Xbox Live user traces account hacker

4.4
An Xbox Live user whose account was compromised and used to purchase thousands of Microsoft Points has identified the hacker involved, and discovered websites where accounts are up for sale. In a lengthy post on Tumblr, the user explains that her account was compromised not once, but twice, despite Microsoft having insisted the account had been locked. When she queried this with Microsoft she was told: "The fraud department was unable to block your account."

Microsoft issued a 30-day Xbox Live Gold code to use on a separate account while the compromised account was investigated, which the company explained would take between three and six weeks. When the user switched on her Xbox 360 to set up the new account she found she was automatically signed in to her existing account; despite it having been compromised twice, Microsoft was still yet to block it.


There was a new user on her friends list, and over a series of messages she ascertained that her account had been sold on a website called Tradetang. At the time of writing the site has 1,916 listings in the "Wholesale Virtual Products" category, the vast majority of which are Xbox Live accounts with large numbers of points attached. One such account comes with 6000 MSP and costs just $20.43; most come with a warranty of just two hours, presumably due to the risk that Microsoft is notified of the breach and promptly locks down the account.


There's no way of knowing for sure if this is the root cause of the recent FIFA hacks - which has seen swathes of Xbox Live users having their accounts compromised, with large amounts of Microsoft Points added using stored credit card data and subsequently spent on virtual goods in FIFA Ultimate Team - and we're still no closer to finding out how accounts are compromised in the first place. It does, however, shed a little light on the hackers' methodology once an account has been stolen.


The first order of business is to recover the stolen account and use stored credit card data to buy an Xbox Live Family Pack, which allows for several accounts to be linked between which Microsoft Points balances can be transferred. Then large amounts of Microsoft Points are purchased and transferred to the thief's normal account; the thief then creates several free Xbox Live accounts, divides the stolen points between them, and sells them on individually.


We're getting closer to understanding why hackers are targeting Xbox Live accounts, but no closer to working out how they're doing it. Microsoft has continually denied that it is a problem with Xbox Live security, and instead implied that users are being hoodwinked into giving up their details through phishing or social engineering. That hasn't rung true from the start, and still doesn't. EA, too, has flatly denied that the problem is caused by a weakness at their end.

Posted:

Source: http://www.next-gen.biz/news/xbox-live-user-traces-account-hacker

Comments

"Xbox Live user traces account hacker" :: Login/Create an Account :: 68 comments

If you would like to post a comment please signin to your account or register for an account.

xChesserPosted:

This is why I don't have a credit card on my account.

THCannibalPosted:

Glad I converted to Ps.. & this was long after the PSN breach.

TheBrownGuyPosted:

O wow if that happened to my account I would be so pissed

DopestDope_EvaPosted:

BzAr_TriiCkzZ And That is Why Im Switching To PS3!!


Yes, [sarcasm]because PS3/Sony never have problems when it comes to account security..[/end-sarcasm]

CrucifyPosted:

BzAr_TriiCkzZ And That is Why Im Switching To PS3!!


PS3 security is horrible compared to Xbox. In fact, PSN was down for 1-2 months? I'm happy with my Xbox LIVE service and continue to use my account.

ChubbyLumpkinzPosted:

warinvader
BzAr_TriiCkzZ And That is Why Im Switching To PS3!!


That is one of the worst reasons one could possible think of to switch to PS3. Not hating but PSN security = lol.
guess somebody didnt see how bad psn got hacked then was down for 3 months ha

xKioshiPosted:

Henry0027
XboxModdingCrew Microsoft have always denied how bad there security is and they always will. If the "fraud department was unable to block your account." that's there problem.
weird because if she got hacked she wouldn't be able to just sign in she would have to recover her account for all we know she just signed into xbox but not on live
No because the new dashboard lets you sign into a account on different console's but it disconnects one. Try it recover a account on one xbox and then another, then sign in on console 1, then sign in on console 2 see what happens. It will say "Gamertag was signed in on another console" if he/she try to sign back in it will alway kick one no matter if change password,email

NotePosted:

BzAr_TriiCkzZ And That is Why Im Switching To PS3!!

I'm sorry, but... LOOOOL.
Failblog.
Worst thing to do.

System32Posted:

BzAr_TriiCkzZ And That is Why Im Switching To PS3!!


That is one of the worst reasons one could possible think of to switch to PS3. Not hating but PSN security = lol.

LaidPosted:

I thought it was going to be a cool post about someone having to go through effort to track them down and outdo Microsoft. Not find out in a single message -_-