Ricardo Trejo Jan 16, 2012 Follow Me Follow Me Follow Me Follow Me Follow Me Follow Me Follow Me Follow Us Gaming, Geek Culture, Hacks, Internet, Microsoft, News

When you’re the victim of fraud most people tend to think that they’re going to get immediate support to help remedy the issue. I mean c’mon, we’re talking money here! Y’know, the stuff that makes the world go round? Unfortunately, a quick resolution to this sorta of theft is as big a dillusion as thinking you’re going to feel right-as-rain upon arriving at the hospital after a horrific car crash. It’s just not going to happen, especially when you’re given the run-around. Specifically, after a stunning number of frauds being reported within the past week from Xbox Live, you’d think Microsoft would be ready with a band-aid at least, no? Sadly, so is not the case. In fact, their public statement reassures customers that there’s nothing going on beyond users being too lax with passwords and letting their guards down against phishing tactics. The facts say otherwise.

Microsoft refuses to admit security flaw for users who have gotten accounts compromised and subsequently stolen from:

‘Microsoft can confirm that there has been no breach to the security of our Xbox Live service.The online safety of Xbox Live members remains of the utmost importance, which is why we consistently take measures to protect Xbox Live against ever-changing threats. Security in the technology industry is an ongoing process, and with each new form of technology designed to deter attacks, the attackers try to find new ways to subvert it.

We continue to evolve our security features and processes to ensure Xbox Live customers information is secure. Online fraud and identity theft are industry-wide problems, and as such people using any online services should set strong passwords, not share those passwords across multiple services and refrain from sharing any personal details that could leave them vulnerable.

As always, we highly recommend our members follow the Xbox Live Account Security guidance provided at http://xbox.com/security to protect your account.’

Now to give those of you who are lost here a little background, there was an incident involving an Xbox Live user who had her account compromised and then reported it Microsoft, who then pretty much did nothing except tell her it would be taken care of. Her entire story and ordeal can be read on her own Tumblr blog — Hacked On Xbox.  

The chain of events that unfolded before Susan Taylor could be likened to one of those Lifetime movies where there’s this psycho stalker threatening to kill an average girl, and only to be laughed at or ignored when she reports the situation to the police. Now before I continue, I’m not relating that analogy because Susan is a girl — far from it. Heck, after you hear about the detective work she did to uncover how she was hacked you’ll think she’s the Batman herself! 

How hackers are stealing your accounts

But what I will say is that this sorta stuff is happening before Xbox’s eyes, and instead of pubicly telling people about specific dangers involved to using their service, especially linking your Paypal account to your Live account, they’re saying that the users should be more wary themselves to hackers and their plans. Though we got ourselves a little birdy (a.k.a. Susan Taylor and her Dark Knight skills) who gave us in detail how hackers are getting their hands on your gamertag and then buying points with your account, only to sell it off on eBay to users offshore:

“Step One: Obtain username/password of account currently in use (I cannot work out how he obtains this information)
Step Two: Purchase Family ‘Gold’ Pack for the hacked account (this means he can now transfer points between the accounts he lists on the family pack)
Step Three: Purchase 10,000 MS Points (4000/6000) 
Step Four: Create multiple (number unknown) brand new Xbox accounts (typically American accounts)
Step Five: Transfer all purchased points to these accounts (divide among multiple accounts or send full amount straight to a single one)
Step Six: Sell the account that has these points on to people, charging a smaller amount than Microsoft would charge for the points alone
Step Seven: Rinse, repeat, profitprofitprofit!”

The madness doesn’t stop there, since AnalogHype was able to find out how hackers are getting your passwords to your gamertags in the first place — something that Microsoft says you should be able to prevent.

On the flipside of things, the one thing we can tell you do for the utmost in protection agains this sort of thing is simply to not have a credit card tied to your Xbox Live account. Use pre-paid cards to buy points, and when it comes to renewing your subscription, you can do that through Xbox’s website without the need for an ongoing credit card to be linked to your gamertag. That being said, also stave away from using Paypal for Xbox too, and you shouldn’t need worry even if you get hacked.