Xbox LIVE password reset - is it broken?

Avatar image for humanity
Humanity

21000

Forum Posts

5738

Wiki Points

0

Followers

Reviews: 40

User Lists: 15

#1  Edited By Humanity  Online

So in the past couple of months I've had to change my xbox live password twice because "someone was using my account" so they blocked it. Both times I had pretty secure password with upper and lower case letters, numbers the whole deal. So I'm starting to wonder if this is bugged or not? None of my other sites that I use have been compromised as google and others have alerts for suspicious IP's logging into your account. Is Microsoft security just this bad that they're able to attain these passwords at will or is their detection just wigging out by accident? I do have a Chrome plugin that logs into my Xbox Account and shows me who's online and lets me even send messages through a neat little drop down. Maybe thats causing it?

Has this happened with moderate frequency to anyone else?

Avatar image for sexytoad
SexyToad

2936

Forum Posts

3297

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

#2  Edited By SexyToad

@Humanity: It hasn't happen to me. To make sure make a really complicated password such as $fdTbE684*%vdn and see if its still detecting stuff. If it does then it might be bugged or someone really wants your account.

Avatar image for mtcantor
mtcantor

986

Forum Posts

1180

Wiki Points

0

Followers

Reviews: 0

User Lists: 1

#3  Edited By mtcantor

@Humanity said:

I do have a Chrome plugin that logs into my Xbox Account and shows me who's online and lets me even send messages through a neat little drop down. Maybe thats causing it?

Has this happened with moderate frequency to anyone else?

Sounds like this is probably the culprit, unless Crash Override or Acid Burn have it out for you.

Avatar image for humanity
Humanity

21000

Forum Posts

5738

Wiki Points

0

Followers

Reviews: 40

User Lists: 15

#4  Edited By Humanity  Online

@mtcantor: I'm thinking it might be but it's a really good plugin.

@SexyToad: I wish they even told you like "we detected foreign IP's logging into your shit", but they just block your account straight up - nothing like "hey is THIS you? - Login 4:22am from Shibuya Japan" so I'd know like yah thats definitely not me.

Avatar image for robinson
Robinson

242

Forum Posts

169

Wiki Points

0

Followers

Reviews: 1

User Lists: 5

#5  Edited By Robinson

Maybe this is related, maybe not. Your xbox doesn't actually have to know your password, just be associated with the account. I had my account hacked and used on someone else's xbox. When the password was reset and xbox promised me that the other xbox had been removed, the problem, nearly immediately, came back. As xbox did not actually remove the xbox's association with the account. So I could change the password many many times, and all the other guy had to do was turn on his xbox and have it autologin. This repeated three times until I asked the final tech to tell me how the system worked. He then de-associated all systems with my tag. That finally fixed it

Avatar image for sexytoad
SexyToad

2936

Forum Posts

3297

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

#6  Edited By SexyToad

@Humanity: Have you tried contacting microsoft?

Avatar image for humanity
Humanity

21000

Forum Posts

5738

Wiki Points

0

Followers

Reviews: 40

User Lists: 15

#7  Edited By Humanity  Online

@Robinson: Maybe this is it although I don't have any cards linked on my account

@SexyToad: I'm going to try I don't want to call but finding an actual e-mail address to contact with tech problems is even harder.

Avatar image for sexytoad
SexyToad

2936

Forum Posts

3297

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

Avatar image for wendschlag
Wendschlag

31

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

#9  Edited By Wendschlag

Could be someone with your email address, so you may want to change the email associated with the Windows Live ID. If you have a Microsoft email associated with the account you will need a Xbox, but if you don't then your PC works fine for changing it on xbox.com. Your purchases on the PC/Xbox side are tied to the gammertag, and not the credentials, so they can be changed. Doing that should wipe the slate clean, and should force gamertag download in order to connect.

Avatar image for humanity
Humanity

21000

Forum Posts

5738

Wiki Points

0

Followers

Reviews: 40

User Lists: 15

#10  Edited By Humanity  Online

@SexyToad: Thanks!

@Wendschlag: Well I only have my hotmail account tied to that console with my gmail as a emergency contact in case of a compromise. I've changed my Hotmail password to something ridiculous as stated above and I know my Gmail is fine because it doesn't have any suspicious IP logins.

Avatar image for robinson
Robinson

242

Forum Posts

169

Wiki Points

0

Followers

Reviews: 1

User Lists: 5

#11  Edited By Robinson

@Humanity: doesnt require a card being linked to the account, just that an xbox receives a special hash (non related to the password) that allows it to login. Whenever you xbox logs on, it doesnt use your password but for the first time. If the xbox is still associated with the account, it is just allowed to log on. Not a very safe system, but it is what microsoft uses

Avatar image for eccentrix
eccentrix

2675

Forum Posts

12217

Wiki Points

0

Followers

Reviews: 4

User Lists: 12

#12  Edited By eccentrix

@Humanity: Sometimes when I reset my password it says my account has been sending suspicious messages, but I keep changing the password and nothing malicious has happened, so I'm not too worried. Someone would tell me if I was sending weird messages, right?

Avatar image for humanity
Humanity

21000

Forum Posts

5738

Wiki Points

0

Followers

Reviews: 40

User Lists: 15

#13  Edited By Humanity  Online

@eccentrix: I suppose so. I don't even use my live mail address for anything but a login to XBOX LIVE. Their system just wonks out sometimes which is kinda dumb but as mentioned the way your console logs in without password prompts is even worse as I've changed my account password about 3 times and I've never had to change it on my console - it always just auto logs in.

Avatar image for eccentrix
eccentrix

2675

Forum Posts

12217

Wiki Points

0

Followers

Reviews: 4

User Lists: 12

#14  Edited By eccentrix

@Humanity: Yeah, it's a little worrying how little security there is on that front.

This edit will also create new pages on Giant Bomb for:

Beware, you are proposing to add brand new pages to the wiki along with your edits. Make sure this is what you intended. This will likely increase the time it takes for your changes to go live.

Comment and Save

Until you earn 1000 points all your submissions need to be vetted by other Giant Bomb users. This process takes no more than a few hours and we'll send you an email once approved.