Xbox live hackings

[Cubfan]

You can delete the card from xbox.com thats the way i got rid of it.

[Kevin26385]

Quote: Originally Posted by Cubfan

You can delete the card from xbox.com thats the way i got rid of it.

I wasn't able to do that either. I purchased a 12-month card online with a credit card and didn't realize they would still associate it with the account.

[DerkontheOS]

I just got the email from support about getting my account back and I was like holy **** when I read this...

・Our investigation revealed that purchases were made while your account was out of your control. We have refunded 124.96 to your account and added 240 Microsoft Points to your account. Credits can take up to 1-2 billing cycles to appear on your credit card billing statement.

[K0ZZ]

I want to say the hackings are still happening. I logged in today to a weird message that my account had been accessed elsewhere. I didn't worry about it until I went to buy something and it said I only had 10 points when I should've had 2000 points, so I went into my purchase history and sure enough, theres the packs.

Honestly if you can, delete your EA accounts. This is a fricking joke and now I miss out on a month of playing online, which almost outweighs the $30 of money I just lost.

I don't see why it's so hard for them to just run IP's. If I'm no where near the other consoles access point it should be really easy to tell it's been hacked/hijacked.

Time to call support, YAY.

/sarcasm

[CaptainZombie]

UPDATE: Microsoft Addresses Xbox.com Exploit
The company says it's not a loophole...

Quote:

UPDATE: Microsoft has addressed concerns surrounding an alleged Xbox.com hacking trick as reported here at IGN. The official line is as follows: "Microsoft can confirm that there has been no breach to the security of our Xbox Live service. The online safety of Xbox LIVE members remains of the utmost importance, which is why we consistently take measures to protect Xbox LIVE against ever-changing threats. Security in the technology industry is an ongoing process, and with each new form of technology designed to deter attacks, the attackers try to find new ways to subvert it. We continue to evolve our security features and processes to ensure Xbox LIVE customers information is secure. Online fraud and identity theft are industry-wide problems, and as such people using any online services should set strong passwords, not share those passwords across multiple services and refrain from sharing any personal details that could leave them vulnerable. As always, we highly recommend our members follow the Xbox LIVE Account Security guidance provided athttp://xbox.com/security to protect your account." Microsoft also specifically states, "This is not a 'loophole' in Xbox.com. The hacking technique outlined is an example of brute force attacks and is an industry-wide issue." In addition, it reiterated that account compromises are often a result of phishing scams and malware used to snatch your password. Original story follows: Security on Xbox Live is a growing concern, and a hacked subscriber has found one more reason to make us paranoid. Jason Coutee had $100 stolen after someone broke into his account, but rather than let Microsoft investigate the how and why, the network infrastructure manager took matters into his own hands. Coutee found an egregious exploit on Xbox.com that acts as a loophole for password thieves. Clicking the link squared off in red looped me back to my login -- with my email address filled in automatically. Failing to log into your Xbox Live account using your Windows Live ID eight times in a row presents you with a few options. You can recover your password with the usual "Reset your password" option. You can try entering it a ninth time, with a CAPTCHA box to fill in, thus proving you're not an Internet robot from the future. Finally, you could try logging in with another ID. Clicking that link brought me back to my login page with my Live ID already filled in. The password box was waiting for me -- the CAPTCHA box was gone. Hackers, then, could run a script that enters various passwords for Live accounts until it eventually busts into your account. Failing entry on that eighth attempt, hackers could avoid the CAPTCHA aimed at stopping them by way of the "Sign in using another Windows Live ID" link. AnalogHype reports this gives the user eight more attempts without a CAPTCHA interruption, which was not the case in my experiment. I got the prompt each time I failed to log in after that eight -- but I could loop back around and just try again without the CAPTCHA again. What does this mean for you? Well, you're vulnerable. Anyone with know-how could cook up a script to run passwords and circle back using that link all day and potentially break into your account to steal your stuff. Time to strengthen those passwords, folks. We've asked Microsoft what's going to be done about this security bungle.

[Kevin26385]

What passwords are they talking about? The ones you can use for xbox live or the one associated to your account (Xbox.com, bungie.net etc?)

[LambertandHam]

Quote: Originally Posted by Kev5890

What passwords are they talking about? The ones you can use for xbox live or the one associated to your account (Xbox.com, bungie.net etc?)

I use Xbox.com now and then. Xbox.com uses your Windows Live ID and password. So if someone gets into xbox.com with your details, they have the keys to the kingdom.

[K0ZZ]

Another reason that I don't like Microsoft.

After suspending my account for about a week and a half they told me that no transactions were made when the account was not being used on my system, even though the phone rep said that there was.

At least I only lost 2000 points, but this is a freaking joke. Microsoft probably has the worst support I have ever seen. From now on, no CC on the account and only buy points when I need them. Seriously wish I liked Sony a little more so I could hop over there.


I also lost the days that my account was suspended.

Ugh.