Xbox account hacked rage-all

Between getting my xbox/Live account hacked, and seeing subsequent intrusions over the past couple of weeks on a variety of other sites I've used across the internet (the latest was Facebook this morning, which I don't really care about other than not wanting some douchebag posting crap as me), I manned up and switched all of my passwords over to LastPass. I have to admit, I was very hesitant about migrating to LastPass, despite all of the positive words offered by all of you here, simply because I was worried about the hassle of it all... but it only took me about 2 hours or so to migrate 20-30 accounts in, including giving them each unique randomly-generated passwords, and now I feel much more secure.

A couple of interesting observations about this ordeal:

1) Facebook automatically disabled my account this morning while the intruder was logging in, because it detected a change in geographic location on the client connection (I'm in MA, the intruder was in CA). They're the only site that did anything remotely close to this. Good job!
2) A couple of relatively big-name sites (including GWJ) didn't send me a notification email me when I changed my password. Bad job!

MannishBoy wrote:
Ballotechnic wrote:

So sorry to hear about this Gravey. Now I'm starting to feel a bit paranoid about my account. Did they mention any steps you can take to prevent this aside from just monitoring for unusual transactions?

Password security on your Live account, and actually checking the account to watch for email confirmations. Even if you don't use the account for anything else, you could probably figure out a way to pull only the MS mail into whatever account you do use.

Yeah, with LastPass now I can easily change the password regurlaly.

Otherwise there doesn't seem to be much else that can be done to prevent hacks. I may not re-add any payment methods when my account is restored and instead rely on cards, depending on how confident I'm feeling by that point.

Huh, so it seems I can still play online. I've just been re-visiting Burnout Revenge single-player since I thought I was cut off and tried multiplayer just to see what would happen, and I got in a game and played no problem. Not sure why, but maybe I can still hit rank 35 in Dirt 3 multiplayer before my sub was set to expire next week anyway.

Also since my region is changed, I can download European demos. I'm grabbing WRC 2010 right now. Any other recommendations?

As they say, when life gives you region-specific lemons, download heretofore unavailable lemonade.

Gravey wrote:

Huh, so it seems I can still play online. I've just been re-visiting Burnout Revenge single-player since I thought I was cut off and tried multiplayer just to see what would happen, and I got in a game and played no problem. Not sure why, but maybe I can still hit rank 35 in Dirt 3 multiplayer before my sub was set to expire next week anyway.

Also since my region is changed, I can download European demos. I'm grabbing WRC 2010 right now. Any other recommendations?

As they say, when life gives you region-specific lemons, download heretofore unavailable lemonade.

Those words have guided me my whole life.

PayPal has refunded my money, and on a weekend too, so that's the first half taken care of. Now it's just matter of waiting on MS, and possibly learning some Russian in the meantime.

Gravey wrote:

Great news, painthappens!

Were you not able to play on your account at all for two months? I can still connect to my account, play games and earn achievements, and get online and see my friends (I couldn't do the last for a couple days but that was all). I assume I can't play multiplayer since my Gold sub disappeared with the hack, but I haven't tried downloading any demos yet. There are no payment methods attached to my account anymore, and as far as I know I couldn't add any or buy anything for now anyway.

No access at all for two months. I'm still short by about 3600 microsoft points. I don't expect to get those back either. I had I think 3600 before the hack. Now I have 360. I placed a call and they have no record of the points. I assume they are lost forever.

painthappens wrote:

No access at all for two months. I'm still short by about 3600 microsoft points. I don't expect to get those back either. I had I think 3600 before the hack. Now I have 360. I placed a call and they have no record of the points. I assume they are lost forever.

I just looked at my account on their website, and you can get data going back a year on points transactions on accounts. So I don't see how that wouldn't show up for them.

I'm on week 9... no Xbox live access for me. Have yet to be contacted by Microsoft, though they said they would update me once they started making progress on my case. I guess they're still not making any progress.

Good lord there's a lot of you guys getting your xbox accounts hacked. I would love to know what the common denominator is ... e.g. weak passwords, trojan, etc. Are all the intrusions mentioned thus far originating from Russia?

Also, glad to see some new LastPass converts, such an excellent tool.

Haven't tried LastPass, but I love KeePass. I never realized how much sh*t requires a user name and password from me, though...

Jeff-66 wrote:

Good lord there's a lot of you guys getting your xbox accounts hacked. I would love to know what the common denominator is ... e.g. weak passwords, trojan, etc. Are all the intrusions mentioned thus far originating from Russia?

Also, glad to see some new LastPass converts, such an excellent tool.

Mine was transfered from the US to Canada.

Jeff-66 wrote:

Good lord there's a lot of you guys getting your xbox accounts hacked. I would love to know what the common denominator is ... e.g. weak passwords, trojan, etc. Are all the intrusions mentioned thus far originating from Russia?

Also, glad to see some new LastPass converts, such an excellent tool.

As I wrote earlier, I'm pretty sure mine was due to a weak password, shared among a number of sites. I think I remember seeing an email from very early this year (from nexon.net, I believe -- that's Maple Story, right?) about my password being changed, or something. I didn't pay much attention to it, unfortunately. I suspect that someone either hacked/guessed my password there, or they had some sort of data breach... but I have no proof either way.

Resolved! (Mostly). Got my account recovery e-mail, 230 MS points in the bank, and 2 free months of Live. But my region is still Russia. Called support, and the guy said they'll switch it back to Canada in the next 1-2 weeks (or failing that, transfer everything to a new account—not entirely sure what that means ). When that's taken care of, I'm going to reward myself with some new Nirvana Rock Band DLC. Possibly bought with a points card. Definitely not going to be bought in rubles.

I hope anyone else still waiting for their accounts to be recovered get resolution soon!

Gravey wrote:

Resolved! (Mostly). Got my account recovery e-mail, 230 MS points in the bank, and 2 free months of Live. But my region is still Russia. Called support, and the guy said they'll switch it back to Canada in the next 1-2 weeks (or failing that, transfer everything to a new account—not entirely sure what that means ). When that's taken care of, I'm going to reward myself with some new Nirvana Rock Band DLC. Possibly bought with a points card. Definitely not going to be bought in rubles.

I hope anyone else still waiting for their accounts to be recovered get resolution soon!

Congrats!

Hopefully they'll get the rest of it sorted soon.

How to prevent your xbox live account from being hacked:

an interview with the director of public policy at MS/XBox (~12 minutes)

I decided I'd rather be safe than sorry after reading this thread, so I called Microsoft to get my credit card removed from my account. My Gold subscription was still good up until February and, like many have said, your subscription is somehow tied to the card you bought it with.

They can, in fact, take the card off the account before your subscription is up, though. What Randy (the helpful gentleman I spoke with) did was remove my card, cancel my Gold account and then send me Live Tokens in my email for the 4 months of Live I still had left.

So, less than 5 minutes after getting it all squared away, I'm back on Live and playing Gears 3.

So, if you want to remove your credit card, but still have Gold account time left, you won't lose any.

skeletonframes wrote:

I decided I'd rather be safe than sorry after reading this thread, so I called Microsoft to get my credit card removed from my account. My Gold subscription was still good up until February and, like many have said, your subscription is somehow tied to the card you bought it with.

They can, in fact, take the card off the account before your subscription is up, though. What Randy (the helpful gentleman I spoke with) did was remove my card, cancel my Gold account and then send me Live Tokens in my email for the 4 months of Live I still had left.

So, less than 5 minutes after getting it all squared away, I'm back on Live and playing Gears 3.

So, if you want to remove your credit card, but still have Gold account time left, you won't lose any.

That's pretty interesting. The last time I called to do that, i was told "no way whatsoever" would they remove my CC# from Gold account, and that if I wanted it removed, they'd downgrade me to Silver. That was earlier this year though. I wonder if they've changed their policy with this wave of stolen accounts, or if you just happen to get a nice sales rep.

Jeff-66 wrote:

How to prevent your xbox live account from being hacked:

an interview with the director of public policy at MS/XBox (~12 minutes)

Good video, not too much revelatory (don't give out your password, use a password management app, use security questions, tie your phone number to your Live account, enable Trusted PC, check your statements regularly). Towards the end of the video, they mention billing.microsoft.com, which I found to be pretty invaluable in my case: there's a complete history of the hack, including the hacker's personal account he attached, and everything he did.

Stepto is also right about calling it a "hack", and I have to say I felt a little silly calling Xbox CS as a 31-year-old man to say what must sound like, "Oh noes, my account was teh haxed!" But it's still a good shorthand. "Hijack" would work as well.

Does anyone know if I can just make a new account on my Xbox and use that until my regular account is put back? They did ask for my console's serial number and some other number, so I don't know if my machine itself is locked down or just my Sarbeth account.

I'd sure love to be playing some games right about now, even if it's on a temp silver account.

Coolbeans wrote:

Does anyone know if I can just make a new account on my Xbox and use that until my regular account is put back? They did ask for my console's serial number and some other number, so I don't know if my machine itself is locked down or just my Sarbeth account.

I'd sure love to be playing some games right about now, even if it's on a temp silver account.

That's exactly what the CS guy suggested I could do while I waited: sign up for a new account with its free month of Gold to continue playing. (As it happens, neither my account nor my Gold sub were interrupted during the investigation, so I was able to keep playing as normal.)

Gravey wrote:
Coolbeans wrote:

Does anyone know if I can just make a new account on my Xbox and use that until my regular account is put back? They did ask for my console's serial number and some other number, so I don't know if my machine itself is locked down or just my Sarbeth account.

I'd sure love to be playing some games right about now, even if it's on a temp silver account.

That's exactly what the CS guy suggested I could do while I waited: sign up for a new account with its free month of Gold to continue playing. (As it happens, neither my account nor my Gold sub were interrupted during the investigation, so I was able to keep playing as normal.)

Well I'll try that. I might get a small 30-day Gold membership so I can play online or download demo's.

OKay, made my temp account. My gamertag is AidedDiamond567. Feel free to add me to your friend list if Sarbeth was on your list as this is what I will be on for a few weeks.

After 7 years, sure looks weird to see that gamerscore of 0.

Coolbeans wrote:

After 7 years, sure looks weird to see that gamerscore of 0.

That is the stuff of nightmares.

SallyNasty wrote:
Coolbeans wrote:

After 7 years, sure looks weird to see that gamerscore of 0.

That is the stuff of nightmares.

Tell me about it! And I was just a couple hundred points from 50k.

Now I have about 40...

Just thought I'd chime in here too. My account was also compromised and changed to Russian with two 5k MS Point packs purchased. Still chasing my CC company for the chargeback but when I spoke to MS originally, they gave the impression that:

I wont be able to access the account for 30 days
It's almost certainly going to stay Russian (apparently the 1 change per year rule is "set in stone" to quote them)
I may not get the account back at all

I can still log into it but it sounds like they want to just nuke the account entirely.
It was compromised on the 17th of August, I phoned them on the 18th, they said they'd get back to me in a month. Still nothing.

Oh, and for anyone wondering what they puchased with the stolen funds:

17/08/2011 Kane Lynch: Dead Men -- Game -320Microsoft Points --
17/08/2011 Fallout 3 -- Игра -400Microsoft Points --
17/08/2011 FlatOut UC PC -- Игра -400Microsoft Points --
17/08/2011 AC Brotherhood Deluxe -- Игра -1,360Microsoft Points --
17/08/2011 SplinterCellConviction -- Игра -1,600Microsoft Points --
17/08/2011 Virtua Tennis 4 -- Игра -800Microsoft Points --
17/08/2011 Call of Duty: WaW -- Игра -800Microsoft Points --
17/08/2011 RIFT™ -- Игра -1,200Microsoft Points --
17/08/2011 RIFT™ CE -- Игра -1,600Microsoft Points --
17/08/2011 AC Brotherhood -- Игра -1,200Microsoft Points --
17/08/2011 Fable III -- Игра -1,200Microsoft Points --
17/08/2011 Points added View Points 5,000Microsoft Points --
17/08/2011 Points added View Points 5,000Microsoft Points --
Enverex wrote:

Just thought I'd chime in here too. My account was also compromised and changed to Russian with two 5k MS Point packs purchased. Still chasing my CC company for the chargeback but when I spoke to MS originally, they gave the impression that:

I wont be able to access the account for 30 days
It's almost certainly going to stay Russian (apparently the 1 change per year rule is "set in stone" to quote them)
I may not get the account back at all

I can still log into it but it sounds like they want to just nuke the account entirely.
It was compromised on the 17th of August, I phoned them on the 18th, they said they'd get back to me in a month. Still nothing.

That is ridiculous! Why in the world would it have to stay Russian?
I'm going to have a pretty low tolerance for this. If they can't fix this to my satisfaction, I will ditch my 360 on Ebay with all my games and stick with the PC/PS3. You act like you either want my business or you don't.

Enverex wrote:

Oh, and for anyone wondering what they puchased with the stolen funds:

17/08/2011 Kane Lynch: Dead Men -- Game -320Microsoft Points --
17/08/2011 Fallout 3 -- Игра -400Microsoft Points --
17/08/2011 FlatOut UC PC -- Игра -400Microsoft Points --
17/08/2011 AC Brotherhood Deluxe -- Игра -1,360Microsoft Points --
17/08/2011 SplinterCellConviction -- Игра -1,600Microsoft Points --
17/08/2011 Virtua Tennis 4 -- Игра -800Microsoft Points --
17/08/2011 Call of Duty: WaW -- Игра -800Microsoft Points --
17/08/2011 RIFT™ -- Игра -1,200Microsoft Points --
17/08/2011 RIFT™ CE -- Игра -1,600Microsoft Points --
17/08/2011 AC Brotherhood -- Игра -1,200Microsoft Points --
17/08/2011 Fable III -- Игра -1,200Microsoft Points --
17/08/2011 Points added View Points 5,000Microsoft Points --
17/08/2011 Points added View Points 5,000Microsoft Points --

Those prices make me want to be Russian for a bit. 400 pts for Fallout 3? 1,200 points for Fable 3? Those games are both still $30 (2,400) points on Games On Demand.

Enverex wrote:

I wont be able to access the account for 30 days
It's almost certainly going to stay Russian (apparently the 1 change per year rule is "set in stone" to quote them)
I may not get the account back at all

That's bizarre. It seems like everyone is getting a slightly different experience—my region didn't get changed back from Russia to Canada when the investigation finished, even though that was one of the things I mentioned in my call, but when I called back they told they'll fix that as soon as they can.

So here's my question:

I can't access many of the Xbox Live Arcade titles I downloaded unless I am signed into the account that got hacked. Even if I could, all the settings and saves are tied to that account. What good is it to create a new Gamertag and not have access to the stuff you spent countless hours playing?

Follow up:

What happens if they have to nuke my account? I better damn well be able to get access to the things I purchased.

Second Follow Up:

What about EA Sports and their stupid online pass? Is it tied to my Gamertag or my Xbox?