25 days is if you're lucky, some people can't get close to that even if they report to the BBB.

 
And this is not end users being hacked or social engineered. It's something with Microsoft, and Microsoft only. Hacked boxes is a possibility. Where's the rage from the media from the PSN is down days? An infinite amount of people have lost money from this than the PSN credit card data theft, because MS stores the CVC code and everything on file, and no end users lost their money out of the PSN data theft.
 
Wonder where the money from these FIFA point sales are going? Meth, and financing terrorism.

@cmblasko said:

Ridiculous. I am letting my Live account run out and I am done with XBox after this console generation is finished. Owning an XBox 360 has been the most arduous electronic-device-related experiences I have faced.

@patrickklepek I think you should amend the article to note that you can, in fact, play single-player games on your account even when it is not able to connect to Live.

Not when it gets locked down for investigation.

Somehow someone got control of my account and spent all of my saved MS points on FIFA crap two months ago. Luckily they didn't buy any more with my saved credit card info. I called it in and was given the standard line. Two months and I heard absolutely nothing. Last week I called MS to see what was up. They told me that they didn't have my contract info. Really? It was all right there in my profile. They said I would have to start the process over and I told them to unlock my account and keep my money. Seriously, with the two months wasted and another month added on for a new investigation isn't worth getting back my stolen $20.

As a reply to the above posts my account was locked for two months and I was able to play single player games. It blocked me out from buying any points or additional store content, however.

@patrickklepek: My comments were meant to do nothing more then point out your inconsistent rage over end user issues when it comes to their personal loss with this situation. If you are going to call yourself a journalist then all i ask is that you act like one, clearly a large number of people are being affected and there seems to be the potential for even more people to be affected by microsofts security issues and their service or lack of to correct these issues. You have shown in the past to have no problem sitting in forums for EA's customer support issues, tearing down Sony for their outage issues but you settled for not even getting a response back from microsoft when you contacted them and stated as much in your story.

So i ask you please don't speak to me like a child that is looking to cause trouble, as you did, i never used the words basis or conspiracy i asked questions nothing more, which you never answered.

I guess thats what you get for playing a game about soccer, maybe these people will learn from their mistakes.

They have a thing on the Live account page where you can put in your phone number and have it send a text when someone tries to access your account.

They have a thing on your console where you can set a button combo password before being able to sign into your account from that console.

They have a thing on xbox.com where you can require your Live password to sign in on any console that has not yet been verified with your Live password.

All of these things do absolutely nothing to protect against account hijacks. There is an obvious solution which Microsoft has all the pieces in place for, but for some reason has chosen to ignore, instead prioritizing the above.

And EA appears uninterested in redesigning their Ultimate Team stuff to make it less appealing to criminals. Which might be the entire reason why we're seeing this increase in account hijacks.

I thought waiting three days for a Steam account to be restored was terrible. 25 days? And Sony got how much amount of flak for the PSN outage? Seems like MS is more about keeping it hush hush. I no longer have an Xbox LIVE account that has active Gold (ditched the system during the RROD era, still do not understand why people bought multiple consoles during that time...), but wonder how that would apply to a cross platform account, more so since it's the same as my Zune account!

If I couldn't get access to my Zune pass because someone messed up the Xbox account, man, I'd be irate! It's one of the reasons I still carry a Zune daily.

This sounds like a terrible mess.

I love Giantbomb, REAL video gaming news, not just news on video games.

Or did they do something about that?

Checking account.live.com and...the site's just really shitty at telling you what specifically anything does.

But one thing I believe was not there before is the option to add a trusted computer, which might be two-step authentication? Sends you a randomly generated code when you enable it to verify your computer. Has to be right?

Either way, there'd still be the big gaping hole of this apparently not extending to consoles and devices.

Requires IE and Security Essentials btw.

I had the FIFA 12 thing happen to me the other month and I lost about 5000 MS points.

They shut off Live which was annoying but I was still able to play Skyrim so I was okay.

The support took a while but i got my XBL up again last week and got all my points back.

Thanks for following up on this, Patrick! There really needs to be more of a fuss made about it, or else MIcrosoft won't do thing about it. It's crazy that they haven't at least temporarily discontinued the FIFA Ultimate Team thing in response. Maybe they're waiting until after the holidays?

I guess thats what you get for playing a game about soccer, maybe these people will learn from their mistakes.

Now this IS worth campaigning for. Good job Patrick.

How strange to see this article today. I literally just got my account back today. Took about 3 weeks, which from what I'm hearing is pretty lucky by most experiences.

@RoivaS3ternal: It's also a bit petty

My account had 6000 MSP purchased out of nowhere in the middle of the night about 3 months ago. Fortunately, I had email notification enabled, so when I woke up, I got the email saying the points had been purchased. I then immediately ran to my computer, was able to log in to my Windows Live account, and changed my password. I then called MS support later that day. They shut down my gamertag's purchasing ability for about a week, but I was still able to log in and play without issue. They also removed the points from my account and refunded my money - fortunately, it had been using an older debit card that I don't use much any more, and they cleaned out the minimal amount I had left in that bank account and the bank bounced the transactions, which is likely why the phisher didn't bother changing my password or buying FIFA cards with the points.

After about a week, MS support called me back, asking me to call back. I did call back, and the agent I got seemed semi-clueless as to what was going on. I told her I was now fully in control of my account, I had changed my password immediately, there had been no further unusual activity, and I had gotten my money back, and I convinced her to unlock my purchasing ability. My account is now fully active, and I haven't seen any further issues.

Now, I will note my XBL account info had been the same info as my PSN account as of the big hacking and I had been too lazy to change it, so I'm guessing that's where they got the info. I think the reason I was able to keep my account active and get it back to full status so quickly was because I changed my password immediately. I recommend people pay attention to the email receipts MS sends out and if you see an unusual one, run, don't walk, to live.com and change your password if you still can. Then you can call MS to report the fraud, but as long as you remain in control of the account, I think things will work out better for you.

This happened to me in October, and it took almost exactly a month to clear up. Someone had accessed my account, which I became aware of when the approximately 1500 Microsoft points I was saving for a rainy day suddenly got spent on Magic: The Gathering card packs and New Vegas expansions (neither of which were games I own.) I DID get 2 free months of Xbox Live for my trouble once the account was reactivated.

One correction to your article; you stated that players whose accounts were comprimised could not log in to their accounts at all to access saves; this is not true. While my account was under investigation I was totally able to sign in, play all my games, and all my saves were there; I just couldn't access any of Xbox Live's features. This made my playthrough of Dark Souls, which I had bought the week my account got snagged, really really boring without the cool online features. Still, I was able to play it, and all my other games, including my XBLA games; I just couldn't do anything that involved being online, like downloading DLC, Netflix, or multiplayer.

Am I wrong to think that an average wait time of 25 days is completely unacceptable? Microsoft has built the 360 around Live, your gamertag, achievements, and friends. These are all core to the experience for the majority of users. Microsoft's answer is to simply create a new gamertag and start all of your games over? That or just not play anything for a month? That is complete garbage. My World of Warcraft account was compromised a while back and it took all of 2 hours for Blizzard to remedy the situation. Why does Microsoft seem so inept in all of it's customer service?

Mine was "under investigation" for four freaking months. I set up the investigation back in August and finally got my account back yesterday :( They gave me a whopping one month of extra compensation. Oo boy. Tried to call and complain but apparently customer support doesn't have any authorization to do anything about it, even the managers. Going to try and find a good place to send an angry letter.

A friend of mine had his acct locked after someone hacked it and bought a bunch of crap. And yep, he was SOL for about a month.

As far as I know, MS NEVER actually got back in touch with him. He just discovered he could log in again after he got Arkham City for PC.

Microsoft has always been amazingly shitty when it comes to accounts being hacked or bullshit bans (which they pretty much just refuse to reverse, regardless of any proof provided). They act like it's no big deal to lose access to an account you're paying through the nose for, an account you've accumulated a number of achievements with over the course of several years sometimes (as with my 7 year old account), and perhaps most importantly an account tied directly to everything from game saves to paid DLC.

Thats really bad.

@sixghost said:

I would have gnawed someone's arm off to have my case resolved in 25 days. It took 4 months. I notified them not even 3 hours after the hacked purchases took place, and then I heard nothing for a month an a half. I called back, and it turns out they misspelled my email address when they sent the recovery email. No Problem, they'll send it again. Waited another month, called back. They misspelled the email address again. I called back in 3 weeks this time, and the MISSPELLED IT AGAIN. Despite slowly pronouncing every single character in the address, giving a reference word for every single letter. It happened 3 times. Finally about 2 weeks ago the email got through, everything was restored, and I still had to fight with them to get the 3 free months of Gold that they promised at the outset of this whole thing. They will never be trusted with my credit card again. Unbelievable. Of course the chargeback on my credit card also took 4 months. Also, I think you might misunderstand what locking an account does. There's no reason you couldn't play Skyrim while the account was locked, I played plenty of single player games on my locked account. You just can't sign on XBL. You can even get patches by launching the game on another account while online.

This similar situation happened to me. My xbox live and itunes accounts were compromised using the password I used on Kotaku before it was hacked. (Similar username on those services too.) I had changed other passwords, but not those two.

In any case, I did get a refund a month after calling and having the fraud situation start, but they misspelled my email as well. (Even though I said it in NATO phonetic.) If xbox live misspells your email and sends the recovery letter to a non-existent email address, you will never know about it until you call them back! Their only option at that point is to restart the whole process which will take another month.

It's really unbelievable that that is their only option, but apparently so, so be careful when you make the call that the email is right!

Also, I was able to play offline with DLC by trying to sign in, failing, clicking on the button to purchase a new subscription, then cancelling out of the dialogue box. Hopefully that helps others too.

My account was hacked last year. I called them and they had it back within 10 days. They also had an annoying customer representative person calling me every day to make sure I didn't have any questions. Seriously they called every day.....but it was kind of a good thing cause it made me think that they were working on the problem. Not sure if that still happens.

My wife's account was hacked >90 days ago. I've called twice for follow-ups and gotten a complete run-around. The money that was stolen has long ago been refunded, and all I'm waiting on is for them to reset the region of her account back to North America and send us a password reset email. This for some reason is taking >60 days at this point.

I say they should give us are own "filter" for games. This happened to me back in September,I was actually online playing dead island at the time. I tried to relog a couple times with no success so I took to the web. I ran to google for an answer all the while trying to log back into live from the Xbox. Came across a yahoo answers post the basically told me "You been hacked called Microsoft". Checked my email and sure enough "POINTS PURCHASED" 10 thousand of the fuckers to boot. I called MS and a guy who sounded like Eric Dellums helped me out. Before the call I recovered my stuff before the bastard could spend them. I was able to catch it quick and end the service call AND get the account locked before the bastard could steal it back. Took me about 3 weeks,just the one call ,and one email to get back on live. I was lucky because BF3 beta was out the that week and I just used a dummy account to play that.

My friend on live had this happen to him and I was hit right after him. I don't use ANY,I stress any social networks and I don't check email nor click any links I don't scan. I was so panicked by this that,I literally went and checked every place I had ever had an account for in the past 6 years and removed myself from it if possible. I reset passwords to and changed everything associated with me. Unlike some people who have been hit I don't use one password for everything. It bugs me and I really think we need a filter to block games like fifa. I WILL NEVER PLAY A SPORTS GAME EVER. So why can't I just block them from being played or points being spent on them. BETTER YET give me a password to set so that no points can be spent or bought from a PC or ANY other device besides MY Xbox. I would even pay MS 1$ more for a service like this if just to cover the development cost of it.

P.S I needed to pull the network cable but I could still play single player games. It just wont save any achievements you unlocked. I just played the battlefield 3 beta while I waited though (under another account).

I wish it was only 25 days...I'm going on almost 40 days since my acct was hacked.

To those who played offline while your accounts were being recovered, did the points you earned for games show up when you got your accounts back? The way it was told to me by the lady I was dealing with from corporate was my account would be reverted to the day it was compromised. So any points the person earned on my account while stolen, would be taken away and put back like it was August 13th, the day my account was compromised. I didn't want to play a bunch of stuff on my account and lose all the points I earned when I DID get my account back. I mean, It's not life or death I keep my points, but if I know I'm going to get my account back soon, I'd rather wait.

She mentioned that it wouldn't be a good idea to play on my account offline. That didn't make sense to me, but I didn't want to screw something up and have to wait longer.

Great write up.

I just got my own account hacked...all my points spent and some money charged. Waiting that "25 days" now...

One of the many reasons why I stopped paying for XBox Live. I barely used the stuff on it anyways, though. If you're a die-hard online gamer, the world hate you right now.

It took me 27 days to get my account back after it was compromised. When I logged back in, I saw FIFA 2012 had been played. At least now I know I wasn't the only one.

Also, MS refused to refund me the $200.00 that was charged to my credit card in MS points. Luckily, my credit card campany was able to help me.

This happened to me too. I had about 160$ in microsoft points added to my account.. and it definitely wasn't me because my 360 has been in its package for the last year or so. I called and Microsoft told me it'd be about a month before I get my money and my gamertag back. A month later and my gamertag can be connected again.. but I won't even bother. Sticking with my PS3. And I should be payed back "soon".

This happened to my girlfriend just a couple months ago, and she ended up having to wait close to two months before her account was finally opened up to her again. She likewise couldn't seem to get a straight answer about how long she'd have to wait.

Also likewise, the asshole who hacked her account bought a shitload of points and spent them on FIFA stuff. She was able to get her money refunded, but the sad part is that Microsoft wiped all of her points that were left when they gave the account back to her, even though she had unspent points that she'd spent her own money on.

My account was jacked on June 30th while I was out of town on business. I got it back the very next day (after I happened to notice illegitimate charges on my bank statement). Apparently the hacker didn't bother to change the password so all I had to do was recover my gamertag. I permanently lost all the MS Points I had on my account and I didn't get a refund for the several hundred dollars of MS Points purchased by the infiltrator for over 2 months while MS investigated the incident.

Another thing that sucks when your Live account gets hacked is when the perpetrator takes the time to delete your entire friends list, change your avatar to something stupid, and edit your bio to mock and insult you, in addition to stealing hundreds of your dollars to buy online games and DLC.

It is good to know I am no the only one having this problem. My account got hacked about a week ago; when the update was released. The hacker spent over a hundred dollars in Microsoft points and spent them in Fifa stuff.

People ask me why I don't sign up for xbox live gold, and ALWAYS keep my profile on my usb stick. Without any credit information, I'm in the position where its almost impossible to scam me.

People need to realize, the digital age isn't quite here yet. Without revamping entire servers and proxys and encryptions, there isn't anything 100 percent safe like it should be. Sony had it happen for some of the stuff they've taken away.

This happened to 2 of my friends. One was offered a "TEMPORARY ACCOUNT" and it took a month for him to get the $150.00 refund a hacker ran up on his account. He would get to keep no achievements and what not. What a hassle. These are innocent people and Microsoft did not do nearly enough to fix this in a timely fashion. Thank you, Patrick, for bringing this to light.

@DeanoXD said:

@patrickklepek: My comments were meant to do nothing more then point out your inconsistent rage over end user issues when it comes to their personal loss with this situation. If you are going to call yourself a journalist then all i ask is that you act like one, clearly a large number of people are being affected and there seems to be the potential for even more people to be affected by microsofts security issues and their service or lack of to correct these issues. You have shown in the past to have no problem sitting in forums for EA's customer support issues, tearing down Sony for their outage issues but you settled for not even getting a response back from microsoft when you contacted them and stated as much in your story.

So i ask you please don't speak to me like a child that is looking to cause trouble, as you did, i never used the words basis or conspiracy i asked questions nothing more, which you never answered.

Microsoft chose to ignore me. My option was to kill the story, or publish, hope Microsoft took notice, and talk to them after the fact. That's exactly what happened, and I'm interviewing Stepto tomorrow.

My friend's account was hacked and had a similar problem. Except instead of 25 days it took microsoft over 2 months to fix the problem and even longer to refund the money.

Ground breaking stuff, Patrick. Truly ground breaking. Why is the Xbox upside down in the stock pic for this?

so what? people are just playing FIFA with you and then figuring out your password? or is this one of those "click here and sign in" things?

@CaLe said:

It happened to me and I'm 100% certain I wasn't fucking 'socially engineered' (god I hate this term). I speak to exactly one person online, I'm not on any social networks, I've never entered my details into funny looking websites to get free microsoft points or whatever. Them saying that I was socially engineered is a damned insult. I'm glad I got my shit back, but I won't accept any responsibility that I somehow got my own account compromised. I also don't use a weak-ass password so that's bullshit too.

I think they mean MS reps get socially engineered not the account holder.

Its times like these that make me feel glad I don't have high speed wireless internet at home with my xbox and that im just limited to offline play...

How does a phishing scam work? How is that bad luck if you are giving your information away? How is not being able to play BF3 any different than not being able to play Skyrim?

Hey remember back when psn was down and there was alot of xbox users who where trolling and saying things like thats what happens when your not using the superior console and what not. well karma's a bitch aint it.

well i hope they fix it soon. and sorry i was an ass.

When my account got phished so someone could "steal" my Halo 3 Recon helmet years ago, I called support and got the runaround, but they confirmed someone had made a call in my name about 10 times in the last two days. So I made a post about it on the popular website I ran (HaloBabies.net for anyone that remembers). This got me a call from Microsoft Executive Relations in about 12 hours. I had to make a new account, or wait 30 days for my old one back. No prob. Then they gave me access the phishers account. This was on top of giving massive amounts of Xbox points to make up for all the content I lost from needing to create a new account to supplement the one that got frozen due to the hack.

I do not say this to brag, but I say this to show that all Microsoft cares about is bad publicity when it comes to this crap. If you can find away to make your issue known loud enough, there's a chance they'll get wind of it. I got hundreds of emails from moms and gamers after the blog post on HaloBabies, and it made me feel terrible about accepting the special treatment.

I wish Microsoft support was focused on a good customer experience more than covering their own ass.

It wasn't the waiting that sucked, it was the $150 that they charged to my credit card. It took an email blast to all the Microsoft executives who's emails I could dig up and then a call from executive customer service to speed up a 2 month process, during which my account was hacked twice.

@Grillbar: Wow. This might be true if this issue was affecting a significant number of people (like how the PSN disaster affected everyone), but it's not. It's only a small percentage of people who have been affected by this issue. Also, phishing isn't isolated to the Xbox; it occurs on other services (i.e. PSN) too.