No Xbox Live hack say insiders
But gamers losing money to phishing scams
Microsoft sources have denied a claim that Xbox Live has been hacked, stating instead that gamers said to have had up to £100 lifted from their accounts were victims of phishing scams.
Allegations that cyber criminals have "hacked into thousands of Xbox Live accounts to steal millions of pounds" in the UK were made by The Sun newspaper this morning.
However, sources close to Microsoft insisted there is no evidence that any account has been hacked.
But the source admitted there has been an increase in attempts to gain punters' login credentials through deception - phishing.
Other attacks involve criminals attempting to befriend gamers through social networks in the hope of gathering information to reveal login details.
Microsoft has previously warned Xbox users to be on the look out for such cons.
However, Microsoft must do more to improve security, Jason Hart, MD of security firm Cryptocard, told Reg Hardware.
"Clearly too many weak links remain," he said. "At the moment gamers aren't being properly authenticated when they log on as gaming companies continue to use static passwords.
"You can't stop thieves sneaking up to the back door, but you can put in place measures to stop them breaking in."
Last month, a number of Xbox 360 owners revealed that their accounts and credit cards had been compromised, with stolen MS Points spent on Fifa 12 content packs. ®
COMMENTS
Well I got an email last night that I'd just 'bought' 2000 ms points, which was odd.. as my xbox wasn't on and I was watching TV. Then minutes later an email saying I'd added an '@163.com' email address as an alternative address to be contactable on.
So a quick visit online, reset my password & security question for my account and phoned MS Support. Got put through to a very helpful customer service operative that confirmed the points were bought and that I'd have to get my account locked out for up to 25 days while the Fraud Investigation team looked at it.
As a vaguely tech savvy person I've not been stupid enough to click on any random emails or enter my details anywhere apart from official MS sites. So I've not had my details phished.. this leaves only two options to my mind.. that either my account was brute forced or a database has been compromised (and they've been stupid enough to leave passwords unencrypted somewhere in there). My password wasn't a dictionary word, and contained lower/uppercase letters and numbers so definitely not something guessable.
Moral of the story.. someone, somewhere has screwed up badly. And as the affected customers we're left without Xbox Live for upto 25 days, and the money they spent on points won't be refunded until they've finished investigating.
Thank god for Skyrim being an offline game!
On a similar theme ....
My lad got very into an online (not XBox) RPG, and found a website where you could "buy" (with *real* money) "gold" for use in said game. There was an online outfit with an obvious domain name where you paid up via paypal, and then they went "in game" and traded the gold with you. Which seemed distinctly whiffy to me - quite against the games T&Cs, although I was surprised they hadn't contested the sites domain name. Anyway, son asked me to cough up - I took his money and warned him no good would come of it. He got his gold, and a few hours later, his account was hacked, and all his gold and "stuff" had gone.
I can only presume that this outfit paid (peanuts) to gamers who built up the gold, for them to sell - against the main sites T&Cs, so anyone dealing with them risked their account anyway.
Something fishy here. Microsoft covering up?
I had my account emptied too.
I havn't clicked any scam links and the username and password are unique to Xbox Live, so there is no risk of it being obtained from elsewhere.
This sounds like a hack to me, but it's conveniently being blamed on phishing. Something stinks at Redmond on this one.
Sir
This is exactly what I have done ever since M$ refused to remove my credit card details from the account. I had to wait until the card expired, then just never associated another one.
I purchase points online from reputable sellers to cover what I need to buy, they send me the code via email which I redeem through my xbox live account. Then I buy what I need, usually leaving around 2-300 points in the account.
No hack my arse
I had a notification that someone tried to by points on my xbox live account. Thankfully the payment failed as the card linked to the account had expired. I've not used the account in year, it has a separate username and password to others I use online, I never provide those details to any other place so it wasn't phished etc.
I tried to report it to microsoft and they just didnt give a damn or care, the few times I managed to get my email read by a person or speak to a human on the phone their response was basically well your card was declined so whats the problem, do you want to give upto date card details... hell no. At no point did they want to look into who had tried to buy stuff on my account, god forbid they try and track down those trying to steal from and most likely other customers.
Just one more reason I dont and wont use xbox live.
