Sections

MS “working closely” with Xbox Live phishing victims

Tuesday, 22nd November 2011 14:11 GMT By Johnny Cullen

Microsoft has told VG247 that security for Xbox Live is of “utmost importance,” following a story in The Sun today that phishing schemes have cost 360 gamers “millions of pounds”.

The Sun reported this morning that “online crooks have hacked into thousands of Xbox Live accounts to steal millions of pounds. The average loss to gamers in the UK is around £100 — but many have had more than £200 stolen.”

Microsoft has responded, saying its taking measures against criminality on 360′s online service, and warned Live users to be vigilant.

“Xbox LIVE has not been hacked. Microsoft can confirm that there has been no breach to the security of our Xbox LIVE service. The security of Xbox Live members is of the utmost importance, which is why we consistently take measures to protect Xbox Live against ever-changing threats,” the firm told VG247 in a statement.

“In this case, a number of Xbox Live members appear to have recently been victim of malicious ‘phishing’ scams (i.e. online attempts to acquire personal information such as passwords, user names and credit card details by purporting to be a legitimate company or person).

“As a result, we are currently:

  • Working closely with affected members who have been in touch with us to investigate and/or resolve any unauthorized changes to their accounts resulting from phishing scams;
  • Warning people against opening unsolicited e-mails which may contain spyware and other malware that can access personal information contained on their computer without their knowledge or permission;
  • Reminding all customers that they should be very careful to keep all personal information secure whenever online and never supply e-mail addresses, passwords or credit card information to strangers.

“Microsoft remains vigilant at all times regarding the security of Xbox Live customers. As always, Xbox Live customers who have any queries or concerns should contact Xbox Live customer service on 0800 587 1102 or visit www.xbox.com/security.”

Microsoft had denied back in October a full compromise of the service, but admitted there was “unauthorised” access to certain accounts following a report which suggested that hackers gained access to their Gamertags, noticeable by buying MS points and playing FIFA 12 on their Gamercard.

Latest

14 Comments

  1. drewbles82

    You gotta be a bit thick to fall for these kinda scams. No one eva asks for your credit card details unless your buying something esp via email and no1 eva asks for your password.
    Not even your bank would ask for your password.

    #1 3 years ago
  2. Fin

    @1

    The Fifa 12 hack/scam/whatever wasn’t to do with phishing. My boss got hit by it, he wasn’t phished.
    Our best guess was the EA hack from earlier in the year exposed his gamertag/email combination, and the account was recovered to another machine.

    #2 3 years ago
  3. ninjanutta

    This is a joke.I can name at least 3 sites that openly sell live accou nts with thousands of points or credit cards attached for 5 dollars..
    Its been going on for years.

    #3 3 years ago
  4. tmac2011

    haha your stupid if you fall for those scams. they were probably all twelve, using there parents credit cards.

    #4 3 years ago
  5. G1GAHURTZ

    …but admitted there was “unauthorised” access to certain accounts following a report which suggested that hackers gained access to their Gamertags, noticeable by buying MS points and playing FIFA 12 on their Gamercard.

    This cannot be true. Everyone knows that hackers don’t like football, and only play PC games, such as WoW and CS.

    #5 3 years ago
  6. DSB

    @5 Hehe. Actually, based on my experience the opposite seems to be true.

    My brother had his card abused after the Gawker media breach, and the two things I remember the guy buying was an Quran in urdu and a FIFA game :P

    #6 3 years ago
  7. Johnny Cullen

    Microsoft’s sent out a slightly revised statement, particularly the first line. I’ve added it in.

    #7 3 years ago
  8. Nachtaar

    @4 I was hacked on or about Sunday, 11/20 and I can tell you, without a doubt, it wasn’t the result of a phishing scam. (Nor am I twelve and using my parents credit cards).

    Whoever hacked my XBOX Live account changed the email address and password and purchased 4 items (Microsoft points) totaling $280.09 US.

    I contacted Microsoft this morning to report the issue. However, Microsoft response of “Working closely with affected members who have been in touch with us to investigate and/or resolve any unauthorized changes to their accounts resulting from phishing scams” is to lock/suspend the account for “up to 25 business days” to investigate and resolve the issue.

    Based on what I’ve read online, there seems to be some kind of breach, whether that’s through FIFA/EA or other means. The fact that it will take Microsoft that long to resolve it is disturbing.

    #8 3 years ago
  9. DSB

    @8 Sounds like pretty standard procedure. I don’t know of any company that keeps enough staff around to fully investigate any single account in a matter of seconds, minutes or even a week, especially if someone else dropped the ball and gave away your id and password along with thousands of others.

    If they rush it and simply roll back all purchases on reported accounts for a certain time period, then you might lose things you have legitimately purchased, so they essentially have to get human eyes on your account, to avoid pissing you off even further.

    It’s the same with Hotmail. If someone gains access to your account then it’ll be automatically locked, and automatically deleted within a month unless you contact their support and let them know that you’re aware of foul play, and you want it recovered.

    The best you can do is try to stay on top of when and how breaches happen, and act accordingly. It’s a bitch, but I changed all of my important passwords when the Steam breach occurred, and once before when the previous EA breach occurred. I guess we should be changing them every month, but nobody wants to bother with that.

    #9 3 years ago
  10. Psychotext

    Utter horseshit. If their idea of working closely with them is speaking to them once and then leaving them waiting 5 weeks without hearing anything then I’d hate to see what their idea of the opposite is.

    Maybe coming to your house and ripping out your phone / data lines and stealing your mobile so you can’t call / email them?

    Oh, and it’s not phishing. My missus’s (whose account was “hacked”) XBL info has been used a grand total of twice… both times when it was entered into a 360. She doesn’t even know the password and I’m certainly not going to be putting her info into a random site.

    #10 3 years ago
  11. sg1974

    Nice of them to wait until the story hits the front page of one of the world’s biggest-selling newspapers before acknowledging a known problem and doing something about it. They’ve had their hands over their ears and shouted “LALALALALALALA” for weeks.

    #11 3 years ago
  12. Jackie

    People still fall for phising attacks?
    Wow it’s like i’m really in 2005!

    #12 3 years ago
  13. Joe Musashi

    @11 It wouldn’t be the first time this generation that they’ve done that.

    JM

    #13 3 years ago
  14. sg1974

    @13 Shh! You’re not allowed to mention that. Seems to upset a lot of people.

    #14 3 years ago

Comments are now closed on this article.