news
{ Whump! | Archive | Mayday! }
My Xbox Live Account was Stolen | mrsmiley { July 16, 2008 }
This issue was finally resolved. Read about it here.
So this morning I tried to login to MSN to find that my password didn't work. I was still logged into Bungie.net, so I checked my gamercard... sure enough, it's reset back to zero. I'm giving this as a warning to anyone who is my friend on Xbox Live. When it comes to issues like this, Microsoft tends to sit on their hands and deny everything. This is not right, especially when it deals with an account that not only has recon armor, but also has thousands of dollars of purchases connected to it!
I am going to be documenting my entire experience dealing with Microsoft Xbox Support on this issue right here. Please link to this article if you own or run a gaming news site of any kind. I know several people in the Halo community who have been burned by getting their account stolen, and I want the word to get out for this so Microsoft can take responsibility for poor support!
Read on for updates of how Microsoft is resolving (or not) this issue for me, and please leave a comment, and most importantly a DIGG, to show your support! Hopefully M$ will see this at some point and take REAL action against people who phish for information!
Last Update: Almost Done | 7/18 | 5:15pm
By the way, this isn't my first bad experience with Microsoft. You can read about my Xbox repair hell experience here.
NOTE: Just to clarify, my account was stolen by a common method called phishing. After multiple calls to M$, they had enough info to reset my password online.
_______________________________________________________________________
7/16 | 9:30am | 1st call to Xbox Support
I talked with someone named "Mark." He verified to me that someone had placed multiple calls into my account. He also verified that all my account information had been changed, except for my credit card (thank God). So I was able to verify that information, and then he put me in contact with someone from the billing department.
In billing, I talked to "Virginia." She took my information, and then directed me to login.live.com to send an email to their online support for help. Really? My credit card is exposed and my account is reset, and you send me to online support? That said, I filled it out and sent the request. I'm suppose to get a reply in 15-30 minutes according to Virginia. Virginia explained to me that the only way someone can get my account information is by me telling them, or me giving that information out online through a scam site or otherwise. I kindly explained to her that I have done neither, and that it is obvious by the multiple phone calls that someone was calling repeatedly to phish for my account information. She was quick to tell me that "that is a big no no," and that in the case notes agents have reported that the mystery caller failed verification, and they did not provide any information. I also explained that I have worked in a call center for 3 years, and there's no way someone is going to document giving personal information out over the phone. I asked to speak to someone who can give me a callback number in case the email process fell through, or if the issue happens again (considering someone has my personal info out there).
I was transferred to "supervisor" Michelle. She verified that someone called over 10 times (WTF!!!). She informed me that after 3 failed calls, it's transferred to a supervisor automatically (although she didn't say that this happened in my case). She also tried to tell me that no one there gave out my personal information. I once again politely explained that the evidence proves the exact opposite. I understand what she is supposed to tell me, and I understand she is being recorded, but I also understand that this kind of thing happens all the time, and human error is a very real thing in tech support. She basically told me I will need to wait for the email from support on resetting my password, and that I should change my information then.
I asked her what happens if I can't recover my account... and if I will be refunded for all the purchases I made. She would not answer, and told me I will need to just call back.
I tried to push to get to someone who could provide their contact info to me, and although she was polite, she wasn't going to budge. Since I'm not the type to act like an ass to get what I want, I had to give up at this point. I'll wait for the email and see what they say. I'm going to call my credit card company right now and cancel my card so no one can buy anything with it.
Total talk time: 1 hour, 3 minutes
_______________________________________________________________________
7/16 | 10:45am | Call to Credit Card company
Contacted my credit card company to have my card canceled and a new number setup. Dang they were quick! At least I know the idiot who jacked my account won't be able to buy anything now! Still waiting on that Xbox Support E-mail...
Total talk time: 5 minutes
_______________________________________________________________________
7/16 | 11:30am | No Email Yet
It's been about 90 minutes since I sent the support email. I don't expect I'll get a reply for a while, but figured I would mention that it definitely didn't arrive in the 15-30 minute time period that Virginia told me. I'll post it up as soon as I get it.
_______________________________________________________________________
7/16 | 12:25pm
I have emailed several news sites reporting the issue. I really hope someone posts this up. The way I see it, the more publicity this gets, the better chance Microsoft has at actually taking action on it, and maybe even improving their phone support so this issue stops happening!
I have also emailed Brian and Luke from Bungie to see if there's anything they can do, but I know they have extremely limited reign on issues like this. (Other than maybe taking away Recon for my account so the hacker can't parade around in it.) Here's hoping!
_______________________________________________________________________
7/16 | 3:25pm
Still no email from support. I checked with a few of my XBL friends, and it's official. They deleted my entire friends list. It appears my entire account has been completely reset. Years of gaming, achievements, friends now lost... all because of some bad Microsoft agents. To make matters worse, I have tons of personal emails, with personal account information in my hotmail email account, which now the thief has access too. I really hope Microsoft fines a way to redeem themselves, although I tend to think that won't happen.
_______________________________________________________________________
7/17 | 11:50am
I got a call this morning from a gentlemen named Herm. He explained to me that he got his instructions from high up to give me a call and resolve my issue. He also mentioned this blog, so I'm assuming someone relatively high up at M$ read this too. Good! Very friendly guy. He definitely knows what he's doing. We only talked briefly, but he explained that he should be able to restore all my information to my live account, and that he has locked it at the moment so no one can access it. Unfortunately, I'm going to have to make a new Live ID, but that's not a big deal, and it of course makes sense.
I'm not sure how I'll be compensated for the hassle of cancellng my credit card, and especially the fact that someone has had access to a LOT of personal information on my Hotmail account (personal emails, password confirmations for other websites, etc). I also don't know what measures will be taken to ensure that this won't happen in the future. But I'm assuming Herm is in an executive relations position, so I'm sure he can get things done! Things are looking up now, I'll keep you all posted. Thanks for the support!
_______________________________________________________________________
7/17 | 4:10pm
Looks like Microsoft is still having issues with their new account activation servers. Just my luck! Oh well, still waiting. I also sent Herm a friendly email stating some of my valid concerns about the fact that my personal information is now in the hands of some random person... including passwords for other websites that I had in my inbox from account recovery emails! :( I'm sure Microsoft will take care of things!
_______________________________________________________________________
7/18 | 12:30pm
Here is my email transcript for the past 24 hours or so. I'm once again happy that Microsoft is taking care of my account, but 3 questions are still to be answered:
1. What is Microsoft doing to keep this from happening?
2. What is Microsoft doing for me to compensate for this mess?
3. What is Microsoft doing for other people who are having this issue?
It's obvious that they are aware this is happening (it doesn't only happen to Microsoft), but the attitude that it's just going to happen, and that's that doesn't make up for the fact that my information is now out there in someone's hands. I suppose a 4th question can be asked:
4. What action is being taken against the person who stole my info? Considering they have his IP address from XBL, phone number, etc etc.
Here's the email log, I'll let it speak for itself:
Me
Hey Herm,Looks like the server is still having issues. Hope this doesn't last too long! (Obviously nothing you can help with though.) I received an email response to the support request I put through yesterday, and I was surprised a bit at the amount of hoops I would have had to run through had someone higher up not heard my cries for help. It makes me worried for past and future customers who have or will run into this issue. I'm not going to paste the long support email on the blog, as I would like this to go down in history as a good situation, and that Microsoft will take care of other people who fall prey to this. However, I'm just now realizing the far impact this could have on me. Aside from the anxiety initially and having to cancel my credit card, I've now come to grips with the fact that this person had access to tons of personal emails, account passwords, and other information that didn't even relate to my Microsoft account. Overall, this mistake is going to end up costing quite a bit more time spent resetting/recreating accounts on the sites that I remember, and living in worry about the ones I don't remember. Frankly, this is something that could come back to haunt me months after the initial situation. :(
All that to say, I'm very appreciative of Microsoft stepping in to help me, and I am really looking forward to getting my account back up ASAP. But I also want to know what you guys are willing to do to ensure that that this issue won't happen again, and that I am compensated for the extreme inconvenience and stress this is causing both myself and my wife (she was worried sick at work yesterday when she found out about this). It also wouldn't hurt to know that the everyday user who has this happen (and who doesn't run a very popular Microsoft-supporting website!) will also be able to have things cleared up as easily and quickly.
Just some things to think about in the days ahead as we hopefully smooth things out. Until then, I'll wait to update my site!
Matt
Microsoft
Hey Matt,I understand your concerns about this. Unfortunately, if someone wants to access your account, for whatever reason, they will do what it takes to access your account. I specifically deal with these cases and phishing is the latest craze. We get all aspects of phishing, from websites offering points to "social engineering" of the gamer, our techs, etc. We are always making changes so these cases stop, but like viruses, once you take care of one, another way pops up.
I did read something about the passport services having issues yesterday, so they are aware of the issue. Let me know when you get your new WLID created and we'll get you back on track.
HermMe
I definitely understand that we can't stop people from doing wrong things, but when someone is allowed to call in over 10 times without me being contacted, or without any other action being taken, to me it sounds like the system is broken somewhere. All I can say is that if I get burned later down the road from information that this person obtained from phishing my account, you guys are going to hear about it, and not in a good way. I don't want to be a jerk, but as you said, you understand how disconcerting this whole experience has been! I wish I could blame that phisher for this, but this is something that should have been stopped long before it came to fruition, and now I'm reaping the consequences of that mistake.Anyways, the site is still not working. If you get any word that it's fixed and you want to give me a heads up, feel free!
Matt
Me
Looks like the site has something against Macs (lol), because when I tried it on a PC, it worked fine:passport: *********
password: *********Work your magic! :)
Microsoft
Ok, magic is being worked. We should have you back up for the weekend. I'll call you when done.-HL
Me
Great news! Thanks for your diligence in this.Matt
Please, someone tell me if I'm being an ass, or if these are valid points? I'm open to being wrong!
_______________________________________________________________________
7/18 | 5:15pm
Thanks as always for the feedback, guys. Herm just called me to let me know that I will unfortunately have to wait 30 days before they can link my new Live ID to my current Gamertag. He did, however, say that he's already planning on giving me a free year of Xbox Live for the inconvenience, so that's definitely a kind gesture.
I have the option to just create a new Gamertag if I want... to which they can transfer my purchases and points, but it will be devoid of achievements and stats. Tough decision! I'm thinking I may just wait for the 30 day period, although I've been itchy to change my GT for a while... hmmm...
I think things are just about done as far as resolving this goes. I was actually considering legal action at one point, because there's no doubt this kind of issue has a class-action ring to it. But honestly, Microsoft has resolved my issue very quickly, and even offered a free subscription as a gesture. Does this console the fact that they slipped up and someone has my information? Absolutely not. But the fact is, other than my old passwords and stuff, I really can't prove that the phisher even gained access to any of emails or other things. I'm going to wait and hope that it's not used against me. As stated in a previous email, if it is, Microsoft will certainly hear about it.
Digg this to get the word out!
58 comments so far (leave your own)
1 | Aye Mak Sicur says:
This is how people steal Recon-activated accounts. They call Xbox Live support pretending to be you, and alot of the time the rep is perfectly happy to pass over ownership of the account. I'd recommend contancting someone at Bungie so the thief doesn't get away with his prize, and setting a button-combo password on your account if you get it back.
2 | kalel06 says:
I wish you nothing but luck on this. I know how frustrating and scary it can be for this to happen.
It's extremely sad that some people think Recon Armor is worth commiting internet crimes for and start hacking peoples accounts. Lowest of the low.
Good Luck, again.
3 | DREW (lil pony) says:
wow, that sucks so when you said if i was on your friends list, do i remove you or what?
4 | Polar says:
DAMN! The sheer idiocy and incompetence of MS in dealing with this serious situation is overwhelming. I certainly hope you manage to regain everything you paid for, as well as the Recon, which may well be the hardest thing to replace.
5 | Adams06 says:
Tough luck there Smiley, hopefully you can get everything sorted out there. I find it difficult to deal with the support as well, they seem to only be able to handle issues in which they already have a pre-set criterion/write-up on how to solve the issue. Although, I believe the next dashboard update is supposed to allow users to remove their credit card information from their accounts, since you don't require a credit card number for the 360 live service.
Anyways, like I said man, hopefully it works out for you. Try and tough it out with MS Support, and maybe you'll get lucky and be connected to somebody that can actually help you out.
6 | ShmaeGirl says:
dude that sucks. Hope they give it back to you! =[
7 | dahsneef says:
Wow, you had your identity stolen because some employee thought it was harmless. They better call you back.
8 | mrsmiley says:
I'm not sure if anybody is even on my friend's list anymore. I'm pretty sure they reset everything. :(
9 | Pmintz says:
You'd think theyd be smart enough to realize that someone called your account 10 times! thats just ridiculous. anyone with common sense would find that suspicious. is there anyway we can make a petition and make a huge deal out of it? id sign it any day.
10 | Aye Mak Sicur says:
Yeah, I checked and whoever took your account removed me from the friends list. I wouldn't be too sure about getting the Recon back, either. I've heard Bungie can't always verify who is asking for it, and they may side with caution.
11 | mrsmiley says:
Right now Recon is the least of my worries. And anyways, I have personal emails and stuff and they know who I am. Getting it back wouldn't be an issue. Getting back my purchases, achievements, etc... that's another story.
12 | DemonSpawn77 says:
Is Recon armour so damn important that you have to waste several hours, even days of your life hacking a man's Xbox Live account just to get that piddly little game model? It looks cool and all, but whoever did this is pathetic. I hope you're smiling again soon, mrsmiley.
13 | mrsmiley says:
Especially sad because as soon as I can get a hold of Bungie, I'll have them turn it off. So yeah all that work wasted.
14 | Aye Mak Sicur says:
That's true. I don't think I could understand losing all those god damn achievements >:(. I'm number one in the Tag leaderboards for Marathon: Durandal! Microsoft needs to get it's act together over this.
15 | Zyrra says:
Cripes.. have people got no honour these days?
16 | Havoc737903 says:
Drop a line to consumerist.com. They love hearing about these kinds of things and might be able to help.
17 | mrsmiley says:
Thanks for the tip, Havoc. I sent them an email. Lets hope they post it!
18 | BB RULZ says:
Whoa, mrsmiley, I noticed today that I no longer had your gamertag in my friend list. I sent your gamertag a message asking why...I probably shouldn't have done that, but that was before I saw this. :( I'm very sorry to hear this. Kind regards,
BB
19 | red5 says:
wish there was something I could do. If I knew where he lived, I know a few guys...
20 | wwangsta says:
damn man... come on, Microsoft have been having serious problems recently [i prefer apple really]. its true that their operating system is more popular, but is quickly dieing out. glitches, viruses, terrible loading times, etc. can piss anybody off. there consoles are amazing, honestly, but are cheap [360's ROD due to cheap soder]. microsoft's tech support is terribly by the book and lazy, most likely from all the problems they have. they want to get these things over with. everyone should attempt to make these things more known. to the media, the press, maybe even at a school [when it starts] talking about not only microscoft, but about other companys that have the same problem. the local news is a good place to start. this is damn near id fraud.
and dude, bests of luck man. your comics are awesome, people like you dont deserve these things
21 | wwangsta says:
i am terribly sorry for posting more than once. but i have to throw this out there. in concurrance with Zyrra, people have been lacking honour. even my friends have been pissing me off in sports when they deny things and try to be fair only to themselves. thing is, i love ultimate frisbee starting recently, its honor system. but there are some jacked up people who wont work for themselves and wont learn. they dont understand that people want kindness, and will repay and kindess. no body will respect you if you do not have personal honor and respect others as well. if nobody likes you through this... i dont know whats the point of living without a little bit of honor, self-esteem, and people who like you, not for fame, but for who you actually are. instead of deceiving assholes who try to be your friend for your things, only to backstab you to take those things away for themselves. the world is a terrible place, and is only getting worse
22 | mrsmiley says:
well i can't say much for Apple with all it's MobileMe issues either! ;) good points all around though. what is the world coming to when someone spends hours on the phone, steals my account, and erases everything... all for a set of armor that will be disabled soon? *sigh*
23 | guysullavin says:
recon isn't that great... its just a helmet. it'll only last for about 1-3 years untill the next Halo/Xbox system is released.
24 | Yarkaz Cloudshadow says:
Ouch, this really looks like a bad idea on the part of the hacker. I think he picked the wrong guy to mess with. Hearing that they read about your problems here, I've got the feeling that M$ will stop at nothing to get your stuff back, especially since your popularity and influence on Halo players will be a HUGE blow to their reputation. My one concern though: Will they do this for anyone else? It's great to know that things are looking up for you, but would they do this someone who isn't MrSmiley, well-known and esteemed master of halobabies.net? I can't help but wonder if M$ is just helping you for the sake of their own sorry reputation.
Anyways, I wish you the best of luck in this matter!
25 | mrsmiley says:
I can definitely see your point, Yarkaz. I actually brought that up in the last email I sent them. I'm obviously worried about my own info first, as it's very disconcerting to be violated so horribly, but I also want to know that if this happens so someone else, that they get taken care of as well!
26 | BB RULZ says:
I've done a few quick searches, it appears that there is no legal way to reset an Xbox LIVE account. Your account must have been reset in an way that was forceful/harmful. I can't believe that someone would do this, I can't believe that Micro$uck would let this happen to you =[
27 | CrypticGuardian says:
Hey, I can't guarantee anything, but I've helped several users get their accounts back in a very short time after being hacked. If you can contact me, I might be able to help you out. After getting your account back, I can give you some advice (not said to public), in which you will be able to always have control to your account.
Bungie.net: CrypticGuardian
28 | SGT Steeve says:
woah dude, that sucks. But hey, it could be worse. They could have nabbed yer credit card stuff too.
Hey, um, I have a possibly useful idea. Have you asked for the phone number of the caller? Maybe tracking him/her down could be useful.
29 | RayZR says:
It really sounds like Microsoft is faffing about on this one. How hard is it to just deactivate a damn account?
Sure, it's a lot of work for you in terms of recovery once you get a new account up and running, but it means that whoever is clowning around with your account isn't rummaging around your email.
WAKE UP, Microsoft. This is srs business.
30 | Zee JollyRoger says:
Justice for Smiley!
31 | HumanShield says:
Yeah, Smiley, you are kind of being an ass. Think about it. You're throwing the "Don't you know who I am?" card at them. How do think the phisher got what he did? Using the same line. "Hey, I run a Halo site. If you don't get my account working for me, this is gonna be posted all over the net!"
He called ten times posing as an angry YOU.
32 | Caboose0 says:
This makes me sick, and I hope that you get your account back.
33 | mrsmiley says:
@ Shield
Where did I say that? I actually mentioned that am hoping that someone who ISN'T in my position gets the same treatment... I also don't see me threatening to post all over the net either. I mean I mention BEFORE they contacted me that I was gonna try to get some news sites to run it, but I haven't threatened anyone... I don't think? I really value your opinion, Shield, as you've been around since the beginning.
34 | Yarkaz Cloudshadow says:
I don't think Smiley's doing that bad of a job. He sounded angry to me, but not angry enough to look like a jerk. Smiley expressed his concerns about the impact this could have on himself and his wife, inside and outside of M$ business. It was a sort of justified anger. Besides, I bet this was a great break for Herm. God only knows how many, "Som3 friggin h4ker stol3 my account! G3t it back or 3lse!!1!," type e-mails he gets daily.
35 | mrsmiley says:
And in response to the phisher calling as an angry me, I've had angry callers call in to me several times at my job posing as someone else. It's not difficult to tell if someone is lying, especially when you have the actual person's info and can verify by contacting them directly.
36 | Aye Mak Sicur says:
"I understand your concerns about this. Unfortunately, if someone wants to access your account, for whatever reason, they will do what it takes to access your account. I specifically deal with these cases and phishing is the latest craze. We get all aspects of phishing, from websites offering points to "social engineering" of the gamer, our techs, etc. We are always making changes so these cases stop, but like viruses, once you take care of one, another way pops up."
Seriously? "C'est la vie" is the worst attitude someone in that position could have. If you're trying to resolve a serious issue for someone you can do a hell of alot better to reassure them than saying "Well, it happens!". Microsoft needs to pull this together. There should be methods in place to ensure that nobody can recover someone else's account so easily. Especially with the amount of integration in the WLID service. With that much data in one place it's only a matter of time before people attempt to steal more than an armour permutation.
37 | RayZR says:
Okay, Smiley, I signed up for Digg and Dugg your article. Just for YOU.
I better get some hot akshunz for this.
38 | Gerbil says:
Damn, Smiley. People like this are why we can't have nice things. =[
39 | HumanShield says:
Smiley, you didn't say any of that, well, kind of when you mention the part about running a "Microsoft-supporting" site. Though, I'm not sure if that was actually part of the email...
Anyway, I was just trying to show that the phisher obviously persisted as much as you to get your account.
Congrats on the free 12-month subscription. I say just make a new tag and be done with it. Plus, "hbnmrsmiley" could be interpreted as "HBNMrsMiley," and that's lame. So, yeah, use some CAPS if you make a new one.
40 | BB RULZ says:
Good point HumanShield, but I'm not sure I'd want to have to get all my acheivements and skill levels/rankings again...remember you can always pay a few points to change your gamertag when you get it back after the 30 days! If it were me, I'd wait 30 days rather than have to re-obtain years of game stats.
41 | Tolos 'Vurukamee says:
This kind of crap is a real pain in the ass to deal with. I'm glad Microsoft actually DID something about it. I can't say that much for Gaia Online. Their stupidity nearly cost me over a hundred dollars.
Tip to anyone who makes online purchases: GET A PAYPAL ACCOUNT. A friendly rep from Paypal not only got me a refund of the stolen money, but they also got a criminal investigation started.
42 | GamerKid says:
I wish this hadn't to you,that really sucks big time with all that stuff you work hard for on XBL and i guess that hacker didn't know who he was dealing with and thought he could get away with it and i hope he gets busted.The world would be a better place with out hackers.=:+D
43 | Yarkaz Cloudshadow says:
I guess now the only question is this: New GT or old one? I, personally, would wait, because I've always been a big achievement guy and if I lost all of mine, *shiver* I'd probably never touch an X-box again.
Anyways, It's good to hear that Herm, a shining beacon in a company known for horrible customer service, was able to pull some strings and get you account back.
On a side note, I gotta agree with Tolos. Gaia has the worst user assistance in history, easily. They shouldn't have expanded as much as they did.
44 | Adams06 says:
I find it kind of weak that you would settle for the "Here's a free year of live for your troubles" from Microsoft. If the hacking is as serious as you say, this is definitely a case that should take the legal route (in some form). I can't access the statement right now from work, but it's clear that Microsoft has violated its privacy policy in the first place (by providing your information or allowing changes to be made by another user).
Waiting for something to happen before you take action on Microsoft, I believe, is one of the last things you want to do. I'd say to get in touch with a law firm in your area, explain your situation (refer to the blog as well), fill them in on the details and what could potentially happen, and see what advice they will give you.
Oh, and if you haven't already, the first thing I would have done after finding out about this is try to reset the passwords on all of your user accounts across the internet that you remember, and possibly remove any personal information that could be further accessible.
Anyways, looking forward to the updates on this situation Smiley, like I said before, hopefully it works out in your favor.
45 | mrsmiley says:
The legal route seems like something that would be great to try, but in all honesty, it's a long, expensive road that I'm simply not angry enough to try at this point. That may sound weak, but I'm not at a point where I have the time, money, or patience to deal with a long legal battle with Microsoft. Is this what they want? Of course! But it's not like they're hanging me out to dry.
Maybe if I got more comments from other people who have had this issue, it would give me more grounds for a class-action case, but I don't see that happening. Right now I'm just happy that my information is locked, and that my important data can be recovered.
46 | Havokfist says:
This is bad news, I hope you get everything resolved as quickly as possible. The internet can be a scary place, especially when you own a rare arrangement of pixels.
47 | ottende says:
Bad luck mrsmiley. However, I would like for you to amend/correct your original post however just to keep the issues clear. The more M$ can keep blaming "social engineering" on phishing, the more they can deny responsibility for slack security policies over the phone.
Phishing is a processes where a 'phisher' cons a user into providing his access information (passwords/usernames) usually by posing as a legitimate authority (such as a fake website asking you to sign in). Since you suggest that the con artist got your account by weasling info out of customer service over repeated calls, you were likely not phished. If you were phished then M$ really doesn't have any liability for what can be viewed as your own carelessness.
However, what you describe is called "social engineering" where a con artist calls several times to the authority (XBL customer service in this case) and slowly pieces together enough information thorough cutomer service 'slips of tounge' to sucessfully pose as you in a subsequent call. In this case it is the customer service representative's and M$ that are at fault for slowly putting out enough personal information for the con artist to finally pose as you sucessfully.
There is a very important difference between the two from both a legal standpoint and a responsibility standpoint. As a user you need to take your own precautions to prevent GIVING OUT your information to Phishers. In your case described above, M$ needs to create stiffer security protocols and employ more reliable people to ensure that THEY don't give out personal information to SOCIAL ENGINEERS taking advantage of weak customer service representatives and policies.
Again, bad luck. This has happened to too many people, too often, with too little/nothing done about it from M$'s end. I think the lack of action from M$ is because they CAN call it phishing since people don't often understand the difference. However, the above should be made clear in the community so that there is no way that M$ can keep shovelling off its responsibility for slack personal information security policies.
48 | Datruel3gend says:
I, too, think that you should take some legal action in some form. That way, not only is everything resolved and you get a free year of LIVE, you also get a little money :). I would personally wait the 30 days out. I'm sure you can find something else to do (lol). In the meantime, i hope everything is resolved and fine by the time this comment is up, and heres hoping this never happens to you again and that Microsoft (as previously used, MicroSuck) gets their act together. I've had accounts hacked, but this situation beats them all by a longshot. And just look at all these comments! Shows that there are nice people in the world after all.
49 | TheComet says:
ottende does have a valid point up there, a small change in the vocabulary used to describe the situation can make the difference between ignorance and serious concern, make sure to drill the fact it was social engineering into the blog if that is truly the case
50 | mike says:
I am going through the same process. Someone has stolen my account which i worked on for 2 long years. Microsoft is not very helpful. The hacker has reset my email and password so i can not just reset it. I have called microsoft many times, but they say that they cannot do anything if i do not have the credit card info ( he changed that too ) and i am hoping that out of the pure goodness of their hearts that they will lock the account. Or at least give me the hacker's email so i can spam the hell out of him. If anyone has any idea how i can resolve this situation. Or if anyone has a subscription card they would like to donate to my new account, please feel free to contact me at . If anyone would like to add my new gamertag, it is I BR CarnagE I.
Mike
51 | Kyle says:
The same thing happened to me except I was the one who screwed up. Went to a site claiming 500 free ms points when i typed my info in an error screen came up. The site seemed legit it was linked to xbox.com. A week later and my account had been recovered on another system all friends erased (luckily I remembered a few of the cool ones names). I'm really pissed cause it had been one of my "friends" who sent me a message about it. Microsoft acted like it was a regular occurence. I figured I would at least get all my money back. Instead they gave me the remainder months of xbox live plus one and only gave me the money the person stole. I WANT !!!MY!!! MONEY BACK MICROSOFT!!! I had spent around $150-200 dollars on extra content for games, that I could only use if I had my OLD account. Microsoft should find a way to lock your account to your console. If that could have happened this would have never happened.
52 | OrientPaladin says:
Holy Hand Grenades...I've been gone for far too long. S'time for a comeback.
And you think MS is bad...try getting the Deviantart administrators to do anything, much less the right thing!
53 | jffdgxydgdt says:
I want a super xbox
54 | ottende says:
I've been digging a little deeper into what M$ has to say about social engineering. In particular, I've learned that M$ lumps this together with phishing and that all of its security websites imply that any issues you have were a result of not protecting yourself, i.e. you somehow provided the information to the criminals. This is definitely substantiating what I mentioned above: M$ is trying to deflect the accountability for security lapses for which THEY/THEIR Customer Service Agents are soley responsible for.
Once again I put out to the community: while we personally must be ever vigilant against phishing, M$ must become vigilant against being social engineered themselves. Make sure our language is clear here, or M$ will never feel the consumer or legal pressure to tighten their 'loose lips'.
55 | BloodshotRevolver says:
well it seems to me that microsoft is basically trying to bribe you with that year free of XBL because they know they messed up.
56 | Brett Chartier says:
My account has also been stolen through the social engineering methods that the people use to get accounts, first they usually ask you to join there party so that they can use Cain and able to get your ip from there they find some basic information about you once they have it they call 18004myxbox pretend to be that person and make up a story asking question about well is it a *****@yahoo.com account or is it a ***@hotmail account the Xbox front line staff usually the first one you get will tell them this, they hang up all again with the new information make up a story about not having the password and they have forgot the secret question to reset there email password Xbox live they then provide the stupid people at Xbox with and alternate email that has nothing to do with the original account and from there reset the password on the email to the gamer tag once they have that they have the last 4 digits on the credit card mine was taking off a long time ago , they knew what time zone I was in and chose to recover the account at night so I could not call Xbox live they reset the alternate email on my own email and changed the secret question we then reported the email account stolen through the paid telephone night service we had the email back in about 6 days Xbox live on the other hand after we had reported our account stolen they told us that they would have it suspended for a bit when the person that stole the account realized this he called Xbox live and gave them all the information needed to have the account re opened even though it was stolen this happened 2 times in that time the thief changed the gamer tag from HELLS MAN to TsGh Cody and put a new live subscription and a new windows live id. Xbox has no security what so ever when it comes to giving out personal information over the phone and this account was 3rd in the world for halo exp 17315 Microsoft said they had a resolution to the problem saying that they would give a one month card and that the account would remain locked out to prevent further use LOL meaning use by the original owner of the account I have refused there offer and I have not seen the account stats set to 0 I will not accept anything else but my account returned and protection from Xbox live giving out my personal information I have Microsoft One care and a check point router they tried to tell me that information was fished off my computer or I typed it into a site this email is my dads business email and he has had it for 10 years he is a systems analyst and has 20 years of computer knowledge we saw that going though Xbox support will not get us anywhere on this matter so we are now going though Microsoft headcounters to go from the top of the ladder down instead of the bottom up it is disgusting the level of service and the actions they took on this case and it will not fly I have recorded phone calls of them repeating company lines and saying I could not get in contact with anyone higher than a Xbox supervisor.
57 | Sgt Omall3y says:
Hye dude ik that you are worried but heres and idea. Go to all the websites that use passwords on and reset them and change them.
58 | Daggermn says:
I have also had my account stolen as of 12/12/08. I noticed my account being stolen a few hours after it happened and I called xbox customer support right away. As of today, my account has still not been restored to me and I am getting nowhere with xbox. I have asked to speak to a supervisor many times, but no one can help my situation. I have also sent many e-mails to MS regarding my account only to have them write back saying to call the 800 number.
I was inspired by your post MrSmiley and I have been using it as a formula to get my accont back, but I never end up getting anyone as nice as Herm was to you.
As of right now, my account is undergoing investigations and it's been 11 business days (even though they said it would take 5 - 10 business days). Does anyone have any advice for me as I fight this ongoing battle with MS?