“Your report of unauthorized access to your Xbox LIVE account has been received by our fraud investigations team.”
That’s the line that begins the process of recovering your Xbox Live account. 25 days is the average time it’s taking for users who wake up to compromised Xbox Live accounts to have them returned, based on the users I’ve been talking to.
Sometimes the fix is shorter, perhaps a turnaround of 10 days, and sometimes it’s far longer, as has been the case for player James DeKay, who has been waiting more than 90 days to access to his account.
“My account was jacked on September 3rd,” said DeKay to me recently. “I heard several different numbers from different customer service reps. 21 days. 21 business days. 25 days. 27 days. They still have not fixed my account and will not give me an ETA. It's been [over] 90 days and no end in sight.”
The consequence of being a popular device is becoming a target for the Internet’s worst, including leveraging social engineering tricks used so that customer service representatives will unlock accounts. It’s not an issue exclusive to Xbox 360, but many game players are social creatures, and this exposes them to Internet jerks looking for victims.
The platform's been hit with ugly FIFA 12 phishing scams lately, in which users find their accounts used to purchase cards for Electronic Arts’ FIFA Ultimate Team service. When I talked to both EA and Microsoft about the problem in October, neither company said the other was at fault.
“With the popularity of FIFA globally, and the sheer number of players playing the game online, FIFA is an obvious target for phishers and frauds,” said an EA representative to me at the time. “This is why we try to educate FIFA players to take measures to keep their accounts safe.”
Those measures are outlined on EA’s message boards, but users have told me it’s still happening.
Granted, when asking Xbox 360 owners to share stories about customer support, you’re more likely to hear from someone with a bad experience than the opposite. I asked Microsoft about how it’s approaching customer service during the holiday season, one in which Microsoft recently sold more than 1.7 million Xbox 360s during the month of November, and didn’t hear back.
Specifically, I asked them the following questions:
- When a user believes their account has been compromised, what is the first course of action they should take?
- What is the average wait time between an account being "investigated" and it being available to use again?
- I've received conflicting reports where customer service can make their "investigated" account usable offline by making it Silver, which would allow them to keep playing offline games, ala Skyrim. What is the standard policy?
- The average "wait" time I've heard is 25 days. If that period passes, what action should a customer take?
- Is Microsoft experiencing a larger-than-average influx of accounts that need to be "investigated"?
Microsoft did not even issue a “no comment.”
The stories I hear suggest the customer service representatives for Xbox Live are nice, helpful, and seem to be trying their best, but have their hands tied and often cannot offer users much in the way of helpful advice. Customer service does not actually investigate accounts, and all customer service can do is flag the account again and ask the customer to call back.
“My account was hacked about two weeks ago thanks to the whole FIFA debacle,” said Xbox 360 owner Anthony Matarese. “I was told by the MS rep my only option was to suspend my account for at least 25 days and open a new ‘temp to use’ account if I wanted to ‘satisfy my gaming fix.’”
This is the most common response by customer service, according to the users I’ve spoken to. When you ask Microsoft to investigate your account, the gamertag is disconnected from the consoles it’s registered at, and the account is put on lock down. This means you cannot log into that profile until the investigation team gives the thumbs up, which also means you cannot access downloaded games or saved games. Not being able to jump in and play online-only Battlefield 3 is one thing, it’s quite another to be told your 100-hour journey into The Elder Scrolls V: Skyrim is suddenly on-hold due to bad luck.
Before the account is fixed, users are typically offered a free month of Xbox Live, which can either be applied to a brand-new account or saved until the compromised account is recovered. Randall Bennit was one such user.
“I'm hesitant to start the stack of games I bought for my Xbox on my wife’s account in case I get my account back,” said Bennett, whose account was affected way back on August 13, and has since filed a complaint to the Better Business Bureau. “Skyrim and Gears of War 3 will just be collecting dust in the meantime.”
One user told me customer service promised to temporarily convert his account to Silver, giving him access to his precious saves, but it never happened, and no one else was able to relay a similar tale.
Greg Dobson, for example, hasn’t been able to use Xbox Live since October 16, after discovering someone had used his account to buy $70 worth of FIFA 12 Ultimate Team Cards. He called Microsoft the day after, and was told his account wold be “locked down” for 25 days. Nothing has changed, so he called Microsoft yesterday, and was told by a representative that his account would be flagged for review again, and to check back in 10 business days if his account remains unchanged.
“He said I should keep an eye on my account,” said Dobson, “and if I don't see the money in 10 business days call back and have someone resubmit my claim, and then wait another 10 business days to see if the money gets deposited. So now it seems like I'm in some vicious cycle of incompetence. I don't think my next phone call to 1-800-4-MY-XBOX is going to be a pleasant one.”
One user passed along the final email they received from Microsoft, and allowed me to share it with you. The email details the many steps a user must take in order to find yourself back on the right path.
“We have completed our investigation of the unauthorized access to your Xbox LIVE account,” reads the standardized email. “As part of our investigation, we took temporary control of your Xbox LIVE account and the associated Windows Live ID. This was done to protect your account until you could take back control of it. Use the following steps to take control of your Xbox LIVE account.”
Read the email below:
You can’t do much to protect yourself from social engineering, but if you think your standard Internet password was compromised in one of the many leaks over the past few years, you might want to get on that really soon.
One avenue that some users have had success with, however, is the @XboxSupport account on Twitter, which is known for being extremely fast to respond. Some users reported finding themselves suddenly bumped up in waiting queues.
The best advice from those already affected is to remain persistent. If your account becomes compromised, get in touch with Microsoft immediately, and continue to ask them about its status when the estimated time customer service provided arrives.
It’s the holidays, which means even Xbox 360s are being sold every day, and more and more of them will hop online over the next few weeks, as gifts are unwrapped and plugged into a nearby TV. Make sure you’re keeping a close eye on your account.