Sep 26, 2011

Posted by | 20 Comments

Updated: Xbox Live Account Hacked to Buy Black Ops Map Packs

Updated: Xbox Live Account Hacked to Buy Black Ops Map Packs

Maybe it’s a sign of the times, or maybe it’s a sign that DLC has become way too expensive, but last week a hacker got access to my Xbox Live Account to purchase 6000 Microsoft Points, and then used those points to buy two Black Ops Map Packs. I happened to be playing Black Ops at the time, so I was able to catch them before they purchased more, but in the span of 15 minutes, they charged $75 to my credit card.

Last week at around 8PM, I was playing Call of Duty: Black Ops, and while I was waiting for a match to start, I got a message that said something like, “Your Xbox Live information is not valid. Please login with a valid account or recover your account.” So I backed out to the dashboard and started the recovery process. Once it was finished, I figured everything was good to go, but after trying to login again, I was greeted with the same message.

At this point I decided to change my password on xboxlive.com; not sure why I decided to do that, but I did just as a precaution. After the whole Sony thing, I guess I’m a bit more paranoid about these things.  Once I changed my password I was able to recover my account, but then I noticed something strange. I had 3600 points in my account. After checking my email, I noticed there were three consecutive charges for Microsoft Points. The person who hacked into my account had purchased a 4000, 1200, and 400 Microsoft Points Bundle. The charges were consecutive, and then after checking my active downloads, I found they used some of the points to purchase the first and third Black Ops map packs.

I was able to secure my account quickly and stop them from purchasing more items from the marketplace. I figured they only purchased those two since I already had the second map pack. What was disappointing about this entire thing was the aftermath and Microsoft’s inability to rectify the situation in a timely matter.

I called Microsoft instantly and told the representative about the issue. They looked up my purchase history and saw that I had not purchased points since May of this year, and that I have never purchased that many points in one sitting since I’ve had an Xbox Live Account. Yet I had to talk to three different people over three days in order to finally get a real answer to my problem. The first thing they did was to cancel my account, remove my credit card, and issue me a few 1-month gold subscriptions that would last me till the end of my subscription. The next thing they did was to put me on a list for their “investigation” team to contact me. The next day someone contacted me, but it was only to give me a 1-month code that they still owed me. At this point I told this new representative about the issue and he explained that the other representative didn’t follow the correct steps to get a refund for the charges.

Finally, I spoke to someone the following day, and they told me I had two choices. I could suspend my subscription for up to a month, during which time they would give me a “loaner” account, and they would investigate the charges, including the Xbox that was used to recover my account. The other option was to dispute the charges with my credit card company, in which case they would not allow the charges to go through on their end, and Xbox would have to take it from there, but I would get the charges taken off my account. This process takes half the time, but I’d have to get a brand new card.

Microsoft never offered me a quick solution to the problem. I was told different things by different people. I was told it would only take a few days to get my money back, then two weeks, and another person told me it always takes a month. The charges were clearly not mine, since I had been playing Black Ops online at the time, which can be proven thanks to Call of Duty Elite, so it seemed like a no-brainer to me that this issue could be solved quickly. Not to mention the fact that Microsoft should be able to instantly see where the charges where made. Unfortunately, that isn’t the case, and I soon realized going through my bank was the best possible way to solve the issue. I got a new card in two days, and the issue should be resolved by the end of the month. Interestingly, if I don’t go through with the investigation, Microsoft will never go after the people who recovered my account on their console.

This should be a lesson to everyone that Microsoft can’t really help you when these things occur, and you shouldn’t rely on their customer service. They showed no sympathy, despite the amount of evidence showing that it wasn’t me making the purchases. They have definitely seen this hacking before, and yet the process for remedying the situation is excruciatingly long. So my advice is to change your password at least once every two months, use security questions, and monitor your charges. If I hadn’t been playing online, they could have maxed out my card buying items from the marketplace. Also, call Microsoft and take your Credit Card off of your account, or use PayPal; there’s no need to have a credit card on file since you can get points from places like Amazon. More importantly, this clearly shows that map packs shouldn’t cost $15; if people are hacking into accounts to purchase map packs, you know it costs way too much.

Have any of you experienced a problem like this with Microsoft? How did you get your situation resolved? Let us know your story in the comments.

Update 10/3:

After a few more phone calls to my bank, I finally received my money back from the fraudulent charges made on my Xbox Live Account. The charges were made on 9/20 and I got my money back on 9/28. I had to sign a few papers and send them in, along with canceling my card, but I got a full refund. Definitely the way to go, do not go through Microsoft their system of doing this won’t result in much, unless you really want the people who did this to pay. As I stated already, Microsoft won’t look into the charges unless you launch a formal investigation which will shut you account down for at least 30 days.

Update 10/14:

A few other publications have picked up on this issue and as you can see from the comments below, many people are starting to find out that their account was hacked. In most cases it seems that they hacked the accounts to buy FIFA Points. Looks like word is starting to spread about this issue, so hopefully we will hear from Microsoft soon.

Here are a few articles posted today:

http://arstechnica.com/gaming/news/2011/10/xbox-live-users-experiencing-hacked-accounts-fifa-11-and-12-purchases

http://www.eurogamer.net/articles/2011-10-14-xbl-accounts-hacked-to-buy-fifa-packs

 

Update 10/14 #2:

Microsoft contacted both of these outlets and gave the same response:

“We do not have any evidence the Xbox LIVE service has been compromised. We take the security of our service seriously and work on an ongoing basis to improve it against evolving threats. However, a limited number of members have contacted us regarding unauthorized access to their accounts by outside individuals. We are working with our impacted members directly to resolve any unauthorized changes to their accounts. As always, we highly recommend our members follow the Xbox LIVE Account Security guidance provided at www.xbox.com/security to protect your account.”

This seems like BS to me. As arstechnica said, they have gotten an overwhelming response with people stating that they were hacked, and the article was posted only a few hours ago.