So this is my second attempt at writing this. I'll make it quick. I've never been "hacked" or anything before but I was lucky enough to join the party on the 13th. I came online today after being offline for a few days to find that I had been kindly signed in elsewhere playing Fifa 12 for the first time with a fancy new 35G’s to my name. I checked my profile and everything to find nothing had been changed but 2000ish Microsoft points seemed to be the price of that lovely new gamerscore.

At first, I assumed it was someone on my friends list and was set to find out who it was. When signing into my email I checked online for my download history to find I’d dl’d some “PREMIUM GOLD JUMBO” and “GOLD PLAYERS PREMIUM” both links which led me nowhere (thanks Microsoft). Upon checking the steps to take in changing all my profile stuff (knowing my luck I’d get it wrong and lock myself out my account) I found that this whole Fifa and EA thing has happened to more people than just me and that it wasn’t by someone I know.

I said I’d make it quick, maybe not. Anyways, the point of this. Has this or anything related happened to anyone else? If so how did Microsoft handle the situation?I know the account gets suspended for 21 plus days to investigate if the purchases were fraud and then you are repaid less than half of what was taken and a month or so gold for your wait.

Is it worth ringing and having my account cancelled for that long to have that repaid or am I good with just changing everything and ignoring what happened? I don’t have any card details on my account and never have.

This happened to me last October and I reported it. I got my account reinstated in maybe 2/3 weeks so I was lucky. I got my money back in about 2/3 months though and that annoyed me more as I just used one of my free months for new accounts to play online. Also I lost about 570 points which I already had on my account and I never got them back, and as I like Fifa games, the Ultimate team mode is ruined pretty much, but I never really played that mode anyway.

In short, it's definately worth changing your password so they can't get back into your account again and if you want your money back you should call Microsoft and they might tell you to ring your bank as well.

This JUST happened to my Xbox live account.

I contacted customer service on the telephone and they opened an investigation, letting me know it would take up to 3 days to have it resolved - today is the third day and still no sign.

I'm worried, but I'll be sure to post the outcome here to clarify if it was the correct solution or not.

@theodacourt: I went as far as changing the linked email address etc so I'm certain it won't happen again. It was a pre paid code as I've never trusted putting card details in and I'm bloody pleased I didn't. I guess I'll give them a ring and retrieve my rightful 2000MSP.

I'm ready to enter it with a fighting mind if I'm going to do it, I'll do it properly and get back what I deserve. None of this rubbish about being paid back so little. EA are blaming us saying we've clicked phishing emails etc.

@VoshiNova: You could try ringing back and see what's what. I guess I'll give them a ring tomorrow, it's past 6pm now and I can't really remember what time the lines are. How was the customer service to deal with?

Sucks that this is still happening. And still no such account hacks on the PS3 .... MS needs to get their shit together on this.

@WoodenPlatypus: It was actually quite pleasant, I was pretty irritated/nervous, but they were patient and got the investigation logged within 30 minutes.

Be prepared to be asked what the answer to your secret question was, and the last 4 digits of the card on file. I called yesterday to make sure that I wasn't "duped" on the phone by some hacker getting more info. from me (call me paranoid :p) and a second representative told me to wait until the full 3 days are up.

I'll be absolutely sure to post here tomorrow morning (or later tonight) regarding the solution. I think this specific problem is waaaaay more widespread then I originally believed, and this three day wait is because the "investigation team" wants to make sure I'm not crying wolf to get some free points.

Message is getting long, but be sure to check your windows live account online to make sure there aren't any secondary emails associated with it, I had a random hotmail email show up there shortly after, and I removed it online.

@VoshiNova: Thanks, I hope all goes well and I'll be sure to check back. Being a paranoid person myself I already checked and changed it to a brand new email. I didn't have any credit cards or bank details in so I should be ok. I'll give them a ring tomorrow because I really can't be bothered tonight. Thanks for the help again.

@CptBedlam: Microsoft and EA are so far up themselves and even though it's happened a shit ton of times it's still our fault. I just feel for people with their cards in who've been screwed over.

Id reccomend everyone to make a strong password containing letters,numbers and lower and upper case characters. It is very easy for people to brute force hack your account with password cracking programs. Lower /Upper case passwords that are over 8 characters are MUCH harder to crack. Be safe guys! Don't take the chance to get hacked

@Demoskinos: Thanks I did just that earlier. I now need some way to remember what this one is. It's like a cryptic secret of the world.

Anyone knows why these hackers are doing this? They don't seem to be stealing any money. And why is it always Fifa12? I don't get this at all.

@Legend said:

Anyone knows why these hackers are doing this? They don't seem to be stealing any money. And why is it always Fifa12? I don't get this at all.

They're not stealing money but they're making money selling the account. It's always Fifa because of the global popularity of the game combined with the addictive nature of the "Ultimate Fifa Team" that has you buying virtal packs of cards for money.

I know of 4-5 people who have suffered the same experience on Twitter, plus I saw someone blogging here on Giant Bomb about their own experience with it too - pretty sure they had their account investigated and reinstated inside 3 days, so Microsoft are definitely turning this around quickly.

As for why it's happening? Not sure if there's some way to trade or sell players out of this DLC that seems to be getting purchased all the time, it's really odd.

@Legend: It is about money. Not directly mind you but thats why FIFA is always involved. There is a "card collection" game in FIFA and you can trade or buy these cards people are puchasing/earning cards then selling them at a markup. Sometimes the hackers also sell accounts off preloaded with MS Points to people as well.

@Demoskinos said:

Id reccomend everyone to make a strong password containing letters,numbers and lower and upper case characters. It is very easy for people to brute force hack your account with password cracking programs. Lower /Upper case passwords that are over 8 characters are MUCH harder to crack. Be safe guys! Don't take the chance to get hacked

Most of these things don't appear to be brute-forced. Most of it seems to be password resets via your "secret question" thingy. Most people have that question as easily available information. From your gamertag it's likely someone can find your Facebook account, and then they can find pets names, best friends names, the name of your first school etc. All that information is readily available on social networks, and people use all that information as their password reset questions. Even your mothers maiden name probably isn't that hard to find.

@Legend said:

Anyone knows why these hackers are doing this? They don't seem to be stealing any money. And why is it always Fifa12? I don't get this at all.

They're buying in-game FIFA card things, then transfer them to another account and then sell that account. That account will inevitably get banned because it's been involved in a scam, but the scammed will have already sold it and already have the money from it.

Here's a good baseline to have creating a safe account:

• Make strong password including lowercase and uppercase letters, numbers and special characters of a minimum of 8 characters
• Do not use same password on multiple accounts
• Set up a secret question & answer, and let that answer be cryptic (Not a direct answer to the pre-question)
• Optional: Set up a one-use password on your Windows Live ID (Not available in all countries)
• Optional: Add another E-mail, current PC or phone number to your account for an easier verficiation

If you wan't to stay safe try to keep this in mind:

• Change password often
• Try not to share sensitive information about yourself or others on social websites
• Keep a look-out on spam, phishing and viruses through websites, key-logins, E-mails et cetera
• Be up-to-date on PC software and virusprogram

And last:

• Do not use your credit card (If so, do not use your main card or a card with a lot of money), instead use pre-paid cards
• Set up an online pass code (4 button gamepad code for your Xbox Live gamertag)

I'm not sure how more safe you can be if you follow this check list. I also think you should read this: http://majornelson.com/2012/02/07/a-letter-from-alex-garden-your-security/

@MattyFTM: Interesting. Any known way updating your security questions on LIVE mail/accounts?

Hackers Love soccer.

Just an update, I phoned up today and went through the process which went suprisingly quicker than usual (10 minutes or less) and was told my account would be closed for investigation and could take 30 days maximum but should be done within a week. So now I play the waiting game. I did ask why this wasn't brought to the communities attention and was met with the typical rubbish they're paid too say and was basically told I should've heard through other people.

@Demoskinos: This should be easily accessed in the account section of your Windows Live ID login underneath where you change your password.

@MattyFTM: I can't remember what my previous secret question was but I believe it was my mother's maiden name. God knows how they guessed it as it's uncommon and only my younger sister has an active Facebook as my mother swears against all social networking.

@PixieNinja: Apparently the card DLC is account transferable. Stupid stuff. In some cases it is about money as they wire money from linked PayPal accounts and the likes. It's scary the stuff they can get. Doesn't take long for them to get your address. Look into the story where hackers called armed police to a kids home.

@PixieNinja: I may move this over to a blog. The process wasn't as intimidating as it's made out to be. Also this DLC is apparently account transferable.

@WoodenPlatypus: You may want to check out hackedonxbox.com. It's just stories and recaps from people who are going through what you're going through.

@C0V3RT: I was there today before phoning up and some of the dubbed "horror stories" put me off from phoning. I would reccomend people going though to give you some insight as to what you can expect. Some of what has happened to people is ridiculous, before this happened to me I was under the assumption profile hacking was just a bad comeback from pre teens.