FIFA-loving hackers accessing users' Xbox Live accounts to buy DLC

happened to me. everyone that i saw that got hacked with the same thing according to the xbox forum i searched at the time was the 2 random fifa 12 achievements.

i am pretty sure i didnt hit any phishing sites. as sure as anyone can be. i don't enter my xbox information anywhere. although i did start to suspect an ipad app i use as maybe the leak? regardless i setup my pin again and changed my password. got ahold of xbox support afterwards (which i will say was surprisingly helpful… i was expecting a horrid experience) and because i was able to gain control of my account after they didn't lock my account.

Unfortunately, This happend to me when Gears of War 3 came out logged into my bank account was down 140 bucks, and someone decided to buy all the Gears of War 3 DLC. Which if I may add 140 bucks is ridiculous. Anyway called Xbox they were able to fix one of the charges but the other I had to call the bank because they were going to shut down my Live account for 30-45 days before i could get my money back. Bank took care of everything huge hassle though.

It happened to me too.... I bought all this stuff with my credit card and now don't want to pay for it.

errr...I meant 'they' did it! I was 'hacked'!

Pro tip: Even if you re-use paswords on general blogs or social networks, any account that is connected to credit cards or bank accounts should have its own - very secure - password.

I was hacked last Friday - not phished, I presume they guessed my password somehow (which fairly, but not super, secure - made up of numbers and lettters).

I had Xbox points purchased and spent on Fifa DLC. Microsoft were very unhelpful on the phone, and the thief was able to spend points even after I changed my password via my iPhone (so no phishing involved!).

Microsoft said they could shut off my account for a month to investigate, and would then refund the fraudulent charges. Totally unacceptable when my Xbox is used for IPTV (via Sky) - who can live without TV for a month whilst Microsoft take their time to investigate DLC spend for a game I don't own?

I have disputed the charge via American Express instead. Looking elsewhere on the internet, it seems like Fifa DLC illegal purchases are very common.

This happened to me in early September. Microsoft support was helpful once I was able to get a hold of them. They do not offer 24/7 support, and had no easy way to find out who to call about the issue. They locked my account and told me it would take up to 21 days to solve. After about 15 I called to find out the status. Interestingly, my account was restored a few hours after my phone call. They have still not taken care of the $60 of charges on my account. I plan on calling them again this weekend, and if they do not take care of it I will call my bank back to have the charges removed.

All in all Microsoft support is TERRIBLE. They need to have an easy way to contact them and a streamlined quick response for people who have had their account hacked.

But, I thought Live was supposed to be impenetrable?

Heh.

This happened to me today and i don't even own an Xbox. 75$ worth of points were bought on my game for windows live account , they did say i was going to get a refund.

Ive heard some of the hacking has been done through facebook. Dont know if there is any validity to this but i can see how it could happen. IE email and personal info. Be careful what u share

I'm seeing a trend of people downvoting those saying Microsoft was hacked.

Let's use common sense here. Mass numbers of people had their account compromised, there was a hack. Quit being fanbois and accept the reality that hackers can strike anywhere, any time.

Hmmmm
*shrugs shoulders and plays PS3*

I wonder where the 2 people are who laughed at me and implied I was a Sony fanboy when I said that there was an abnormal amount of users on XBL as of late ._.

Same thing happened to me last week... They bought DLC for FIFA with my MS points(only about $30 worth).
They offered to lock my account down for the investigation, not a great deal when it's a family account. All of us would be down while they figure out how they were compromised.

It's bad enought I got hacked and lost $30.. but now I have FIFA achievemnts....

hmmm alot of love going around on this thread

Love how all the sony fanboys are trying to pretend this is the same as psn getting hacked

Had the same thing happen to me, my account was compromised on august 23rd and was moved to columbia, they bought 2000 microsoft points off of my credit card in the process, altough thankfully microsoft was pretty quick to reverse the charges on my credit card.

Still, I have been waiting for more than 7 weeks and still do not have my account back. Microsoft's phone support flat out refuses to hand out any information as to what happened, how it happened, and what they intend to do to fix it. (and most importantly, when)

I ended up filing a complaint with the better business bureau earlier this week, and got an email response from microsoft a few hours later telling me they would "look into my case, and call me next week to discuss it".

I find the idea of microsoft claiming they are "working with its impacted members to fix unauthorized changes" laughable at best.

For what it's worth, I discussed the situation with a few other affected people in the xbox customer support forums, and the one common link in all of our cases was that the account was moved to one of the new regions added recently. (brazil, columbia, russia, china, etc.) It appears that the simple act of moving an account to those regions makes it impossible for microsoft to move it back within a timely matter. (or at all. Some people claim they have been waiting for more than three months with no access)

I had this happen to me two days ago, I had my account stolen , my friends list wiped and some new friends added, I have a windows phone with XBL so I just watched the entire thing unfold because it doesn't log you out if the password is changed while you're online, I wrote down the tags of the people that were added to my account and sent them messages threatening to give their names to microsoft if they didnt tell me who had my account and how, they all gave me the gamertag of a mutual friend of theirs, and said he'd bought something off of DHgate and it gave him my account, the kid plays FIFA and his gamertag was conorbest so I doubt he's some kind of Microsoft database invading superhacker, or even someone capable of setting up a competent phish. So I investigated this DHgate, which looks like a chinese eBay, that appears to be selling accounts to people, here's a link to check this out

http://www.dhgate.com/10-000-10000-points-for-360-live-us-service/p-ff80808131d792b701321acea72b32e9.html

If the person who got into my account was just some joe bloggs who tried to buy cheap MSP and this website gave him my login details like his friends said it did, then that is thoroughly concerning. I sent conorbest an email asking him to tell me how he got my information but he is yet to respond. I'm going to take this to the police in the hope that they can force him to give up an answer, but I have low hopes for our UK police, so all I can do is give this information to them and Microsoft and as many media outlets as possible in the hpe something happens.

Also if my account is still quarantined by Skyrim then I do not care if this kid who got my details is innocent, I will kill his pets.

My account got hacked last week right in front of my eyes. I sat down checked my e-mail and it said your purchase of 4000ms points, then I got another and another. So i'm freaking out trying to remember if I had made a mistake somehow even though I never buy pts from xbox live I buy my points from within a store. Then my friend asked me how FIFA 12 was and I told him couldnt tell ya cause im not playing it. Next my account shows that ive bought 20 items on market place. So I hurried canceled my Debit Card, froze my xbox account and at this point it has been a huge hasle, had a bunch of auto pay accounts that i have had to change.
Also I found out my account was accessed from France. Thanks ya french son of a ........

Joystiq, poor choice of words. Phishing passwords isn't hacking Xbox Live. It's only going to feed the psychotic fanboys.

HAHAHA my buddy had his account hacked, they downloaded all sorts of goodies for Fifa 12 and then microsoft locked his account for a week and took a month to give him money back haha

Coincidentally, I hadn't turned on my Xbox in a few weeks, and just the other day went to let off some steam in GTA4 -- couldn't log in, had to recover my gamertag. While I was waiting for the agonizingly-long recovery process (??), I logged in to my Live account on a PC and found that all my MS points were gone. My billing history shows that they were all spent a couple weeks ago, on what I guess is FIFA DLC.

Eventually the recovery worked, and everything seemed fine. What seems weird to me is that my account wasn't tampered with at all: my email address wasn't changed, nor was my password. Luckily I don't have a credit card linked to my account, so all I lost were the MSP. (Of course Microsoft's online support refused to help me with this matter, so I'm still debating if it's worth the phone-hassle to get my ~$25 worth of points back.)

A month or two ago, my roommate's Xbox Live account was also hijacked; but unlike myself, he uses his Gold account avidly and had a credit card on his account. So whoever stole his account was able to charge Fifa to it. (Fortunately for him, his bank immediately noticed that the purchase made no sense, and canceled the charge.) Also, when he recovered his gamertag, he got a DIFFERENT gamertag than his own. Meanwhile, after calling Xbox Support for help, his real account was locked for three weeks while they "investigated" it.

Both of us work in the software industry, so we're not idiots about this: we're not going to set our passwords to "password," or email them to someone who pretends to work for Microsoft. Maybe it's possible that other online services we had the same passwords for were compromised (although between the two of us, there aren't many that we'd have in common).

Microsoft can keep saying that they have "no evidence" of a breach on their side, but based on what I've seen personally - my points being stolen with no modifications to my account information, my roommate's gamertag being SWITCHED with another one - it's pretty suspicious.