Xbox account hacked rage-all

Pages

Within the last hour I got emails from PayPal and Microsoft that 18,000 MS points were bought (to the tune of $291), another email address was added, and my account's region was changed from Canada to Russia.

I've cancelled the second email address addition and changed my Xbox Live password. I'm going to call Microsoft in half an hour on my lunch break.

In addition to PayPal, there's a credit card on the Xbox account. But in my account, when I click on Управление способами оплаты (Managing payment methods) (yes everything is in Russian now), this message says Способы оплаты не зарегистрированы (Methods of payment are not registered). I'm hoping that's one piece of good news...?

Is there anything else I can do right now? Sorry if this confused, I'm a little panicked right now.

That sucks buddy - the only help I can offer is translation:(

SallyNasty wrote:

That sucks buddy - the only help I can offer is translation:(

No problem. English URLs and Google Translate are helping with that.

Contact whoever's in charge of your registered payment methods to make sure they're aware of the fraudulent charges. Then call Microsoft, who should be able to reverse the charges anyway. This sort of thing happens frequently enough that everyone should have well-established procedures for fixing it to your satisfaction.

complexmath wrote:

Contact whoever's in charge of your registered payment methods to make sure they're aware of the fraudulent charges. Then call Microsoft, who should be able to reverse the charges anyway. This sort of thing happens frequently enough that everyone should have well-established procedures for fixing it to your satisfaction.

All the points were bought through PayPal, so that would be their unauthorized transaction dispute form.

Okay, disputes filed at PayPal. Xbox and PayPal passwords changed. Called Xbox support and they locked down my account under fraud investigation to prevent any further transactions, but can't do anything further until I get home tonight and call them back to read off my console ID from my 360.

So there's nothing for it right now except to have lunch and stop shaking. Thanks for the input, I'll update later. At least it happened on payday so I wouldn't get grief from every angle.

Spent a productive half hour on the phone with Xbox support. The guy ran me through the whole open-a-fraud-investigation-claim script with his own editorializing ("Yeahhh... this guy needs to go to jail."). Very helpful, very encouraging.

So for the next ≤25 days it's no purchases, no Gold sub, and half the dashboard and website are in Russian. If everything goes well then I can look forward to getting my money refunded, subscription credited, and some bonus time.

It's a weird feeling, you know? I was robbed—and I didn't know if the thief still had his hand in my wallet. At least everything's locked down now and I just have to wait for the resolution.

Any idea how they got access?

Yeah, you need to be thinking about that very carefully. You mention how he ran the scam on payday. Could be coincidence, or he could be into your life a LONG way.

gewy wrote:

Any idea how they got access?

No idea. The Xbox support guy said they're a little swamped with fraud claims right now since it's back to school and many people are discovering their accounts have been hacked (don't ask me the connection to back to school, just what the guy said). Password less secure than I thought?

Malor wrote:

Yeah, you need to be thinking about that very carefully. You mention how he ran the scam on payday. Could be coincidence, or he could be into your life a LONG way.

Suggestions to explore to find out if it's the latter?

Gravey wrote:
gewy wrote:

Any idea how they got access?

No idea. The Xbox support guy said they're a little swamped with fraud claims right now since it's back to school and many people are discovering their accounts have been hacked (don't ask me the connection to back to school, just what the guy said). Password less secure than I thought?

Malor wrote:

Yeah, you need to be thinking about that very carefully. You mention how he ran the scam on payday. Could be coincidence, or he could be into your life a LONG way.

Suggestions to explore to find out if it's the latter?

A lot of people get paid on the 1st and 15th, or the 15th and 30th. Could just be a decent guesser. Same goes for if your password was a palindrome, which I suspect it was.

It wasn't me, I swear! All I did was lolspekk at Clemenstation, and now look at what's happened.

Bonus_Eruptus wrote:
Gravey wrote:
Malor wrote:

Yeah, you need to be thinking about that very carefully. You mention how he ran the scam on payday. Could be coincidence, or he could be into your life a LONG way.

Suggestions to explore to find out if it's the latter?

A lot of people get paid on the 1st and 15th, or the 15th and 30th. Could just be a decent guesser. Same goes for if your password was a palindrome, which I suspect it was.

My fatal flaw! Thanks for the laugh, Bonus.

Amoebic wrote:

It wasn't me, I swear! All I did was lolspekk at Clemenstation, and now look at what's happened.

I had my suspicions. The hacker is Russian, so it couldn't have been you, could it, Amoebic—or should I say: Natasha.

I had the exact same situation happen to me on July 27th. I still as of September 16 do not have access to my account. I provided my console serial number etc 3 times now. The 25 days they quote is BUSINESS days. They don't tell you this but thats what it is. Even going by business days my account should have been restored to me a while ago. I feel your pain! The worst part is that there is absolutely no way to talk to the xbox live account investigation team. You can call back in to the standard support number and they'll tell you to post on the forums. When you do that they will tell you to call the support number. It sucks. It sucks big time!

For me it was a us account that was transferred to canada and roughly a hundred dollars of points was purchased. I called support within an hour of the charge hitting my account (I was lucky and was checking to see if a deposit was made and noticed the fraud charge quickly). My back credited my the money as soon a I filled out a fraud report and cancelled the card. Worst part was I had nearly all my bills auto payed via that card. Changing them all was not fun.

If I hadn't purchased a bunch of arcade games and had roughly 20K gamer points (I know not many in this crowd) plus just recently renewed my gold status, I would have just created a new account and moved on. The knowledge that MS really has no clue what they're doing (based on the fact that its apprently so easy to hack the live passwords and the backlog is months) I almost considered buying all games on the PS3.... then I remembered the PSN hack a while ago. So my last few games have been PC game purchases...

Basically I feel for you and share your pain... long long long pain!

I got hacked at the beginning of August, and still don't have access to my Xbox account.

Same story- changed to Russian, etc. 10,000 MS points purchased. I found out by the MS email notifying me that my account email was changed (the notifications on MS point purchases came a few days later).

I was able to reclaim access to my Xbox live account through the webpage, but since they allow only 1 region change per year, it's going to be defaulted to Russian until the investigation is completed. I'm a little disappointed in the amount of time Microsoft is taking to complete the investigation, but it does sound like hacks are on the uptick.

I found through my own investigation (and Malwarebyte's Anti-Malware software), that my GFWLive.exe program file was hacked and operating as a spyware program (not sure how it got onto my computer though). Got it quarantined and have changed all my passwords on just about every account I have on the internet. Very disconcerting to be hacked!

Good news is that the credit card information was not compromised... only MS points could be purchased by the hacker, which was shut down within an hour or so after I was notified.

painthappens wrote:

I had the exact same situation happen to me on July 27th. I still as of September 16 do not have access to my account.

That sucks man, sorry to hear about that. Right now though, I feel like the worst has already happened—getting stolen from—so however long it takes to resolve is however long it takes, just so long as in the end I get my money back and account righted.

Maybe I'll feel differently five weeks from now, but if resolution means I have to wait to buy new Nirvana tracks or can't be there for Battlefield 3's launch week, that's fine. Heck, if this happened just before Skyrim came out I probably wouldn't even miss not having Gold or purchasing ability.

TheWalt wrote:

Good news is that the credit card information was not compromised... only MS points could be purchased by the hacker, which was shut down within an hour or so after I was notified.

That seems to have been the case for me too. No purchases were made on the credit card before the account was locked.

I've been changing a lot of passwords now, and looking into password management software. I even ran an antivirus scan on my Mac. I still have to scan my Windows partition too, and I'll try that Malwarebyte app.

What do they do with the points they buy?

Just trying to figure out how they profit from this. It's not like you can give points to other accounts.

I'm sure I'm missing something.

MannishBoy wrote:

What do they do with the points they buy?

Just trying to figure out how they profit from this. It's not like you can give points to other accounts.

I'm sure I'm missing something.

I am glad you asked because I was wondering the same thing.

MannishBoy wrote:

What do they do with the points they buy?

Just trying to figure out how they profit from this. It's not like you can give points to other accounts.

I'm sure I'm missing something.

On my account the guy bought seven games, including Darkspore and The Sims 3. He left me with the change though!

But you're right, they're not on my Xbox account. I'm not sure how it works, but he attached a second personal account to my Xbox account. I can log into billing.microsoft.com, and I see two personal accounts: mine, with all my normal transactions and his fraudelent purchases; and his, with the games downloads.

My Live sub was also transferred to his personal account, meaning dwk Gravey is without Live.

But yeah, I'm not sure how or if this has all transferred to his own Xbox profile or what. He's certainly not playing as dwk Gravey though (or at all since the sub was cancelled).

One piece of advice for all of you - if this is interrupting paid-for XBL time, tell MS you want a refund for all of the time you've been unable to access your account. If they're sluggish on that, or give you crap, immediately go to your CC company and tell them to stop payment to XBox Live. If there's anything that will get their attention, it's denying them money.

NSMike wrote:

One piece of advice for all of you - if this is interrupting paid-for XBL time, tell MS you want a refund for all of the time you've been unable to access your account. If they're sluggish on that, or give you crap, immediately go to your CC company and tell them to stop payment to XBox Live. If there's anything that will get their attention, it's denying them money.

Support guy said I would be credited for the lost time. There's less than a month left on the subscription anyway, and I turned off auto-renew ages ago.

So maybe this is just a way to play some free games for awhile, assuming that the real owner doesn't notice for a bit?

Just an odd scam.

Gravey wrote:

But you're right, they're not on my Xbox account. I'm not sure how it works, but he attached a second personal account to my Xbox account. I can log into billing.microsoft.com, and I see two personal accounts: mine, with all my normal transactions and his fraudelent purchases; and his, with the games downloads.

I wonder if they are using the family membership?

How are these guys getting your passwords?

Gdawg27 wrote:

How are these guys getting your passwords?

Why do you ask, comrade?

Gdawg27 wrote:

How are these guys getting your passwords?

Just finished running the MSE scan on my work computer and came up with two exploits and a trojan. I do log in to Xbox.com from work ("Demo released, add to download queue", etc), so maybe that was the vector.

Removed them, and now I feel like I should change the passwords to the accounts I logged into this morning.

Gravey wrote:

Removed them, and now I feel like I should change the passwords to the accounts I logged into this morning. :P

You think? :p

Glad you found it.

Was MSE running all along? Weird it would find it on a manual scan if it didn't detect it either on a scheduled scan or in real time.

MannishBoy wrote:
Gravey wrote:

Removed them, and now I feel like I should change the passwords to the accounts I logged into this morning. :P

You think? :p

Glad you found it.

Was MSE running all along? Weird it would find it on a manual scan if it didn't detect it either on a scheduled scan or in real time.

Rebooted, some passwords I changed last night at home changed again now.

MSE has been running all along including its real-time protection dealie, so not sure how these got by. Scheduled scan is set for a time when the computer is off, so I'm going to change that.

Edit: And by "change that" I mean "wait for IT". Can't I have admin rights for my own workstation so I can stay on top of this basic housekeeping?

Gravey, you mentioned a password manager, I recommend LastPass. It's excellent.

For any account where a CC# is involved, I use LastPass to generate (and manage) 12 to 13 character complex passwords, including mixed case, numbers, and special symbols. Of course, I'm not sure any of that helps if you have a trojan on the computer.

I partially blame MS for this, they make it easy for thieves. They should not allow international account location changes without approval from the account owner (like by some kind of phone or email verification). This is what steam recently implemented. Also, it's bullsh*t that MS requires you to have a CC on file to maintain an open gold account, even if the account is paid up. I was told I could turn off auto-renew, but told I could not remove my CC# from the account, unless I want to immediately cancel gold membership and downgrade to silver.

Is MS incapable of implementing a security measure that says "hey this guy lives in Wisconsin, and now someone in Russia has access to the account and is buying $300 worth of MS points. we should totally not allow that". Duh.

Pages