Xbox account hacked rage-all

I had a trojan on my work computer, so I'm guessing it might have been that. But now that merphle mentions it, I did also have a PSN account and had probably used the same username and password—I don't even remember.

No idea for me. I've run complete system scans of both my desktop and laptop, without finding anything. My password had a maximal strength rating when I checked with Lastpass, so I doubt it was a brute force. I don't recall putting my LIVE ID into any gaming site, and I sure as hell wouldn't have put my password into it given my baseline security paranoia.

Given the sheer number of compromised accounts, and the nearly identical fraudulent behaviour (i.e. FIFA), it would seem logical that this is most likely an attack from a single person/group, using either an undisclosed security loophole in one of the online systems (LIVE itself, or an affiliated major publisher) or--most terrifyingly--an exploit built directly into one of Arcade games. It would be interesting to see if there's a single common denominator between all of the compromised accounts, game-wise.

Account recovered! Happy days!

TheWalt wrote:

Account recovered! Happy days!

Woo hoo!!!!!!!

I was hacked the day Gears 3 came out, and I got hit for about $100 in points transactions on my college card. Now I've just gotta wait until December 1st to get my points back and restore my gamertag, but in the meantime my account was restored a few weeks back and I can play online again until mid-december, at which point I'm moving to a place where there's no internet outside of wireless and satellite

Just got my account back, with two free months of LIVE. Hurrah!

Still waiting on getting my region changed back. I called Xbox today and they said it's still being processed, apparently there's a big hold-up on transferring all the licenses, and it could be another month, up to three months—possibly a year. A year! I'll be able to change it back myself on the website in nine months.

I bought a points card yesterday for the Rock Band and Forza DLC that comes out tomorrow, but of course the code isn't even recognized, bought as it was in Canada and my Xbox believing itself to be on the other side of the Arctic.

Anyway. As mentioned before, it's utterly baffling that it's so easy to change your region one way—it's instantaneous and doesn't even require an e-mail confirmation—but apparently so difficult and time-consuming to get it changed back again. I better be up to my eyeballs in free 30-day codes when this is resolved.

That stinks man. Hope it all gets worked out for you.

trueheart78 wrote:

That stinks man. Hope it all gets worked out for you.

Thanks. Not being able to play all today's new Queen is killing me, almost enough to re-attach my credit card—but that would be an excessively silly thing to OH GOD I WANT TO PLAY QUEEN

I got hacked the other day -- 3200 points spent on FIFA trash, but no credit card charges, fortunately.

I got an interesting email from Square-Enix today letting me know that their servers had been compromised as of Dec. 12th, which lines up neatly with the timeline of attacks since.

Update: I'm locked out of my account now -- guess they're working on the issue. If I earn achievements while offline, will they be negated when my account is restored?

Are you playing games on your profile, you just can't login to Live? If so, then you'll keep any achievements you earn. If you're just on a generic local profile, rather than playing as Clemenstation offline, then those achievements will be lost.

ClockworkHouse wrote:

Are you playing games on your profile, you just can't login to Live? If so, then you'll keep any achievements you earn. If you're just on a generic local profile, rather than playing as Clemenstation offline, then those achievements will be lost.

Yep, I can still use my profile -- just offline. Thought maybe there was a chance that they would 'reset' my account back to the day before the hack occurred, or something like that. Glad to know I can still play Skyrim in the interim!

Add me to the hacked accounts list. 8000MS points bought, plus an existing stash spent on PREMIUM GOLD JUMBOS for Fifa.

So annoyed there's nobody I can call to get this dealt with immediately.

Son of a crap. Pull up a chair, Stylez...

Heh, if the FIFA people don't get penalized for false purchases, it'd be a great racket to hire hackers and pay them part of the proceeds from fraudulent DLC purchases.

Well, logged my ticket and begin my wait. How has this Fifa stuff not been pulled from the marketplace until they figure out a better way to do this? You should not be able to trade purchased items between consoles/accounts.

Well, even though I've never played FIFA, looks like it's time for a much stronger password.

BATman123 isn't secure?

Bonus_Eruptus wrote:

Well, even though I've never played FIFA, looks like it's time for a much stronger password.

Good luck, length seems to be limited and it doesn't like "certain characters", which I believe includes spaces. Can't find a clear explanation.

Length is limited to 16 characters.

trueheart78 wrote:

Length is limited to 16 characters.

And no spaces.

Good to know my Technet subscription is guarded by such robust security ...

ClockworkHouse wrote:

BATman123 isn't secure?

I see you, comrade.

Clockers gonna socc.

I still suspect the culprit is not simple password guessing, but something else more systematic in XBL.

Quintin_Stone wrote:

I still suspect the culprit is not simple password guessing, but something else more systematic in XBL.

I'm with you there. This is far too widespread with too many security-aware people hit to be simple password guessing.

Clock and I agree! World ending in 2012 for sure.

ClockworkHouse wrote:
Quintin_Stone wrote:

I still suspect the culprit is not simple password guessing, but something else more systematic in XBL.

I'm with you there. This is far too widespread with too many security-aware people hit to be simple password guessing.

This. My password was absolutely gobbledygook, albeit only being 8 characters long, but it contained a mix of upper and lower case characters, and numbers. The only way that was cracked was either brute-force (unlikely) or somehow their password service is compromised. I sure as hell didn't enter the password into any other site.

What's concerning is what seems to be a complete failure of the security folks to make people aware of this vulnerability. How many less tech-savvy people simply won't notice a FIFA charge appearing on their account? I'm betting there are a lot of compromised accounts right now that no-one is aware of.

I had my account hacked about 6 weeks ago, and about $250 worth of charges were made. All of the charges were straightened out, and I got it back last week, but I only have 160 MS points now. I had around 5000 points before the hack.

I told them about my existing point balance during the initial investigation to recover my gamertag, but now they're telling me my account could be locked for an additional month to investigate the missing points if I chose to do so. Is there no simple way to see my past transaction history? I'm not too thrilled about an additional month of being locked out for the possibility of recovering these points.

Coldstream wrote:
ClockworkHouse wrote:
Quintin_Stone wrote:

I still suspect the culprit is not simple password guessing, but something else more systematic in XBL.

I'm with you there. This is far too widespread with too many security-aware people hit to be simple password guessing.

This. My password was absolutely gobbledygook, albeit only being 8 characters long, but it contained a mix of upper and lower case characters, and numbers. The only way that was cracked was either brute-force (unlikely) or somehow their password service is compromised. I sure as hell didn't enter the password into any other site.

What's concerning is what seems to be a complete failure of the security folks to make people aware of this vulnerability. How many less tech-savvy people simply won't notice a FIFA charge appearing on their account? I'm betting there are a lot of compromised accounts right now that no-one is aware of.

Seems to me that although Sony f**ked up at least they took down the PSN and (apparently) sorted out the problem. Microsoft are just continuing on with business as if nothing happened or is happening.... same story with the RRoD for around a year before they were forced to admit it.