(Upd: Geoff Keighley haxd) Hijacked Xbox LIVE accounts not phished insists users

My account was broken into twice this year. Stolen credit cards were added to my account and thousands of points bought and transferred out all using my gamertag. My Live has been up for only two weeks since back in August, and is still currently locked with an investigation open.

I am an IT professional, I'm 36 years old, I know for a fact this is not phishing. I'm not an idiot and I am very computer savy, so don't give me any talk about weak passwords, or user scamming.

Its not Xbox Live that has been compromised either, Live is an internel network and user data would be extremely hard to get to from outside the network without everyone inside knowing.

This is a problem with Windows Live Id's being stolen from databases. Its very obvious. Microsoft uses Windows Live to log into Xbox Live accounts. You get the Id's off of a illegally compiled database, and phish consoles to recover gamertags. The log ins look legit to Live, and the hackers use either the account credit card or a stolen card number to get what they want.

Microsoft is not lying saying Xbox Live itself has not been hacked, but they are not telling you the true story either.

evilross

THATS what I always thought, you don't need to hack xbox live, just need to get into there hotmail, even if you don't use the email for years, its still there and can be a target, which happened to me with WoW, stopped playing like 2 years ago, and someone hacked it...but they made me rich SOO wasn't that bad for me

My account was broken into twice this year. Stolen credit cards were added to my account and thousands of points bought and transferred out all using my gamertag. My Live has been up for only two weeks since back in August, and is still currently locked with an investigation open.

I am an IT professional, I'm 36 years old, I know for a fact this is not phishing. I'm not an idiot and I am very computer savy, so don't give me any talk about weak passwords, or user scamming.

Its not Xbox Live that has been compromised either, Live is an internel network and user data would be extremely hard to get to from outside the network without everyone inside knowing.

This is a problem with Windows Live Id's being stolen from databases. Its very obvious. Microsoft uses Windows Live to log into Xbox Live accounts. You get the Id's off of a illegally compiled database, and phish consoles to recover gamertags. The log ins look legit to Live, and the hackers use either the account credit card or a stolen card number to get what they want.

Microsoft is not lying saying Xbox Live itself has not been hacked, but they are not telling you the true story either.

evilross

Yes this is a definite possibility here. I definitely feel that whatever it is, it is an issue of peoples info getting stolen from outside of XBL. This hacking nonsense is ridiculous...

I wonder if it is what you say and passwords are being stolen from databases and it is NOT phishing or social engineering, how widespread might this get?

It seems to be a relatively small number of people getting affected right now which still makes me lean against hacked databases. I would think that if databases are getting hacked into that ALOT more peoples accounts would be getting stolen.

My account was broken into twice this year. Stolen credit cards were added to my account and thousands of points bought and transferred out all using my gamertag. My Live has been up for only two weeks since back in August, and is still currently locked with an investigation open.

I am an IT professional, I'm 36 years old, I know for a fact this is not phishing. I'm not an idiot and I am very computer savy, so don't give me any talk about weak passwords, or user scamming.

Its not Xbox Live that has been compromised either, Live is an internel network and user data would be extremely hard to get to from outside the network without everyone inside knowing.

This is a problem with Windows Live Id's being stolen from databases. Its very obvious. Microsoft uses Windows Live to log into Xbox Live accounts. You get the Id's off of a illegally compiled database, and phish consoles to recover gamertags. The log ins look legit to Live, and the hackers use either the account credit card or a stolen card number to get what they want.

Microsoft is not lying saying Xbox Live itself has not been hacked, but they are not telling you the true story either.

evilross

so can someone explain this is still continued yet MS doesnt seem have no effort to stop it

[QUOTE="McStrongfast"]

[QUOTE="LostProphetFLCL"]These topics keep constantly creeping back up. They aren't quite as bad as before when they were just trollfests after the PSN outage where cows were essentially just trying to use this as a rebuttal for Sony's epic failure, but even now they are just the same old tired BS of people claiming it is NOT phishing when Microsoft has already stated otherwise as there hasn't been any intrusion on the network.

Really, these topics are utterly pointless besides trying to be cow fuel trying to claim insecurities in the XBL network. It wasn't a hack and on top of that it is affecting an incredibly minute number of users. It is obviously either phishing or social engineering, nothing more. Cows are still supporting the vastly inferior networl and that is their problem.

The only real reason I see this even being brought up is because of what happened to PSN, plain and simple. One half is cows trying to use this as fuel and the other is just plain overracting to normal account issues that can happen. When my myspace account got "phised" (and I use quotations there because I do not recall ever licking on anything suspicious but rather think it was simple social engineering despite the fact it used the word phished in the warning message I got) there were no articles on mad myspace hacking going on and I was not dumb enough to try and suggest such a thing happened.

Very happy that my XBL service has never been interrupted and I have never had any account issues in the YEARS I have been on it. People who have been on PSN cannot say the same thing.

LostProphetFLCL

Actually yes I do recall that when MS commented on the issue MONTHS ago they flat out suggested people were getting phished. Regardless, they have already de-confirmed this hacking nonsense.

I would say that to at least any sort of degree with ANY sort of online account system, there is an amount of people whose accounts will get hijacked through some means. It is just the nature of the world that there are jerkoffs out there always looking for ways to screw with other people.

No it is not considering it has been cows who brought this conspiracy theory up in the first place and keep bringing it back up DESPITE Microsoft already having stated there has been no hacking.

I mean it surely is plausible that I did something to get my myspace phished, but I do not recall clicking on anything suspicious and at the same time I had a very WEAK password for it then that could have easily been cracked by someone. Since the password change I have never had anything happen to any online account I have had.

Hah no it did not! That is a good one actually! :lol:

Now you're being non-committal. I thought it was confirmed to be phishing? But hey, I'm glad to see you recognizing other possible causes. I'm no security expert myself, but I know there's plenty of other ways than hacking and phishing for login details to get into the wrong hands.

Again, I'm not really sure where you're seeing these Playstation fanboys saying Xbox Live was hacked. What I'm seeing are Xbox Live users concerned about thier account security (and occasionally customer support). At least that's what I am.

I was wholly referencing your licking of suspicious things there.

Thank moo.
No that one was bad. I should apasteurize.

Oh and Geoff Keighley is on the case.

http://www.bbc.co.uk/newsbeat/15837971

http://www.dailymail.co.uk/sciencetech/article-2064579/Online-gamers-hit-Xbox-Live-phishing-scam-raked-millions-pounds-criminals.html

http://www.guardian.co.uk/technology/2011/nov/22/xbox-live-users-phishing-attacks

http://www.tmcnet.com/viewette.aspx?u=http%3a%2f%2fwww.tmcnet.com%2ftopics%2farticles%2f239368-xbox-users-target-phishing-attack-but-xbox-live.htm&kw=

http://www.techspot.com/news/46379-xbox-live-users-victims-of-massive-phishing-scam.html

http://letsbytecode.com/security/phishing-attack-dealt-a-blow-to-microsoft-xbox-live-gamers/

http://www.securitynewsdaily.com/microsoft-xbox-phishing-1353/

yep, lets all call social engineering hacking that will make psn look better won't it?

[QUOTE="LostProphetFLCL"]

[QUOTE="McStrongfast"]Microsoft said that phishing is the cause for a fact?
Would you say targeting Live accounts with phishing scams is common?
Your weird obsession with cows is blatantly inapplicable.
Perhaps that's because you did.
Did the thought cross your mind to write "udderly pointless"?

McStrongfast

Actually yes I do recall that when MS commented on the issue MONTHS ago they flat out suggested people were getting phished. Regardless, they have already de-confirmed this hacking nonsense.

I would say that to at least any sort of degree with ANY sort of online account system, there is an amount of people whose accounts will get hijacked through some means. It is just the nature of the world that there are jerkoffs out there always looking for ways to screw with other people.

No it is not considering it has been cows who brought this conspiracy theory up in the first place and keep bringing it back up DESPITE Microsoft already having stated there has been no hacking.

I mean it surely is plausible that I did something to get my myspace phished, but I do not recall clicking on anything suspicious and at the same time I had a very WEAK password for it then that could have easily been cracked by someone. Since the password change I have never had anything happen to any online account I have had.

Hah no it did not! That is a good one actually! :lol:

Now you're being non-committal. I thought it was confirmed to be phishing? But hey, I'm glad to see you recognizing other possible causes. I'm no security expert myself, but I know there's plenty of other ways than hacking and phishing for login details to get into the wrong hands.

Again, I'm not really sure where you're seeing these Playstation fanboys saying Xbox Live was hacked. What I'm seeing are Xbox Live users concerned about thier account security (and occasionally customer support). At least that's what I am.

I was wholly referencing your licking of suspicious things there.

Thank moo.
No that one was bad. I should apasteurize.

They did flat out confirm it to NOT be hacking and said that people were probably being phished. I guess that as long as it wasn't a hack on the system they didn't care as much because they felt the blame fell on the users.

My thing is I am 100% sure it wasn't a hack not just do to Microsofts statement, but because an actual hack would be MUCH bigger and I think the PSN debacle is proof of that.

I think a lot of it could be phishing but I will not rule out social engineering or other potential possibilities there. Really, as long as it isn't a full-out hack I am not terribly concerned. I always keep an eye out on my accounts and such so if someone were to engineer their way into my account somehow it would be taken care of.

You should have seen it at the beginning. The first article that popped up about people's accounts getting hijacked it was "ZOMG XBL GOT TEH HAX HAHAHA HOW DOES IT FEEL?". It has definitely calmed down since then, but I still feel there is a lingering cow force behind it (wasn't there already a "lol how's that paying for security thing going?" comment earlier?) but the real driving force now is just conspiracy theorists. Note when I mention this BTW I am DIRECTLY referring to people trying to claim there was a full-out hack.

As I said, I have always been good about not clicking stuff and at the same time my password was so incredibly stupid, as in it was part of the e-mail I was using.... :lol:

Also, ROFL! :lol:

Got an error when trying to set up a new gamertag. Boo. And now the thing's stuck on a screen telling me to not turn off the console...

Oh there we go.

Xbox LIVE signup is currently unavailable. Please try again later.Xbox 360

Anyone able to access xbox.com? When using Firefox I would sometimes get stuck in a redirect loop, but now it's happening in Chrome as well.

downforeveryone is down and downforme appears to suck as it's telling me sony.com is down.

Anyway, used my alt. US account instead and you need to put in a new password when linking your account to an EA account, so bugger that theory. It does suggest you use your live email though.

http://www.bbc.co.uk/newsbeat/15837971

http://www.dailymail.co.uk/sciencetech/article-2064579/Online-gamers-hit-Xbox-Live-phishing-scam-raked-millions-pounds-criminals.html

http://www.guardian.co.uk/technology/2011/nov/22/xbox-live-users-phishing-attacks

http://www.tmcnet.com/viewette.aspx?u=http%3a%2f%2fwww.tmcnet.com%2ftopics%2farticles%2f239368-xbox-users-target-phishing-attack-but-xbox-live.htm&kw=

http://www.techspot.com/news/46379-xbox-live-users-victims-of-massive-phishing-scam.html

http://letsbytecode.com/security/phishing-attack-dealt-a-blow-to-microsoft-xbox-live-gamers/

http://www.securitynewsdaily.com/microsoft-xbox-phishing-1353/

yep, lets all call social engineering hacking that will make psn look better won't it?

Riverwolf007

And dammit LostProphet. Licking!
aaah forget it. :D

My account was broken into twice this year. Stolen credit cards were added to my account and thousands of points bought and transferred out all using my gamertag. My Live has been up for only two weeks since back in August, and is still currently locked with an investigation open.

I am an IT professional, I'm 36 years old, I know for a fact this is not phishing. I'm not an idiot and I am very computer savy, so don't give me any talk about weak passwords, or user scamming.

Its not Xbox Live that has been compromised either, Live is an internel network and user data would be extremely hard to get to from outside the network without everyone inside knowing.

This is a problem with Windows Live Id's being stolen from databases. Its very obvious. Microsoft uses Windows Live to log into Xbox Live accounts. You get the Id's off of a illegally compiled database, and phish consoles to recover gamertags. The log ins look legit to Live, and the hackers use either the account credit card or a stolen card number to get what they want.

Microsoft is not lying saying Xbox Live itself has not been hacked, but they are not telling you the true story either.

evilross

It's really sad how a paid service gets hacked like this and their customers robbed of a ton of money. Microfail must be on suicide watch afraid the news will get out that Live is being hacked left and right. AlistarHP

Well I hope after all of this they give people the option to remove ALL CC info from off the system. If they can't protect your CC info then they sure as hell shouldn't keep your CC hostage. And the paypal option isn't enough.

lol account hacked TWICE lol.

Well I hope after all of this they give people the option to remove ALL CC info from off the system. If they can't protect your CC info then they sure as hell shouldn't keep your CC hostage. And the paypal option isn't enough.

heretrix

Microsoft also needs to add two-step authentication.

[QUOTE="Plagueless"]Just wanted to tell everyone that my account was hacked TODAY. If anyone on this site knows me you will know I am a lemming. I have never given my password out, or used it on a 3rd party website. Today, after playing a match on MW3, I recieved a message on xbox...with no text. If anyone is familiar with the xbox messaging system you will know that sending a message without text is impossible. Shortly after that message I began recieving emails from microsoft thanking me for purchases of microsoft points....that I did not buy. I immediately changed my ID and password and called xbox support. They have locked up my account and are conducting an investigation. I was thefted close to 300 dollars. MS definately has a problem on their hands, because credit cards are linked to accounts, when an account is hijacked, the hacker can purchase whatever their hearts desire on the marketplace. MS better crack down on this soon, or it could become a real problem. I advise anyone with a live account to remove their payment info ASAP, as it is not safe.KungfuKitten

This is apparently how it goes.

The packs contain players that they can sell on an in game style marketplace, They can then sell the coins for real money on ebay.

The buyer pays cash then puts up a player for sale ingame thats worth nothing and the seller buys him for x-amount of coins

They go for decent money.
Eurogamer forumsphoopipe

And according to The Guardian these transactions between players are not tracked. EA is essentially facilitating criminal activity. Then again, this wouldn't be a problem if Microsoft were to implement two-step authentication. I don't know why they haven't expressed an interest in doing that.

lol account hacked TWICE lol.

WilliamRLBaker

You, my friend are either very ignorant or intentionally blind.

Anyone, including myself, with any experience in the IT field, having dealt every single day with this exact type of problem, can tell you at very first glance what is happening.

No, Xbox Live as an internal service is not compromised. There is no reason to do so. Windows Live is the problem. It is very easy to compile Windows Live login info from pc's, using a variety of spyware, keyloggers, worms, and straight sold data logs.

The thieves are running Windows Live login info against Xbox Live logins. They are one in the same. The Xbox internal severs are protected, the actual user accounts are not. You roll Windows Live logins into Xbox Live and for every hit you get, you gain total access to the account.

Is that simple enough for you to understand?

Another shocking thing: Since the day I switched email accounts at Battle.net, I receive a phishing mail per week at the new email address.
I have run both updated AVG and MS security essentials and can't find a logger.
How on earth can they know what new email address I'm using >_>

I tried using netstat and such to see whether there are foreign connections.
The only awkward one I saw was from the weird Akamai company that most of us have permanent connections to for little reason (even when no online program is running). I don't think they're behind this though :P

This is worse. There has been theft involved in terms of monetary. Sony was a breach but there hasn't been any theft involved. This has. Even if it is phishing, I woulld be pissed off if I lost 50$ on stuff I didn't buy. They need to lock down anything that could be sold outside of xbl in the mean time. Whoever is to blame needs to come out or class action law suits will hit them hard.

[QUOTE="WilliamRLBaker"]

maybe geoff shouldn't have clicked that link in his email and put in his user name and password at the prompt?

RandomWinner

God this frustrates me. This isn't happening do to poor judgement. Haven't touched my Xbox in 6 months and I got hacked. Now they're conducting an investigation on my account.

I've given out way more info than I should on PSN but the Xbox that I never use, that's not hooked up to the internet, that sends me emails that I don't click, that I never share with anyone, was the one that gets hacked. This is not the fault of the users, this is MS's problem to fix.

No point in replying, from what I've seen MS could be leaders of a terrorist organization and the Xbox defense squad (William here) will just jump in and defend them to the death while making fun of Sony to move the discussion away.