microsoft knows how to protect our data (at least they've not let me down before). I would be much more likely to believe there is a nasty oversight in EA's online services revealing login credentials through some exploit or inside leaker. The day my info was stolen, in my recent activity, it showed someone had played Fifa ('11 I think) and unlocked all of the achievements for it. I doubt someone actually played Fifa under my account and get every stupid achievement within a day (I knew when my login credentials were stolen because someone tried modifying information tied to my account, which resulted in notification emails being sent to me from Microsoft).

    So I think they get the login creds. and then try them as Xbox login creds. (a majority of people prob. just think of this as their Xbox/gaming password, so it's the same password).

    Some nasty exploit(s), an embarrassing situation for Microsoft/EA, and a damaging situation for us (private account information/password you might use all over the Internet/etc. being stolen), and yes Microsoft hasn't really acknowledged this ongoing problem, and imo is pretending these are unrelated cases.

    Posted by MalkavTheClown

    Add a optional periphial for your xbox controller that has a 6 digit random generated similar to blizz authenticators. cost is low and keeps peoples accounts safe. just my opinion. sucks to those who got hacked though. maybe next gen systems will have this in place with trends towards cloud gaming and on-demand gaming.

    Posted by subyman

    I had my wow account hacked a long time ago when I still played. Blizzard was fantastic at getting it restored. I was back up and running in less that one day! Too bad more companies can't be like that.

    Posted by damnboyadvance
    @EightBitShik said:

    @damnboyadvance: Yeah because the PSN doesn't have the same shit happening to it, oh wait my roommate had his shit hacked and lost 2,000 dollars because of it a few months back... stupid fan boy comment.

    I don't care. He shouldn't have had his credit card on the PSN to begin with. I'm sure if he contacts his credit card company, he will get it back. Also, comments like yours at the end are the best way to lose any credibility, just sayin'.
    Posted by EightBitShik

    @damnboyadvance: Yeah after about 4 days he got his money back which in all honesty is not bad. As far as my end comment it's just silly that you were saying it's cause of that console when the one you enjoy did the same exact thing. It's blind faith in a one console company blows my mind.

    Posted by damnboyadvance
    @EightBitShik: Well my comment on how "nothing" like this happens on PSN wasn't exactly true, obviously. I realize that. But so many people have the exact same blind faith in Microsoft for Xbox Live that you just described, and think that the PSN is just open season for hackers. We both know that is not true at all.
    Posted by EightBitShik

    @damnboyadvance: I agree entirely, nobody is safe but nintendo lol

    Posted by IBeDanYo

    Thanks for reporting on this, Klepec. I was locked out of my account for a month until a few weeks ago. It's about time people start hearing about what has been going on here.

    And phishing, my ass. I never even use windows live ID, much less go to the Xbox site or click on any links that require my Xbox info. Somehow they hacked my account through live or played customer service into giving them my details. Either way, MS needs to figure out something quick. I've already removed my credit card from XBL and subsequently, am making next to no purchases on the service. Where as before I was a pretty regular impulse buyer of XBL content.

    Hope this gets MS to pay some attention to the issue at hand.

    Posted by Burtha

    2 factor auth should be the norm now, opt out at your own peril

    Edited by hurrikenux

    @MattyFTM said:

    I don't think you're living in the real world. Not everyone has the ability to save up thousands of dollars for "what if..." scenarios. Some people struggle to get by with their kids having a decent standard of living and just can't save money for hypothetical scenarios. Heck, when I was a kid it would be rare for my mother to have more than £100 in her bank account. And she certainly didn't have enough spare cash to save up in case somehow her bank account got accessed and someone took all her money. She spent every penny trying to give me the best standard of living she could. We had an OK standard of living, but if she had saved up money just in case something bad would happen we would have pretty much down to our bare bones. She was a single parent. There wasn't a lot else she could do.

    I don't know enough about Susan's situation to make a judgement either way about her financial situation, but saying her kids are fucked just because the family is a little low on money is just flat out dumb.

    This is correct, some of us single parents barely make enough to make ends meet and used trade-ins and gift cards to procure an XBOX so that we can have some semblance of a social life. What, do we have to be single neckbeards jacking off into our hands to be able to have an XBOX? Thanks for saying this Matty, although the jerk replied.

    @EightBitShik said:

    @MattyFTM: Their mom buying Xbox360 games when she doesn't have enough set aside for an emergency is what makes them "fucked" and stupid. If this bitch was working hard everyday and just had a bad job then yeah I can understand it. But don't cry to me about you can't afford to feed your kids when you have a 360. That is a 1st world problem right there "My kids can't afford to eat but holy shit we played Portal 2, Skyrim, Saints row the third, Shadows of the damned" that's my point lol. That is the real world.

    It's like me I love the shit out of Giantbomb but I lost my job so I canceled my monthly subscription to the site it pained me but fuck man I wanna eat.

    Have you ever been a parent or even know what the hell you are talking about? This "bitch" (I can tell you are forever alone) may have that XBOX because it is hard for her to be able to have a personal life and a parental one. I am a single parent far away from any of my family and the XBOX was a nice way to talk to friends and family in other states while enjoying games after my kid goes to sleep and the housework is done. My budget is tight, so having my XBOX hacked put me at a loss when all I use it for is recreation and I am only able to purchase items for it with the occasional gift card, credit card rewards and eBaying household items. All extra money goes towards my kid having the life I feel she deserves, having money stolen from me WOULD hinder me providing food and care for her on a month to month basis.

    This is all the things you never had to worry about while your parents spoiled the shit out of you.

    Some people have no class.

    Posted by EightBitShik

    @hurrikenux: Being spoiled is the complete opposite of what my point was. I'm sorry I grew up with a military background where I was brought up to make sure that my family comes first and have money set aside in case of an emergency. My point is if you have kids and only have $300 in your bank I am not saying you are less of a person I'm saying stop buying so many new 360 games and have some money on the side incase shit happens. IE: don't put all your eggs in one basket. Don't buy that one copy of Skyrim and put that $60.00 in a sock drawer and boom you have money for food for your kids. Then you can go buy as many games as you want. I would live pay check to pay check because I had a lot of medical bills and if I only got $200 after I paid my bills I wouldn't buy two new games I'd put some of that shit away. It's not about how much you make it's the choices you make. If she is buying 360 games and not saving for in case of emergencies I think she is stupid. I didn't say I think she is stupid because she wants to have a form of fun she can spend 90% of her check on games for all I care if it makes her family happy but when she says she doesn't have enough money to feed her kid that is when I don't feel bad for her because that means she made a poor choice. I'm sorry I value a kids well being more then games. Yall are getting defensive over the stupidest reason. A person is concerned about a kids well being because there isn't money in the house hold to buy food not because of being poor or handi capped but because she probably goes over board on buying more games then she should.

    You have a lot of passion to argue with me on this but I'd think you would be on the same side since you have a kid I thought she would be more important to you then a few a games but that is your choice. All I know is what you think and I think I bet after this is done she will change her spending habits so that if she ever gets screwed again she won't have to worry as much about feeding her kids. I don't think this is her fault I never said that. Again, it has nothing to do with class it's priorities. If you don't agree with me don't bother to reply because I don't care what you think at this point, so let me sum it up: Buy games that's fine, make sure you do your best to save for situations especially if you have kids and I'm never forever alone. In fact I am married and it drive me up the wall when my wife would spend money before she got it because you never know what would happen, she spent $500.00 on her graduation party because she said her family would give her so much money which because times are tough she only got $25.00. We had to dip in our savings because of that move. I would of been just as mad at her if we had a kid and we couldn't feed her/him.

    Posted by OzGamer

    still a long way to go for the seamlessly experience

    Posted by Xtrminatr

    Just got my account hacked. Randomly generated password that was 12 characters long... Bullshit... Absolute bullshit.