Microsoft, EA Claim FIFA Isn't Causing Rash of Xbox Live Hacks

"...Getting emails from users who’ve been had accounts compromised "

Come now Patrick!

At any rate, this seems a bit far for a football game. :S

Happened to me and it is absolutely tied to FIFA 12. I had 6000 ms points spent on my account and all of my Ultimate Team cards sold.

@SomeJerk said:

One Xbox support guy said Jtagged eastern-european boxes.. But what is the cause behind this stuff? Happened to tons of people since July. Meanwhile, the PSN hacks simply kept people from playing games for a while~ If you don't want to wait three four weeks to get your account fixed, should you get hacked, you should raise some hell and mention the better business bureau or simply file a complain with the bbb directly, a manager will come fix your case in days.

Wrong. My account was hacked June 26th, I got it back October 6th. I mentioned the BBB, filed complaints. I talked to the highest person that a customer is allowed to talk to over the phone. The manager, of the manager, of the manager of the CSR's and they could do NOTHING about speeding up the process. It goes to the fraud department which is a completely separate area. Once your case has been sent to them NO ONE in the CSR department can do a thing to speed up your claim. I've spent HOURS on the phone with these people. This isn't some "I think" case. I KNOW how the system works at this point.

Oh and btw, my account was hacked with Fifa somehow too. Even though I've never played it.

What's amazing is that I read this article, switch on my Xbox and discover I too have been hacked. Those blasted soccer hooligans emptied my point cache. Playing offline is not a big deal. But no Netflix for a month during the investigation. Screw it, I'm switching to Qwikster.

I had it happen to me over the summer. The lady I talked to at Microsoft was thorough and professional, but it took about a week longer to unlock my account than I was told. They bought about $120 and bought as much of that FIFA stuff as they could, then the rest were like...Fable III Dye Pack and other random cheap things. The weird part, though, is that they didn't recind those purchases. They refunded my money, but I am now the proud owner of DLC and addons for a couple games I don't own.

@Gamer_152 said:

Great story Patrick. If the Fifa connection is just a coincidence though, that's a pretty huge coincidence.

It's not that it's a coincidence, it's just a way for them to get Cash out of the hack because people pay real money for these FIFA ultimate team cards.

http://www.ebay.com/sch/i.html?_from=R40&_trksid=p5197.m570.l1313&_nkw=fifa+ultimate+team&_sacat=See-All-Categories

I'm really disappointed in the article, Patrick. This epidemic has been happening for months, and it's not a social hack. It's not phishing. It's not a key-logger. It may involve a database of login credentials from a third party, but not Gawker, PSN, Chase (or any other publicized breach), none of whom had my information and my account was still broken in to. They don't gain access to your email and reset your password (which is how social attacks work). They get your password somehow and access your Live account directly. There is no one to call to get a password over the phone. The FIFA and EA connection is a complete red herring. MS may be in full denial mode, but when the CSRs are being candid there is a definite crisis. So much for the theory that a paid service like Live equates to better security. Instead you're paying for MS to blame you for the attack on your account while they pretend nothing is wrong.

@SomeJerk said:

One Xbox support guy said Jtagged eastern-european boxes.. But what is the cause behind this stuff? Happened to tons of people since July. Meanwhile, the PSN hacks simply kept people from playing games for a while~ If you don't want to wait three four weeks to get your account fixed, should you get hacked, you should raise some hell and mention the better business bureau or simply file a complain with the bbb directly, a manager will come fix your case in days.

Wrong. My account was hacked June 26th, I got it back October 6th. I mentioned the BBB, filed complaints. I talked to the highest person that a customer is allowed to talk to over the phone. The manager, of the manager, of the manager of the CSR's and they could do NOTHING about speeding up the process. It goes to the fraud department which is a completely separate area. Once your case has been sent to them NO ONE in the CSR department can do a thing to speed up your claim. I've spent HOURS on the phone with these people. This isn't some "I think" case. I KNOW how the system works at this point.

Oh and btw, my account was hacked with Fifa somehow too. Even though I've never played it.

I'm very sorry for the long post but I feel that it's about time that gamers and journalists started paying more attention to just what EA is implementing in their sports games. EA is gaining a ridiculous amount of money through exploitative free-to-play game design and encouraging players to gamble with real money.

@sw0rdfish said:

@Gamer_152 said:

Great story Patrick. If the Fifa connection is just a coincidence though, that's a pretty huge coincidence.

It's not that it's a coincidence, it's just a way for them to get Cash out of the hack because people pay real money for these FIFA ultimate team cards.

http://www.ebay.com/sch/i.html?_from=R40&_trksid=p5197.m570.l1313&_nkw=fifa+ultimate+team&_sacat=See-All-Categories

Many of these sellers may claim that they're not infringing any policies, but that's untrue. Ebay is very strict about the ways that digital content and media can be sold, and these auctions don't hold up.

They can be reported via 'Listing practices > Compilation and informational items > Bonus with another item'.

This happen to me on September 30, some hacker spend over $100 of MS points and unlocked 30 achievement points on FIFA 12, a game I don't even own. I know as much of FIFA as the president knows how to get the economy going! Microsoft told me the investigation of my hacked account might take up to 25 days; man, I will be missing Rage, Batman, Battlefield and Forza , all games which I pre-ordered.

In relation to the one individual who said they were hacked in August, FIFA12 wasn't even out then?

EA...

I'm concerned about BF3 and Origin.

FIFA is 100% to blame if you got hacked and notice FIFA activity on your gamer tag. Specifically Ultimate Team. This has been an ongoing problem since FIFA 10, but it is just now really starting to gain momentum. With FIFA 12 Ultimate team is on the disk, meaning that it is not DLC. In previous years it was DLC. In FIFA 09 it cost 800 MS Point. In FIFA 10 it cost 400 MS Points. In FIFA 11 it was free and now in FIFA 12 it is still free and on the disk.

The gentleman a few posts up form me explained Ultimate Team and how it works very well. So, I will not explain it, but I will explain why this is such a lucrative scam for those involved in hacking accounts.

Think of the goods in Ultimate Team.....namely the cards and coins as the currency. The "consumer" is the person who wants these goods without having to work for them in game. The scammer/hacker is the one who will provide these goods at a real world cost. The only way the scammer can profit from this is by having lots of the goods at his disposal. The only way to get that is either by scamming individual players or by hacking XBOX Live accounts. That is the short of it....

Turns out hacking an EA account is extremely easy. I have seen numerous posts on the official EA forums about people getting hacked by people who's only mode of hacking was a simple call to EA customer support. Once they contacted EA support they would then advise the support person that they had lost their EA account details for their gamer tag. Then EA would simply hand over those account details and you can figure out what happens from here. Since most people with EA accounts probably use the same email address and password for both Live and EA it was an easy social engineering hack. EA has since the release of 12 upped their account security a bit, but it is still lax.

The bigger issue is the Chinese websites that are actively selling "preloaded" MS Point accounts (gamer tags). These are hacked accounts that are beefed up with MS points and then sold on to people for a price. I only know of such sites as they have been mentioned numerous times on the official EA Ultimate Team forums. People then use these accounts to log on to FIFA and blow all the points on Ultimate Team packs then ship those items over to their main account most likely through EAs web app for Ultimate Team. This is not unlike World of Warcraft account hacks. Where your account would get hacked...typically by some Chinese gold farming operation...emptied and all items sold and then traded onto a feeder account.

This is only going to become more prevalent in the coming years as free to play and micro transactions become more the norm. There will always be the people that don't want to work their asses off to gain their virtual goods and their will always be someone whose has hacked and scammed and stolen to provide them those goods. The game companies are to blame if they do not start to step up their security protocols within these games and make them more like financial institutions than a silly video game. The security needs to be as robust as your bank....not Hello Kitty Island.

I am a very active member in the FIFA Ultimate Team community...it truly is an excellent game mode in an already excellent game. Sadly there are people trying to exploit others to make a buck.

On a side note....FIFA is the worst online gaming community on the planet and stuff like this along with non stop cheating and exploiting the game online are the norm. It is the worlds biggest game and as far as sports video game franchises is the king of the hill worldwide. It is one of the top selling games in the world every year....not top selling sports game....but top selling game.

That sure is quite a coincidence... personally I think there should be some more security measures put in place. I'm not saying that Xbox LIVE is a security hazard but I do think that there needs to be more caution placed on accounts that are seen purchasing more than 100 dollars worth of MS points in a single day.

@sirkillsalot said:

That sure is quite a coincidence... personally I think there should be some more security measures put in place. I'm not saying that Xbox LIVE is a security hazard but I do think that there needs to be more caution placed on accounts that are seen purchasing more than 100 dollars worth of MS points in a single day.

My credit card company always contacts me if I make an unusual payment, this would probably fall into that category. I guess not all credit card companies are as competent.

I got hacked like this, but they used Madden instead. The only thing I can figure is that they just want to fuck with people. They're using EA sports games simply because you can buy those in-game bonuses repeatedly, and they don't add anything to your account like new games or DLC.

Honestly, this wouldn't even be an issue if Microsoft required you to put in the security code on the back of your card whenever you made a purchase of points on your account. The fact that someone can hack your account and spend all of your money without any sort of proof that they are the card owner is retarded.

@RobertOrri said:

@sw0rdfish said:

@Gamer_152 said:

Great story Patrick. If the Fifa connection is just a coincidence though, that's a pretty huge coincidence.

It's not that it's a coincidence, it's just a way for them to get Cash out of the hack because people pay real money for these FIFA ultimate team cards.

http://www.ebay.com/sch/i.html?_from=R40&_trksid=p5197.m570.l1313&_nkw=fifa+ultimate+team&_sacat=See-All-Categories

Many of these sellers may claim that they're not infringing any policies, but that's untrue. Ebay is very strict about the ways that digital content and media can be sold, and these auctions don't hold up.

They can be reported via 'Listing practices > Compilation and informational items > Bonus with another item'.

Agreed... but people really want these cards and they pay for them right away before the auction is taken down... That's where the money comes from for the hackers.

@Poki3 said:

You know... I once turned on my PS2 and my memory card suddenly had a save for FIFA 2008. I didn't play a FIFA game since FIFA 97. The save is still there to this day. True story.

cool story bro

it takes this for some fifa coverage from GB

You can blame all this DLC and all this individually owned stuff.

Sounds like well placed FIFA Marketing to me! EA has really gone off the deep end.

it takes this for some fifa coverage from GB

@shades846 said:

it takes this for some fifa coverage from GB

Seriously....best sports game on the planet and GB doesn't even say a word about it.

@Procyon27:

God forbid they don't have any interest in a sports game you like.

@Huey2k2: Maybe GB should cover all games not just the ones they choose to cover.

That being said....I know 99% of this site does not care about sports games.

I got hacked in April and they took 6000 points off my account and spent it on other arcade games onto their xbox. My account was frozen for 3 weeks and i didnt see a penny back from microsoft at the end of it.

Yesterday the same happened again but this time they took 10000 points on my account. I just can't wait for some bullshit story that microsoft are going to tell me in the coming weeks.

Now that none of the credit/debit cards work on my live account, i wont be putting any back on. But I'll be buying points/membership via the cards.

@Procyon27 said:

@shades846 said:

it takes this for some fifa coverage from GB

Seriously....best sports game on the planet and GB doesn't even say a word about it.

Just had a review and TNT on NBA 2k12

@miva2 said:

@Poki3 said:

You know... I once turned on my PS2 and my memory card suddenly had a save for FIFA 2008. I didn't play a FIFA game since FIFA 97. The save is still there to this day. True story.

cool story bro

It actually is a pretty cool story, bro. The same shit has happened to me on PS1. Like someone took my memory card one night, put a 30 hour save in some other game on it, and then brought it back the next morning.

If Microsoft is claiming EA or the FIFA series aren't a known hack threat, they're full of shit and it's pure PR spin.

I had my account stolen and points spent on FIFA 11 packs back in August, and after getting nowhere with one MS rep, the second one I talked to was very nice and forthcoming about this being a known problem with these FIFA packs. The key reason he said those packs were a target was because stuff bought with the packs wasn't tied to an account and could be transferred off of the EA FIFA account to another XBL member. He said it was something MS was trying to block with EA, but were getting nowhere. Clearly EA didn't learn their lesson for FIFA 12, and the hacking will continue for another year. My account was blocked for 3 months, and it took several months to get over 4000 MS points credited back to me.

Thankfully I no longer had my credit card tied to the account, so only my available MS points were spent... though maybe that would have had a quicker resolution.

There are websites out there selling fifa 12 ultimate team coins for cash, it takes hours and hours to generate the coins by playing, they just steal accounts, buy loads and sell them on

It's the same thing that has been happening in WoW with gold for years

I get links from time to time about free MS points through xbox live. They asked me to signup through a website with my xbox.com login and I would get 1600 points. I'm sure that's how many of these people got scammed.

@MulletStorm: This here is exactly what happened to me. Only it was 75 and not 70. They ripped me off Sep 9th, I called and had the account locked immediately, but was able to recover my gamertag immediately, (they only managed to change my secret question, to something in Chinese) changed all the security info and Email and locked the account down myself.

They bought a bunch of games while on my tag, instead of transferring the points off to their own tag (Idiots) and I was able to do a license swap to move the licenses from the games he bought to my console so he couldn't play any of his/her ill gotten gains.

What is pissing me off at this point is that it's been over about 25-26 business days or something and still nothing has happened with the investigation. I'm not about to dispute the charges with my bank, because it wasn't my banks fault, it was Microsoft's fault and I want THEM to pay me back.

However if nothing happens this week, I'm calling and going nuclear on them. There is no way a simple return of money and security switch should take this long. So it's probably going to have to be a threat of small claims court action or something to get their stupid asses in gear.

Of course watch, if you sue them to get what you lost, I imagine the ban your gamertag, you lose access to all your games from here on out, and yada yada yada, capitalism is awesome.

They just got me today for 4800 gamer points, plus they used my xbox live account to purchase 400 more. EA is no help with this at all, the dick heads started by changing my EA accounts email address to their own. Next they somehow accessed my live account recovered my gamer tag onto their xbox, spent all my points and began purchasing more points with the credit card associated with my XBLA. In order to contact EA customer service you have to re-create a new account to report the old accounts been compromised this is so stupid. Oh yeah and on top of it all microsoft has now frozen my account for 25 days good times keep on rolling.

How come this isn't happening on PSN btw? Seems odd..

@OrigamiElephant: If you dispute the charge as fraudulent through your bank it is still MS who eats the loss. Do it soon. Usually you only have 30 or 60 days from the date of your last statement to report a fraudulent transaction.

After reading about this last night I woke up this morning (UK here) to emails from MS saying I had bought 10000 MS points, I tried to log into xbox.com but my password had been changed,

I managed to reset the password and get back into the account and when I looked at my billing history I had bought 83 premium packs on (you guessed it) FIFA ultimate team, the nice folks did leave 40 points in my account though,

The weird thing is though that my 360 is linked to my paypal and the card on paypal has expired, I also had no money in my paypal and recieved no emails from paypal confirming the sale.

I can only ring MS support at 9am so I still have a couple of hours to wait but I have already got in touch with the bank who will be looking into it

Hey Guess what I am just posting this to complete a quest. Shazam!

I'm posting cause I too have been a victim to this hacking. I would not have noticed if it weren't for a email I received from EA's Origin service regarding a change in password. It set off alarm's in my head as I was aware of the hacking going on from some threads on NeoGaf. I quickly glanced over things and changed account passwords. The damage however was done. I went to check my gamertag on my Xbox.com and noticed someone had played Fifa 12 and The Darkness. They even were able to get me a few achievements for Fifa 12. I then proceeded to billing.microsoft.com which showed the real damage.

They left me with only 20 microsoft points! To top it off they were able to use a credit card I had used for Games For Window's Live 5 cent sale of Age of Empires 3 to purchase 6000 Microsoft Points. I have never used that card on anything for my Xbox. And I now wonder when was it acceptable for Microsoft to use that information towards the purchase of said points. I know it is associated with the Window's Live ID to some extent but even after I recovered my gamertag that card is not one that can be used on the Xbox. It does however show up online under: "Currently used for: None"

Unlike others who've had similar issues when I go to check out what's been purchased with the 6000 points it show's nothing. As well why is it whoever is doing this would try and log in to and reset my Origin password? This is most troubling as each site had a different password that was unlike the other's in many ways. As someone who used to work for a large tech company here in the bay area I understand the importance of a strong password. I go so far as to change mine on a 3 month cycle especially if it's a place that contains my personal credit card information. I just recently changed my EA password back on September 30th. And my Window's Live ID I had just recently changed its password in August.

A side note my Origin account does not have a credit card attached to it. So why was it being accessed? I for one will be talking with EA in the morning before I talk to Microsoft. If it was truly social engineering there then would have to be a record of someone contacting support and my account being brought up. But if it's something more sinister that's at work here (server exploits) I have a feeling EA would not want to release that information for fear of bad PR. I'm glad I opted out of their EULA as it might provide useful if I don't get the answer's we're all seeking.

@Procyon27 said:

@Huey2k2: Maybe GB should cover all games not just the ones they choose to cover.

That being said....I know 99% of this site does not care about sports games.

There are only 6 guys on the site, they cant possible cover every game. thats the point of GB they give great games loads of coverage, rather than covering every single shitheap that comes out a little bit.

@CptChiken: To be fair....they have done a lot of quick looks and reviews on some really awful games. Spending just a few minutes on the best sports game on the market couldn't hurt them.

....but this site is more about traditional games not sports games. I have other resources to get info on FIFA....just wish it got some play here that is all.

A friend and I played Gears 3 together on the same system the Thursday after it came out. The next day, $60 in XBL points were added to my account with my credit card and 4 days later $200 was added to my friend's.

Could it be that EA profiles are easily compromised and many people use that same exact email and password combination for Xbox Live? I would be interested to know how many of the compromised Live account holders also have EA profiles. I know you can hardly play an EA game without a profile on their site and it wouldn't have to be for FIFA. FIFA just seems to be where most of the thieves are spending the money. Oddly, you would think EA could trace what account these FUT cards are being traded to after they are purchased on the hacked account.

@betsy18: Yeah I'm sure that's completely legit.

I removed all my payment options from XBL just in case. I'll use prepaid cards until they figure something out and give us a better answer than "it's coincidental". It's not an Xbox Live or a FIFA issue, but hundreds of people are having their Xbox Live accounts compromised and used to specifically purchase FIFA DLC? I don't buy it.

Interesting. I had my XBL account hacked prior to FIFA's release and I don't think it was social engineering since I've never spoken to anyone about my account or password. I hadn't even turned on my Xbox for months. What's really funny is that after all the bruhaha over Sony's system getting hacked, it was my Microsoft account which was violated.

This is why I never link my credit card information. I just load my accounts with moneys when I am planning on using it.

@Bzchan: Thats exactly what happened to me, my EA origins email address was changed, I got no alert from EA like most websites do when you try to change your log in information "if you really sent this request click here to confirm" Nothing like that, just its been changed, and then BAM my xbox live account hijacked. EA needs to take responsibility for this its clearly them to blame.

@Lnin0: I wish that was the case but it happened to me and all my passwords for each site are different, it doesn't make sense. Someone had to have gotten ahold of a database and went to town.

My Xbox Live account was hacked today. They spent 75 dollars and then tried to spend 50 more, but my credit card company put a hold on the account and contacted me. I got the charges refunded from my credit card, but Microsoft told me I would not have access to my account for approximately 25 business days.

This means that I can't play Forza 4 unless I start over and all of the games I preordered will just be sitting there waiting. I understand this kind of thing happens sometime, but I feel like I am being punished for someone else breaking the law. I definitely won't be putting my credit card information on my account anymore.