[UPDATE] Amateur Sleuth Uncovers Xbox Live Hacking Scheme

[UPDATE] Amateur Sleuth Uncovers Xbox Live Hacking Scheme

image

Tired of having her Xbox Live account hacked, one user decided to do a bit of detective work and what she found might worry you.

Jerks trying to swipe your precious identifying information is a reality of the modern world. It's like the Internet Age equivalent of shady cockney thugs picking pockets on the crowded streets of London, only less anachronistically adorable. If you take Microsoft's word for it though, the problem, while real, is very minor when it comes to Xbox Live. Accounts do get hacked, but it's all insignificant, isolated incidents, the company would have you believe.

One Xbox Live user -- we'll call her "Susan," as that seems to be her name -- has a different take on the issue.

Susan has been the victim of repeated Xbox Live account hacking, and in trying to contact Microsoft to have the issue resolved has been met with inaction and unhelpful advice. In an effort to document this whole process, she created a Tumblr appropriately dubbed "Hacked On Xbox," that as of yesterday went from "depressing" to "maybe we should all change our Xbox Live passwords, like, right now."

Following Microsoft's inability to freeze her account (which had racked up over $300 in illegitimate charges), Susan logged onto the service recently to find a name she vaguely recognized sitting atop her Friends list. Thinking back, she realized that this was the same username that appeared on the email confirmations she'd received when Microsoft points were purchased on her account and then immediately transferred out. Like a less thrilling Batman, Susan decided to seek justice on her own and sent the user a friendly message.

Long story short, by conversing with this person, Susan discovered that the account had been purchased on the black market, and that her own hacking was seemingly part of an organized effort to accumulate Microsoft points via illegal hacking. These points are then sold to third party buyers at a price point designed to undercut Microsoft's official points sales, which still nets the hackers a hefty profit since they never paid for the points in the first place.

I'd recommend reading the entirety of Susan's tale via her Tumblr (which includes lots of photographic/screengrab evidence of her claims), if only to get a taste of just how frustrating this kind of thing can be, but before you do that, you should probably double check to make sure all your crucial online details are locked down tight. Also, if you think buying a gun would make you feel more secure, I won't stop you.

UPDATE: According to Giant Bomb, Microsoft's higher ups have been made aware of Susan's situation, have finally locked her account, and are in the process of issuing a refund for the cash she lost.

Source: Hacked On Xbox

Permalink

Thanks for the heads-up. I just got a little worried, since my XBL has been inactive for more than 6 months, but all's well. Just have to change that password now.

Maybe Microsoft will take a look at this with it in the public eye. I love whistle-blower stories like this.

Not really surprising, criminal enterprises evolving is to be expected. Funny how all it took was one diligent user to uncover this operation.

I guess that just goes to what can happen when you think...
image
...Inside the (X)box

And thus the folly of having your own currency system is exposed.

Now to see what MS will do about it, if anything.

More the folly of leaving security up to users.

gigastar:
And thus the folly of having your own currency system is exposed.

Now to see what MS will do about it, if anything.

Try to cover everything up I bet.

I'm actually sending this article to them with a letter. They are more than glad to do transactions without a password and put credit cards on without a password and set auto-renew without a password but when you want to take it off or stop the auto-renew you need a password. I was prevented from using a new 360 slim bc I couldn't transfer my account over without a password which I don't remember and I can't reset due to MSoft being tardier than tardy the turtle.

Hm, didn't know this was this big of an issue. I've been waiting since November for two of my friends' accounts to be unlocked. One of them got hacked, and now both of them have to wait because they had my card used on their accounts, only months before, mind, and MS is dragging their heels on fixing it. Last time the tech said flat out the the previous TWO techs had neglected to input anything important in my case file (you know, like the fact that they were my friends and I had intentionally used my card info to buy them things in the past) before passing it on. I'm considering calling them tomorrow...

Her case would be interesting if she told us what her password was, and if it was a strong one. As it is the most reasonable assumption is that she was using a weak password.

Earnest Cavalli:

Jerks trying to swipe your precious identifying information is a reality of the modern world. It's like the Internet Age equivalent of shady cockney thugs picking pockets on the crowded streets of London, only less anachronistically adorable.

I can tell you, shady cockney thugs are not in any way adorable... They'd shank you before you get to the firs 'w' in 'awwwww'!

Watch 'Attack the Block', the Chavs vs Aliens film, and you will see!

As for the Xbox hacking, so it sounds like you should make sure you only add friends that you know, and then check you account regulary for any rogue purchases or dodgy new friends appearing?

DeanoTheGod:

Earnest Cavalli:

Jerks trying to swipe your precious identifying information is a reality of the modern world. It's like the Internet Age equivalent of shady cockney thugs picking pockets on the crowded streets of London, only less anachronistically adorable.

I can tell you, shady cockney thugs are not in any way adorable... They'd shank you before you get to the firs 'w' in 'awwwww'!

Watch 'Attack the Block', the Chavs vs Aliens film, and you will see!

As for the Xbox hacking, so it sounds like you should make sure you only add friends that you know, and then check you account regulary for any rogue purchases or dodgy new friends appearing?

Thank you. I hate hearing the stereotype of adorable cockney pickpockets because most people who do that anywhere would just beat you up/murder you, why is London (and usually by extension Britain because to America and many other places, Britain is made up of cockneys and the royal family) exempt from this?

On the hacking though, it's good to here that she's getting her money back but did it have to take her going to the news about it and doing her own investigation about it? Evidently, yes.

At least it is well documented this time. This has been happening quite a bit the past few months on Live.

There are sites that advertize these accounts for as low as 8 to 10 dollars. From what I've been reading Microsoft has been banning accounts and consoles of anyone found to be dealing in account fraud.

Good on Susan. Nice to see someone doing something about this, it'd be nicer if Microsoft did something about this, but eh, take what you can get.

Good thing I don't accept friend requests from people I don't know, nor do I play online all that much. It makes me feel safer at any rate.

It's sad how often users need to start a blog, accrue press, and amass a following before "the higher ups" will take note of these issues. Why should it be the threat of bad press that moves them to action as opposed to the threat of a customer being stolen from?

Also, what bizarre luck(?) that the guy was just willing to write her back and incriminate himself and the entire black-market sales ring.

Microsoft should be fined for this. It's bullshit that we allow big corporations to get away with lying to their customers.

nice to see what one single person can do, but sad that it took a shitstorm for microsoft to get off their ass

Now that a spotlight has been shone down on this problem, Microsoft will do everything in their power to make sure it gets sorted out in a very short amount of time. It's funny (not ha-ha funny) that in order to get a company to perform a service that by rights should be a no-brainer, that you have to publish your incident for the whole world to see.

In reading her blog about what has happened, I was starting to feel better for her once Microsoft started listening -- until I got to the latest update posted today, which says after all they've done for her, she's been billed [hacked?] AGAIN for another $80.

For shame, Microsoft. For shame.

So the Microsoft forums site is currently being hacked by Team Diversity. It's strange watching the back and forth.

I wondered how people sold cheap ms point on mercadolibre (ebay latino equal). and they tell you to spend them in less than 4 hours, not sure why.

gigastar:
And thus the folly of having your own currency system is exposed.

Now to see what MS will do about it, if anything.

Close what you can.

Ban the rest.

Deny there was ever a problem.

Problem: SOLVED.

Ariyura:
So the Microsoft forums site is currently being hacked by Team Diversity. It's strange watching the back and forth.

Wait, why is it being hacked? And who is this group?

Pinkamena:

Ariyura:
So the Microsoft forums site is currently being hacked by Team Diversity. It's strange watching the back and forth.

Wait, why is it being hacked? And who is this group?

The group was TeamDiversity, and they were just putting up videos and ads back to them about what they could do and to check them out on Twitter and Youtube. But they took the site offline for a little bit and now everything is back to normal.

 

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here