I thought I'd reply to this thread as the very same has happened to me just last night and I'm livid about it.
Firstly, it's most definitely not a phishing hack, I can say that categorically. How can I be so sure? Well...
I got 2 emails last night from MS thanking me for my 2 purchases of 5000 points (a total of £90). I've got used my account for months so I log on to find I need to do a password and a gamertag recovery. In my account I have circa 6200 MS points (I had previously had 890 left). While logged on, I'm booted and need to do a password and gamertag recovery again.
This time, fearing phishing, keylogging or a CCTV camera trained on my keyboard, I reset my password using the on-screen keyboard on my PC and change the method of password recovery to require a code sent via SMS to my phone. As soon as I recover my gamertag to my console for a second time, I then changed the password AGAIN via the XBox. Assuming my account to be secure, I go to bed planning to call Microsoft in the morning.
I awake to day to find my Password and Gamertag need to be recovered AGAIN! I get into my account to find a lonely 10 MS points, a bunch of Fifa 12 content (again, I don't own any Fifa game) and 2 new achievements for Fifa 12. Big effing whoop.
My account is now locked and under investigation. My bank will allow me to dispute the charges when they show up on my account (as the purchases were on a Sunday night, it'll take 2 to 3 days). But it's the blasé attitude of Microsoft who when I started to get irate about being £90 out of pocket until they sort their investigation out and pointing out I'd done everything I could to protect my account details, the supervisor got defensive and told me "Excuse me sir, but our servers have not been hacked!". I pointed out that I had never once said that they had been, but there was quite obviously a widely known exploit being used in order to hijack people accounts and steal money from their bank accounts in order to gain some uber-rare digital P.O.S.
So, now I wait for them to complete their investigation and I'll see what I can do after that. After all, what's to say that as soon as they hand me my account back, the very same thing won't happen again immediately?
P*ssed off with Microsoft & EA, quite frankly.
Log in to comment