Tales of a FIFA Hack: Day 3 (aka The Stunning Conclusion)

Posted by Asmo917 (406 posts) -

At 1:30 pm Eastern, I almost flipped my lid again. I got an e-mail at my Gmail account that a password reset had been requested for my Windows Live ID. "Those Sons of Bitches!" I thought (and probably said out loud) as I sprung into action. I wasn't going to let these nefarious, probably foreign (because I'm casually racist) hackers get my account again. And with Microsoft on the case, no less! The indignity of it was too much.

As I was furiously trying to write down the bizarre, super-strong password I'd chosen for my Windows Live ID, I got another e-mail, this time from Xbox Customer Support. It was informing me the investigation was over, they had temporarily taken control of my account, and I would soon be seeing (HA!) an e-mail instructing me to reset my Windows Live ID password. Microsoft has identified fraudulent charges and refunded the price of the $1600 MS points, plus restored 2500+ points I had on my account. I knew the hackers had gotten some points, because I have the terrible habit of buying 6000 at a time and just leaving them there for impulse purchases. Or rather, I HAD that habit, before this. I got a code for a one month free extension of Gold and the offer of 800 MS Points to reset my Gamertag if it had been compromised. Luckily, it hadn't.

While I had visions of this being a drawn out nightmare, it really couldn't have gone more smoothly. A friend of mine did get his account hacked yesterday, and I hope the hackers didn't grab his GT off my friend's list. I'd feel bad if that were the case. I think it's been said that the unexamined life isn't worth living, so I asked myself if I learned anything that I could pass on. I think I did:

1. Take password security seriously. Use strong passwords and DON'T REPEAT THEM. I know I didn't get phished. I know I didn't get socially engineered out of a password. If I had used a little stronger password and not fell into the trap of using a moderately strong password in multiple locales, maybe I wouldn't have been as easy of a target to hack.

2. I should diversify my gaming habits. The thought of being 360-less this weekend, before a week abroad on business, was frightening. I have a Skyrim character to continue! I have an unwrapped copy of KoA: Reckoning to start! I also have a bitching PC and a stack of PS3 games 2 feet high I've barely touched. I need to get on the stick and clear out this backlog some. I hear Uncharted 2 is AWESOME.

3. Sometimes, the companies you do business with come through. I feel terrible for the people who have spent 30, 60, 90 days or longer without access to their Live accounts. If you're vehemently anti-MIcrosoft or anti-corporation, this won't change your mind, but they did right by me. I'm nobody special to the, just a paying customer, but some companies realize you need customers to turn a profit. I work for a large, multinational company, but it's a means to a paycheck. Ultimately, I want the company to be successful so I'm paid well, and we need customers for that to happen. Even a big company like Microsoft should recognize the need to be customer-focused on issues like this. I hope my experience is closer to the norm than those horror stories, and it's a sign Microsoft is improving in its investigation processes and tightening up the security gaps that made this possible.

And finally, I have a special message for the hackers who did this: I don't know who you are. I don't know what you wantg, exactly, but it appears to have something to do with FIFA and the Ultimate Team. If you are looking for rare cards, I can tell you I don't have them. But what I do have, besides the abiulity to rip off Liam Neeson monologues, is a sick, bizarre need to increase my Gamerscore by a set number of points per year. My goal for this year was 7000, and I just wanted to say thanks for getting me 20 points I would NEVER have otherwise gotten. Since I got my MS points and cash back, I almost feel like I owe you one. Almost. Thanks anyway!

Hack noticed: 10:20 am, Wednesday February 8

Hack Resolved: 1:30 pm Friday, February 10

Total Elapsed time: 51 hours, 10 minutes.

#1 Posted by Asmo917 (406 posts) -

At 1:30 pm Eastern, I almost flipped my lid again. I got an e-mail at my Gmail account that a password reset had been requested for my Windows Live ID. "Those Sons of Bitches!" I thought (and probably said out loud) as I sprung into action. I wasn't going to let these nefarious, probably foreign (because I'm casually racist) hackers get my account again. And with Microsoft on the case, no less! The indignity of it was too much.

As I was furiously trying to write down the bizarre, super-strong password I'd chosen for my Windows Live ID, I got another e-mail, this time from Xbox Customer Support. It was informing me the investigation was over, they had temporarily taken control of my account, and I would soon be seeing (HA!) an e-mail instructing me to reset my Windows Live ID password. Microsoft has identified fraudulent charges and refunded the price of the $1600 MS points, plus restored 2500+ points I had on my account. I knew the hackers had gotten some points, because I have the terrible habit of buying 6000 at a time and just leaving them there for impulse purchases. Or rather, I HAD that habit, before this. I got a code for a one month free extension of Gold and the offer of 800 MS Points to reset my Gamertag if it had been compromised. Luckily, it hadn't.

While I had visions of this being a drawn out nightmare, it really couldn't have gone more smoothly. A friend of mine did get his account hacked yesterday, and I hope the hackers didn't grab his GT off my friend's list. I'd feel bad if that were the case. I think it's been said that the unexamined life isn't worth living, so I asked myself if I learned anything that I could pass on. I think I did:

1. Take password security seriously. Use strong passwords and DON'T REPEAT THEM. I know I didn't get phished. I know I didn't get socially engineered out of a password. If I had used a little stronger password and not fell into the trap of using a moderately strong password in multiple locales, maybe I wouldn't have been as easy of a target to hack.

2. I should diversify my gaming habits. The thought of being 360-less this weekend, before a week abroad on business, was frightening. I have a Skyrim character to continue! I have an unwrapped copy of KoA: Reckoning to start! I also have a bitching PC and a stack of PS3 games 2 feet high I've barely touched. I need to get on the stick and clear out this backlog some. I hear Uncharted 2 is AWESOME.

3. Sometimes, the companies you do business with come through. I feel terrible for the people who have spent 30, 60, 90 days or longer without access to their Live accounts. If you're vehemently anti-MIcrosoft or anti-corporation, this won't change your mind, but they did right by me. I'm nobody special to the, just a paying customer, but some companies realize you need customers to turn a profit. I work for a large, multinational company, but it's a means to a paycheck. Ultimately, I want the company to be successful so I'm paid well, and we need customers for that to happen. Even a big company like Microsoft should recognize the need to be customer-focused on issues like this. I hope my experience is closer to the norm than those horror stories, and it's a sign Microsoft is improving in its investigation processes and tightening up the security gaps that made this possible.

And finally, I have a special message for the hackers who did this: I don't know who you are. I don't know what you wantg, exactly, but it appears to have something to do with FIFA and the Ultimate Team. If you are looking for rare cards, I can tell you I don't have them. But what I do have, besides the abiulity to rip off Liam Neeson monologues, is a sick, bizarre need to increase my Gamerscore by a set number of points per year. My goal for this year was 7000, and I just wanted to say thanks for getting me 20 points I would NEVER have otherwise gotten. Since I got my MS points and cash back, I almost feel like I owe you one. Almost. Thanks anyway!

Hack noticed: 10:20 am, Wednesday February 8

Hack Resolved: 1:30 pm Friday, February 10

Total Elapsed time: 51 hours, 10 minutes.

#2 Posted by big_jon (5723 posts) -

Nice, this hacking shit is getting old I must say, fuckers will be fuckers I guess though...

#3 Posted by Doctorchimp (4074 posts) -

At this fucking point there should be an option in your gamertag security settings saying that you'll never ever buy a FIFA game and the ability to buy ultimate team shit is disabled forever on that account.

This actually seems like a legitimate option.

#4 Posted by Asmo917 (406 posts) -

@Doctorchimp: What's surprising is I actually HAD played around with FIFA Ultimmate Team a little this year. I love NHL and I play Madden, so I decided to try out FIFA this year, and decided I'd see how the ultimate team stuff played there compared to NHL. I played with it for about a week, bought a few packs, and then hadn't touched it since September 27th (thanks to MS again for tracking what and when we play online).

I figured that little bit of experimentation would drag out the investigation a week or so, trying to figure out if I was just a lapsed player going back and not an actual victim of the hack.

But yeah, fuck FIFA from here on out.

#5 Posted by Grimluck343 (1149 posts) -

@Asmo917 said:

1. Take password security seriously. Use strong passwords and DON'T REPEAT THEM. I know I didn't get phished. I know I didn't get socially engineered out of a password. If I had used a little stronger password and not fell into the trap of using a moderately strong password in multiple locales, maybe I wouldn't have been as easy of a target to hack.

This this this a thousand times THIS. All these guys are doing is brute forcing the passwords to accounts.

Glad to hear you got your account back.

#6 Posted by PixieNinja (172 posts) -

Good to see they've turned things around so quickly for you.

It's a shame that this issue has been so widespread - I know of 5 or 6 others who have experienced similar issues, where they've either had points spent or charges on their cards thanks to the FIFA hackers.

I wish Microsoft would tackle this issue head on, rather than just dealing with each incidence of it as it comes along. They're clearly getting issues resolved a lot quicker now compared to when I'd first heard of it's occurence though.

#7 Posted by Suddenly_Susan (5 posts) -

I wish Microsoft support would be as helpful in my case. Im currently entering week 7 of not having access to my account with no way of getting any sort of real information out of Microsoft. Everytime I call i'm told that once the case is with the security teams it's "eyes only" and that I should just wait to get an email from them.

I was fine waiting until TNT and the Gotham City Imposters quick look went up. Also, love DoctorChimp's idea of opting out of fifa titles.

#8 Posted by Asmo917 (406 posts) -

@Suddenly_Susan: Sorry to hear about your situation. I was terrified of the same thing happening to me, but didn't even have time to call Support for an update before they had everything fixed. I know it doesn't mean much, but I feel really terrible for people faced with the same thing.

I like the opt-out idea, too, but I'm also a good example of why it might not work and one reason (of MANY) EA would be hesitant to allow it. I like soccer, but I'm not a huge fan. I watch the World Cup and I try to catch any game broadcast in the States featuring Messi, since I think he's better at playing soccer than anyone else in the world is at doing anything. I am a HUGE NHL fan and I pick up Madden around 2 out of every 3 years. I decided I'd try out the new EA Early Access program since it featured Madden and NHL, and I have more time to game on the weekends than during the week. Since FIFA 12 was part of that package too, I thought this would be the year that I dipped my toe into that pool. I pulled it out pretty quick, but can you see a scenario where EA lets Xbox let players block themselves from that kind of experimentation? Yeah, me either.

I wish I knew the solution, and wish you luck with Support.

This edit will also create new pages on Giant Bomb for:

Beware, you are proposing to add brand new pages to the wiki along with your edits. Make sure this is what you intended. This will likely increase the time it takes for your changes to go live.

Comment and Save

Until you earn 1000 points all your submissions need to be vetted by other Giant Bomb users. This process takes no more than a few hours and we'll send you an email once approved.