Xbox Live hacked, accounts stolen

Xbox Live hacked, accounts stolen

Summary: Online gaming forums are buzzing with reports that Xbox Live accounts linked to Microsoft's Windows Live ID service are being hijacked by malicious hackers. Kevin Finisterre, a security researcher at Digital Munition, raised the issue on the Full Disclosure mailing list over the weekend, calling attention to rumors that Microsoft's Bungie.

SHARE:
TOPICS: Microsoft, Windows
9
Online gaming forums are buzzing with reports that Xbox Live accounts linked to Microsoft's Windows Live ID service are being hijacked by malicious hackers.

Kevin Finisterre, a security researcher at Digital Munition, raised the issue on the Full Disclosure mailing list over the weekend, calling attention to rumors that Microsoft's Bungie.net was the victim of a breach that exposed a portion of Xbox Live.

"Some folks are having their Microsoft points stolen and or points purchased via their stolen gamer tag," Finisterre said.

A quick search of user forums at xbox.com and other gaming sites turned up multiple messages from Xbox Live users complaining about hijacked accounts, which typically link gamer tags to Windows Live ID (formerly .NET Passport).

xbox live hijacks

According to Finisterre, there is a group online called "Infamous Clan" brazenly offering to "jack" Xbox Live accounts and boasting about successful account theft.

Several Xbox Live users contacted me to confirm the rumors and make it clear that the stolen accounts are being used for nefarious purposes.

One reader writes:

"I have been involved with Microsoft Support for days on this exact issue and have spent many hours on the phone trying to prove to them that, first, my Windows Live ID was stolen and, second, the ID and password associated with my ID were changed; two actions that Microsoft swears can NEVER happen; and third that the thief was able then use my credit card information associated with one of my Windows Live ID accounts to purchase over $800 of Microsoft products.
Thank goodness for other websites that still contained my old Windows Live ID information and also the fact that, in order to gain access to those other websites, you NEED a Windows Live ID. After spending over 20+ hours on the phone with support and finally getting them to realize that I did indeed have a Windows Live ID, after pointing them to the other websites, I was told by a supervisor that "Yes, in fact, we have heard of some instances where a user's Windows Live ID had been compromized!"
After finally getting this confirmation and having a case number assigned and forwarded to Microsoft Security Investigations, they, also, confirmed it as a breach, issued me another Windows Live ID and then reinitialized the stolen Microsoft Products that were associated with the old ID over to the new ID."
Another gamer wrote in with an identical complaint, warning that Microsoft's product support staff have been unhelpful. "They admit this is an issue but say there's nothing they can do about it," he added. Digital Munition's Finisterre also made a note about the lack of support from Microsoft:
I just got off the phone with a Microsoft Tech for Xbox live that has confirmed this to with me and they have stated that accounts are being stolen and that "Hackers have control of Xbox live and there is nothing we can do about it."

Microsoft did not respond to a request for comment.

Topics: Microsoft, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

9 comments
Log in or register to join the discussion
  • RE: Xbox Live hacked, accounts stolen

    i need help i was playin mordern warfare 2 when a guy asked me if i wanted 10th pretige i said yes and gave him m account details and then he told me to go ofline then come on in 10 mins and when i went to recover it he had changed the password so i made a new account and sent a friend request to my old account then the person acepted it i was in a party with him and he said my brother gave it to me i said but it was mine he said i will ban ur xbox from live if u accuse me from stealing ur account his friend is trying to get it back for me


    HELP WHAT SHOULD I DO
    help my account got hacked
    • RE: Xbox Live hacked, accounts stolen

      @help my account got hacked Contact Microsoft if you haven't already and keep giving out your personal information so these thieves can get more chances to do this to you considering you were stupid enough to fall for it.
      neon6
    • HELP

      IF THE PERSON ASKS U GIVE ME 1600 MICROSOFT POINTS AND ITS ALL YOURS DO NOT GIVE THE GUY 1600 THATS HOW THEY CAN HACK UR ACCOUNT IF ANYONE WANTS TO FIX IT TELL ME AND ILL TEACH U
      XAVIERBARRETO123
    • re

      Stop being such a gullible dumb-ass.
      Amy Eartrot
  • RE: Xbox Live hacked, accounts stolen

    my friend helped me on getting hacked on xbox live. change your personal name on xbox 360
    KyleLock3000
  • RE: Xbox Live hacked, accounts stolen

    I've had my account stolen I use games for windows and do not own an xbox but 6000 points were purchased and bought an xbox gold premium pack (whatever that is) I post on the forum but moderators remove most of them, support by phone is very uncaring (after all Microsoft gets the sale legally or illegally) and nothing seems forthcoming. Microsoft do have the power to prevent this very easily... VERIFICATION. I cannot buy milk without entering a pin number at any shop but microsoft allow anyone to use anyone else's payment details as long as microsoft profits from the transaction. The reason why they do not want to add verification is because of "auto renewal"... they automatically take money from you when your account comes up for renewal and by adding verification it would slow the swelling of their gobal coffers. So why should they be bothered a few tens of thousands of customers have been robbed over the years? we cannot sue a corporation that could bleed us dry in the courts, but government can act, bills can be passed, legislation brought in to hold companies accountable for insufficient safeguards in efraud. A few $100, 000 (or 100,000 GBP) fines should make them want to close this loophole that goes back many years. I would point out that many accounts hacked have been almost systematic as though it was done like an auto-renewal program... the same amount of points, the same pack bought, the same games played for a tiny amount of time..... hmmm if I didn't know better, the security professional in me would be looking long and hard at the main common denominator... Microsoft employees with access to the account details. I would add I've never given my details to anyone and only access the account to buy pc games and my pc is secure and antimalware and virus programs are run every 2 days full scans. But just before my account was compromised I did send a complaint to MS about a game that was not compatible with my system although they sold me it because they said it was.... coincidence maybe ?
    d.gray370@...
  • RE: Xbox Live hacked, accounts stolen

    My xbox live account has been hacked this week and when i couldn't log in i rang xbox live to find my gamer tag log in e-mail has changed and they have bought 6000 microsoft points resulting in 51 pounds coming out my bank yesterday. I have been told an investigation will take up to 25 days.
    johntina
    • RE: Xbox Live hacked, accounts stolen

      @johntina yea mine jus got hacked last night at 9:30 what an idiot he/she is. I got there email.....changed my eamil then tranfered all of my points...i got over 400 dollars on my account....the mf goin to jail...i gave moreinfo than they needed the points are being returned to me and the account is locked....the bastard isnt as smart as me. I hope they all go to fukin jail and rot! THe lady in the phone said it could take up to 25 days for me too....all i know is i better get all my stuff back! my 14k MP games vids, everything! if nething i wish i had the money to take microsofts greedy asses to court so they can get a fukin hackshield...DERP
      grimravenous
  • Xbox live hacked

    I received an email yesterday stating that my Windows Live login had been changed. I tried to respond to the email to advise them that I did not authorize a change but was unsucessful. Windows support has been no help. I was then advised that someone had tried to buy MS points with my credit card.Fortunately the card was expired. I was able to open a new Windows Live account with my original email and password but it won't link to my old gamertag. Hopefully I can get some help through their suppport chat. It's sounds like a long process to get this corrected. For something they say can't happen this is a clusterF****.
    rvf92000@...