Xbox account hacked rage-all

TheWalt wrote:

I found through my own investigation (and Malwarebyte's Anti-Malware software), that my GFWLive.exe program file was hacked and operating as a spyware program (not sure how it got onto my computer though). Got it quarantined and have changed all my passwords on just about every account I have on the internet. Very disconcerting to be hacked!

Any other details you can give about this? Was a trojan/worm recognized, and if so, what was the name? Could you tell from the file properties when it was added or modified on your computer?

Jeff-66 wrote:

Also, it's bullsh*t that MS requires you to have a CC on file to maintain an open gold account, even if the account is paid up.

I never gave them a credit card, so it's not required to have one in general. Don't know about removal.

I use the cards to do my Gold renewals. Always a sale, too.

Jeff-66 wrote:

Gravey, you mentioned a password manager, I recommend LastPass. It's excellent.

Thanks for the recommendation, Jeff, I've been looking into both LastPass and 1Password. I want some good syncing between Mac and iPhone for myself and my wife: secure, convenient, no-hassle password management.

AV scans came up clear on my Mac and the Windows partition, so: curse you, work computer (presumably).

TheWalt and painthappens, please feel free to post when your investigations are complete. I'll modify the title of this thread to make it the hacked Xbox account catch-all, in the same vein as the WoW hacked account thread (hi, Sally!).

My account actually got hacked a couple of days ago too. Weird...

They basically disassociated by gamertag from my windows live account meaning I could no longer access my own tag. Thankfully, they didn't manage to by an points and the Microsoft people were very helpful on the phone.

Then again, my live account is going to be locked for the next 20-25 days, so that kind of sucks. It's kind of stopped me from wanting to play Xbox at all at this point.

Gravey wrote:
Amoebic wrote:

It wasn't me, I swear! All I did was lolspekk at Clemenstation, and now look at what's happened.

I had my suspicions. The hacker is Russian, so it couldn't have been you, could it, Amoebic—or should I say: Natasha.

Uh...
/smokebomb
/fallbackwardsoutofawindow

This would be a horrible time to lose my Live account, right at the edge of all the fall releases. I'm used to dealing with credit card fraud where getting things fixed is really not that bad in most cases these days, but when they screw with my gaming, I'd get mad.

SallyNasty wrote:
MannishBoy wrote:

What do they do with the points they buy?

Just trying to figure out how they profit from this. It's not like you can give points to other accounts.

I'm sure I'm missing something.

I am glad you asked because I was wondering the same thing.

I just recently got my account unlocked after it had been hacked. It sucks, but I am getting everything refunded. The nice thing is, the idiot who hacked me wasn't the brightest and bought points and games on my account instead of creating a separate account and using the card on file to buy on that account. I have now received black ops, lost planet 2, and NFS: hot pursuit for free.

Also, regarding lost time on live, they were aggressive with giving me codes. I received an initial 30 day code and later received two more codes from them.

MannishBoy wrote:
Jeff-66 wrote:

Also, it's bullsh*t that MS requires you to have a CC on file to maintain an open gold account, even if the account is paid up.

I never gave them a credit card, so it's not required to have one in general. Don't know about removal.

I use the cards to do my Gold renewals. Always a sale, too.

I had this talk with them myself since I wanted to get my cards off of the account after I was hacked. During the time period that your gold sub is active from a credit card, you can't take it off the account. Once the sub is over from that purchase, you can take it off. Why? Beats me.

Amoebic wrote:
Gravey wrote:
Amoebic wrote:

It wasn't me, I swear! All I did was lolspekk at Clemenstation, and now look at what's happened.

I had my suspicions. The hacker is Russian, so it couldn't have been you, could it, Amoebic—or should I say: Natasha.

Uh...
/smokebomb
/fallbackwardsoutofawindow

Little known fact, Molotov Cocktease from the Venture Brothers is loosely based on Amoebic.

Chairman_Mao wrote:
TheWalt wrote:

I found through my own investigation (and Malwarebyte's Anti-Malware software), that my GFWLive.exe program file was hacked and operating as a spyware program (not sure how it got onto my computer though). Got it quarantined and have changed all my passwords on just about every account I have on the internet. Very disconcerting to be hacked!

Any other details you can give about this? Was a trojan/worm recognized, and if so, what was the name? Could you tell from the file properties when it was added or modified on your computer?

Malware identified the file "GFWLive.exe" as a 'Spyware.Agent'. I'm would not have ever identified it myself (modified or added date), since all these online programs go through periodic updates anyway. I didn't have Malwarebytes running at that time, but I did have MSE up and running, and this spyware had no problems getting by that. I also find Microsoft's policy of allowing accounts to be transferred to another country without a phone call most disturbing, and wish they would follow suit on the Steam policy approach. I called Microsoft yesterday to see what's been taking them so long (since it's been 7 weeks since my account was hacked), and the agent said it was taking more time since they had to migrate the account back to the U.S.

obirano wrote:
MannishBoy wrote:
Jeff-66 wrote:

Also, it's bullsh*t that MS requires you to have a CC on file to maintain an open gold account, even if the account is paid up.

I never gave them a credit card, so it's not required to have one in general. Don't know about removal.

I use the cards to do my Gold renewals. Always a sale, too.

I had this talk with them myself since I wanted to get my cards off of the account after I was hacked. During the time period that your gold sub is active from a credit card, you can't take it off the account. Once the sub is over from that purchase, you can take it off. Why? Beats me.

Exactly, that's why I call it bullsh*t. There's NO logical reason for this, since like MB said, those who have gold via a code-card aren't required to have a CC on file. The only thing this benefits is MS themselves, as they know users are more likely to impulse buy if there's a a "press X to BUY NOW" button, instead of the user having to type in a CC#. So basically, MS is trading our security/protection for their profits.

obirano wrote:
SallyNasty wrote:
MannishBoy wrote:

What do they do with the points they buy?

Just trying to figure out how they profit from this. It's not like you can give points to other accounts.

I'm sure I'm missing something.

I am glad you asked because I was wondering the same thing.

I just recently got my account unlocked after it had been hacked. It sucks, but I am getting everything refunded. The nice thing is, the idiot who hacked me wasn't the brightest and bought points and games on my account instead of creating a separate account and using the card on file to buy on that account. I have now received black ops, lost planet 2, and NFS: hot pursuit for free.

Also, regarding lost time on live, they were aggressive with giving me codes. I received an initial 30 day code and later received two more codes from them.

That explains why I have Obirano and "obirano gwj" on my friends list. Which one is the real you?

Bonus_Eruptus wrote:
obirano wrote:
SallyNasty wrote:
MannishBoy wrote:

What do they do with the points they buy?

Just trying to figure out how they profit from this. It's not like you can give points to other accounts.

I'm sure I'm missing something.

I am glad you asked because I was wondering the same thing.

I just recently got my account unlocked after it had been hacked. It sucks, but I am getting everything refunded. The nice thing is, the idiot who hacked me wasn't the brightest and bought points and games on my account instead of creating a separate account and using the card on file to buy on that account. I have now received black ops, lost planet 2, and NFS: hot pursuit for free.

Also, regarding lost time on live, they were aggressive with giving me codes. I received an initial 30 day code and later received two more codes from them.

That explains why I have Obirano and "obirano gwj" on my friends list. Which one is the real you?

Obirano. Back to that account since the issues has been resolved.

Gwflivesetup.exe has, in my dawn of war folder, has been showing on my virus scan for months now. I assumed it was a false positive.

Man, so apparently having my account locked down to forbid purchasing actually means I have no online at all, not even Silver access. I feel so cut off! All alone, no friends list, no Spotlight channel, no demos.

obirano wrote:

I just recently got my account unlocked after it had been hacked. It sucks, but I am getting everything refunded. The nice thing is, the idiot who hacked me wasn't the brightest and bought points and games on my account instead of creating a separate account and using the card on file to buy on that account. I have now received black ops, lost planet 2, and NFS: hot pursuit for free.

Also, regarding lost time on live, they were aggressive with giving me codes. I received an initial 30 day code and later received two more codes from them.

Glad to hear it turned out well for you, obirano! When did you get hacked, and how long did it take to get resolved?

Jeff-66 wrote:

Gravey, you mentioned a password manager, I recommend LastPass. It's excellent.

LastPass it is, got the premium for the iPhone app and enjoying it so far.

I went the LastPass route as well... it's great.

8/11 was when my account was hacked. They got my account fixed about 10 days ago.

obirano wrote:

8/11 was when my account was hacked. They got my account fixed about 10 days ago.

Was your account migrated to another country? Mine was moved to Russia. That's the explanation they're giving me for taking so long on recovering my account.

TheWalt wrote:
obirano wrote:

8/11 was when my account was hacked. They got my account fixed about 10 days ago.

Was your account migrated to another country? Mine was moved to Russia. That's the explanation they're giving me for taking so long on recovering my account.

In soviet Russia, account recovers YOU!

Spoiler:

Yes, yes... It is 2005 Hope it gets sorted soon.

Yeah mine got hacked last week as well. They got the points through PayPal though, and PayPal promptly did a chargeback on MS so I got the money back pretty quickly.

The more annoying thing is waiting to get my Windows Live ID and XBL account back. If this thread is any indication, I'll be waiting for a long time.

And I hadn't logged into either Windows Live or XBL for months and months, so I really don't know how they got it. I do think my home machine is compromised though, so I probably need to wipe it. I use it basically to just play games though, so it rarely sees use for anything sensitive.

They never told me where it was migrated to.

PyromanFO wrote:

If this thread is any indication, I'll be waiting for a long time.

I'm 5 days short of 2 months with no access to my account yet. I have been buying all my games on PC or PS3 because I don't want to play xbox games and not earn the achievements. I have a card for a free download of Alan Wake, which I haven't played, and also can't download that until I get access to my account again as I don't want to tie it to another ID.

Nice article via Neogaf: Games for Windows Live Fraud Victim Told He Can't Be Helped Because He Doesn't Own an Xbox

Guy buys GFWL stuff on PC and later gets hacked, after the usual support run-around is told they can't refund him unless he has an xbox console and to do a creditcard chargeback instead, which leaves him concerned that his account may be banned in the future.

Finally got my account returned to me this afternoon. They did at least give me 2X 1 month codes to make up for the time that was missed. I can't wait to go home and see if it works!

That's good news!!!

I tested my account and it works. Sadly the email address assigned to it is some stupid random letter/number @live.com address. Turns out I can't change it for 30 days, but I guess having access again is worth dealing with typing some were address for a while.

Great news, painthappens!

Were you not able to play on your account at all for two months? I can still connect to my account, play games and earn achievements, and get online and see my friends (I couldn't do the last for a couple days but that was all). I assume I can't play multiplayer since my Gold sub disappeared with the hack, but I haven't tried downloading any demos yet. There are no payment methods attached to my account anymore, and as far as I know I couldn't add any or buy anything for now anyway.

I had my xbox account hacked a couple of months ago, too. Fortunately the CC I had on file had just previously expired, so the guy wasn't able to order any more points, but he did use whatever points were left sitting on my account (just as Summer of Arcade was starting up). Also, he totally f*cked up my avatar -- I think that was the worst part of my experience, other than having to wait 2 weeks for them to restore my spacebux to me.

MannishBoy wrote:

So maybe this is just a way to play some free games for awhile, assuming that the real owner doesn't notice for a bit?

Just an odd scam.

Remember, all purchases made on a given xbox are playable from ANY account logged into that xbox; not just the account that made the purchase.

So sorry to hear about this Gravey. Now I'm starting to feel a bit paranoid about my account. Did they mention any steps you can take to prevent this aside from just monitoring for unusual transactions?

merphle wrote:

Remember, all purchases made on a given xbox are playable from ANY account logged into that xbox; not just the account that made the purchase.

Maybe that's it, but that's still a lot of work for free games, especially when you could have just hacked the console and pirated them in the first place.

Ballotechnic wrote:

So sorry to hear about this Gravey. Now I'm starting to feel a bit paranoid about my account. Did they mention any steps you can take to prevent this aside from just monitoring for unusual transactions?

Password security on your Live account, and actually checking the account to watch for email confirmations. Even if you don't use the account for anything else, you could probably figure out a way to pull only the MS mail into whatever account you do use.