Microsoft, Fix Your Security Problems

My account got fixed eventually after 3 different investigations. I had to complain to the BBB to get my account finally fixed. Now I have xbox live gold free for 13 months. For the 6 months of inconveinence.

@BryanParksSuper Reading and reading comprehension obviously isn't your strong suit 'kid'. Let me see if I can provide a more simplistic explanation that you can follow: o XBox 360 Security Bad o PS3 Security Good (accounts not hacked)Hopefully you can decipher that complicated explanation. :)As I said before, if it were a phishing scheme it would be affecting both systems, not just one. Both XBox 360 / PS3 require you to use an email to register and thus both would be susceptible to phishing schemes. Yet it's only on the XBox 360 that people are experiencing problems.

@valdarez It's a Scam 360 people are doing. Read the article again. It doesn't mention PS3. Get ur facts straight before sending a PM kid.

@BryanParksSuper Exactly, it's not happening on PS3. If it were a phishing scheme, it would work on BOTH systems, not just Microsoft.

You people give out ur info that's the only way to get hacked. Xbots never learn. If think the Email is fishy don't open it. This doesn't happen to PS3 Version of FIFA 2012. MS security sucks. They don't even care.

Has anyone come across a single example of a phishing attack? Something that is non-email in nature? An article or link to one?

Got hacked and lost all microsoft points. My credit card attached to my account expired a few months ago, so I lucked out on that near disaster. Let's see if I am able to get my account with all the achievements back in a few weeks or send my sob story to http://www.hackedonxbox.com/

Got hacked. January 14, 2012. Cash and points stolen. FIFA 12 on my list. Very dissapointed.

@DireBadger :/ some of us have both PSN and Xboxlive accounts, just saying.

When PSN went down for about a month, Xbox users taunted mercilessly. Now we see Microsoft isnt any better, but at least its free on PS3.

@djjman Read the link, no way the password I used was brute force hacked. It'd take years to do it. Plus, the brute force hack doesn't explain the oddness we were seeing with the force login not working on the console. Whatever was done to the account, there was no way we could force a password check on the XBox 360 console after the hack even after changing the setting on the console itself and restarting. The XBox 360 support staff didn't know what to say.... other than 'that shouldn't be happening'. No kidding... lol

@djjman Haven't read your article/link yet, but my guess was that when you download the profile, the check is in the profile itself as you can turn it on/off on the console itself. Figure if they find the right bit, change it, then they can use the service without ever logging in. Just a SWAG though. If it's that easy to do though, Microsoft should get the hell sued out of them, especially after what Sony/PS3 went through with their security breach.

@gcfreak898 How did you learn your account was migrated to Brazil? Mine was hacked on 1/11, but when I viewed the console that last logged into it, the date was 1/12, which led me to believe it was done overseas as the date was a server date (meaning not based on someone's console date setting).

@Maximum_Evil77 Whatever, no way anyone guessed my password, or that I fell victim to a social network 'hack'. There is a security issue and sooner or later Microsoft is going to have to fess up to problem. IMHO they haven't figured it out yet. Microsoft has NEVER been good on the security side.

@Aeriscloud99 Yes, the account is locked now, but it didn't lock right away. The support staff sent it to the investigation team which locked it. The support person said it should be locked when I was on the phone, but it took a couple of hours before it kicked me off XBox 360 and nearly a day before I was unable to log into my hotmail account. So it definitely didn't lock right away. Ironically, though my account is locked, I have not received an email to that effect yet.

It's a decent article with some nice points, but all that I'm taking away from it is that people need to either make harder passwords or not take part in such shady behavior like trying to trade gamertags and what-not. I mean, yeah, MS could do some things to make this even safer for the consumer, but to me it still sounds like the main problem is that people are just not thinking and making poor decisions when dealing with their passwords and interacting with shady people.

@ djjman Just followed your link and idk if I should laugh or cry. Specially after all the SW treads about the PSN outage, and how MS service is paid but it's solid and something like that would never happen. By the sound of it even I can cook up a script that would do that and I'm no hacker.

@Valdarez Has Microsoft locked your account, They told me they would lock mine, I even recieved an email about it, yet I can still log in. This is quite troubling.

This just happened to me 2 days ago, Microsoft needs to act now, instead of acting like nothing is happening.

Before anything I have to say this must be one of the worst written articles I've ever seen on gamespot. I think the main point in this is, how the hell are people getting the passwords and how can MS say that's not a security problem? And Mr Brendan Sinclair, this isn't 2008 where you can bash the PS3 like you did on your last remark. Amazing how every bit of bad luck Sony comes across is instantly used to bash and radicalized the product/service, but when MS does little things like delete forum threads about FM3 bugs and inducing RRODs, that just gets a free pass.

Someone migrated my account to Brazil on Aug28th2011 then used my credit card attached to my account to purchase 133 dollars worth of gamerpoints(11,000). This issue is still not resolved I was overseas when this happened and I was serving my country. This is how a xbox live gold member gets treated. I've been a gold member since FEB2006 this is how I get treated. The issue still isn't resolved and the representatives on the phone assure me their team is doing the best they can to fix my account. Poppy Cock this issue should have been fixed by now I refuse to redeem the two gold pass codes for another account. I want my original account fixed this is a big head ache. I suggest that everyone on xbox live remove their credit cards and turn auto renew off. Always buy the 12 month gold cards from the store and ms points cards from the store. Then, change your account password to something unique. This xbox live security is a joke and they should take it serious instead of blaming it on "FIFA" EA game to cover up the breach of security. Microsoft should tighten up their security.

You guys need to read this as I've been trying to tell MS where the problem is... these guys interviewed me and the word is now out @ valdarez your correct my friend but I bet you would never guess where they did it. http://www.analoghype.com/video-games/xbox-360-video-games/xbox-live-vulneribility-exposed-microsoft-ignored-the-truth/

@Daemoroth Software developer myself, and use the same when creating passwords. There was no way for my password to be guessed, or brute force hacked, but they did it. The username/password is not used anywhere else either, which is why I believe this to be a Microsoft security issue. This is the only time any username/site I've been on has been hacked in nearly 20 years of online usage.

@RandomAssZero Good question. The social hacking explanation from M$ is pure bunk. There's a security flaw that the hackers have found that Microsoft either isn't fessing up to, or worse, doesn't know/understand yet.

got my xbox live back and was happy with gettin 2 months live for free but just literaraly had 6000 points / £51 taken from my paypal. worse thing is i had to add my paypal account as microsoft said they couldnt access my details without my old card details or a paypal account number. so i only added it to sort out the previous hack where they stole 2400 points

im confused...... how did these hackers get the passwords for thr usernames in the first place?

Just had my XBox 360 Account hacked. Used 4000+ points to buy Fifa 12 cards. Thankfully my credit card was out of date. Called support and they said my account had to be locked while they 'investigated', which should take 25+ days. *sigh* Thankfully I have my PS3 to play in the mean time. One thing we found while working with xbox 360 support was that even though I changed my password, and waited up to an hour after the change synch, the xbox 360 would never require me to enter my password. We even changed the setting on the console to force a password request every time for the account, but it would auto-login on each and every attempt effectively ignoring the password change and force password request. IMHO that is the security flaw that's been exploited on the XBox 360's. Somehow the hackers have disabled the password check for the account, effectively allowing auto-login on an XBox 360 console.

u can take ur credit card off there is a way round it make paypal account take credit card of then take off microsoft of trusted site on paypals end

someone hacked my account at 12:20 on the 1/1/12 mircosoft have shut me out of my account since then the hacker has put fifa 12 on my account and spent my microsoft points and charged 4000/1600/400 microsoft points to my paypal account... paypal has refunded me the money but my bank account was over so have to pay bank fees.... microsoft have not given me any info on what is going on with my account...

Any company that denies you the ability to remove your credit card information from their servers is blatantly corrupt. This just goes to show that they couldn't care less about the people who buy their product... let's face it, we are nothing but an outlet for these people. There's no reason in arguing over which system is better, because they really couldn't care less about what we - the insignificant masses - think about them.

Yeah I tried to remove my credit card from my account and it wouldn't let me. I think that is BS since I already paid for the whole year

Amen. I totally agree with the article. I can also add that there are also other, more shocking examples of security breach. For instance, I know about cases of scammers who steal accounts, and either: 1. Sell them with MSP accumulated by the owner, or 2. Buy MSP using the credit card connected to the account, send the points to other accounts using the Family Pack and then sell those on auctions. One person on my friendlist have already reported loss of 3000 MSP which was on their account. He never played any FIFA game on it. That's some serious sh*t MS - better do something about it or face the consequences.

I agree. MS is still cool. But they need to get their security problems straight. Until then I will remove my credit card and use only point cards.

that really $$$$s. I read the blog. looked it over anyway. man... that would ruin my day. my friend got mugged in San fransico. I guess we should blame that city too becuase they dont have cops on every street corner. nothing is 100% safe and sequre. NOTHING. we all try our best. its not like micrsoft did this on purpose. there are what 37 million xbox live users. They cant have a support team to laser in on ever problem in milli sec. I really feel for this girl and any one this has happaned too... but its life in the digital age. I have a PSN account and had to go through that whole ordel. I wasnt happy. but I was not like oh! efff sony! down with sony! that would be dumb. they messed up big time. but the digital world is growing so fast it isnt funny.

@Llama345 That's not what's happening.

how does one person getting their password guessed have to do with the security of the whole system?

@djjman, do you even understand how a "brute force" hack works? It's a process of systematically inputting every possible combination of allowed characters in the hope of getting it right eventually (Sometimes they'll use common words instead of characters, which is faster and can easily catch idiots with passwords using common words). The only way to protect against a brute force hack is for the USER to have a password that is not feasible to be broken through brute force. e.g. all my passwords use numbers, upper/lower case characters and are randomly generated (I use KeePass). On average they are 15 characters long, which means there's ~8.272e+72 possible combinations. Even if a brute force attack can test 1 MILLION passwords a second, it would take ~2.623e+59 YEARS to break that password. And guess what, I've never been hacked, in 15 years with MANY online accounts... Time for you to realise that YOU are responsible for how secure your account is. The companies (All of them) can only ensure that hackers don't get the data they have on your account through them, you need to do your part by making sure that you aren't a liability.

THIS A WORSE THAN THE PS3 HACKS!

Sad thing is you guys probably pass the flaw in the xbox / windows live security everyday. This is a microsoft security practices issue and nothing more. No phishing or xbox live hacking but windows live id hacking through a process called brute force. I have replicated the process and have even tried contacting Microsoft on how to fix the issue. I have heard back from nobody because that would mean they would have to admit they may have an issue.

Glad that I read that my account would be automatically renewed every month when MS still has a deal to buy Gold for a buck or two. My solution was not to get it. I have FIFA but guess since I don't have gold yet, I will not get hacked. / This sounds like EA fault and not MS personally. We should not hate on Microsoft

@AiGeeEn1 Well at least there is a name change service and without charging something for it people will change their names ridiculously, think of how annoying it will be to get a "I have changed my name to...." message every two seconds. Also, there will be more people squatting on gamertags like it says in the article.

@LordSho The funny thing is your comment makes you sound like a little kid...

yea microsoft ifs freaking greedy lol It took 5 sec to put my credit card in and two hours and harshly worded conversation with the people in charge of the customer support people to get it removed. Also It kinda pisses me off that When it comes up "do you wish to automatically renew?" and I say no that useless to you take the card off the freaking system it continues to charge u the monthly rate anyway! I didn't realise it as still charging for another 4 months WTF microsatan!

@m4a5, so true! How should Microsoft prevent users from giving away their personal information? There's nothing any company on this earth can do about phishing. Tell the kids to stop using "JustinBieber" and "BabyBabyBaby" as a password and that's about it. It's these users' own stupidity that got them in that mess, and now they're just whining at Microsoft for not fixing their screw-ups instantly!

What was the saying going around on PC and PS3 articles last year? "you pay for what you get", yeah.. right... As I stated last year, hackers write the firmware so nothing is "un-hackable", no company is safe from it regardless of whether you pay or not. @deth420 That caught us out too, Microsoft conveniently charge your credit card automatically for your Xbox live yearly subscription whether you ask for it or not.

yeah i love that you can create an account, add personal data, and whatever through the xbox, but when you want to cancel the subscription, or like their saying with the removal of cc info, you have to call them on the phone. Microsoft you suck!

Pick a weird username and password, give a fake address i.e a neighbors and never use real world bank account or credit card info. There u go. More secure Live or PSN.

To call this a security problem would be like giving a robber your home security password and, when it doesn't stop said robber, blaming it on the company who made the security system... People need to learn what phishing is and what hacking is......

You people are completely retarded. "I guess Xbox Live is NOT more secure than PSN"... Durrr!! Eat ass! Xbox Live IS more secure. In the article it says "if you get a persons gamertag and password..." Make a REAL password that doesn't have your name or favorite song in it and you won't have to worry about it. I've been on xboxlive since I BETA TESTED IT, and not once have I had account security problems. I have a nice long password with letters and numbers in it, and no one could ever guess it. Xbox live wasn't hacked like PSN was, someone got that woman's gamertag and password... HER OWN FAULT! Quit the Fanboy Denial.. I own both systems. As far as online services go, PSN can't compare to Xboxlive... and if the $60 a year scares you away, you probably aren't old enough to play the games anyway.

Glad I'm not paying a monthly fee to Microsoft for this service.