Hundreds of Dollars Later, One Tragic Xbox Live Story That's Hopefully Almost Over

Wait wait wait. PayPal is less secure than giving your credit card to MS? WTF?!?

After reading this article, others patrick has posted and a few on Joystiq, I've taken all credit card details off my xbox account. Not worth the risk

Id really love to know how they are getting these accounts. Im sick of hearing the phishing BS as I really dont think thats how they got my account. Either way, actually got good service from MS. No run around, and account was back in about 3 weeks I think.

"Oh people are starting to notice; let's help this one user and then everything will be ok."

Wow.  What an idiot. Why would you plug the goddamn thing into 
Paypal & have your bank account at some corporations finger 
tips??  Dames. I tell ya.  It's common fucking sense not to do 
that.  
 
Trust Microsoft or anybody for that matter.  What a Gullible Gilda.

@damnboyadvance: Yeah because the PSN doesn't have the same shit happening to it, oh wait my roommate had his shit hacked and lost 2,000 dollars because of it a few months back... stupid fan boy comment.

@zityz: It's because they don't have a similar service at all. If they did they would be in the same boat. I'd rather risk these services and enjoy the content then have a friend code and zero online ability.

Despite how many people shit on them. I STILL think Nintendo's Customer Service is leaps and bounds over Microsoft's and Sony's. It's a shame stuff like this is happening and that the corporation themselves give people the run a round. Most of the customer service reps are probably regular joes hired off the street who would rather NOT have to deal with a situation.

The idea of friend codes aren't looking too bad now me thinks.

This is a natural progression from account hackers (mostly from China) hacking and selling MMORPG accounts branching off into different things. Anything online that has value is going to be stolen and sold and this is going to be a major stopping block for companies heading into digital distribution. Microsoft and Sony and other companies are going to have to start taking this shit seriously or it is going to cost them huge amounts of money and a huge loss in customers willing to spend money linked to their profiles, which will retard the whole evolution of digital distribution..

It is patently obvious that Microsoft's customer service is wildly unprepared with dealing with this situation, as they were unprepared to deal with the huge amounts of red ringers back in 2005-2006. Eventually getting your account hacked and re-sold will become as commonplace as it is on WOW. Steam will be targeted as well.

@D_O_A said:

@CornBREDX said:

What annoys me is how I cant leave my debit card info off my XBOX account because my gold is active. And you have to call them to keep it from auto renewing yet the website says you can do it on the websites at a place that DOESN'T EXIST. So annoying. I have to remember to call them this week end, such a pain in the ass.

I don't know how recent an addition it is, but i have been able to cancel xbox live gold auto renew on the website for a few months now.

You can turn off auto-renew online, but you cannot remove any card info so long as you have a subscription still running. You have to call them, they remove your current subscription manually, then email you codes for the remaining time left. That's what I just had to do, at least.

I have all the consoles and love my Xbox but their customer service absolutely sucks. Their customer service is the ONLY reason that next gen the PS4 will be the first console I get. but I will eventually get both. For a service that you spend $60 for basically nothing it seems the least they could do when you call with a reasonable complaint or request is to treat you like you matter even if they can't help you but I have never dealt with such jerks in customer service in my entire life.

Microsoft's customer service is useless. I'm sure they actually do something when something becomes news like this. 
 
Isn't it funny though? Lots of this stuff going around on Xbox Live, yet none on PSN, and everyone thinks PSN has more security issues. 

I don't know why but the name Susan is making me laugh.

Wait, so was she hacked or was it phishing? Still not clear to me.

I hate these situations (and also hearing about them over and over) and Microsoft for provided such shitty service to paying customers. Doesn't some of that money we're paying for gold pay for the security/fraud department? But I also hate those who blame Microsoft for there accounts getting phished. I see phishing referred to as hacked way, way, wayyyyy too often. A hack is due to a lack of security on Microsofts behalf, but I feel phishing is on the users end (although resolving the issue once its occured is on Microsoft). So I wish people would just say my account was phised, admit they fell for it, then demand help.

Also what the eff is this shit. Cant even remove my CC

@CornBREDX said:

What annoys me is how I cant leave my debit card info off my XBOX account because my gold is active. And you have to call them to keep it from auto renewing yet the website says you can do it on the websites at a place that DOESN'T EXIST. So annoying. I have to remember to call them this week end, such a pain in the ass.

I don't know how recent an addition it is, but i have been able to cancel xbox live gold auto renew on the website for a few months now.

My account got hacked for $70 worth of points and they offered me the same, lock your account and we might or might not look into it deal. (Of all things, the thief spent the points on Rift, a mmo!? It must be available through the marketplace or something) After reading/hearing horror stories about dealing with Microsoft in these situations I decided to tell the csr that I'd be willing to just eat the $70 charge if he'd be willing to remove my credit card info from my account, as I was not able to do it online. It required cancelling my gold account along with any remaining time left for the gold, but at least it got done. Then the csr gave me codes for the remaining time I had with my gold membership. I have/had never entered my account info to any other page than xbox.com, and never followed a link to xbox.com besides the bookmark I had placed on my original visit. Near as I can tell is a csr must have been socially engineered. Needless to say, I will never give my cc info to Microsoft again. It was all just a horrible experience.

Glad Susan got the press she needed to get her situation fixed. If only this ongoing problem could make television news. Maybe that'd be enough press to get Microsoft to actually fix this problem.

Funny how companies pull their fucking acts together once people are aware of something they're doing.

What annoys me is how I cant leave my debit card info off my XBOX account because my gold is active. And you have to call them to keep it from auto renewing yet the website says you can do it on the websites at a place that DOESN'T EXIST. 
So annoying. I have to remember to call them this week end, such a pain in the ass.

How the hell does buying up tons of points for the purpose of transferring them to other accounts not raise any red flags at Microsoft? Can't they put an automatic hold on practices like that for a few business days, much in the way banks do, to ensure everything is legit?

With how common two step verification is on the internet I'm increasingly amazed at just how poorly the Xbox Live security team is adapting to and confronting this problem. Accusing everyday folks of being careless with their personal info while quickly resolving big industry names that get hacked to minimize PR damage is a pretty shitty practice as well. Keep up the stories as you hear more Patrick, they are appreciated.

EDIT: Just got off the phone from removing my CC info from Xbox Live. Aside from the fact that I had to call them to do it, it was relatively painless and I chatted about Saint's Row 3 with the support rep. Feels good to be free.

This story's not over until Microsoft significantly shortens the time it takes for people to get their accounts and money back, and properly implements two-step verification. Also they should probably not let low level customer support reps handle fraud victims.

Microsoft dealing with this specific case quickly means nothing when it's purely because it became a PR issue.

This is what the Xbox is. Let's move past it.

There was another user on the GB boards that said this happened to him just the other day.

I'm assuming this all went through her credit card? She should be contacting her credit card provider. They would fight to the death for her.

I don't have a card on my account, but I got a really freaky call about my account being permabanned, on my cell phone, by a private number. Nothing has disappeared....yet....

I haven't had an Xbox since I sold it in the middle of last year. My Gold has been expired since July.

The only problem I have with this story is the lady crying that she can't feed her children because they took $300.00 if you have kids and this is an issue lay off the buying of some games to put a savings away in case of an emergency. I feel bad for her but if she is playing new Xbox 360 games and doesn't have more then $300.00 saved then those kids are fucked.

Don't get me wrong this shouldn't of happened to her in the first place I agree with that and hopefully she is just saying that part to make her situation "worse" to the customer service rep but when I read that I shook my head. Priorities....

Microsoft's actual customer service is utter shit. There are good people working at microsoft who like their jobs and want to help, but none of them work in customer service.

I honestly do not understand how this story isn't all over the national media...

When you look back at the outrage of the Playstation Network hacking scandal it seems incredible, that (in retrospect) it turned out that NOBODY on PSN actually became a victim of any sort of fraud... yet it was all over the media, as well as the FBI and various countries governments getting involved....

Yet here, with regards to Xbox Live... there IS genuine fraud happening, and HUNDREDS (if not thousands) of loyal customers are losing thousands of dollars.

Microsoft are laughably passing the buck on this to the consumer, basically portraying them a stupid victims of "phising scams"

THIS IS NOT THE CASE.... if it was, then why is it not also happening (in these huge numbers) to PSN & Steam users... HUH, answer me that Microsoft!

So by now it's clear, that i am slightly vexed about this whole story.... and with good reason.

Just before Christmas, my son became just another in a long line of victims.... he switched on his console to find the 2200MS Points he just added days before had entirely been spent on FIFA rubbish (luckily he uses scratch cards and does not have a credit card assigned to his account)

Now when i say 'my son'... don't imagine a naive 10 year old who clicks on any old link he receives in a spam email, or inputs his account details into any website that asks for them.....

My son is 19 years old and currently doing a university degree in computer languages, he would be able to spot a phishing scam better than most - So when he tells me he absolutely has not handed his account details to anyone, i know he's telling the truth.

Yet somehow, someone without these "vital" access details, has somehow got into his account

It should be as clear to Microsoft.. as it is to everyone this has happened to, and all the blog evidence is pointing to... that..

MICROSOFT HAS SOME FORM OF SECURITY BREACH... which appears to be of absolute common knowledge in the Eastern Bloc (where all the profits of this fraud are being passed around easier than stolen mp3's)

It's a sad story but a familiar one. I had my account hacked and money (much less) was stolen from me, too. The upside is that Microsoft and my bank took care of the whole thing and I wasn't out a penny for long. I cancelled my bank card and was issued a fresh one I do not have linked to any console. I guess she ran int bigger problems because of her Paypal account. I know that I was not the victim of a phishing scheme because I only correspond via email with people I personally know and, at the time of the incident, my Xbox hadn't been used in 4 or 5 months. I don't have a Facebook, Twitter, Linkedin, blog or any footprint on the web that I know of. That doesn't mean one doesn't exist, just that I am not aware of it. I read around the net that there was some Eastern European/Russian group hacking accounts and reselling the downloads, so I figure that's what happened to me. Why else would someone buy a bunch of games (Xbox live credits) and then do nothing with the games purchased? I am positive Microsoft knows this is going on, but I question whether or not they know what to do or how to curb the intrusions.

"They were about as helpful as everyone else I have been in contact with regarding my stolen money. In total (including tax) I have had $366.06 stolen from me. Just how I am going to feed my son this month I just do not know." ....

While it sucks to get money stolen, if you are relying on paycheck to paycheck to feed your son... and a loss of 366$ means no food for your baby... u probably shouldn't have an XBOX360 with XBox Live...

yep i lost $250 on Nov 29, and i'm still locked out of my account, haven't heard a thing since i originally reported the problem to M$

Just read the whole situation on that girl's tumblr and it amazes that they screwed up so badly. 

this story has finally convinced me to remove my CC from my Live account. That, and the fact that I haven't used my xbox all year because of Steam. Of course, Steam still has my CC info, hrm.

Thats incredible. It seems rediculous that microsoft charges 50 dollars for what is usually free then fails to secure the accounts of their customers.

@mak_wikus said:

Worst part about her story is that Allegro.pl is a completely legitimate on-line auction house.

That's interesting info. I had wrongly assumed it was some dodgy site.

Another reason why I don't like linking my credit card to accounts.

Why is this not a bigger deal, I have listened to many podcasts and been on community gaming sites and it seems stories like this one are wide spread throughout Xbox Live. However, nothing comes out to the public on how to secure against this on a grand scale. Does it have to hit large public numbers like the PSN hack before anything will be done to lock this security hole down. Maybe everyone that has had this issue should start reporting Microsoft to a Better Business Bureau.

@Humanity said:

@Grimluck343: Why do people all of a sudden hate PayPal so much? I'm honestly curious cause recently on several different occasions I've heard nothing but deep ire towards PayPal.

I made a purchase on Steam a few months ago using PayPal. Had the money in the account and everything. PayPal said they "randomly" selected that purchase for review, refused to send Steam the money, so Steam locked my account until I called PayPal to authorize the transaction.

Like Patrick mentioned in the article, you credit/debit card has consumer protection built in where the bank will take care of removing fraudulent charges and refunding the money back to your account.

That barely scratches the surface of how messed up PayPal is. Just google it to find out more. Off the top of my head, PayPal has been known to completely lock down people's bank accounts for whatever reason they like without any sort of appeal process.

It's ridiculous that Microsoft basically have to be embarrassed into helping these people and still aren't taking steps to protect their (paying!) users better.

Worst part about her story is that Allegro.pl is a completely legitimate on-line auction house. Yet, they can't seem to control every single auction it seems(there are litterally dozens of thousands of them). Recently there's been a news story that police has captured people responsible for selling counterfeit Xbox 360 controllers. Also, my mother bought a Sony memory stick for her camera and said stick turned out to be a counterfeit. I've told my mom that the cheapest stuff(twice as cheap as an original) is best to be avoided.

As for selling accounts(with points AND games), yeah, I've seen some of those auctions. Can't seem to find any at this moment.

@TwoSe7enFive said:

I think Microsoft are flat out lying about the hacking of accounts.

Yup.

I honestly think that the reason why MS are offering refunds like this though is because of social media and the internet. When people can post their shit stories on Twitter and raise awareness that creates more scathing PR than any media service could ever hope to achieve. And they end up rushing to try to fix the issue so it doesn't look as bad. I guarantee that if things like Twitter and Facebook didn't exist the issues wouldn't get resolved like this and people would be getting shafted more often than not. It's good to see them fix it, but a customer should not get the fuck around in matters of fraud. Ever. And the fact that it happens is absolutely pathetic.

Clearly their CS workers read from a flow chart during their calls, and that needs to stop. I don't know if it's a language barrier because they're all apparently based in Bombay or if it's just policy but their job is to help the customer first, not the company that they work for.

And this is the reason why I do not have any of my credit cards linked to any consoles of mine. Steam has 1 credit card that I use solely for online purchases and I monitor it closely. That's it. I'll go and buy points for everything else and I urge most people to do the same. Eliminate the source, or head, of the problem and the snake dies.

This is awful. What's worse than these people doing this, though, is the very real probability that had Patrick or anyone else with a podium not covered this then she probably would have kept getting the runaround from Microsoft. Good work, Klepek

@PiltdownMan said:

@Loyal_Dragoon said:

Is it just dumb luck that they get these accounts with CC info on them, or are they somehow able to single out the people with that sort of info linked to their account? Thats what I want to know. I don't think we'll ever know for sure how they target accounts, though.

My guess is if there isn't CC info linked they move onto the next target, it's pretty simple.

It's also possible they hold onto the account, then check back later.

@Loyal_Dragoon said:

Is it just dumb luck that they get these accounts with CC info on them, or are they somehow able to single out the people with that sort of info linked to their account? Thats what I want to know. I don't think we'll ever know for sure how they target accounts, though.

My guess is if there isn't CC info linked they move onto the next target, it's pretty simple.

If you know someone's name you can find their Facebook page and so find their linked XBL and PSN account usernames, their birthday, their mother's page and her maiden name, their pet's name, a photo of their car, and so on.

Any webpage that allows password alteration after security question checks is made susceptible to attack by this plethora of information that people blindly upload to the internet.

Who the fuck is Susan.

@Grimluck343: Why do people all of a sudden hate PayPal so much? I'm honestly curious cause recently on several different occasions I've heard nothing but deep ire towards PayPal.

This shit is terrifying. Somebody should contact GeoHotz, he'll know what to do!

one reason i still pay for xbox live every month is because im not sure how to make it stop....

I stopped reading Consumerist because they ran stories with one side and no response from the company involved. Not saying that everything didn't happen exactly as she says, but I don't like the trend here. I see a person who got their account stolen, told their side of the story, and everyone ran with it. Would be nice to get some comments from MS somehow other than "yeah, we looked into that".