c|net is reporting that Microsoft is set to launch an investigation in to potentially fraudulent activity with their hugely successful Xbox Live service.

You can read more here (http://news.com.com/Microsoft+probes+possible+Xbox+Live+fraud/2100-7349_3-6169060.html?tag=cd.top).

The investigation comes after gamers reported having their Xbox Live accounts hijacked and their credit card used to buy "Microsoft Points," the virtual currency on Xbox Live, which has more than 6 million users.

"Recently, there have been reports of fraudulent activity and account theft taking place on the Xbox Live network," a Microsoft representative said in a statement provided to CNET News.com. "Security is a top priority for Xbox Live, and we are actively investigating all reports of fraudulent behavior and theft."

Gamers have been reporting the incidents for some time in online forums--including on Xbox.com--and to Microsoft's Xbox help desk. Many users of the Microsoft console have been frustrated with the software giant's response to date.

"My Xbox Live account was hacked and all credit card info was stolen and used to run up points...Microsoft says: 'Oh, well, better call your credit card companies, nothing we can do,'" one user wrote on the Xbox Web site last month.
Damn! I had no idea this was as prevalent as this article suggests. Microsoft - you owe it to your "six million" Xbox Live subscribers to investigate this fully and without prejudice.

Shit, I've bought things on there.

With my 'special numbers'!

They do owe it to their customers to not only look into this but to prevent it from happening in the first place. Then again this kind of information can be taken from you in all sorts of day-to-day situations... so, yeah.

Not to make light of the situation but since you can log-in to your Live account and add points from the Xbox website, it is possible that much like on WoW, some of these people have/had a virus, keylogger or some form of malware on their PC, or could be as simple as them having shared the information with a friend or boyfriend/girlfriend with whom they no longer are on good terms with.

how hard can it be to track down the zitasses who stole the money? i mean the credits went somewhere right? i can't imagine that thousands of people are adding vast sums of points to their accounts all the time...

I guess the important lesson here is: use a real credit card on Xbox Live, not a debit card. Yeow!

how hard can it be to track down the zitasses who stole the money? i mean the credits went somewhere right? i can't imagine that thousands of people are adding vast sums of points to their accounts all the time...

It does seem odd that they can't just find these people. Even if the person just stole the credit card info and used it only to put points on their account whenever they wanted (rather than keeping a huge stockpile) wouldn't they just be able to find accounts which haved used the credit card number other than the account belonging to the rightful owner? I mean, they do have your credit card info when you make a purchase and I'm sure they keep records.

I guess the important lesson here is: use a real credit card on Xbox Live, not a debit card. Yeow!

THAT is terrific advice. Debit cards can be deadly. However, it's my understanding that Visa/MC debit cards have similar protections to regular Visa/MC credit cards. Call your card company or bank if you're curious.

Also, this isn't terribly surprising. It's sad, but anywhere there's money in any substantial amount, there are thieves. Piles of money smell to thieves like crap does to flies. It's magnetic. Thievery is everywhere. I can't even leave my classroom door open when I go to the bathroom, nor can I leave students in the room unattended, for fear of stuff disappearing. Pisses me off. :(

This is one of the reasons I buy the pre-paid XBLive cards.

This is one of the reasons I buy the pre-paid XBLive cards.

I don't like those things. I've had TWO which lost numbers as I scraped off the crap covering the number. I returned one, and asked them to scrape the number themselves. The did it, very carefully, and it was MISSING a number (that's the second one).

I gave up on the things then and there.

Also, you surely have a credit card on file. A thief could hack in and get that, I'm sure.

It does seem odd that they can't just find these people. Even if the person just stole the credit card info and used it only to put points on their account whenever they wanted (rather than keeping a huge stockpile) wouldn't they just be able to find accounts which haved used the credit card number other than the account belonging to the rightful owner? I mean, they do have your credit card info when you make a purchase and I'm sure they keep records.
I'm guessing that everything will be investigated fully and all avenues will be explored.

This is one of the big reasons why I used a pre-paid credit card for my Phantasy Star account. The Phantasy Star forums were rife with stories of hacked accounts, including a story where the kid responsible was tracked by authorities and arrested.

They used a method called pretexting, where they call X-Box live support and get them to reset the victims password so they can log in as them and do whatever they want. It is not yet clear if they have someone inside X-Box Live as an accomplice, or if they have gotten inept employees every time that they have done this, since this is against company policy and also highly illegal.

...

I was unable to recover my account, since they had changed the password. In contacting X-Box Live support, they were able to confirm the method used as stated before, and they seemed shocked that their employee would do such a thing. They told me this was identity theft and a criminal matter, and I should contact the police as soon as I get off the phone with them. They also said I needed to cancel my credit card to stop them from using it.

This is serious business.

but... what the hell do you use all those stolen points on?

This is serious business.

You have a gift for the obvious! :D

I'm actually hurting myself laughing here...

but... what the hell do you use all those stolen points on?

THEMES! Gotta waste money on them THEMES! :D

While some users believe the security of Xbox Live was breached, others suggest that users were tricked into giving up enough information while in a game so fraudsters could call Microsoft to change the account information. Users may also have been duped into giving up their account information through phishing scams.

THAT is scary. :eek: It almost makes me want to change my mind about using my credit card. The fact that something like that could happen to me is enough for a few sleepless nights.

On a lesser note, it's nice to know that Microsoft backs you up every step of the way when it comes to dedicated customer service. :rolleyes:

I don't like those things. I've had TWO which lost numbers as I scraped off the crap covering the number. I returned one, and asked them to scrape the number themselves. The did it, very carefully, and it was MISSING a number (that's the second one).

I gave up on the things then and there.

Also, you surely have a credit card on file. A thief could hack in and get that, I'm sure.
"scraped off" ??? I bought Microsoft points and they have peal off cardboardt hat doesn't cause any problems. I'm from U.S.A. so im not sure if they have differnt points cards for different regions or not.

"scraped off" ??? I bought Microsoft points and they have peal off cardboardt hat doesn't cause any problems. I'm from U.S.A. so im not sure if they have differnt points cards for different regions or not.

The same stuff you scrape off (carefully, of course) from instant lottery tickets. It's a gray surface substance that hides the code. The points cards I've dealt with (two of them) had that substance on them. It had to be scraped (carefully) off. Both times (once I did it...once the employee of the store did it), numbers went with the scrapings and the code was useless.

I'll stick to credit cards.

Johna In which country do reside which uses these scratch off cards?

Johna In which country do reside which uses these scratch off cards?

U.S.A. (southeast region). I got both at my local Best Buy.

I'm not crazy or lying...they were scratch-off cards. 1600 MS points each.

Not to make light of the situation but since you can log-in to your Live account and add points from the Xbox website, it is possible that much like on WoW, some of these people have/had a virus, keylogger or some form of malware on their PC, or could be as simple as them having shared the information with a friend or boyfriend/girlfriend with whom they no longer are on good terms with.

Ya there are so many ways this could have happened. Social engineering (as suggested by the original article) to bad passwords for the passport account, etc. This is the risk of any system unfortunately.

but... what the hell do you use all those stolen points on?

"Yes...Now I can finally buy that bling horse armor!"

The same stuff you scrape off (carefully, of course) from instant lottery tickets. It's a gray surface substance that hides the code. The points cards I've dealt with (two of them) had that substance on them. It had to be scraped (carefully) off. Both times (once I did it...once the employee of the store did it), numbers went with the scrapings and the code was useless.

I'll stick to credit cards.

If it was one number...there's only 10 combinations...

Not to make light of the situation but since you can log-in to your Live account and add points from the Xbox website, it is possible that much like on WoW, some of these people have/had a virus, keylogger or some form of malware on their PC, or could be as simple as them having shared the information with a friend or boyfriend/girlfriend with whom they no longer are on good terms with.

Ya there are so many ways this could have happened. Social engineering (as suggested by the original article) to bad passwords for the passport account, etc. This is the risk of any system unfortunately.

Let's not rule out the fact that this is happening right after Vista LIVE beta testing is wrapping up (hmmm) and Vista's almost ready to 'turn it on'. that's when have to worry about the secure LIVE service we once knew and loved.

I'm all for PC gamers getting to join us on the console, but at what price when it comes to cheaters and hackers now that PC's have a DIRECT link to our 360's??? >shudder<

edit: before someone jumps on me about my use of direct link, I know there are *** servers between us and many routers involved.. I just meant a more easier route to gain access then before.

It does seem odd that they can't just find these people. Even if the person just stole the credit card info and used it only to put points on their account whenever they wanted (rather than keeping a huge stockpile) wouldn't they just be able to find accounts which haved used the credit card number other than the account belonging to the rightful owner? I mean, they do have your credit card info when you make a purchase and I'm sure they keep records.

If I were doing something like this, I'd buy points for lots of people, not just myself. Make yourself a needle in an unprosecutable haystack.

debit cards? credit cards? why dosen't everybody use american express?

just wondering. do searches for the reasons i am saying.....:)

There should be better checks and balances when it comes to credit cards and the accounts linked to them. If a new account suddenly lists your credit card, there should be some sort of warning sent through your credit card company. I know certain banks have identity theft protection, and alert people when their credit card is in use or an account is being opened in their name. I don't know how they could monitor Xbox Live however, so it's up to microsoft to have a more secure system.

THAT is terrific advice. Debit cards can be deadly. However, it's my understanding that Visa/MC debit cards have similar protections to regular Visa/MC credit cards. Call your card company or bank if you're curious.

Also, this isn't terribly surprising. It's sad, but anywhere there's money in any substantial amount, there are thieves. Piles of money smell to thieves like crap does to flies. It's magnetic. Thievery is everywhere. I can't even leave my classroom door open when I go to the bathroom, nor can I leave students in the room unattended, for fear of stuff disappearing. Pisses me off. :(
Should of kept your dingaling in your pants then shouldnt of you....

Sounds bad, one thing that annoys me is that people with chipped/hacked 360s can play online ... Friggin sucks, okay they pay for Gold memberships , but with copied games.

1) How does one use these points once aquired?

2) How do you steal the credit card information when all but the last four digits are hidden?

I am assuming the exploit in this regards linking one's Gamertag to another, such as what happens when you change the name of your previous tag.

Troubling.

If it was one number...there's only 10 combinations...

My first card was missing multiple numbers (LETTERS are also possible).

The second card was missing one. I was standing at the register when they scraped it off for me. I'll be damned if I'm going home to input the various combination to get the right one, when it could be any number from 0-9 or letter from A-Z. Screw that. I want a new one. I'm standing right there, so I'm getting one!

HA!, XGA is coming soon (Xbox Genuine Advantage Validation)
I wouldn't be surprise if they come up with that ;).

While some users believe the security of Xbox Live was breached, others suggest that users were tricked into giving up enough information while in a game so fraudsters could call Microsoft to change the account information. Users may also have been duped into giving up their account information through phishing scams.

I'd bet on the latter. Mouth-breathing idiots got pwned and blame Microsoft for their own lack of judgement. I could be wrong, though. It's not like Microsoft products never had security issues eh?

If I were doing something like this, I'd buy points for lots of people, not just myself. Make yourself a needle in an unprosecutable haystack.

You can buy points for other gamertags via the XBL interface on yours? I didn't know that. Even so, my point still stands that the purchase came from your account, so if the card you used is reported as having been "stolen" and used for this purpose then you *should* still be boned.

They control the entire system so it's pretty ridiculous that they've still let theft happen. (assuming those robbed are not retarded enough to do something that would compromise their info, in which case all bets are off; though tracking the thieves should still be a non-issue.)

THAT is terrific advice. Debit cards can be deadly. However, it's my understanding that Visa/MC debit cards have similar protections to regular Visa/MC credit cards. Call your card company or bank if you're curious.

Also, this isn't terribly surprising. It's sad, but anywhere there's money in any substantial amount, there are thieves. Piles of money smell to thieves like crap does to flies. It's magnetic. Thievery is everywhere. I can't even leave my classroom door open when I go to the bathroom, nor can I leave students in the room unattended, for fear of stuff disappearing. Pisses me off. :(

Another thing to note. Some banks/CC's offer a "unique number" for online shopping. With Discover I used to use this software that would generate a 'one time use' or a 'use with only this vendor' number that was tied to my account. I could use it to purchase things online and not worry nearly as much about data theft. If the # was used on another site it was flagged immediately. I'm sure more banks offer services like this now, but I haven't used the Discover service in a long time because I need to pay that card off =)

c|net is reporting that Microsoft is set to launch an investigation in to potentially fraudulent activity with their hugely successful Xbox Live service.

You can read more here (http://news.com.com/Microsoft+probes+possible+Xbox+Live+fraud/2100-7349_3-6169060.html?tag=cd.top).


Damn! I had no idea this was as prevalent as this article suggests. Microsoft - you owe it to your "six million" Xbox Live subscribers to investigate this fully and without prejudice.



RIGHT ON! Microsoft should NEVER say "oh well seek help from you CC company"
Thats just BS. If people are able to somehow "hack" your CC info then there is a HUGE problem with the system!
Thx for the heads up! :)