So at around 5pm on Thursday I was just home from work, winding my daughter down from her day at childcare when I receive an email notification on my phone.  It was from EA Sports saying welcome to FIFA 11 Ultimate team.  I just thought 'whatever, they must be advertising since I have an EA account'.  Understand that I don't own FIFA 11, but I do have other EA games like NHL 11, Dead Space, etc. 
 
I didn't think much of the email until I went to play some NBA2k11 later that night.  The generic background popped up on the 360 and said that my account was invalid and I needed to recover my gamertag if I wanted to use it.  So I'm getting worried, especially since one of my friends had his account broken into and all of his info, points, and his gamertag were changed earlier in the week. 
 
As I wait for my GT to be recovered I log onto Xbox Live website.  My log in still worked, but I see I have only 20 MS Points.  I had about 1900 or so, which isn't a ton, but they were used by someone else regardless.  I check my purchase/download history and it shows that there were three purchases.  GOLD PACK, PREMIUM GOLD PACK, and GOLD PLAYERS PREMIUM.  Ahhh, now the email makes sense.  I have played with Hockey Ultimate Team in NHL11 so I now understood what these purchases were for. 
 
So it appears that someone got my login/pass for my live account.  Recovered to their console, played FIFA11(because it shows up on my played games), then purchased the three card packs.  I can only guess that they traded the cards to another account, or only the ones that are rare.  I bet if I put FIFA11 in I could see the remaining non-rare cards they left behind. 
 
On to my question,  has anyone had anything like this happen recently?  I just thought it was strange that a friend of mine and myself both had this happen recently.  The good part for me is that they didn't change my tag or password( which I have changed), but my buddy wasn't so lucky.

Scary.

go get FIFA now

No I personally have never had something like this happen to me. But if you give Microsoft a call, they might be able to help you out in recovering your points.

Not at all the main topic of this thread, but ultimate team in fifa is messed up.  You have to keep getting bronze and silver packs to keep enough contracts/players to have a full roster for the games and can never get higher then that unless you are extremely good at the game or pay with real points =(
 
Sucks to hear about the hacking though, if you have anything else that uses the same password I would suggest you change it immediately.

Yep, same thing happened to me except I happened to have my credit card info active and they spent over $100 on points and cards. Ugh.

Happened to me on iTunes

To follow up: 
 
After calling the Support group back and giving them my two console ids and serials they were able to return my Live points.  I was still unable to connect correctly though, it gave me an error regarding billing.  I  emailed the support group and told them I still had limited access, they emailed back apologizing for not removing the suspension.  Now everything works correctly. 
 
Timeline from my ticket to resolution was about two weeks.

This has just happened to me, i had 2000+ MS points and someone spent it all on gold premium packs for Fifa 11. Im wondering, can Microsoft track these people or not? Such as see where the points were sent? I wanna get these people banned for life. I cant believe they would just take someone elses account like that. Makes me sick.

@l33thashbighsquad said:

This has just happened to me, i had 2000+ MS points and someone spent it all on gold premium packs for Fifa 11. Im wondering, can Microsoft track these people or not? Such as see where the points were sent? I wanna get these people banned for life. I cant believe they would just take someone elses account like that. Makes me sick.

@jhsauls said:

To follow up: After calling the Support group back and giving them my two console ids and serials they were able to return my Live points. I was still unable to connect correctly though, it gave me an error regarding billing. I emailed the support group and told them I still had limited access, they emailed back apologizing for not removing the suspension. Now everything works correctly. Timeline from my ticket to resolution was about two weeks.

You probably need to figure out if you got phished or if some one close to you is stealing your info. It's like what they say about home burglaries and rape. something like 80% of the time it is some one close to you that does it.

thats pretty rough, its goos that they got it sorted for you, i have known people that struggled in the early days to get accounts back and gave up in the end, deciding to get a new gamertag than go through the hassle

happened to me last week . $110 worth of xbox live points spent on "in-game consumables" in FIFA 2011. Contacted EA also since my password was changed also. The rep told me its a problem with the game, there is some way that someone can trick xbox and EA into gaining access to your accounts. I was told they have been trying to fix the problem for months, but it wont be a problem with FIFA 2012.  I'm still waiting a resolution.
 
I find it very concerning that someone can create a product I don't use that puts my account at risk.

This happened to me today! 10,000 microsoft points were purchased and another 6,000 got denied.  I changed my password to a multi-symbolic word with numbers right away.  i contacted xbox support and explained to them the problem and i got in touch with a specialist.  After 20 million questions  she said my claim was going to be overlooked by a team and should receive a response in 10-25 days >.>...  She said my account was going to be locked but so far it hasn't (wooo). On xbox dot com i have the gold and silver premium pack and gold players pack downloaded all together.  Damn companies make so much money from us and they don't do shit about the problems that happen seeing that this is about a month and a half after the initial one on this site reported.

Wow, that totally happened to me a little while ago. They were even playing FIFA 11, too!

I think the take-away is that people who play FIFA 11 are bad people.

My brother had my CC on his console so I could buy him a game.

Well just recently he told me that someone had been able to access his account and buy a bunch of Fifa Card packs, then transfer them.

The transactions were for like 80$ in total; but were quickly reversed (unknown reasons). It was really weird how it all went down; Xbox Support did an investigation, not like they told us anything, but as far as I know some guy got away with getting some free cards...

The only thing I could think of; was to do that license thing where you get all the prior purchases from a consoleID to be flagged as re-downloadable; then I think that the "hacker" would be S-O-L on his cards, but that's just a guess.

@eatkill said:

The rep told me its a problem with the game ... it wont be a problem with FIFA 2012.

The rep told you wrong then, as the same just happened to me with someone using FIFA 2012... £50 GBP worth of points purchased using my card, then those along with another 3000 odd MSP's used to purchase "PREMIUM GOLD PACK"s.

MS have been emailed, now we shall see whether they actually do anything about it...

Did you follow any links in that email? Sounds like plain old phishing to me.

I thought I'd reply to this thread as the very same has happened to me just last night and I'm livid about it.

Firstly, it's most definitely not a phishing hack, I can say that categorically. How can I be so sure? Well...

I got 2 emails last night from MS thanking me for my 2 purchases of 5000 points (a total of £90). I've got used my account for months so I log on to find I need to do a password and a gamertag recovery. In my account I have circa 6200 MS points (I had previously had 890 left). While logged on, I'm booted and need to do a password and gamertag recovery again.

This time, fearing phishing, keylogging or a CCTV camera trained on my keyboard, I reset my password using the on-screen keyboard on my PC and change the method of password recovery to require a code sent via SMS to my phone. As soon as I recover my gamertag to my console for a second time, I then changed the password AGAIN via the XBox. Assuming my account to be secure, I go to bed planning to call Microsoft in the morning.

I awake to day to find my Password and Gamertag need to be recovered AGAIN! I get into my account to find a lonely 10 MS points, a bunch of Fifa 12 content (again, I don't own any Fifa game) and 2 new achievements for Fifa 12. Big effing whoop.

My account is now locked and under investigation. My bank will allow me to dispute the charges when they show up on my account (as the purchases were on a Sunday night, it'll take 2 to 3 days). But it's the blasé attitude of Microsoft who when I started to get irate about being £90 out of pocket until they sort their investigation out and pointing out I'd done everything I could to protect my account details, the supervisor got defensive and told me "Excuse me sir, but our servers have not been hacked!". I pointed out that I had never once said that they had been, but there was quite obviously a widely known exploit being used in order to hijack people accounts and steal money from their bank accounts in order to gain some uber-rare digital P.O.S.

So, now I wait for them to complete their investigation and I'll see what I can do after that. After all, what's to say that as soon as they hand me my account back, the very same thing won't happen again immediately?

P*ssed off with Microsoft & EA, quite frankly.

Same just happened to me.

Account has been 'recovered' to someone elses machine and had 5000 then 500 MS points bought on my credit card. All points including the 120 I had already on my account gone ...all spent on FIFA 12 content.

Not only that but my account now has 35 Fifa 12 achievement points on it !!! Never played the same in my life - hate football. I'm UK based so I'm going to have to wait until 9am tomorrow to get MS to look into this, but am on the phone to credit card company right now trying to get card cancelled.

I'd love to see Giant Bomb run with this... Suggestion is it seems to be a known issue whereby some kind of flaw between EA and MS Servers is causing some kind of security flaw ?

More info here from other people effected :-

http://thegooster.wordpress.com/2011/09/28/xbox-live-users-hacked-victims-in-the-name-of-eas-fifa-dlc/

Just happened to me as well. They bought 5000 points and spent that plus my existing balance on Fifa 12 player packs, a bit of searching shows a worrying number of these incidents and Fifa is often where the stolen points seem to have been spent.

I also now have two Fifa 12 achievements on my account which is interesting given that I dont own it.

Have changed the login, notified my bank and I'll chase up MS in the morning. I just really want to know how they did it, I only use that

password on the 360 and Ive never had any game account or anything like that 'hacked', never fall for phshing scams or any of thhat crap.

I had the same experience on the 8th of Oct. There is some kind of exploit being used against MS or EA to gain access to this information. MS Support is of little help, they will not even acknowledge there is an issue and make it seem as if I was asking for it. Just FYI for those looking to get this resolved MS locks down your Windows Live account for approximately 25 days while they perform an investigation.

Has this reached the status of 'boondoggle' yet?

I've seen this exact complaint on a number of forums in the past few months. It's always FIFA stuff and the point purchase is just under $70 because supposedly anything above that triggers some sort of automatic investigation. It may be something as simple as if > $70 spent check if GT recently recovered and if it's on a machine far away from normal get a human involved. There's obviously a major problem here and I haven't heard anything official about it. The fact that it's been going on for months is the most worrying thing.

I don't have a credit card associated with my account for two reasons. This one and because I've heard some bad stories about autorenewal kicking in for gold subscriptions when it shouldn't. Yes, there are occasionally some good deals on Gold time through the dashboard, but Amazon is happy to sell you codes delivered by email and points go on sale at retailers, so it's pretty easy to not keep a credit card stored on your account.

If there are 3 things in this world I'm not very fond of, it's football, EA, and hackers. Hope you guys find justice.

They got me too a week ago. Four charges totaling 20000 ms points... Called microsoft but still don't have my account back.

This also happened to me at the start of the month. Woke up to have Emails with Confirmation of purchase of 6000 and 4000. They suspended my account for at least 25 days thank god I got my money back though. Upside is I have 3 new achievements in fifa 12.

@Rem: More importantly, have you got your money back yet?

I disputed it with my bank and they've refunded the money back into my account the same day (and any charges that may have been incurred) but they will only do this IF I cancel my debit card (seems stupid as my card detail weren't compromised but hey, better safe than sorry) and have a new one sent out which will take up to a week. OK I can go to a bank and get cash over the counter but it's amazing how reliant I now realise I am on having a bit of plastic in my wallet!

I've been stupid and thought microsoft would actually do something about it in a timely fashion. Haven't heard back from them at all so I have to go dispute the charges with my bank.

Looks like this happened with Fifa 2011 and is happening again with Fifa 2012. If there is a security hole associated with the Fifa games it seems to have not been closed.

Patrick just tweeted the following:

If you or someone you know had their Xbox Live account compromised recently, please email me with details: patrick@giantbomb.com

I don't want to jinx myself O_O

@jhsauls:

This happened to me on Oct. 1st and I didn't find out until today when I was going to boot up Forza 4 or Gears of War 3 for a bit. Fortunately for me the CC I had on my account was expired. So only my points were spent on what I assume was Fifa '12. I found this thread by Google searching, go figure. But the most I have read about this hack was on this blog:

http://thegooster.wordpress.com/2011/09/28/xbox-live-users-hacked-victims-in-the-name-of-eas-fifa-dlc/

I was able to recover the account myself and change my password. So I'll have to call MS support to get my points refunded still and hopefully I can avoid the 25 day lock that MS support puts on hacked accounts for "investigation".

@k4el said:

Looks like this happened with Fifa 2011 and is happening again with Fifa 2012. If there is a security hole associated with the Fifa games it seems to have not been closed.

Straight ridiculous.

@speedjack said:

"...I'd love to see Giant Bomb run with this... Suggestion is it seems to be a known issue whereby some kind of flaw between EA and MS Servers is causing some kind of security flaw ?..."

@louiedog said:

Patrick just tweeted the following:

If you or someone you know had their Xbox Live account compromised recently, please email me with details: patrick@giantbomb.com

After seeing the large amount of people affected via recent tweets and forum posts by this hack when researching it (where the account is compromised and the hacker plays Fifa). I was not pleased to see there is no company messaging about whats going on from either MS or EA. After sharing my story this morning to co-workers, one co-worker decided to log in to live to double check her account because she had not logged in for a couple of weeks. She immediately found that she had been hacked, points spent, and the last game played was Fifa '12. That's when I knew people needed to be made aware.

So I emailed Patrick earlier this afternoon that there might be a story here, if not -- people at least need to know about it. The trend of Fifa in all this cannot be ignored. Was stoked to see his reply and tweet for more info after my mail. Seriously folks, send him what you know! Don't leave it up to EA & MS to take action first, they obviously are oblivious to the trend or don't give a shit.

What interesting to me is the fact that the Ultimate Team card packs purchases, are connected to your gamertag + console (and probably also your EA Account). You have to be logged in, in order to use them so i don't really understand what are these hackers gaining by buying them. Unless there is some really weird hack...anyways, thanks for the heads up. Just deleted my credit card info from my account.

I was just reading up on this stuff and apparently if you type into Google Fifa 12 6K and which console (360 or PS3) there are people selling access to accounts for both consoles. They are selling the accounts on DHgate or Trade Tang (Chinese Wholesale sites) for like $10 from what I read on message board posts.

What the hell is going on? I heard about this from Jeff's latest Jar Time video.

Eurogamer is reporting it may be something with EA Servers that leave the 360 gamertag vulnerable.

http://www.eurogamer.net/articles/2011-10-14-xbl-accounts-hacked-to-buy-fifa-packs

This has been happening a lot on Xbox Live with little publicity for some reason. My story is in the replies for this thread: Who's had their Xbox LIVE account hacked?

I'm surprised that the gaming media isn't covering this criminal activity more since I hear more and more people are being affected by these thefts. I sent Patrick the details of my experience today.

I wonder if this has anything to do with EA being hacked this past summer.

Holy shit, this is freaky. So if you have an EA account connected to an Xbox, your at risk?

It looks like the games media is finally starting to pick up on this, after several months.

Good job, GAMES JOURNALISM.

Official Microsoft Statement from Eurogamer

Microsoft has told Eurogamer that it's aware of a few incidents of "unauthorised access" and is working with the relevant individuals to remedy the situation.

However, the spokesperson insisted there is no evidence of a wider Xbox Live security issue. Here is its statement in full:

"We do not have any evidence the Xbox Live service has been compromised. We take the security of our service seriously and work on an ongoing basis to improve it against evolving threats.

"However, a limited number of members have contacted us regarding unauthorised access to their accounts by outside individuals. We are working with our impacted members directly to resolve any unauthorised changes to their accounts.

"As always, we highly recommend our members follow the Xbox LIVE Account Security guidance provided at www.xbox.com/security to protect your account."

@Darkstar_KoP said:

http://www.joystiq.com/2011/10/14/fifa-loving-hackers-accessing-users-xbox-live-accounts-to-buy-d/ Shits about to hit the fan folks

I'd say it already has.

Given i personally know 3 people who had their accounts hacked and funds taken with fifa 11 months and months ago, and that they contacted microsoft and spent a long time getting their money back - accounts unsuspended etc.

Im gonna go ahead and call microsofts 'we've no evidence our service has been comrpomised' line as bullshit.

Absolute criminal that this is a known issue costing people money that is just being shelved.

My brother got hacked about a month ago as well, and got charged for about $200 worth of MS points purchases. Luckily, it was through paypal, so within about a week he got back the money, and another couple of weeks later he got his account back with I think 800 points for a name change. Didn't seem to be fifa related though, as the person who was controlling the account just played some Battlefield 2 and Split Second.

I have fifa 11 on my games list but luckily for me I do not have a card associated with my account....I use paypal (thank god) and I had no microsoft points so they got sweet f a from me.

Microsoft need to get their house in order over 2 things at the very least for me:

1: Stored credit card usage - I'd like to see some further requirement such as the 3 digits off your signature strip being entered each time you want to purchase DLC.

2: Gamertag recovery - If I can set my account to require a SMS text message to my phone before a password can be recovered, it's not beyond the wit of man to use a similar (if not exactly the same) mechanism to recover your gamertag to a console I've never used before.

Would anyone find either of those 2 additional security steps to be a burden in order to secure their account a little further?

@Sugarfix said:

Microsoft need to get their house in order over 2 things at the very least for me:

1: Stored credit card usage - I'd like to see some further requirement such as the 3 digits off your signature strip being entered each time you want to purchase DLC.

2: Gamertag recovery - If I can set my account to require a SMS text message to my phone before a password can be recovered, it's not beyond the wit of man to use a similar (if not exactly the same) mechanism to recover your gamertag to a console I've never used before.

Would anyone find either of those 2 additional security steps to be a burden in order to secure their account a little further?

You hit the nail on the head buddy, its such a small change that will remove ALL these card fraud problems, whenever i order something online i have to add my security digits so why not do it for games websites (i dontg think steam has it either)

i was hacked the other day, at work, my friend texts me asking what i'm doing playing fifa 12, bank tells me £51 pounds has been spent, cards canceled i used windows live text message to reset my passwords and i had an email thanking me for my purchase for 6000 ms points, all of which went on trading cards for some sad sad little man, accounts been locked for 25 days but thats fine i just unplugged my xbox from the net and playing offline, what realy hurt was an email i got from esaying they hope i'v been enjoying fifa 12, would i like to tweet about it....salt in the wounds man

http://www.youtube.com/watch?v=0W-02OgFCCw here's one of many youtube videos that claims you can just email EA a code and they will send you someone password