Microsoft addresses XBL account thefts

Xbox 360 maker acknowledges "surge of personal information being compromised and sold," suggests changing passwords and not putting info on social networks.

Microsoft is once again addressing the issue of stolen Xbox Live accounts, and while the company is still insisting security for the online gaming service hasn't been compromised, it is at least acknowledging the problem more directly.

Identity theft on Xbox Live means more than just a copied avatar.

Xbox Live general manager Alex Garden today released a statement addressing Internet-wide concerns about security, saying, "Last year, there was a surge of personal information being compromised and sold, and this undoubtedly has had an impact on all of us." He reiterated that Xbox Live hasn't suffered a security breach but acknowledged "that is of little comfort to our members whose accounts have been compromised by malicious and illegal attacks."

As for what Microsoft is doing about the attacks, Garden said the company is working to improve its security constantly. The company is also working to reduce wait times for recovering accounts and issuing refunds for unauthorized charges made on them. Garden said in most new fraud cases, the proper users have control of their accounts again within three days of a complaint being made to Microsoft.

Additionally, Garden stressed that Xbox Live subscribers should implement a handful of best practices that will make their accounts less likely to fall victim to scams, phishing sites, and malware. He suggested creating strong passwords for accounts, not using the same passwords for multiple services, routinely changing them, adding phone numbers and alternate email addresses to the account, and not sharing personal information online or on social networks. He did not suggest removing credit card information from an Xbox Live account.

"We do not take lightly the frustrations we've heard from our loyal Xbox Live members and remain committed to addressing and persistently resolving our customers' individual and collective concerns," Garden said.

Got a news tip or want to contact us directly? Email news@gamespot.com

Did you enjoy this article?

Sign In to Upvote

71 comments
Apathetic_Prick
Apathetic_Prick

@Landsharkk: It's great that you said as much...but regarding this matter, it's MS's job, not yours. If I were you, I'd be sending them a bill ;) I'm well aware of that; I posted about them being more open because they should say what you just did. We don't need to know which ports what uses so long as the infrastructure is in place. But MS's rep posturing like a jackass and blaming the users so soon after their biggest rival gets their asses handed to them by a bunch of smart thieves is very tasteless, and a little reassurance goes a long way.

m4a5
m4a5

@WolfGrey Dang, now I really must play it. Dunno if one of my bro's sold it, but it's a nice $10 (give or take a few) for a decent copy on Ebay.... And unlike some of the new games that are $60 ripoffs, this one I know I will enjoy for less... But yeah, I have been hoping for a decent sequel for a couple old games now........ maybe next gen...

ManHooYin
ManHooYin

I had my account hacked around 21st december and hadn't realised til a month later. Contacted them and got everything back a day later which was good gave me 2100 pts back i had lost 2160 not bothered about the extra 60 and have me 1 month free, so i commend them on that. Now microsoft are basically claiming that it is our fault that our accounts have been breached rather than their security systems being rubbish. I can tell you all that the email/ live account i use for my XBL is something that i barely use anymore for anything. I don't use it to sign up for new accounts on webistes and such, it is no longer an email i use period. Plus i'm pretty sure i don't use an EA account since i don't have any EA games which they also blaming it on. The email for everything is not the one i linked to XBL. Just glad I was right not trust microsoft with my credit card details I always buy points and live gold with prepaid cards.

chris900
chris900

I had my account hacked on 12/5/11 and I still to this day have not had my credit card refunded after numerous calls to Microsoft. Everytime I call back they tell me to call back in a few days for an update. Absolute disgrace.

WolfGrey
WolfGrey

@Landsharkk Thanks for the info. Ill keep that in mind for future debates. @m4a5 No worries man, thanks for your info. And jeezus do i miss Bloodwake.I should really get it again. Im still holding out for some day having a sequel, was such a brilliant game.

ender707
ender707

My account was hacked on the 2nd of this month, strangely this was the day my account automatically renewed. I think that Microsoft employees (or contractors hired by Microsoft to handle their billing) were responsible for my account theft, and probably many of the others. To their credit, Microsoft refunded the $554 charged to my credit card within 3 days. Now I will only use prepaid cards :/

parrot_of_adun
parrot_of_adun

@Landsharkk "Hack" in the popular lexicon means anything from to asking someone for their password. I gave up trying to better inform anyone a long time ago.

Landsharkk
Landsharkk

@wolfgrey Those 'achievement hacks' and 'multiplayer hacks' etc that you are writing about are not XBOX Live hacks. In fact, Microsoft is not responsible for those, it's the game developers that have code that needs to be fixed. It's a game specific hack, not a Xbox Live service hack. Most multiplayer games on Xbox Live are hosted on the player end, using code from the game (the entire Call of Duty series is like this), so when a game is hacked, it's just that, the game is actually getting hacked and the fix is going to be a code fix from the developers themselves. Microsoft's only responsibility is to keep the services used to connect the players working. Once the game starts it's all up to the game and how good (or bad) the game code is.

m4a5
m4a5

@Landsharkk Amen! That's what I have been saying

Landsharkk
Landsharkk

FYI, no one is getting 'hacked' through the Xbox Live service. If it's truly a hack, it's most likely wireless internet being hacked (meaning local to your house) or there could be a keylogger on your PC, or you just post too much personal info on facebook, etc. Also, the credit card associated with your Xbox Live account is not in the actual Xbox Live service backend, it's a completely different set of back-end systems that not even Xbox Live employees can see into. So, if someone were to actually hack into Xbox Live service, they wouldn't be able to get your credit card information. However, if they were to hack into the system that does hold your credit card info, then yes it could be possible that way, but this wouldn't be a hack on the Xbox Live service. Also, if you are upset about not knowing what they are improving to increase security, well some of what they do they cannot tell you about. It's specific to the type and setup of their servers/services and you will never know unless you physically work for that team. It's not a simple solution of 'putting up more firewalls' it's much much larger than that. You need to understand how the Xbox live connection is routed, which service pull from and which services write to each component of the service, etc. Also, some services can't talk to to other services, the list goes on and on. Unless you've actually worked in that business, it's best to understand they do have every intention of keeping your information as safe as possible and will always be working toward improving their security. I know I'll get thumbs down for this, but I know it will be from those who are ignorant (I mean that in the actual term, not calling names). Once you work in the industry and understand how things are run on an Enterprise level, I promise you will understand things at a whole new level when it comes to these type of topics.

m4a5
m4a5

@WolfGrey If they are clearly a fanboi then I WILL call them out on it. The MechAssault series were my favorite (bought #2 recently) and I played BloodWake almost religiously (yes, very under-appreciated). I'm sorry but you do not understand hacking in terms of getting into someones online profile. "Hacking" (or just accessing) local data stored on your harddrive is easy and is off topic. Hacking into a profile that is stored online means that you need to get through the XBL security surrounding EVERYTHING. If anything they are accessing it through phishing, scams or hacking something else. If it was a legit hack we would see a similar thing happen like with PSN... And yeah, it seems that all the hackers like the 360 better since the OtherOS thing happened... or kids just like ruining new games and "hacking" them is the best way to do so... Now, I'm not saying that XBL is unhackable (or perfect), but MS is one of the better software companies who has hardened their securities over the years. I would however like some better security options so that hacking is discouraged. Regional access would be a good one (have to do extra security if you are out of your normal area) and locking the username down when switching for a few days. Though I really won't expect such things to happen this gen....

Sepewrath
Sepewrath

@Muteki_X Agreed, this whole move toward a reliance on online accounts and content does have a certain level of convenience, but it also comes with a big risk. You got tie your account to a bunch of others accounts, like EA, Ubisoft etc if you want to get all the content you paid for and that just leaves more windows for accounts to be attacked.

Muteki_X
Muteki_X

Yet another reason why I hate the thought of my game purchases being tied to an online account, whether it be through a digital only purchase or a disk with a one-time use code locking it in place. Imagine your entire library being knocked out due to a single occurance. Sure in most instaces if there is a known breach you can take steps to restore things, but do you really want to go through the headache and weeks/months worth of lost gaming time? Even worse, what if you're one of the unlucky ones whose problem cannot be corrected?

darkangel494
darkangel494

LOL at the people putting their real information on their accounts. What are you, 5?

discipleofsin
discipleofsin

"the proper users have control of their accounts again within three days of a complaint being made to Microsoft." and then Microsoft locks them again and you can't play for three months ... at least that is what happened to me.

OrgeLambart
OrgeLambart

I had my xbox account stolen, I'm almost positive it happened because of the sony attack, I could be wrong though. They followed the same method that many people have been reporting, FIFA 11, purchased Gold Family packs, 6000 points worth of them. I don't think Xbox live has been hacked, it's more likely that all the other sites getting hacked has caused lots of username/password combinations to become known.

darksiED70
darksiED70

it's a microsoft product, who's surprised?

dpsolo
dpsolo

Accounts will continue to be "hacked" as long as people continue to to buy MS points from discounted websites. 10,000 points for $12 is what drives people to buy points at discount. F**K MS for charging so much for points in the first place. Hell MS said I would get 800 points for signing up for rewards and they never sent any points to me.

thebeachguy90
thebeachguy90

@neotheinstein Uhh..PSN doesn't go down "again and again". Think before you speak.

neotheinstein
neotheinstein

atleast xbox live works and it doesn't go down again and again like psn.

ducusss
ducusss

"We do not take lightly the frustrations we've heard from our loyal Xbox Live members and remain committed to addressing and persistently resolving our customers' individual and collective concerns" I call bull$#!%, Microsoft has proven over and over that they don't give a damn about their customers.

WolfGrey
WolfGrey

Besides Sony's Customer service helps me pretty dam fast when i need it.My account wasn't hacked but something went wrong about it and it went down.They got it up and put 15 dollars into my PSN wallet within the day.Compared to all these stories about 1-3 months of wait for xbox users, thats quite abit better.

WolfGrey
WolfGrey

@m4a5 I recommend not calling people "fanboys" or "fanbois".Nobody really takes you seriously at that point. I loved Xbox last gen with no problem.Was one of the top players of MechAssualt 1.Fav mech is the Vulture.Bloodwake was one of the most underappreciated games ever(jeezus was that fun for lan parties rather than halo).I enjoyed many of its titles. Xbox360 and how MS has been after that however put a bad taste in my mouth.I rather not deal with them.Also for the all the hacks currently i suggest looking it up abit. Here is a short list: 1.Achievement Hacks 2.Multiplayer Hacks(COD,Dungeon Defender,Halo3,Reach, and so on). 3.Personal Info Hacks 4.Credit Card Info Hacks and Selling of this info 5.Gamerscore Hacking 6.MS Points Hacking(Ones that do it right can gives themselves like 10000 MS points on a whim) And so on. No offense you just don't see much of that on the PS3 or really hear of it much.Given MS tries to not let anything out either but it runs rampant.that and the xbox community is just more well known for it. Example point in case with Dark Souls just before release: PS3 Dark Souls forum:Talk about PVP,balancing, and about the game in general. Xbox 360 Dark Souls forum: Over half the topics were about hacking the game and using cheats to max your character and other crap. It was so bad many of the more legit xbox players looking forward to Dark Souls came and discussed or asked questions on the PS3 forums.Even post-release.Dry cut example mate.

smoke_dog_4ever
smoke_dog_4ever

How does the old saying go...? 90% of all computer related problems are end-user error? Most people will be very quick to point the finger at someone other than themselves when the majority of the time it's their own fault for getting their stuff "hacked". People need to educate themselves on phishing scams and how to intelligently use social media outlets (such as not putting sensitive info on it that can be easily phished by a malicious add-on or spyware). I know people love to bash on M$ but the blame isn't fully their fault, if at all, in cases of users carelessly releasing their sensitive information on the internet.

demonkingx5
demonkingx5

how about you let me remove my card from my account M$ i been trying for months now & how the hell this is not top story instead news of some stupid cod maps are WTF .

Llama345
Llama345

How hard is it to say "everyone do this this and this, we will be giving our full effort to find the slip on our part" This is where I miss that 'other' system. the wii doesn't do it for me and the ps3 controllers make my hand cramp....

ziproy
ziproy

So Microsoft got hacked and yet they're blaming us...

daabulls23
daabulls23

I guess I'll quit posting my password and account on all social networks.

maximumbarmage
maximumbarmage

I've been hearing stories like these for quite a while. Microsoft can say their network is secure all they like, but that doesn't change the fact people are having actual money stolen from them with no explanation as to why. This may not be currently on the same scale as the personal info thefts on PSN and Steam, but at the very least both of those incidents have yet to see a single reported case of anyone having money stolen from them. Food for thought.

kca89
kca89

First, fanboys... GTFO! What a joke MS. I had someone hack into my account earlier this year and buy 4000 and 6000 MS points. Fortunately I was able to get MS to remove the points, refund me, and for my bank to nullify the charge (although they had to issue me a new debit card). I've also had numerous friends who have had their accounts somehow hacked into where someone bought either xbox live memberships or MS points. No, were not stupid enough to give our info out. Some way, some how, someone got access into our accounts. Needless to say, I never buy MS points through Xbox anymore and the only card info on my Live account is the old card info that's been canceled. Man up MS and take some responsibility. Some blame lies on your side in many of these cases. Stop being in denial just like you denied the red ring for so long.

kennythomas26
kennythomas26

@MarcJL31 Well yeah I can see the problem there if you are some one that is in the Military overseas, I was not stating my comment toward's people that are in a predicament like that it was just for the people that have that luxury to do so and they choose not to, but it sucks for them and yes everyone should have the right to game, so game on.

Vangaurdius
Vangaurdius

Wait, are these "legitimate" hacks, or people using stupid passwords and acting like idiots?

CaptainHerlock
CaptainHerlock

@CJL13 That's the double standard. Gamers just blame Sony by default. On the other hand, Microsoft are "swell guys" who can do no wrong.

Nzilla
Nzilla

3 days, when my account got hacked it took them a solid month to get it back to me, not to mention the refund.

Chico_Azteca
Chico_Azteca

80% sure that most of this are guys lending their accounts for achievments and free Microsoft Points

MarcJL31
MarcJL31

@kennythomas26 Its kind of a problem to go to the local store when you are overseas and in the military. I really don't get why I deserve it for wanting to play on Live and have to renew. I understand it is safer to use the cards and I definitely prefer to. But unfortunately, not everyone has the options. So not necessary a wake up call for all people. I think we are all entitled to a form of entertainment if we have the means.

Thing1232
Thing1232

Yeah Xbox has the worst internet in my experience. Had my account hacked and stolen twice. In general Xbox has been really lousy for me. My console was messed up with the Spring 2011 update and M$ wouldn't even replace it. They just said that "Black Friday is coming up soon, maybe you can get a good deal on a new Xbox." Yeah, no.

m4a5
m4a5

@nastyhotpocket Yeah, the free service got hacked remember? Went offline for around a month remember? And then it's not the greatest service (took my friend 20 minutes to download 30mbs of updates. It took me 10 minutes to download a 1gb demo and I'm sure his internet is faster). XBL hasn't been hacked yet. Sure you get people that say they've been "hacked" through XBL, but to do that would mean hacking the entire XBL system encompassing all XBL accounts. So no. A lot of us aren't ignorant about the less than $5 a month. But it seems that a lot of you Sony fanbois are...

nastyhotpocket
nastyhotpocket

@NightDrifter05 why dont you say how fkn ignorant they are for paying for something we get free..dumbass

kennythomas26
kennythomas26

I have never had any problems and I really can't get over why people use a credit card regardless of what system you are on and I know it is more convenient but it is way safer to go to a local store that might be selling MSP's or Sony's network cards. So I say for people that use their Credit Card on live or the Playstation network kind of deserve it in a way, just to give them a wake up call, But what can you do.

zzamaro
zzamaro

@Tsuchikage Sadly, not everyone is lucky. This guy had the same issue. In the end M$ said he hacked his own account, and got banned. http://www.cheapassgamer.com/forums/blog.php?b=23483 "Yet when I’m victimized by a hacker, I get the run around on getting the account back and then get accused of being a hacker myself when all logic and reason clearly illustrates that the violations which got my account banned were committed by whoever stole my account." M$ service sucks, but sadly not everyone sees that :( Where's Anon when they are needed?

zzamaro
zzamaro

Pay 60 bucks to get your account hacked, how nice, eh M$!

zzamaro
zzamaro

You pay for what get for...oh wait!

m4a5
m4a5

@NightDrifter05 wow... that was the most ignorant statement I have read for a long time. I suggest you learn about hacking before you comment again. I have been on almost everyday for the past couple weeks and have had absolutely no problems. As I said, you Sony fanbois making **** up. That "3 week period" was during the Christmas holiday because of overloading the servers and wasn't a consecutive 3 weeks. Typical misuse of that information only done by a Sony fanboi. I will stop now before I humiliate you further...

Yulaw2000
Yulaw2000

"suggests ~ not putting info on social networks" That's very good advice.

NightDrifter05
NightDrifter05

m4a5, You're stupid. Xbox Live went down for nearly everyone for a 3 week peroid. You were probably not on Xbox LIve back then. Not to mention it's been down 3-4 time's in the last 6 month's and they NEVER said why. Microsoft said the stolen accounts didn't exist and it was being made up and people trying to get banned accounts back but it's not. Microsoft has been hacked numerous times and had 1000's of stolen accounts and all Microsoft does is ignore it. No PSN fanboy or nothing. They got account info from Microsoft themselves so if they got phished then Microsoft is worst then Sony. At least it took them having to hack the entire Sony Network to get people's info.

m4a5
m4a5

Hmmmm... something effed up in the comments... anyways here's what the general message was: To hack into a single users account you would need to hack into the entire system people!!

RE2LeonS
RE2LeonS

Funny this gets posted after I apparently went off on one of the executives about the lack of acknowledgment for this issue. At the time I didn't know he was a higher head but after I vented my frustration over the entire matter and he asked how I got his number and told me who he was I was like... O_O whoopssss