It's ridiculous that Microsoft basically have to be embarrassed into helping these people and still aren't taking steps to protect their (paying!) users better.

@Humanity said:

@Grimluck343: Why do people all of a sudden hate PayPal so much? I'm honestly curious cause recently on several different occasions I've heard nothing but deep ire towards PayPal.

I made a purchase on Steam a few months ago using PayPal. Had the money in the account and everything. PayPal said they "randomly" selected that purchase for review, refused to send Steam the money, so Steam locked my account until I called PayPal to authorize the transaction.

Like Patrick mentioned in the article, you credit/debit card has consumer protection built in where the bank will take care of removing fraudulent charges and refunding the money back to your account.

That barely scratches the surface of how messed up PayPal is. Just google it to find out more. Off the top of my head, PayPal has been known to completely lock down people's bank accounts for whatever reason they like without any sort of appeal process.

Why is this not a bigger deal, I have listened to many podcasts and been on community gaming sites and it seems stories like this one are wide spread throughout Xbox Live. However, nothing comes out to the public on how to secure against this on a grand scale. Does it have to hit large public numbers like the PSN hack before anything will be done to lock this security hole down. Maybe everyone that has had this issue should start reporting Microsoft to a Better Business Bureau.

Another reason why I don't like linking my credit card to accounts.

@mak_wikus said:

Worst part about her story is that Allegro.pl is a completely legitimate on-line auction house.

That's interesting info. I had wrongly assumed it was some dodgy site.

Thats incredible. It seems rediculous that microsoft charges 50 dollars for what is usually free then fails to secure the accounts of their customers.

this story has finally convinced me to remove my CC from my Live account. That, and the fact that I haven't used my xbox all year because of Steam. Of course, Steam still has my CC info, hrm.

Just read the whole situation on that girl's tumblr and it amazes that they screwed up so badly. 

yep i lost $250 on Nov 29, and i'm still locked out of my account, haven't heard a thing since i originally reported the problem to M$

"They were about as helpful as everyone else I have been in contact with regarding my stolen money. In total (including tax) I have had $366.06 stolen from me. Just how I am going to feed my son this month I just do not know." ....

While it sucks to get money stolen, if you are relying on paycheck to paycheck to feed your son... and a loss of 366$ means no food for your baby... u probably shouldn't have an XBOX360 with XBox Live...

It's a sad story but a familiar one. I had my account hacked and money (much less) was stolen from me, too. The upside is that Microsoft and my bank took care of the whole thing and I wasn't out a penny for long. I cancelled my bank card and was issued a fresh one I do not have linked to any console. I guess she ran int bigger problems because of her Paypal account. I know that I was not the victim of a phishing scheme because I only correspond via email with people I personally know and, at the time of the incident, my Xbox hadn't been used in 4 or 5 months. I don't have a Facebook, Twitter, Linkedin, blog or any footprint on the web that I know of. That doesn't mean one doesn't exist, just that I am not aware of it. I read around the net that there was some Eastern European/Russian group hacking accounts and reselling the downloads, so I figure that's what happened to me. Why else would someone buy a bunch of games (Xbox live credits) and then do nothing with the games purchased? I am positive Microsoft knows this is going on, but I question whether or not they know what to do or how to curb the intrusions.

I honestly do not understand how this story isn't all over the national media...

When you look back at the outrage of the Playstation Network hacking scandal it seems incredible, that (in retrospect) it turned out that NOBODY on PSN actually became a victim of any sort of fraud... yet it was all over the media, as well as the FBI and various countries governments getting involved....

Yet here, with regards to Xbox Live... there IS genuine fraud happening, and HUNDREDS (if not thousands) of loyal customers are losing thousands of dollars.

Microsoft are laughably passing the buck on this to the consumer, basically portraying them a stupid victims of "phising scams"

THIS IS NOT THE CASE.... if it was, then why is it not also happening (in these huge numbers) to PSN & Steam users... HUH, answer me that Microsoft!

So by now it's clear, that i am slightly vexed about this whole story.... and with good reason.

Just before Christmas, my son became just another in a long line of victims.... he switched on his console to find the 2200MS Points he just added days before had entirely been spent on FIFA rubbish (luckily he uses scratch cards and does not have a credit card assigned to his account)

Now when i say 'my son'... don't imagine a naive 10 year old who clicks on any old link he receives in a spam email, or inputs his account details into any website that asks for them.....

My son is 19 years old and currently doing a university degree in computer languages, he would be able to spot a phishing scam better than most - So when he tells me he absolutely has not handed his account details to anyone, i know he's telling the truth.

Yet somehow, someone without these "vital" access details, has somehow got into his account

It should be as clear to Microsoft.. as it is to everyone this has happened to, and all the blog evidence is pointing to... that..

MICROSOFT HAS SOME FORM OF SECURITY BREACH... which appears to be of absolute common knowledge in the Eastern Bloc (where all the profits of this fraud are being passed around easier than stolen mp3's)

Microsoft's actual customer service is utter shit. There are good people working at microsoft who like their jobs and want to help, but none of them work in customer service.

The only problem I have with this story is the lady crying that she can't feed her children because they took $300.00 if you have kids and this is an issue lay off the buying of some games to put a savings away in case of an emergency. I feel bad for her but if she is playing new Xbox 360 games and doesn't have more then $300.00 saved then those kids are fucked.

Don't get me wrong this shouldn't of happened to her in the first place I agree with that and hopefully she is just saying that part to make her situation "worse" to the customer service rep but when I read that I shook my head. Priorities....

I don't have a card on my account, but I got a really freaky call about my account being permabanned, on my cell phone, by a private number. Nothing has disappeared....yet....

I haven't had an Xbox since I sold it in the middle of last year. My Gold has been expired since July.

There was another user on the GB boards that said this happened to him just the other day.

I'm assuming this all went through her credit card? She should be contacting her credit card provider. They would fight to the death for her.

This is what the Xbox is. Let's move past it.

This story's not over until Microsoft significantly shortens the time it takes for people to get their accounts and money back, and properly implements two-step verification. Also they should probably not let low level customer support reps handle fraud victims.

Microsoft dealing with this specific case quickly means nothing when it's purely because it became a PR issue.

How the hell does buying up tons of points for the purpose of transferring them to other accounts not raise any red flags at Microsoft? Can't they put an automatic hold on practices like that for a few business days, much in the way banks do, to ensure everything is legit?

With how common two step verification is on the internet I'm increasingly amazed at just how poorly the Xbox Live security team is adapting to and confronting this problem. Accusing everyday folks of being careless with their personal info while quickly resolving big industry names that get hacked to minimize PR damage is a pretty shitty practice as well. Keep up the stories as you hear more Patrick, they are appreciated.

EDIT: Just got off the phone from removing my CC info from Xbox Live. Aside from the fact that I had to call them to do it, it was relatively painless and I chatted about Saint's Row 3 with the support rep. Feels good to be free.

What annoys me is how I cant leave my debit card info off my XBOX account because my gold is active. And you have to call them to keep it from auto renewing yet the website says you can do it on the websites at a place that DOESN'T EXIST. 
So annoying. I have to remember to call them this week end, such a pain in the ass.

Funny how companies pull their fucking acts together once people are aware of something they're doing.

My account got hacked for $70 worth of points and they offered me the same, lock your account and we might or might not look into it deal. (Of all things, the thief spent the points on Rift, a mmo!? It must be available through the marketplace or something) After reading/hearing horror stories about dealing with Microsoft in these situations I decided to tell the csr that I'd be willing to just eat the $70 charge if he'd be willing to remove my credit card info from my account, as I was not able to do it online. It required cancelling my gold account along with any remaining time left for the gold, but at least it got done. Then the csr gave me codes for the remaining time I had with my gold membership. I have/had never entered my account info to any other page than xbox.com, and never followed a link to xbox.com besides the bookmark I had placed on my original visit. Near as I can tell is a csr must have been socially engineered. Needless to say, I will never give my cc info to Microsoft again. It was all just a horrible experience.

Glad Susan got the press she needed to get her situation fixed. If only this ongoing problem could make television news. Maybe that'd be enough press to get Microsoft to actually fix this problem.

@CornBREDX said:

What annoys me is how I cant leave my debit card info off my XBOX account because my gold is active. And you have to call them to keep it from auto renewing yet the website says you can do it on the websites at a place that DOESN'T EXIST. So annoying. I have to remember to call them this week end, such a pain in the ass.

I don't know how recent an addition it is, but i have been able to cancel xbox live gold auto renew on the website for a few months now.

Wait, so was she hacked or was it phishing? Still not clear to me.

I hate these situations (and also hearing about them over and over) and Microsoft for provided such shitty service to paying customers. Doesn't some of that money we're paying for gold pay for the security/fraud department? But I also hate those who blame Microsoft for there accounts getting phished. I see phishing referred to as hacked way, way, wayyyyy too often. A hack is due to a lack of security on Microsofts behalf, but I feel phishing is on the users end (although resolving the issue once its occured is on Microsoft). So I wish people would just say my account was phised, admit they fell for it, then demand help.

Also what the eff is this shit. Cant even remove my CC

I don't know why but the name Susan is making me laugh.

Microsoft's customer service is useless. I'm sure they actually do something when something becomes news like this. 
 
Isn't it funny though? Lots of this stuff going around on Xbox Live, yet none on PSN, and everyone thinks PSN has more security issues. 

I have all the consoles and love my Xbox but their customer service absolutely sucks. Their customer service is the ONLY reason that next gen the PS4 will be the first console I get. but I will eventually get both. For a service that you spend $60 for basically nothing it seems the least they could do when you call with a reasonable complaint or request is to treat you like you matter even if they can't help you but I have never dealt with such jerks in customer service in my entire life.

@D_O_A said:

@CornBREDX said:

What annoys me is how I cant leave my debit card info off my XBOX account because my gold is active. And you have to call them to keep it from auto renewing yet the website says you can do it on the websites at a place that DOESN'T EXIST. So annoying. I have to remember to call them this week end, such a pain in the ass.

I don't know how recent an addition it is, but i have been able to cancel xbox live gold auto renew on the website for a few months now.

You can turn off auto-renew online, but you cannot remove any card info so long as you have a subscription still running. You have to call them, they remove your current subscription manually, then email you codes for the remaining time left. That's what I just had to do, at least.

This is a natural progression from account hackers (mostly from China) hacking and selling MMORPG accounts branching off into different things. Anything online that has value is going to be stolen and sold and this is going to be a major stopping block for companies heading into digital distribution. Microsoft and Sony and other companies are going to have to start taking this shit seriously or it is going to cost them huge amounts of money and a huge loss in customers willing to spend money linked to their profiles, which will retard the whole evolution of digital distribution..

It is patently obvious that Microsoft's customer service is wildly unprepared with dealing with this situation, as they were unprepared to deal with the huge amounts of red ringers back in 2005-2006. Eventually getting your account hacked and re-sold will become as commonplace as it is on WOW. Steam will be targeted as well.

Despite how many people shit on them. I STILL think Nintendo's Customer Service is leaps and bounds over Microsoft's and Sony's. It's a shame stuff like this is happening and that the corporation themselves give people the run a round. Most of the customer service reps are probably regular joes hired off the street who would rather NOT have to deal with a situation.

The idea of friend codes aren't looking too bad now me thinks.

@zityz: It's because they don't have a similar service at all. If they did they would be in the same boat. I'd rather risk these services and enjoy the content then have a friend code and zero online ability.

@damnboyadvance: Yeah because the PSN doesn't have the same shit happening to it, oh wait my roommate had his shit hacked and lost 2,000 dollars because of it a few months back... stupid fan boy comment.

Wow.  What an idiot. Why would you plug the goddamn thing into 
Paypal & have your bank account at some corporations finger 
tips??  Dames. I tell ya.  It's common fucking sense not to do 
that.  
 
Trust Microsoft or anybody for that matter.  What a Gullible Gilda.

"Oh people are starting to notice; let's help this one user and then everything will be ok."

Id really love to know how they are getting these accounts. Im sick of hearing the phishing BS as I really dont think thats how they got my account. Either way, actually got good service from MS. No run around, and account was back in about 3 weeks I think.

After reading this article, others patrick has posted and a few on Joystiq, I've taken all credit card details off my xbox account. Not worth the risk

Wait wait wait. PayPal is less secure than giving your credit card to MS? WTF?!?

@patrickklepek said:

@PiltdownMan said:

@Loyal_Dragoon said:

Is it just dumb luck that they get these accounts with CC info on them, or are they somehow able to single out the people with that sort of info linked to their account? Thats what I want to know. I don't think we'll ever know for sure how they target accounts, though.

My guess is if there isn't CC info linked they move onto the next target, it's pretty simple.

It's also possible they hold onto the account, then check back later.

Both are very reasonable answers, and thank you both for replying.

Haven spoken to her it's a terrible shame that the situation has to be given this much attention before it gets acted on. Thank you for your assistance in getting a friend the help they needed. :)

@Enigma777 said:

Wait wait wait. PayPal is less secure than giving your credit card to MS? WTF?!?

I suppose that's more about how the CC company/bank and MS would cover the damages than the basic IT security of having two layers of (hopefully) different passwords in order to purchase something with the account. I'm not entirely sure how Paypal handles disputes, there have been some horror stories in the past few weeks.

reading a similar article on Kotaku a little while ago, and all the comments were just other people saying that the same thing happened to them, and would detail their personal story of having money stolen from them while using xbox live and then microsoft doing nothing in return.

Then more and more articles come on game news sites about microsoft being total failures at caring , like the catholic church making the world safe for rapists, police making it safe for dirty cops to plant drugs on random minorities (but act honest when the dash cam video leaks out). This is exactly the same. Microsoft has known it's been happening for a long time, but have tried to cover it up instead of solving it.

Then when people yell loud enough, within ONE DAY Susan gets her money back. This happens in real life and the majority of people actually use this system. What a sad group of sheep we have become.

Why have your credit card in the first place when Microsoft points are sold at everywhere from Walmart to corner stores? Needless risk.

If you're gonna use one to buy your gold account, just cancel it immediately and you'll get free gold until the card was meant to expire anyway haha

@ArcticPlumber: I'm not too worried about it. Not that I believe that it could never happen to me. The difference is, she used PayPal and I use my credit card directly. As Patrick mentioned, credit cards have greater protection. Should anything happen I can just contact my bank or the credit card company and let them sort it out. At least where I live, they are pretty good. Though it can take a while until I get my money back.

@lacke: Yeah true, I guess my credit card can do the same. I mainly buy points cards anyway, so the odd inconvenience of re-typing a CC is personally worth the extra assurance of it not being stolen (from Xbox Live anyway)

@EightBitShik said:

The only problem I have with this story is the lady crying that she can't feed her children because they took $300.00 if you have kids and this is an issue lay off the buying of some games to put a savings away in case of an emergency. I feel bad for her but if she is playing new Xbox 360 games and doesn't have more then $300.00 saved then those kids are fucked.

Don't get me wrong this shouldn't of happened to her in the first place I agree with that and hopefully she is just saying that part to make her situation "worse" to the customer service rep but when I read that I shook my head. Priorities....

I don't think you're living in the real world. Not everyone has the ability to save up thousands of dollars for "what if..." scenarios. Some people struggle to get by with their kids having a decent standard of living and just can't save money for hypothetical scenarios. Heck, when I was a kid it would be rare for my mother to have more than £100 in her bank account. And she certainly didn't have enough spare cash to save up in case somehow her bank account got accessed and someone took all her money. She spent every penny trying to give me the best standard of living she could. We had an OK standard of living, but if she had saved up money just in case something bad would happen we would have pretty much down to our bare bones. She was a single parent. There wasn't a lot else she could do.

I don't know enough about Susan's situation to make a judgement either way about her financial situation, but saying her kids are fucked just because the family is a little low on money is just flat out dumb.

@MideonNViscera said:

Why have your credit card in the first place when Microsoft points are sold at everywhere from Walmart to corner stores? Needless risk.

If you're gonna use one to buy your gold account, just cancel it immediately and you'll get free gold until the card was meant to expire anyway haha

Taking away your credit card seems pretty much impossible. I use time cards so I cancelled the auto-renewal, but it still says the credit card is being used for Xbox Live and cannot be deleted or something like that.

"Amazingly, Susan was even able to message the person who eventually purchased--and used--her account!"
 
Incorrect. She contacted one of the new "family plan" accounts that points were transferred into. No one sold her account.

Glad her issue is fixed.

Not impressed that it took 3 (motherfucking business days) to block her account, a well written blog, several gaming journalism sites in addition to the several phone calls and what must add to up a very interesting trouble ticket for some customer service supervisors to review to get her money back.

http://allegro.pl/listing/user.php/run?us_id=15755568&order=p&p=4&change_view=1

Dude's selling all kinds of content from shady sources. He's also selling two accounts with 8000 and 10000 MSpoints on them. I've flagged both of those auctions and his account(which has over 7000 thousand transactions already done).

He's also selling cd-key to various games from Steam, Origin, UbiPlay, etc.