Top
Search Site
Recent Blog Posts
« Year of the Book | Main | Confessions of a Digg Defector »
Tuesday
Sep202011

XBox Live account hacked, Microsoft Salts the Wounds

DateTuesday, September 20, 2011 at 10:56AM

Last week my XBox Live account was hacked.   I'm not going to say it wasn't partially my fault.  I had an old password on the account that I've used in many places, and it's a weak password to boot.  Yea, that was stupid, but as a paying customer, shouldn't Microsoft take some responsibility to protect me?  Not only that, but the more research i do, the more widespread this hack seems to be.  Why isn't anyone reporting this?

I knew something was wrong immediately when i received email receipts for about $150 of MS points.  I was at work, and nobody was at my home.  These were fraudulent charges, i knew immediately.  I went to the XBox web site and changed my password right away, then called XBox support.  The lady on the phone was fairly nice.  She explained the process, said that i should hear from an investigator and all should be resolved in 72 hours.  They keyed my problem as an "accidental purchase" explaining that since i changed my password before the points were spent, this would be the quickest way to get my money back.  If only that were the case... here's what happened next.

They did call Monday, 72 hours later, but they called the wrong phone number.  I'll admit, this was my fault too. I never call myself, so the only phone number i could remember at the time was my fiancé's number.  She sent an email to let me know about the missed call (she was at work, she couldn't take it) and I called the support number right back and gave them my incident number to try and get everything resolved.  I was informed that since I missed the original call from the investigation team, i would have to be placed in a queue for a call back.  They could not transfer me.  Not only that, but now it was going to be 4-5 more days before they would call me!  The queue times went up, and it was going to take even longer to get my money back.

Meanwhile, I have checks out there to pay my bills... that will likely bounce because of this ridiculous process. It seems that it's OK for Microsoft to take my money instantly through a fraudulent purchase, but in order to get a refund i have to jump through hoops and follow their "process."  I feel like i'm being punished for having my account hacked instead of being helped.  What type of customer service is that?

Next I started doing some research.  Twitter is full of people reporting they were being hacked the same way I was -- $150 of points purchased on their account.  I found some blog posts reporting the same thing as well.  The earliest report i could find was a little more than a month old.  Also, discussing this in my office, someone who I work with overheard me and added that their XBox Live account was hacked in the same exact way!   This seems to be so widespread that I actually stumbled upon someone who had the same experience!  

Discussing this with the individual, we determined we both had weak passwords.  Coincidence?  Maybe not.  I started chatting on Twitter with @XBoxSupport, and was told that they recomend strong passwords. I asked him why they don't REQUIRE strong passwords, and he said he couldn't discuss the topic further.  This doesn't really prove anything, but it is indeed suspicious.  

Here's what I think Microsoft should do RIGHT NOW to protect their customers: 

  • Admit that they have a widespread account hacking problem where people are having points fraudulently charged to their credit cards.
  • Admit (if it is really the case) that accounts with weak passwords are vulnerable.  Maybe send an email to users about it, or use the built in XBL message system.
  • Plan to have accounts with weak passwords have a password change forced on them, for their own protection.  Set a date. Make it happen.
  • Stop treating customers who were hacked like criminals.  Microsoft is a multi-billion dollar corporation.  Give you paying customers the benefit of the doubt and refund their money while you complete the investigation.

 

When this is all over with I will be canceling my account.  I refuse to support a company that treats their customers like this.  If you've had a similar experience, please share it in the comments or if you want to keep it private, email me.  

-FB

AuthorFishbishop | Comment3 Comments |

PrintView Printer Friendly Version

EmailEmail Article to Friend

Reader Comments (3)

I am one of the many, many people that this happened to, as well. I got hacked on 8/29/11 and my account is still under investigation.

My question to Microsoft is this: How are you verifying, for certain, the information that I give you now? During the "investigation" process, I have called up again MANY TIMES, to either add information or get updates on what's going on. Each time, they only made me answer my street address and last 4 digits of the card on file... which is information that the hacker might also possess. How can they tell that it's actually ME answering these questions right, and not the hacker? Those two pieces of information were accessible to whoever hacked my account, what's to say they can't answer the same questions and end up with my account, permanently?

At any rate, they say it will still be another 2-3 weeks before I can get my account back. They also sent me an email that had a "free code" for a month of Xbox Live, so I didn't have to go without, during the length of the investigation. Funnily enough, I had already purchased a month of live on another account and by the time I received the email with the "free" month of Live, the actual code to input wasn't anywhere in there. After calling them and telling them my story for the fourth time so far this month, their response was "The code was in the email, make sure you look again, because I can't give you another... but it doesn't really matter since you've already got an active Live account" Nobody cared that I ended up paying for it myself, and nobody offered to refund my money.

Thanks for trying *so hard* to protect and satisfy your paying customers, Microsoft. /eyeroll Have very little faith left in either Sony or Microsoft at this point.
September 20, 2011 | Unregistered CommenterMaggie
I also forgot to mention, yes, they asked me a thousand questions, like me getting hacked was MY fault. I had to laugh, and tell the person no, I do not think that I accidentally FELL FOR any sort of false log-in bar on another site. I'm an old hand with the internet, so my experience, and the fact that I'm using a Mac really discourages the thought that I could have somehow brought this upon myself.

I definitely did NOT give away my log-in and pw, what do I seem like, a child? Everybody knows these simple things, I felt like I had to prove I'm not a shit idiot first, before they began to take me seriously. Fix your shit, xbox. Sony PSN was free, but I expect faster, more compassionate customer service for a business that I have paid into for the past three years.
September 20, 2011 | Unregistered CommenterMaggie
The surest way to avoid what many people have experienced with their xbox live service is to not associate your xbox live account with any debit or credit numbers. If one is necessary to set it up, use a card you know will expire soon. Once it expires, all the hacker gets is a dead number. It is not as convenient, but much safer to buy a Live Card or Microsoft Points cards at Walmart or wherever you shop, and use an activation code.

Hell, if you are really paranoid, pay for the card with cash. :P
September 20, 2011 | Unregistered CommenterCrazyCarbonz

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
All HTML will be escaped. Hyperlinks will be created for URLs automatically.

Notify me of follow-up comments via email.