MSFT exposes account data to domain squatters

by Vladimir Cole { Jan 1st 2006 at 6:00AM }

Someone really goofed on this one. Here's how Microsoft is encouraging people with Xbox Live account issues to email domain squatters with their personal account information.

Step 1: Visit http://www.xboxlivediamond.com/

Step 2: Enter a gamertag that's already taken. Joystiq works for this purpose.

Step 3: Notice the error message that says: "We're Sorry!!! That GamerTag has already been registered" Notice the following instructions: "If you believe that someone else has registered with your GamerTag, please send an email to support@xboxdiamond.com."

Step 4: Notice that xboxdiamond.com is registered with domain squatters. Oops! Hope nobody sent their Xbox Live account information (password, credit card information) to that email address! We further hope that whoever's receiving the deluge of emails isn't impersonating Microsoft and soliciting this information from Xbox Live customers.

The domain recently changed hands on eBay. The auction can be found here, including the following text from the seller, which essentially proves that the registration was motivated by squatting:

"This can only mean Microsoft had planned on buying XboxDiamond.com as a domain to use for support. Now that I took it first-- it means Microsoft will pay BIG BUCK$ to get it back! Buy it now-- and then sell it to them! Only reason I am selling is I need to pay off some holiday stuff-- and need to get the money asap! Good Luck this is a once and a lifetime domain!"

Let's hope the new owners are a little more scrupulous than the guy or gal that offloaded the domain on eBay.

Reader Comments (Page 1 of 1)

ill trooper @ Jan 1st 2006 6:12AM

Lord help us, this world is going to hell.

"BIG BUCK$!"

Pelt this guy with rocks please!

Zero_ @ Jan 1st 2006 6:53AM

""This can only mean Microsoft had planned on buying XboxDiamond.com as a domain to use for support"

Ever thought it was an error on Microsoft's part?

Andrew @ Jan 1st 2006 6:55AM

Hahahah..

I smell some sort of lawsuit pending here. I hope these fuckers get screwed, I really do.

simpson733 @ Jan 1st 2006 7:23AM

Hey i know this guy, he posted something about this in the forum Namepros.com. Haha hes gonna get a lot of advertisement from this.

xbox360-forums.com @ Jan 1st 2006 8:04AM

This can't last for that long, surelly. Wonder how much this guy will pocket from this.

MarkTAW @ Jan 1st 2006 8:52AM

Uh....

Ended: Dec-27-05 12:25:38 PST

Start time: Dec-24-05 21:42:16 PST

History: 0 bids

Looks like it's over already. He should have started at a dollar. Does anyone here remember the whole MikeRoweSoft.com debacle? Microsoft sued him and he settled for an XBox, tour of Redmond & an MSDN subscription.

Aaron @ Jan 1st 2006 9:10AM

I thought companies could go to court and take the domain names back from people who pulled stuff like this?

Matt @ Jan 1st 2006 9:34AM

Very strange,I thought you had to sign up for 12 months to get one.I got a 3 month,but I havnt even used it yet since I am getting my new TV this week and moving my Xbox. If I sign up and I am denied it(since I dont have a 12 month membership),how will I get one then? Re-sign up or will I get it re- regestier me automaticly with a I get 12 month subcription?

DeadCow @ Jan 1st 2006 10:01AM

The domain is pretty worthless unless you actually want to use it to collect people's personal information, I think. Cybersquatting is pretty clear in this case and the squatter(s) can be easily kicked off the domain under ICANN and the Anti-Cybersquatting Act.

more info : http://www.nolo.com/article.cfm/objectID/60EC3491-B4B5-4A98-BB6E6632A2FA0CB2/111/228/195/ART/

Pixelantes Anonymous @ Jan 1st 2006 10:10AM

Aaron, yes. This sort of thing is the very definition of domain squatting. All Microsoft has to do is archive the eBay auction information, show it to WIPO, and the domain will be theirs with a rubber stamp decision.

Mark @ Jan 1st 2006 10:18AM

I'm confused. I submitted to that site at one point. Am I getting screwed over?!

BrainDamaged @ Jan 1st 2006 10:53AM

uhh.. Microsoft just needs to fix the typo in their email address.. to xboxlivediamond.com.

/end media hype over NOTHING

vc @ Jan 1st 2006 12:50PM

BrainDamaged:

It's not nothing.

1. The squatting has been going on since the launch of the Diamond card on December 22nd. That's 10 good days of squatting and 10 good days of people sending their personal information to a shady third party.

2. The update hasn't been made in 10 days. It's stuff like this that helps notify companies to make changes quickly to protect customer data.

3. Even if the email address is fixed today, there are thousands of people who emailed personal account information to that email address in an attempt to work out various issues with their Xbox Live gamer tags and accounts. I am 100% certain that some of these thousands of emails included the information needed to hijack Passport accounts.

Necrophiliac @ Jan 1st 2006 7:11PM

So if i applied for the diamond live thingie through the old link on joystiq and got an email back from microsoft does that mean im safe or that im screwed.

Nick @ Jan 1st 2006 8:50PM

I bet BrainDamaged is richman723; that statement also works nicely in reverse. Quick, get his IP! :P

Nick

Adam Richman @ Jan 2nd 2006 1:02AM

Hey-- It's Richman723-- I did not steal anyone's info.. The website was simply an IFRAME of www.xboxlivediamond.com so all the data was sent there-- The emails that were sent were all forwardered to Microsoft prior to the sale.. I wound up selling the domain on Friday to an Australian Domainer for $3000