http://gamingtrend.com
April 19, 2014, 06:43:25 PM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News:
 
   Home   Help Search Calendar Login Register  
Pages: [1] 2   Go Down
  Print  
Author Topic: XBLA account breached. :( Anyone else?  (Read 1233 times)
0 Members and 1 Guest are viewing this topic.
Knightshade Dragon
Administrator
Gaming Trend Senior Member

Offline Offline

Posts: 20973



View Profile WWW
« on: February 25, 2012, 04:26:22 AM »

I lost a shade over 7500 MS points to my account being hacked (but hey - I have 3 FIFA12 achievements, so yay?).  MS is going to lock down my account for a few days while they investigate.   Anyone else have this happen to them?  What can I expect?
Logged

Ron Burke
EiC, Director of Gaming Trend
Gamertag:
Gaming Trend
PS3 Tag: GamingTrend
Hetz
Gaming Trend Senior Member

Offline Offline

Posts: 4195


View Profile
« Reply #1 on: February 25, 2012, 04:31:12 AM »

You are not alone....

http://gamingtrend.com/forums/console-gaming/xbox-lived-may-be-hacked/

http://kotaku.com/5873604/is-microsofts-xbox-live-hacking-problem-worse-than-microsoft-realises

http://www.joystiq.com/2012/01/04/xbox-live-fifa-hack-concerns-continue-to-escalate-microsoft-s/

From what I hear, it's a lot more than a "few" days to get your account back. Anywhere from 3 weeks to 3 months for some people. frown
Logged

XBox Live: Hetz OO
PSN: Hetz76
Steam: hetz_gg
Azhag
Gaming Trend Senior Member

Offline Offline

Posts: 1809


View Profile
« Reply #2 on: February 25, 2012, 04:31:22 AM »

I've had a few friends go through this... I think most of them got the points back but had to put up with being without XBLA for a few weeks...
Logged
Destructor
Special Project Group
Gaming Trend Senior Member

Offline Offline

Posts: 15845


▲▲▼▼◄►◄►B A Start


View Profile WWW
« Reply #3 on: February 25, 2012, 06:20:14 AM »

Raise a holy stink with every upper level contact you have, Ron. Based on the other threads linked to, you have to use your connections otherwise you'll be without your account for a month.

And one wonders why I've pulled the plug on my 360 account and deleted my CC from it for good - I don't trust their security at all anymore.
« Last Edit: February 25, 2012, 06:21:45 AM by Destructor » Logged

"All opinions posted are my own, and not those of my employers, who are appalled."
Knightshade Dragon
Administrator
Gaming Trend Senior Member

Offline Offline

Posts: 20973



View Profile WWW
« Reply #4 on: February 25, 2012, 06:26:04 AM »

Quote from: Destructor on February 25, 2012, 06:20:14 AM

Raise a holy stink with every upper level contact you have, Ron. Based on the other threads linked to, you have to use your connections otherwise you'll be without your account for a month.

And one wonders why I've pulled the plug on my 360 account and deleted my CC from it for good - I don't trust their security at all anymore.

It'll be *very* difficult to review things without Live.   I need to keep pressure on this, clearly.
Logged

Ron Burke
EiC, Director of Gaming Trend
Gamertag:
Gaming Trend
PS3 Tag: GamingTrend
pingwrx
Gaming Trend Senior Member

Offline Offline

Posts: 1202


View Profile
« Reply #5 on: February 25, 2012, 06:47:38 AM »

Quote from: Knightshade Dragon on February 25, 2012, 06:26:04 AM

Quote from: Destructor on February 25, 2012, 06:20:14 AM

Raise a holy stink with every upper level contact you have, Ron. Based on the other threads linked to, you have to use your connections otherwise you'll be without your account for a month.

And one wonders why I've pulled the plug on my 360 account and deleted my CC from it for good - I don't trust their security at all anymore.

It'll be *very* difficult to review things without Live.   I need to keep pressure on this, clearly.
My son had his breached took them about a month to resolve it.

Logged

XBL gamertag: pingwrx
PS3-PS4 pingwrx
Zinfan
Gaming Trend Senior Member

Offline Offline

Posts: 1307



View Profile
« Reply #6 on: February 25, 2012, 08:32:32 AM »

Quote from: Knightshade Dragon on February 25, 2012, 06:26:04 AM

Quote from: Destructor on February 25, 2012, 06:20:14 AM

Raise a holy stink with every upper level contact you have, Ron. Based on the other threads linked to, you have to use your connections otherwise you'll be without your account for a month.

And one wonders why I've pulled the plug on my 360 account and deleted my CC from it for good - I don't trust their security at all anymore.

It'll be *very* difficult to review things without Live.   I need to keep pressure on this, clearly.

I had little issue with getting this resolved, probably 1.5 weeks at most but I don't get on XBLA that often so I can't remember the actual time frame.
Logged
Zinfan
Gaming Trend Senior Member

Offline Offline

Posts: 1307



View Profile
« Reply #7 on: February 25, 2012, 08:38:30 AM »

Just checked my Gmail archives and I got the message "Welcome to FIFA 2012" on Jan 12th at which point I contacted Microsoft and changed my password on the account.  On Jan 16th I got a followup email from Microsoft saying the investigation was complete and they gave me codes for about 1800 MS points which was what I had before the hack and my account was reactivated.
Logged
Razgon
Gaming Trend Senior Member

Offline Offline

Posts: 8261


The Truth is out there


View Profile
« Reply #8 on: February 25, 2012, 09:14:59 AM »

Over on Qt3 a few people have this going on for months - I think it has to do with pure luck I'm afraid.
Logged

A new one
Canuck
Gaming Trend Senior Member

Offline Offline

Posts: 5385


I live in Japan


View Profile
« Reply #9 on: February 25, 2012, 09:23:48 AM »

Time to get a PS3...
Logged
Razgon
Gaming Trend Senior Member

Offline Offline

Posts: 8261


The Truth is out there


View Profile
« Reply #10 on: February 25, 2012, 09:30:27 AM »

Two of my friends have had their xbox's hacked as well... With this many problems, it HAS to be a MS breach somewhere...
Logged

A new one
CeeKay
Gaming Trend Staff
Gaming Trend Senior Member

Offline Offline

Posts: 71767


La-bibbida-bibba-dum! La-bibbida-bibba-do!


View Profile
« Reply #11 on: February 25, 2012, 09:44:44 AM »

Quote from: Destructor on February 25, 2012, 06:20:14 AM

And one wonders why I've pulled the plug on my 360 account and deleted my CC from it for good - I don't trust their security at all anymore.

thankfully they let you use Paypal as a payment method for subscriptions, and my account there is only linked to a credit card when I need it to be.  if it's points that I need I buy what I need through Amazon and their online codes. 

too bad Nintendo or Sony don't let you use Paypal.  I remember hearing rumors that PSN would get it as an option after the hacking incident last year, but nothing ever came of them.
Logged

Because I can,
also because I don't care what you want.
XBL: OriginalCeeKay
Wii U: CeeKay
metallicorphan
Gaming Trend Senior Member

Offline Offline

Posts: 16378



View Profile
« Reply #12 on: February 25, 2012, 12:21:13 PM »

I still think its something to do with EA Sports titles on the 360,95% of the time these problems are attached to FIFA and the other 5% it's Madden whether the person has played those titles or not

Logged

Manchester United Premier League Champions 2013!!

Xbox LIVE:Metallicorphan
Wii:8565 1513 0206 1960
PSN:Metallicorphan
Hetz
Gaming Trend Senior Member

Offline Offline

Posts: 4195


View Profile
« Reply #13 on: February 25, 2012, 12:58:36 PM »

Quote from: Razgon on February 25, 2012, 09:30:27 AM

Two of my friends have had their xbox's hacked as well... With this many problems, it HAS to be a MS breach somewhere...

I am shocked that the gaming media hasn't held MS more accountable for this yet. The whole PSN breach was major news and it seems tame compared to the amount of people that have been "FIFA'd" on the Xbox. MS just keeps telling people that everything is fine and it's all the users fault for being stupid and giving out their passwords. There has to be something else going on.
Logged

XBox Live: Hetz OO
PSN: Hetz76
Steam: hetz_gg
Purge
Gaming Trend Staff
Gaming Trend Senior Member

Offline Offline

Posts: 18512


Thirty. Minutes.


View Profile WWW
« Reply #14 on: February 25, 2012, 02:50:18 PM »

I was wondering where you got to...
Sent from my SGH-i917R using Board Express
Logged

"If it weren't for Philo T. Farnsworth, inventor of television, we'd still be eating frozen radio dinners." - Johnny Carson
disarm
Gaming Trend Senior Member

Offline Offline

Posts: 4168


my moral standing is lying down...


View Profile
« Reply #15 on: February 25, 2012, 06:00:46 PM »

It took 22 days for my account to be reinstated after experiencing the FIFA hack back in December.  Fortunately, everything was returned to its pre-hack state in the end, with all my MS points restored and no lasting ill effects.  The whole situation is a major pain in the ass though.
Logged

*Gamertag - disarm78*
Now Playing: Grand Theft Auto V
Purge
Gaming Trend Staff
Gaming Trend Senior Member

Offline Offline

Posts: 18512


Thirty. Minutes.


View Profile WWW
« Reply #16 on: February 25, 2012, 06:21:37 PM »

Quote from: Destructor on February 25, 2012, 06:20:14 AM

Raise a holy stink with every upper level contact you have, Ron. Based on the other threads linked to, you have to use your connections otherwise you'll be without your account for a month.

And one wonders why I've pulled the plug on my 360 account and deleted my CC from it for good - I don't trust their security at all anymore.

Seriously?

And you're comfortable with SONY??? You know, PSN down for months? Sony, the ones who had ALL customers compromised??

I'm wondering how much MS's security issues have to do with EA's network, given that this is an EA account issue.
Logged

"If it weren't for Philo T. Farnsworth, inventor of television, we'd still be eating frozen radio dinners." - Johnny Carson
Hetz
Gaming Trend Senior Member

Offline Offline

Posts: 4195


View Profile
« Reply #17 on: February 25, 2012, 06:37:39 PM »

Quote from: Purge on February 25, 2012, 06:21:37 PM

Quote from: Destructor on February 25, 2012, 06:20:14 AM

Raise a holy stink with every upper level contact you have, Ron. Based on the other threads linked to, you have to use your connections otherwise you'll be without your account for a month.

And one wonders why I've pulled the plug on my 360 account and deleted my CC from it for good - I don't trust their security at all anymore.

Seriously?

And you're comfortable with SONY??? You know, PSN down for months? Sony, the ones who had ALL customers compromised??

I'm wondering how much MS's security issues have to do with EA's network, given that this is an EA account issue.

At least to Sony's credit, they didn't blame the users and act like everything is fine, all the while people keep getting victimized...which is what MS is doing.

Sony shut the whole thing down until they got a handle on it and then gave everyone free games and stuff to make up for it. MS needs to own up to the situation, if it is their fault or EA's, I don't know....but something has got to give.
Logged

XBox Live: Hetz OO
PSN: Hetz76
Steam: hetz_gg
Razgon
Gaming Trend Senior Member

Offline Offline

Posts: 8261


The Truth is out there


View Profile
« Reply #18 on: February 25, 2012, 07:15:54 PM »

Why all the MS vs SOE tension these days ? We all like games, so lets try and relax in our defense of our chosen platform - it doesn't lead to anything good.

Anyways - the FIFA thing is apparently just because they can buy fifa cards which is very easily sold off again and traded, thus earning money for the hackers.

The worst offenders is when the account is transferred to russia, making a transfer back impossible.
Logged

A new one
Harkonis
Gaming Trend Senior Member

Offline Offline

Posts: 9464



View Profile
« Reply #19 on: February 25, 2012, 07:51:38 PM »

I would lol if MS just shut down all EA services until this is fixed  ninja
Logged
Mystic95Z
Gaming Trend Reader

Offline Offline

Posts: 449


View Profile
« Reply #20 on: February 25, 2012, 08:04:31 PM »

^^ They actually should...
Logged
Hetz
Gaming Trend Senior Member

Offline Offline

Posts: 4195


View Profile
« Reply #21 on: February 25, 2012, 11:01:33 PM »

Quote from: Mystic95Z on February 25, 2012, 08:04:31 PM

^^ They actually should...

Yep....they really should....but it seems like MS is scared to death of EA and will not do anything to hurt their relationship with them and certainly will not throw them under the bus like that.

I really hope they do though. Something has to be done.
Logged

XBox Live: Hetz OO
PSN: Hetz76
Steam: hetz_gg
metallicorphan
Gaming Trend Senior Member

Offline Offline

Posts: 16378



View Profile
« Reply #22 on: February 26, 2012, 12:58:35 AM »

Quote from: Razgon on February 25, 2012, 07:15:54 PM

Why all the MS vs SOE tension these days ? We all like games, so lets try and relax in our defense of our chosen platform - it doesn't lead to anything good.


but you said your 360 smells!!,LOL..oh wait,sorry wrong thread Tongue
Logged

Manchester United Premier League Champions 2013!!

Xbox LIVE:Metallicorphan
Wii:8565 1513 0206 1960
PSN:Metallicorphan
Soulchilde
Gaming Trend Senior Member

Offline Offline

Posts: 4950


You and I have unfinished business


View Profile
« Reply #23 on: February 26, 2012, 02:45:56 AM »

GamingTrend Expose'  ..  just saying would make a awesome story or blog to bring some attention to the situation
« Last Edit: February 26, 2012, 02:47:40 AM by Soulchilde » Logged

Quote from: Devil on January 12, 2007, 01:14:38 AM

NiM$
th'FOOL
Executive Producer and Editor-At-Large
Gaming Trend Senior Member

Offline Offline

Posts: 4989


Never whistle while you're pissing


View Profile WWW
« Reply #24 on: February 26, 2012, 06:12:37 AM »

Yeah, happened to me too. I actually haven't re-instated my gold family account yet as it requires a card on record, and I don't trust ms with that info anymore.

There is a way to prevent this after the last dashboard update- shut off access to your live account from any other machine. MS should have emailed every account holder with that info when they enabled that feature IMO
Logged

Mike Dunn
Executive Producer & Managing Editor, GamingTrend
Isgrimnur
Gaming Trend Senior Member

Offline Offline

Posts: 8523



View Profile
« Reply #25 on: February 26, 2012, 06:14:24 AM »

I'll post my recommendation again.  My two credit cards (Citi and Discover) have the ability to create temporary account numbers that are available for a short (~1 month) period of time.  I used one when I signed up for my 3 months of SWTOR, so there's no chance of me missing the drop date and getting re-billed in the likely chance that I forget.
Logged

Hadron Smasher on 360; IsgrimnurTTU on PS3

I'd rather be watching hockey.
Destructor
Special Project Group
Gaming Trend Senior Member

Offline Offline

Posts: 15845


▲▲▼▼◄►◄►B A Start


View Profile WWW
« Reply #26 on: February 26, 2012, 03:02:58 PM »

Quote from: Hetz on February 25, 2012, 06:37:39 PM

At least to Sony's credit, they didn't blame the users and act like everything is fine, all the while people keep getting victimized...which is what MS is doing.

Sony shut the whole thing down until they got a handle on it and then gave everyone free games and stuff to make up for it. MS needs to own up to the situation, if it is their fault or EA's, I don't know....but something has got to give.

Exactly - despite the issues with Sony in the past, I trust them more than I do Microsoft, who is just sticking their heads into the sand and ignoring things.

That said, I don't have a card on file with my PS3 either because I never go online with it or visit their store.
Logged

"All opinions posted are my own, and not those of my employers, who are appalled."
Caine
Gaming Trend Senior Member

Offline Offline

Posts: 9127


My cocaine


View Profile
« Reply #27 on: February 26, 2012, 04:56:00 PM »

Quote from: th'FOOL on February 26, 2012, 06:12:37 AM

Yeah, happened to me too. I actually haven't re-instated my gold family account yet as it requires a card on record, and I don't trust ms with that info anymore.

There is a way to prevent this after the last dashboard update- shut off access to your live account from any other machine. MS should have emailed every account holder with that info when they enabled that feature IMO

Not sure what is more surprising, that the added this our that they didn't bother to tell us about it.  I will turn this on once I power up the system today.  Thanks for bringing this to our attention.
Logged

"It's like chess with big guns against aliens. Which isn't like chess at all when I think about it." - Jake Solomon
gellar
Gaming Trend Senior Member

Offline Offline

Posts: 8913


I'm a dolphin!


View Profile
« Reply #28 on: February 26, 2012, 05:34:13 PM »

Quote from: Caine on February 26, 2012, 04:56:00 PM

Quote from: th'FOOL on February 26, 2012, 06:12:37 AM

Yeah, happened to me too. I actually haven't re-instated my gold family account yet as it requires a card on record, and I don't trust ms with that info anymore.

There is a way to prevent this after the last dashboard update- shut off access to your live account from any other machine. MS should have emailed every account holder with that info when they enabled that feature IMO

Not sure what is more surprising, that the added this our that they didn't bother to tell us about it.  I will turn this on once I power up the system today.  Thanks for bringing this to our attention.

Yeah I'm pretty happy with that feature myself.  Thanks for bringing it up.  Of course it may be a pain in the ass to 'reset' it when this 360 eventually goes tits up like the others, but it's probably a worthy feature nonetheless.

I'm still of the 'no conspiracy theory' camp.  Lying and covering up to the general public would cost MSFT literally billions of dollars and have huge far reaching affects.  Fessing up to a breach wouldn't cost nearly as much.  I really think there's no way of MSFT specifically knowing of a breach event.  If there was, I also think the effects would be far more obvious and some hacker group would be claiming victory.

I believe the breaches are a combination of a number of factors: 
1)  MSFT originally tying XBL accounts to MSN accounts.  This increases the surface area of attack significantly AND makes passwords less secure because people are entering them more often in different places.
2)  Poor policies on login validations somewhere in the chain, making brute force attacks relatively easy. 
3)  In general, piss poor login/password practice on the end users part.

Fundamentally, it comes down to the fact that username/password just isn't good enough anymore.  Two factor is really required for security, and Microsoft has finally given us that to an extent by giving the option of requiring the second factor of the physical Xbox itself.

And lastly, I'll link my favorite comic on username/passwords:
Logged
Razgon
Gaming Trend Senior Member

Offline Offline

Posts: 8261


The Truth is out there


View Profile
« Reply #29 on: February 27, 2012, 07:54:35 AM »

Hmm, anyone here who can tell me who to deny acces to LIVE from anywhere but your console? I checked my security settings and cant see it anywhere.
Logged

A new one
Mithridates
Gaming Trend Senior Member

Offline Offline

Posts: 631


View Profile
« Reply #30 on: February 27, 2012, 11:22:40 AM »

Quote from: Destructor on February 25, 2012, 06:20:14 AM

And one wonders why I've pulled the plug on my 360 account and deleted my CC from it for good - I don't trust their security at all anymore.

I guess I wonder.  Deleting the CC makes sense, but deleting the account seems like overkill.  If you weren't going to use LIVE anymore because you simply don't play 360 multiplayer, then that reason makes sense.  To delete because you don't trust their security when you have nothing really at risk(you could keep your points balance low) seems like paranoia to me.
Logged
MonkeyFinger
Gaming Trend Senior Member

Offline Offline

Posts: 3174



View Profile
« Reply #31 on: February 27, 2012, 02:43:30 PM »

Quote from: Razgon on February 27, 2012, 07:54:35 AM

Hmm, anyone here who can tell me who to deny acces to LIVE from anywhere but your console? I checked my security settings and cant see it anywhere.

Wondering the same thing as I couldn't find it either.
Logged

-craig

PSx: MonkeyFinger
XBx: MonkeyPhinger
Razgon
Gaming Trend Senior Member

Offline Offline

Posts: 8261


The Truth is out there


View Profile
« Reply #32 on: February 27, 2012, 04:13:25 PM »

Well, I've checked both Xbox.com and my Xbox for any settings to do this, but can't find it.

Did you make this up, Gellar and th'Fool?
Logged

A new one
Kagath
Gaming Trend Senior Member

Offline Offline

Posts: 2481


View Profile
« Reply #33 on: February 27, 2012, 05:07:57 PM »

https://live.xbox.com/en-US/Profile/Protection

Go to your Live 'homepage' and look in the Account area on the left. Should be at the bottom right of the Account page.
Logged

Playing: ? 360 | FO: New Vegas | BF4 PC / 360 | ? - WINGS *are* shit lately.
PSN/Live: MrStark77
Razgon
Gaming Trend Senior Member

Offline Offline

Posts: 8261


The Truth is out there


View Profile
« Reply #34 on: February 27, 2012, 05:12:59 PM »

Well, I have seen that one, but that's just that you can require a password to be used, right? Or am I misreading this completely?
Logged

A new one
Purge
Gaming Trend Staff
Gaming Trend Senior Member

Offline Offline

Posts: 18512


Thirty. Minutes.


View Profile WWW
« Reply #35 on: February 27, 2012, 05:17:47 PM »

It isn't a "lockdown" then - it simply doesn't allow a certificate to be generated from cached credentials, correct?

And then, to the point Caine raised : this security feature seems to be enabled by default, so while they added it, for the most part it should be invisible to user experience unless they get a new machine / access their account from another console that wasn't previously cached, and get prompted for the live account password.
« Last Edit: February 27, 2012, 05:21:36 PM by Purge » Logged

"If it weren't for Philo T. Farnsworth, inventor of television, we'd still be eating frozen radio dinners." - Johnny Carson
Kagath
Gaming Trend Senior Member

Offline Offline

Posts: 2481


View Profile
« Reply #36 on: February 27, 2012, 05:21:10 PM »

Quote from: Razgon on February 27, 2012, 05:12:59 PM

Well, I have seen that one, but that's just that you can require a password to be used, right? Or am I misreading this completely?
That's all I've seen so far unfortunately. A step in the right direction but still not enough.
Logged

Playing: ? 360 | FO: New Vegas | BF4 PC / 360 | ? - WINGS *are* shit lately.
PSN/Live: MrStark77
Razgon
Gaming Trend Senior Member

Offline Offline

Posts: 8261


The Truth is out there


View Profile
« Reply #37 on: February 27, 2012, 05:22:07 PM »

yeah, well, what Thfool and Gellar said was that you could lock down xbox love to one console only... Which would be nice :-)
Logged

A new one
Purge
Gaming Trend Staff
Gaming Trend Senior Member

Offline Offline

Posts: 18512


Thirty. Minutes.


View Profile WWW
« Reply #38 on: February 27, 2012, 05:22:49 PM »

It would be nice if there was a "only use X console", but that isn't a common security feature on any software/hardware platform that authentication can't overcome.

Imagine if you lost a console (stolen, broken) and could not adjust the account to a new console.

This is forcing someone to actually know your live account info and password.
Logged

"If it weren't for Philo T. Farnsworth, inventor of television, we'd still be eating frozen radio dinners." - Johnny Carson
Razgon
Gaming Trend Senior Member

Offline Offline

Posts: 8261


The Truth is out there


View Profile
« Reply #39 on: February 27, 2012, 05:47:50 PM »

Well, yeah - but its what they said there existed or do I completely fail at understanding them?

Also - with the new mobile phone helper, its pretty easy unless they steal your phone as well to confirm who you are.
Logged

A new one
Pages: [1] 2   Go Up
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines
Valid XHTML 1.0! Valid CSS!
Page created in 0.236 seconds with 103 queries. (Pretty URLs adds 0.126s, 2q)