Another Acct Hijack - Page 3 - AVS Forum
Forum Jump: 
Reply
 
Thread Tools
post #61 of 82 Old 02-06-2012, 07:38 AM - Thread Starter
Senior Member
 
speedy_racer's Avatar
 
Join Date: Sep 2007
Location: Tennessee
Posts: 410
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 13
It's been 10 days and still no MS points in my acct. I've had no gamertag issues and they got my money back quick so no real complaints but still.... this is their currency and it should be dead simple to fix.

XBL: bigorangeking


Elite Club of Awesomeness Member
 

speedy_racer is offline  
Sponsored Links
Advertisement
 
post #62 of 82 Old 02-06-2012, 11:13 AM
AVS Special Member
 
gameboy's Avatar
 
Join Date: Apr 2002
Posts: 1,780
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 15
Quote:
Originally Posted by cuco33 View Post

It's not impossible if it happened, and followed what you mentioned.

You can say they followed those instructions, but the fact that they were breached says that they did not.

I am sorry, but the odds of somone's account being hacked when you follow the above procedure properly is 1 in several billion. No one is accusing Live of back-end hack. Most are pointing to the brute force attack. Brute force does not work if your password is not shared and is of sufficient complexity.
gameboy is offline  
post #63 of 82 Old 02-06-2012, 12:46 PM
AVS Special Member
 
formulanerd's Avatar
 
Join Date: Nov 2006
Location: Colorado
Posts: 9,373
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 12
Quote:
Originally Posted by gameboy View Post

You can say they followed those instructions, but the fact that they were breached says that they did not.

I am sorry, but the odds of somone's account being hacked when you follow the above procedure properly is 1 in several billion. No one is accusing Live of back-end hack. Most are pointing to the brute force attack. Brute force does not work if your password is not shared and is of sufficient complexity.

I'd put more money on social engineering than brute force even... A computer system is only as secure as the dummy at the terminal.

No trees were harmed forming this post, though many electrons were inconvenienced.
SERGEANT SERGEANT MASTER SERGEANT SHOOTER PERSON
Then:|A40|AX720|F1|K702|DT880|ES7|MS2i Now:|MS1|AD700|PC360|A30
formulanerd is offline  
post #64 of 82 Old 02-06-2012, 01:17 PM
AVS Special Member
 
RemoWilliams84's Avatar
 
Join Date: Aug 2009
Location: Huntsville, AL
Posts: 1,967
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 9 Post(s)
Liked: 253
Quote:
Originally Posted by formulanerd View Post

I'd put more money on social engineering than brute force even... A computer system is only as secure as the dummy at the terminal.

Or the dummy at Microsoft Account services giving someone your password (or resetting it and telling it to them). Seems this is one of the theories as to what is happening.

Xbox Gamertag/PSN ID: RemoWilliams84

"I started out with nothing, and I still got most of it." -Seasick Steve

RemoWilliams84 is offline  
post #65 of 82 Old 02-06-2012, 01:35 PM
AVS Special Member
 
gameboy's Avatar
 
Join Date: Apr 2002
Posts: 1,780
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 15
A support personnel cannot read your password. Even a person who has the direct access to the database cannot read it as it is encrypted.

It can be reset, but that requires that you have access to the email account that is tied to that account.

Not likely to be a source of any significant breach.
gameboy is offline  
post #66 of 82 Old 02-07-2012, 05:50 AM
AVS Special Member
 
RemoWilliams84's Avatar
 
Join Date: Aug 2009
Location: Huntsville, AL
Posts: 1,967
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 9 Post(s)
Liked: 253
all hail gameboy, the all knowing...

Xbox Gamertag/PSN ID: RemoWilliams84

"I started out with nothing, and I still got most of it." -Seasick Steve

RemoWilliams84 is offline  
post #67 of 82 Old 02-07-2012, 09:45 AM
AVS Special Member
 
gameboy's Avatar
 
Join Date: Apr 2002
Posts: 1,780
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 15
Quote:
Originally Posted by RemoWilliams84 View Post

all hail gameboy, the all knowing...

We are not talking about rocket science. This is a pretty standard procedure for practically any website with access control (who actually care about security).

Go ahead and contact support for any website you frequent and try to get the actual password instead of reset. I doubt that you will succeed.

Being ignorant and spreading false information is nothing to be proud of.
gameboy is offline  
post #68 of 82 Old 02-07-2012, 10:18 AM
AVS Special Member
 
mboojigga's Avatar
 
Join Date: Mar 2006
Location: Little Rock AFB, Arkansas
Posts: 7,959
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 24 Post(s)
Liked: 434
http://majornelson.com/2012/02/07/a-...your-security/

A Letter from Alex Garden: Your Security

The following is a letter from Alex Garden, General Manager of Xbox LIVE, that he wanted me to share directly with the Xbox LIVE community:

Your Security is Important to Me

Since today is Safer Internet Day, I thought it'd be a good opportunity to share a few things that have been on my mind these last several months. Here at Microsoft we view this day through many lenses from online safety to privacy to account and data security and more, and we take your security and online safety very seriously.

As all of us know, account hijacking across the Internet continues to grow. It's a thriving - albeit illegal - industry affecting online services the globe over. Last year, there was a surge of personal information being compromised and sold, and this undoubtedly has had an impact on all of us. While we here at Xbox have no evidence of a security breach in the Xbox LIVE service, that is of little comfort to our members whose accounts have been compromised by malicious and illegal attacks.

It's in this vein I'm reminded how important it is to listen to you, our members - to really listen, to really hear and to really do something with what you say. I can assure you we are listening and continue to take aggressive steps to help protect you against ever-changing threats. We also care deeply about how this ongoing issue affects your experience with Xbox LIVE and your trust in us.

Security is an ongoing battle. No matter how well we work to improve security - and we are working every day to bring new forms of protection to Xbox LIVE - our work will never end. With every measure we put in place, ill-intentioned people will create new ways to attack online services.

That's why I believe it's more important than ever that our members are armed with information and security tools to actively partner with us in this war on fraud. We have a dedicated web page at http://xbox.com/security detailing all the steps you can take today to help protect your account.

What you'll see here is the most common sources of attack continue to involve:

· social engineering to gather information about the user to guess the password;
· phishing, whereby the user types the account password into an illegitimate website that is pretending to be something else;
· malicious software on the computer that has captured the password; or
· using the same password from another online service that has been breached.
I share these realities in hope that our members will work with us to reduce the ease of access for hackers. Personal account security starts with setting strong passwords and routinely changing them, using a valid email and a unique password for each online service, adding a phone number, alternate email address, and a unique and private security question via the Windows LIVE ID Account Management site, and reducing the amount of personal information shared online or through social networks. More and more, being mindful of where you login to online services, even when not using Xbox LIVE, and using single-use codes, provides added protection, especially when you're signing in from a PC that isn't your own. Working together we can prevail over the criminals.

I realize it may fall flat when we don't share specific details of our security architecture. However, some of the security measures we have in place to help protect our members include password-attempt throttling, CAPTCHA (an industry-standard anti-scripting measure designed so that an actual human needs to answer the challenge), strong proofs (trusted PC, pin sent to cell phone, secondary e-mail and security questions), and account lockout for multiple failed attempts and compromised accounts, which we investigate and recover to the rightful owner.

Getting ahead of potential threats of harm is an important area of focus. At a broader level, Microsoft continues to investigate cyber-criminals and bot nets, and help shut them down. And although this is an industry-wide challenge, we are an industry-leading company that believes in our responsibility to actively address online fraud and identity theft. As part of this commitment, we continue to put in place security features and process improvements to help secure Xbox LIVE.

Recovering compromised accounts - in a timely manner - is also a priority and an area where we've made, and will continue to make, improvements. We have invested more resources in our account recovery process and as a result, for most new fraud cases we are now able to investigate and return accounts within three days. For users who have added strong proofs to their accounts, this may be as fast as 24 hours. We still have a few cases that are taking longer to fully recover and some refunds are still being processed, but we're making great strides. We hope our customers are experiencing the improvements firsthand.

We do not take lightly the frustrations we've heard from our loyal Xbox LIVE members and remain committed to addressing and persistently resolving our customers' individual and collective concerns. For now, if you have a problem we haven't yet resolved, please email me. Also tune into Major Nelson's podcast this week to hear more about our work in the war on fraud.

With my sincere commitment to listen and take action,

The 5.0 is here
mboojigga is offline  
post #69 of 82 Old 02-07-2012, 12:07 PM - Thread Starter
Senior Member
 
speedy_racer's Avatar
 
Join Date: Sep 2007
Location: Tennessee
Posts: 410
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 13
Well, I took Mr. Garden at his word and sent him an e-mail abut my issue. I don't really expect anything other than a form letter reply, but I will keep you posted. I also invited him to AVS and the xbox section specifically. I can't imagine he would ever expose himself to a public forum, but wouldnt it be cool.

XBL: bigorangeking


Elite Club of Awesomeness Member
 

speedy_racer is offline  
post #70 of 82 Old 02-07-2012, 03:01 PM
Senior Member
 
markc72's Avatar
 
Join Date: Jan 2008
Location: Plainfield, IL
Posts: 362
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 10
I just emailed him as well. I'm still been out an account since the end of October. Went to the BBB the other day as well to hopefully give a little more pressure on MS. I am completely frustrated with this whole process that I have gone through.

Come join our adult gaming community at www.syndicatedgaming.net


XBL and Steam: diehardcubfn
markc72 is offline  
post #71 of 82 Old 02-08-2012, 06:18 AM
Senior Member
 
markc72's Avatar
 
Join Date: Jan 2008
Location: Plainfield, IL
Posts: 362
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 10
Alex Garden actually emailed me last night, and when I called in again to Xbox support to bitch again, I was able finally get my account back. Took a bit, but I mentioned to the manager that I contacted the BBB and this GM Alex, and after that they were magically able to get my account back.

Alex email just noted that he would look into it and thanked me for reaching out.

Come join our adult gaming community at www.syndicatedgaming.net


XBL and Steam: diehardcubfn
markc72 is offline  
post #72 of 82 Old 02-08-2012, 07:28 AM - Thread Starter
Senior Member
 
speedy_racer's Avatar
 
Join Date: Sep 2007
Location: Tennessee
Posts: 410
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 13
I got the same reply to my email, but I was also contacted by an "XBOX Exceptions Analyst" who had been contacted by Mr. Garden and I was told that they would do all they could to expedite this. I was rewarded with.....I could not log in to my acct last night. All other accts were good. I checked my emails this morning and saw that apparently sometime last night my password was reset and I had a message asking for approval or denial. I denied the password change request and went to Xbox Live to see my acct......could not log in with my password and trust me it is a good one...over 10 character with numbers, case changes and symbols. Sooooo now I did do a password reset and checked my acct and everything is good with the exception that my MS points balance is still zero.

I am curious about where the password reset came from though. I would assume that anyone with your user ID can request a password change and if they have access to any of the e-mail accts, they could intercept the request, approve it and make the changes? So, if the bozo who had my id a couple of weeks ago tried to login and could not, they could do a password change request just to be irritating. When the problem occurred, I also updated all of my e-mail passwords, so I am assuming that if they had ever gained access there, that they no longer can and may only be doing this to be a pain. I guess, I may need to change my user ID for xbox login's.

XBL: bigorangeking


Elite Club of Awesomeness Member
 

speedy_racer is offline  
post #73 of 82 Old 02-08-2012, 09:29 AM
Senior Member
 
markc72's Avatar
 
Join Date: Jan 2008
Location: Plainfield, IL
Posts: 362
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 10
I got the call too from the Xbox Exceptions Analyst an hour ago. Gave me a year worth of live plus the rep last night gave me 6 months, so I got 1.5 years of XBL for 3.5 months of frustrations. I guess it's pretty fair.

Come join our adult gaming community at www.syndicatedgaming.net


XBL and Steam: diehardcubfn
markc72 is offline  
post #74 of 82 Old 02-08-2012, 09:37 AM
 
spyder696969's Avatar
 
Join Date: Sep 2005
Location: Land of many wives
Posts: 9,328
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 123
Quote:
Originally Posted by markc72 View Post

I got the call too from the Xbox Exceptions Analyst an hour ago. Gave me a year worth of live plus the rep last night gave me 6 months, so I got 1.5 years of XBL for 3.5 months of frustrations. I guess it's pretty fair.

$45 of free service wouldn't be worth one day (let alone 3 whole months ) of frustration for me, but at least they gave you a tiny token consolation for all your work and effort. Good luck!
spyder696969 is offline  
post #75 of 82 Old 02-08-2012, 10:27 AM
AVS Special Member
 
Lord_Zath's Avatar
 
Join Date: Jul 2008
Posts: 5,246
Mentioned: 1 Post(s)
Tagged: 0 Thread(s)
Quoted: 29 Post(s)
Liked: 69
Quote:
Originally Posted by spyder696969 View Post

$45 of free service wouldn't be worth one day (let alone 3 whole months ) of frustration for me, but at least they gave you a tiny token consolation for all your work and effort. Good luck!

At least they didn't give him FIFA player packs.
Lord_Zath is offline  
post #76 of 82 Old 02-08-2012, 02:25 PM
AVS Special Member
 
pjb16's Avatar
 
Join Date: Jul 2007
Location: Katy, TX
Posts: 1,331
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 11
Quote:
Originally Posted by markc72 View Post

Alex Garden actually emailed me last night, and when I called in again to Xbox support to bitch again, I was able finally get my account back. Took a bit, but I mentioned to the manager that I contacted the BBB and this GM Alex, and after that they were magically able to get my account back.

Alex email just noted that he would look into it and thanked me for reaching out.

What exactly is the BBB going to do?

PSN - Mr_Frisch
XBL - Mr Frisch
Steam - Sneaky Pete
pjb16 is offline  
post #77 of 82 Old 02-09-2012, 06:20 AM
Senior Member
 
markc72's Avatar
 
Join Date: Jan 2008
Location: Plainfield, IL
Posts: 362
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 10
Quote:
Originally Posted by pjb16 View Post

What exactly is the BBB going to do?

Alex got wind of it as well as the other guy, so it lit a bit of a fire under them.

Come join our adult gaming community at www.syndicatedgaming.net


XBL and Steam: diehardcubfn
markc72 is offline  
post #78 of 82 Old 02-09-2012, 07:15 AM - Thread Starter
Senior Member
 
speedy_racer's Avatar
 
Join Date: Sep 2007
Location: Tennessee
Posts: 410
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 13
Missed a call from Xbox last night but got their e-mail this morning stating that they had concluded the investigation and my balance had been refunded. So, I checked to verify and balance is still zero. WTF. I mean really? Call me and send me an e-mail and it still is not fixed?

XBL: bigorangeking


Elite Club of Awesomeness Member
 

speedy_racer is offline  
post #79 of 82 Old 02-09-2012, 10:52 AM - Thread Starter
Senior Member
 
speedy_racer's Avatar
 
Join Date: Sep 2007
Location: Tennessee
Posts: 410
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 13
Situation resolved. I was e-mailed codes for 2200 MS points(originally missing 2130) and 1 month of Live service.


Summary... Approximately 2 weeks to resolve the issue and I was only locked out of my acct for 1 day. Money refunded to my credit card within 2 days and I got an extra 70 MS points and a free month of Live for my trouble.

Not the best resolution that I have been involved in but I am also dealing with my insurance company over a minor flooding disaster at home that has not been resolved since 12-21. Microsoft>Allstate.

XBL: bigorangeking


Elite Club of Awesomeness Member
 

speedy_racer is offline  
post #80 of 82 Old 02-09-2012, 12:35 PM
Senior Member
 
mjfoster77's Avatar
 
Join Date: Jun 2009
Posts: 202
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 10
I've run into similar problems. My acount was hacked in Nov. After about 9 weeks and countless calls, I was given my account back. They also refunded the money that was charged to my credit card. However they have still yet to give me my months of live and my points that were on the account prior to being hacked back. I called a week after I got my account back... they said you will get a call or a email in a day or up to a week from now. A week goes by no call. So I did the online chat yesterday.... the "customer service" guy has no answers. Once again he gives me the standard you'll hear something in a week. I complain that my "free" month of live will expire in a week and I still don't have my crap back. So he gives me 2 months free.


I know this is going to go on another 2 months. I don't understand how you can do an investigation and complete it without looking at my months of live and my points that were taken. After 2+ months you think they would at least get it right.

For anyone who has been waiting for awhile to get their account back ask to speak to a manager. That sped it up for me. Turns out when they called a month after my account was hacked to get a good email, the person that entered the info was supposed to create another case. They point it with the original case. So after like 8 or so people reading the case one figured t out the isssue. Gotta love it

xbox live:sixsec assassin
mjfoster77 is offline  
post #81 of 82 Old 02-21-2012, 05:14 AM
Senior Member
 
mjfoster77's Avatar
 
Join Date: Jun 2009
Posts: 202
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 10
Ok so, the frustration continnued. After probably a month of calls about not getting my live points and months of live back it has finally be fixed.

I would say it took another 4 calls to resolve the issue. The customer service is a joke at best. The third person I dealt with seemed to have a clue. So he wrote a not to the escalation team, and clearly stated I need my points back and my months of live back. All these things were on my account prior to beinng hacked. So he writes it and reads it back to make sure it is exactly what the issue is. About a day later I get a email from customer service email saying you $139.00 can take up to 1 -2 billing cycles to appear on you credit card. Wtf..... that wasn't the issue at all, the money was returned a month prior.

My advise if it isn't resolved quickly ask to speak to a manager. Everytime I spoke to a manger... things got done. They gave me 3 months of live for my trouble, and a week or two prior they gave me 2 months. but still this was going on since november. Absolutely crazy.

xbox live:sixsec assassin
mjfoster77 is offline  
post #82 of 82 Old 02-21-2012, 07:16 AM
Senior Member
 
jbsimm2's Avatar
 
Join Date: Feb 2008
Posts: 309
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 1 Post(s)
Liked: 18
I think I had a similar problem, though my account was not hacked. I went to migrate my profile to my new xbox and it wouldn't go. I logged into my windows live account to make sure I was inputting the correct email/password, and it told me my account was blocked.

It wanted me to change my password and I did, and after that everything was ok. There was no reason why it was blocked except that I violated the TOS some how? ok. well the next day I got a phone call at work from our corporate security. (my windows live ID is my work email) seems my email was compromised and they had my (old) password. they intercepted some chinese website that had all this info and they were calling everybody who was an employee that was on this list to tell them. (there were apparently a lot)best as I can tell is Windows live ID was compromised, as that was the only thing I used that email password combo.
jbsimm2 is offline  
Reply Xbox Area

User Tag List

Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off