Slashdot Mirror

← Back to Stories (view on slashdot.org)

Xbox Live Fraud Probed By Microsoft

Posted by Zonk on from the keeping-things-on-the-up-and-up dept.

Several outlets are reporting on Microsoft's investigations into the possibility of hacking and fraud on the Xbox live service. After customer service complaints, rumours of hacked accounts, and allegations of mis-used credit card information, C|Net reports that the Microsoft has opened an investigation. At the very least, this will reassure frustrated customers. Kevin Finisterre has kept a log of his discussion with the 1-800-MY-XBOX folks and the service's ongoing problems. "Security researcher Kevin Finisterre was playing Halo on a recent night with several friends when some of their opponents threatened to steal their accounts, he said. 'Literally the next day my girl's account was locked out,' Finisterre wrote in an e-mail Tuesday. 'I received a message on my Xbox that said: "We are sorry we must log you out of Xbox Live because someone else is using your Gamertag."' The account was banned."

3 of 21 comments (clear)

  1. Check the PCs by ewhac · · Score: 2, Informative
    XBox Live can be accessed both from within the XBox (obviously), and also over the Web. You use the same password for both. It therefore seems most probable that they either obtained some malware that harvested their passwords, or that they got phished. Wipe and reinstall the PCs -- preferably with Linux -- and negotiate with Microsoft to have the passwords changed and reputation restored. After the machine is cleaned, change all passwords on all other sites as well.

    It is highly improbable that Microsoft's servers were compromised. Administering their own network is one of the few things they do relatively well.

    Schwab

    --
    Editor, A1-AAA AmeriCaptions
  2. Re:Method? by j00r0m4nc3r · · Score: 2, Informative

    If this is real, what an incredibly stupid thing to do just to spite someone. It's completely traceable, and probably constitutes wire fraud which can maybe get you 20 years in federal pound-me-in-the-ass prison.

  3. Didn't you read the post? by SuperKendall · · Score: 3, Informative

    I find that highly unlikely. Let's say the only thing you need to reset password is the name. How would you possibly ever get this information no matter how many times you called? Do you call them and say hi I'm the owner of this ID but I'm not sure what name I wrote down?

    Read the very post you responded to. The caller is askign exactly that, with the excuse that a brother or kid created the account with false info... in that context it sounds reasonable to ask what name they put on the account. I can easily see this tactic working.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley