gravemistake

@Roto13
Except for the fact that it is. It happens to Steam users, Google users, Twitter users and Apple iTunes users all the time... you just don't hear about that because it's not the cool thing to report on right now.

The moment that an article on a popular site is written about a company like Apple where users accounts are being hacked I am sure you will see the same type of thing... everyone posting about how it happened to them (over the past few years) and how horrible the company is because their account was hacked and it must be the companies fault for the hack... etc.

I think the likely culprit are those lists of email addresses/usernames and passwords out there in the wild. Plug in an email address/username to a popular service and see if you can gain access to the account using the corresponding password.

Um yeah, you do realize that it would take a hacker close to forever entering in passwords over and over again to see if they work. With all the different password combos and without the aide of a program to try to get in they would manually be entering in different passwords over and over again until they got one that worked. That would also send red flags to MS if a hacker spent an entire day trying to get into an account and they would know that is how the hackers are gaining access to the accounts.

I seriously doubt this is how the hackers are getting access to the accounts.

Question is: did the accounts that were hacked have security questions associated with them and not a trusted pc? If so then add a trusted pc which will remove the security question option since a security question is a lot easier to figure out for a hacker to reset your password than the other options.

goto xbox.com and sign in.Click on My Account, click on change password and then find the Security info in the Account security section and click on Manage.

Add your computer name as a trusted pc and an alternate email address or your cell phone so that when a hacker tries to get into your account they won't see the security question they will only have customer support, use your trusted pc or email a link as options. Much more secure than a security question.

Note if you don't have a trusted pc as an option the security question will show up. Once you add a trusted pc, the security question will not be there for a hacker to gain control of your account.

But that's not to say this is how the hackers are getting in... if they have your password they got it from somewhere... the odds of them guessing it are fairly slim.