My account got hacked hope this helps others:

Well, my account got hacked on Friday last week. I was at work, and i was checking my email through my phone, and I got a message from Xbox 'congratulations on purchasing 1600 MS points' (which I obviously did not). My initial thought was my kids must have done something. Latter in the day when I was at my computer I logged into Xbox.com and noticed that I had only 14 MS points. The day before I had about 10 700 MS points. I then check purchase history and notice someone was on a buying spree of 'Premium Gold Pack consumables' each for either 240 MS points or 280 MS points. Also I now have 2 achievements in FIFA 12, a game that I do not own or care to ever play.

Anyways I contacted MS, gave them the info, and now my account has been turned over to the fraud department. Thus I have no access to anything with my windows live ID for 25 business days they say.

On further searches on how this could have happened to me (the hacker would have to know my email address and password), it seems that this is not an uncommon occurance with EA and FIFA. The fundamental problem apparently is that EA is now charging MS points for in game content that is transferable. People have to buy in game 'cards' with MS points, and hope that they get a good player by using the in game currency. By spending real money, you can then build an ultimate team of great players. These players apparently can then be sold via ebay etc to other people for real money. Thus EA and FIFA in particular is now a money laundering game where MS points are spent to build a team of great players and then that team can be sold on ebay for real money. Thus, crazy European/Asians (sorry, but I am mad) soccer fanatics are somehow hacking peoples accounts, spending MS points, buying more MS points via associated credit cards, and buying in game content on FIFA to build the ultimate team. In my case, they spent about 12500 MS points.

Now there are rumors that EA itself is the leak, and somehow people are getting email addresses and passwords from EA (there are even threads on different forums on how people are calling into EA, claiming that they lost their passwords and email address and EA has been giving them out). In my case, unfortunately, my password and email is the same on most gaming sites (including EA, MS, trueachievements, etc). Thus hackers have correctly assumed that emails and passwords are similar and that is how they get access to Xbox accounts.

I have obviously changed my password of my wndows live account immediately, and it is now different that everything else. More than loosing the points (worth >$125), and loosing the access to my gamertag for the next 5-6 weeks, I feel vulnerable, and violated that someone (punk) took my account and bought in game content in a stupid soccer game. I am even more upset at EA for starting this trend (I have already been upset and created a personal boycott on all new EA games becauase of their server closure issues) of in game ultimate team content that costs MS points.

Just imagine if the next Madden game came out, and you had to spend MS points for buying a pack of 'cards' with the chance of getting Drew Breese or Tom Brady in one of those cards, so then you can play him on-line? EA is the root cause of the problem, and though the hackers are the real bad people, EA is setting up a system to encourage hacking of accounts to 'steal' money.

At the end, my suggestion to everyone is to make sure that your email/password for windows live ID is different that that used on gaming websites (like EA) as I am sure that is where the leak for my information came from. For years I never had a credit card associated with Xbox, until I made a gold family account last year, and now I cannot remove it. The other issue is that there is no added security option on Xbox (like a pin or the 3-4 digit security number on the cc that many other sites require).

Oh well, its only my Xbox account not not real life credit card fraud etc. so looking at it from another perspective, this is a wakeup call for being even more careful with emails/passwords etc. The purpose of this thread to to alert others about this possibility and to make sure that your account information at EA is different than Xbox.

Here are a few excerpts from another website describing the process in better detail than I did:

I'm very sorry for the long post but I feel that it's about time that gamers and journalists started paying more attention to just what EA is implementing in their sports games. EA is gaining a ridiculous amount of money through exploitative free-to-play game design and encouraging players to gamble with real money.

For those that don't know, FIFA Ultimate Team is a game mode in FIFA where you gain players by buying packs of random cards (cards include players, kits, stadiums, contracts - everything you need to build a team) with either in game points or real money. You gain in-game points by winning online/offline tournaments or trading players in the in game marketplace. This may sound unremarkable, free-to-play models are not unusual. But this is different from other models for a number of reasons.

Firstly this is not free-to-play, EA expects that you pay full retail price (see online pass) to indulge in their 'free-to-play' style of game design. EA has intentionally set up FIFA Ultimate Team so that it is virtually impossible to gain a top team of players without using real currency, you gain a very small amount of in-game 'coins' playing matches and have to pay (in-game coins) for the upkeep of your team through player contracts and injury management. So you pay full price for a game and realise that the game is designed in such a way that you have to pay more real money in order to gain a competitive team.

In FIFA ultimate team cards can be traded in game with coins, the disparity between the value of cards in the marketplace is vast, the difference between about 350-1000 coins for average players and millions of coins for the top players that everybody wants - Messi, Ronaldo, Rooney etc. There is virtually no way of gaining millions of coins in game without spending real money on packs of cards. Even buying packs is no guarantee of making coins, you have to hope that your pack contains a top player that you might be able to sell in game for a reasonable ammount of coins, or there is really no point. This is essentially a gamble, the player is expected to gamble their real money on a chance of getting a top player. Unlike other free-to-play games you can't simply buy items, you are forced to gamble for them.

The way EA has implemented free-to-play models in their full retail price games is also present in NHL. The be-a-pro mode is designed in such a way that if you want a top stats be-a-pro player (Crosy, Overshkin level stats) you have to play literally hundreds of games (several full seasons) to gain the requirements for unlocking upgrades, or of course - unlock the upgrades with real money.

The free-to-play model of design in full retail price games is exploitative to the extreme when you consider that a new FIFA/NHL game comes out every year, requiring the player to have to start from scratch each year with no character/team import options.

The FIFA ultimate team model is much worse than just free-to-play game design in a full retail game. It really is encouraging gambling with real money. The FIFA forums have numerous threads where players have formed an addiction from this gambling, the adrenaline rush from opening a pack is the same as the rush somebody might get scratching a scratch card or pulling the lever on a fruit machine. People have reported feeling out of control and spending litterally hundereds of pounds on packs on a quest to gain an 'ultimate team'. The problems associated with gambling are all present here making ultimate team no more than an in game casino.

I feel that £40 for a retail copy of an EA sports game more than covers their costs for one years development and allows for a good profit, many people would argue that this is overpriced for a glorified roster update. But EA feels that they need to exploit players with free-to-play game design and modes that encourage gambling of real money.

It's really no surprise to me that hackers are buying packs of players on FIFA ultimate team, they are probabIy feeding their gambling addiction. I wish the industry would pay more attention to EA's outrageous behaviour.


Here is another excerpt:


FIFA is 100% to blame if you got hacked and notice FIFA activity on your gamer tag. Specifically Ultimate Team. This has been an ongoing problem since FIFA 10, but it is just now really starting to gain momentum. With FIFA 12 Ultimate team is on the disk, meaning that it is not DLC. In previous years it was DLC. In FIFA 09 it cost 800 MS Point. In FIFA 10 it cost 400 MS Points. In FIFA 11 it was free and now in FIFA 12 it is still free and on the disk.

The gentleman a few posts up form me explained Ultimate Team and how it works very well. So, I will not explain it, but I will explain why this is such a lucrative scam for those involved in hacking accounts.

Think of the goods in Ultimate Team.....namely the cards and coins as the currency. The "consumer" is the person who wants these goods without having to work for them in game. The scammer/hacker is the one who will provide these goods at a real world cost. The only way the scammer can profit from this is by having lots of the goods at his disposal. The only way to get that is either by scamming individual players or by hacking XBOX Live accounts. That is the short of it....

Turns out hacking an EA account is extremely easy. I have seen numerous posts on the official EA forums about people getting hacked by people who's only mode of hacking was a simple call to EA customer support. Once they contacted EA support they would then advise the support person that they had lost their EA account details for their gamer tag. Then EA would simply hand over those account details and you can figure out what happens from here. Since most people with EA accounts probably use the same email address and password for both Live and EA it was an easy social engineering hack. EA has since the release of 12 upped their account security a bit, but it is still lax.

The bigger issue is the Chinese websites that are actively selling "preloaded" MS Point accounts (gamer tags). These are hacked accounts that are beefed up with MS points and then sold on to people for a price. I only know of such sites as they have been mentioned numerous times on the official EA Ultimate Team forums. People then use these accounts to log on to FIFA and blow all the points on Ultimate Team packs then ship those items over to their main account most likely through EAs web app for Ultimate Team. This is not unlike World of Warcraft account hacks. Where your account would get hacked...typically by some Chinese gold farming operation...emptied and all items sold and then traded onto a feeder account.

This is only going to become more prevalent in the coming years as free to play and micro transactions become more the norm. There will always be the people that don't want to work their asses off to gain their virtual goods and their will always be someone whose has hacked and scammed and stolen to provide them those goods. The game companies are to blame if they do not start to step up their security protocols within these games and make them more like financial institutions than a silly video game. The security needs to be as robust as your bank....not Hello Kitty Island.

I am a very active member in the FIFA Ultimate Team community...it truly is an excellent game mode in an already excellent game. Sadly there are people trying to exploit others to make a buck.

On a side note....FIFA is the worst online gaming community on the planet and stuff like this along with non stop cheating and exploiting the game online are the norm. It is the worlds biggest game and as far as sports video game franchises is the king of the hill worldwide. It is one of the top selling games in the world every year....not top selling sports game....but top selling game.

Look, the whole point of this post was to potentially help fellow AVS'ers. The point of posting the long quotes was to explain the situation on why FIFA is a targeted game, and why people are hacking accounts. I have no idea how my account information was obtained by the hacker(s). I mention the lax security at EA as a possible source. I probably have at least 30 different online accounts between banking, investments, utilities, phones, ebay, amazon, car forums, gaming forums, photography forums, etc, etc. I cannot have 30+ passwords. If you are able to remember 30 passwords and the associated sign in information (which is also variable), then you are super human. I, like many people group accounts and passwords (gaming sites may have similar passwords, etc) to make the process easier. Until now, hacking a gaming account really would have limited benefit to the hacker other than perhaps someone maliciously posting on forums, or getting my account banned.

The fundamental problem is that now gaming on Xbox, and perhaps even on the PS3, is associated with credit cards (I have a zune pass, and xbox family plan which I started in October 2011, so it it almost impossible to remove credit card information and have a valid gold account because of the monthly subscription). Also, like many others here, I buy MS points when on sale, and then add it to my account so I can have a large amount at times. If EA and MS are going to act like a bank, then they need to have security like a bank. If I can call up EA and ask for darklordjames email address and password and EA freely gave it to me, why would this be darklordjames fault? Similarly, once you get the password, there is no added security to buy more and more stuff associted with the credit card (no pin, no 3-4 digit card number etc), so I can go on a spending spree because of no added secuity. The worst part is the EA is the only gaming company (on Xbox) to allow transferable content after you gamble/buy it. So of course it is a form of money laundering to professional hackers, steal money (in this case MS points) and use the EA servers and potential other sites to exchange ingame vitual curency (FIFA coins) for real money (dollars and euros).

Anyways, assuming EA was the leak, I learned my lesson, and hopefully this helps others.