No Xbox Live hack say insiders

But gamers losing money to phishing scams

By Caleb Cox, 22nd November 2011

Microsoft sources have denied a claim that Xbox Live has been hacked, stating instead that gamers said to have had up to £100 lifted from their accounts were victims of phishing scams.

Allegations that cyber criminals have "hacked into thousands of Xbox Live accounts to steal millions of pounds" in the UK were made by The Sun newspaper this morning.

However, sources close to Microsoft insisted there is no evidence that any account has been hacked.

But the source admitted there has been an increase in attempts to gain punters' login credentials through deception - phishing.

Other attacks involve criminals attempting to befriend gamers through social networks in the hope of gathering information to reveal login details.

Microsoft has previously warned Xbox users to be on the look out for such cons.

However, Microsoft must do more to improve security, Jason Hart, MD of security firm Cryptocard, told Reg Hardware.

"Clearly too many weak links remain," he said. "At the moment gamers aren't being properly authenticated when they log on as gaming companies continue to use static passwords.

"You can't stop thieves sneaking up to the back door, but you can put in place measures to stop them breaking in."

Last month, a number of Xbox 360 owners revealed that their accounts and credit cards had been compromised, with stolen MS Points spent on Fifa 12 content packs. ®

Customer Success Testimonial: Recovery is Everything

COMMENTS

House Rules Send Corrections

All Reader Comments (12)

Highly Rated

Posted Tuesday 22nd November 2011 16:51 GMT

Anonymous Coward

Well I got an email last night that I'd just 'bought' 2000 ms points, which was odd.. as my xbox wasn't on and I was watching TV. Then minutes later an email saying I'd added an '@163.com' email address as an alternative address to be contactable on.

So a quick visit online, reset my password & security question for my account and phoned MS Support. Got put through to a very helpful customer service operative that confirmed the points were bought and that I'd have to get my account locked out for up to 25 days while the Fraud Investigation team looked at it.

As a vaguely tech savvy person I've not been stupid enough to click on any random emails or enter my details anywhere apart from official MS sites. So I've not had my details phished.. this leaves only two options to my mind.. that either my account was brute forced or a database has been compromised (and they've been stupid enough to leave passwords unencrypted somewhere in there). My password wasn't a dictionary word, and contained lower/uppercase letters and numbers so definitely not something guessable.

Moral of the story.. someone, somewhere has screwed up badly. And as the affected customers we're left without Xbox Live for upto 25 days, and the money they spent on points won't be refunded until they've finished investigating.

Thank god for Skyrim being an offline game!

Posted Tuesday 22nd November 2011 12:16 GMT

Anonymous Coward

On a similar theme ....

My lad got very into an online (not XBox) RPG, and found a website where you could "buy" (with *real* money) "gold" for use in said game. There was an online outfit with an obvious domain name where you paid up via paypal, and then they went "in game" and traded the gold with you. Which seemed distinctly whiffy to me - quite against the games T&Cs, although I was surprised they hadn't contested the sites domain name. Anyway, son asked me to cough up - I took his money and warned him no good would come of it. He got his gold, and a few hours later, his account was hacked, and all his gold and "stuff" had gone.

I can only presume that this outfit paid (peanuts) to gamers who built up the gold, for them to sell - against the main sites T&Cs, so anyone dealing with them risked their account anyway.

Posted Wednesday 23rd November 2011 00:52 GMT

Mike Judge