surf dtoid with 
Rising (10+)
People you follow
From what I've read apparently Microsoft doesn't even have a limit to the number of times you can enter a password (you can try 8 times.. then just re-enter the same user name and try 8 more times, etc.). This process can be easily scripted and it's pretty simply a brute force hack of trying different passswords.
Isn't it a pretty basic security defence that after a password is entered incorrectly that the account shuts down for 24 hours or a message is sent at least sent to the user saying that there password has been entered incorrectly 8 times (so they can at least check their account)?
Isn't it a pretty basic security defence that after a password is entered incorrectly that the account shuts down for 24 hours or a message is sent at least sent to the user saying that there password has been entered incorrectly 8 times (so they can at least check their account)?
TXYeti: Newp. The article says MS is blaming victims for phishing scams, despite reports that suggest this is a different issue than phishing scams. I am merely saying that MS itself is the one avoiding the point. Sorry if that's too harsh for you.
Xbox Live has not been hacked. User's accounts have been hacked. Big difference from PSN. No one (we know as of yet) has broken into xbox live database. Hackers are using phishing scams and brute force attacks. So if my email account gets hacked does that mean the email host has been hacked. NO! But I will say this. This is an issue and Microsoft needs to step up and warn people about it.
Watch. By this time next week, someone's going to hack Major Nelson's account and THEN we'll see if Microsoft is still so adamant that it's the user's fault.
Stop giving Jim shit over this. Every thread I've read on this subject in the past 4 weeks is filled with reply after reply of people saying they got hacked too. It's obviously becoming a big problem. It isn't just 4 people out of millions.
@Jim: "I am not going to claim they do. Because I don't know.
Neither do you."
Actually, yes I do:
http://www.zdnet.com/blog/security/survey-60-percent-of-users-use-the-same-password-across-more-than-one-of-their-online-accounts/9489
http://www.readwriteweb.com/archives/majority_use_same_password.php
No will you kindly stop acting like a self-righteous ass who thinks that a full-blown hack of an enterprise-level (~40M) security scheme is as likely as users making bad choices about their own security?
Neither do you."
Actually, yes I do:
http://www.zdnet.com/blog/security/survey-60-percent-of-users-use-the-same-password-across-more-than-one-of-their-online-accounts/9489
http://www.readwriteweb.com/archives/majority_use_same_password.php
No will you kindly stop acting like a self-righteous ass who thinks that a full-blown hack of an enterprise-level (~40M) security scheme is as likely as users making bad choices about their own security?
I've said before, and will say again, it isn't even entirely about security or prior fault.
It is about Microsoft's poor response. Locking accounts for one month "investigations". Reports of failing to lock accounts after saying that they were locking the account. Reports of failing to investigate at all. Denying that people have reported similar issues.
And then we get to the technological response. Microsoft knows people are getting into the accounts of other users, and appear to be doing little to nothing to improve their security. There is no red-flagging of accounts for suspicious activity (like accounts being recovered to a different country, or accounts being recovered and immediately being converted to a Family plan, or accounts being recovered only for most/all of its stored points to be immediately spent). There is apparently still no extra web security. Etc.
It is about Microsoft's poor response. Locking accounts for one month "investigations". Reports of failing to lock accounts after saying that they were locking the account. Reports of failing to investigate at all. Denying that people have reported similar issues.
And then we get to the technological response. Microsoft knows people are getting into the accounts of other users, and appear to be doing little to nothing to improve their security. There is no red-flagging of accounts for suspicious activity (like accounts being recovered to a different country, or accounts being recovered and immediately being converted to a Family plan, or accounts being recovered only for most/all of its stored points to be immediately spent). There is apparently still no extra web security. Etc.
DasPooch: Neither of those links prove that 99.9% of Xbox Live users use the same password for everything. It doesn't even prove that 60% of them do (which is definitely smaller than the number you claimed).
In any case, you are getting quite angry over my suggestion that maybe Microsoft isn't doing all it can to keep Xbox Live secure and that maybe pinning everything on phishing scams when users aren't reporting phishing tactics is troublesome.
Oh, and Microsoft recently made a change to Xbox.com to stop it being easier to force into accounts. Not that Microsoft has had any problems or anything, right?
http://www.industrygamers.com/news/xbox-live-security-tightened-amidst-microsoft-denials-report/
In any case, you are getting quite angry over my suggestion that maybe Microsoft isn't doing all it can to keep Xbox Live secure and that maybe pinning everything on phishing scams when users aren't reporting phishing tactics is troublesome.
Oh, and Microsoft recently made a change to Xbox.com to stop it being easier to force into accounts. Not that Microsoft has had any problems or anything, right?
http://www.industrygamers.com/news/xbox-live-security-tightened-amidst-microsoft-denials-report/
@Jim
I'd be surprised if you've ever written an article that "merely says" anything.
This post, as with most of your posts, does a much better job at speculating and instigating than providing any useful "news" or thoughtful commentary.
Your tone and stance are the opposite of "open-minded, despite your claims.
My bad, though. I forget this is always intentional. One day it'll stop surprising me, maybe.
I'd be surprised if you've ever written an article that "merely says" anything.
This post, as with most of your posts, does a much better job at speculating and instigating than providing any useful "news" or thoughtful commentary.
Your tone and stance are the opposite of "open-minded, despite your claims.
My bad, though. I forget this is always intentional. One day it'll stop surprising me, maybe.
TXYeti: If you say so. But since you seemed to think this article was "scathing", I don't know if you're a good judge of tone.
Boy am I glad I severed XBL from me after their ToS debacle. More people whould do the same. There is ZERO reason M$ should be charging for XBL witht eh amount of ads they throw at you, the price of the fucking console has barely dropped since LAUNCH, and they won't even admit they're busted wide fucking open.
Sony may have problems, but at least PSN is free and they eventually owned up to their mistake. Barely.
Sony may have problems, but at least PSN is free and they eventually owned up to their mistake. Barely.
@Jim - You know damn well that it's exaggeration for eff-oh, wait.. that's right, I forgot, you're a master troll. Never mind.
It's been proven that shitstorms don't affect Microsoft's bottom line. Maybe they think it's good pr??
DasPooch: Are we giving up and just going into lazy buzzword namecalling territory? Sweet!
u r teh fanboy lulz!
u r teh fanboy lulz!
TXYeti: The big public case was not the first I heard of it, that was just when all the gaming and consumer blogs started reporting on it in full force. There have been reports of this for months now. I don't necessarily believe there has been a true "breach" of MS security, but something is going on.
In order to recover a xbox live account to a console, all you need is the email and password, that's it. and by entering in the gt, it used to be pretty easy to get an email from it. I used to scam a bit, so I know how easy it was to break into accounts. Daspooch is right about people being stupid, but his number is way off. I'd lean to a nice 10-20% of users have common passwords/emails. I'm with jim though, shit hitting the fan on this scale is kinda looking like a security hole.
You know, they could probably stop some of this by having a mandatory password change every 30 days or so... you can actually set up you live id to do that.
Hah daspooch defending microsoft, how unexpected is that? Actually... That isn't even the saddest part of all this, he can't even see how much of an asshole he is.
Keep fighting the good fight daspooch! I'm sure microsoft will either reward you with their penis or your account getting hacked one day!
Keep fighting the good fight daspooch! I'm sure microsoft will either reward you with their penis or your account getting hacked one day!
Sayword. That's a ridiculous thing to say, calling him an asshole like that. I've read your posts and your easily as much of a tit as anybody else at their worst.
The weird thing is how many of these scams always involve FIFA, 9 times out of 10, people with the stolen accounts play and buy shit for FIFA, something having to do with cards and shit they can sell for real money.
@DasPooch:
Given Microsoft's decades-long history of blaming the victim and trying to do everything it can to screw over consumers while avoiding liability, isn't the "more likely explanation" that Microsoft is at fault here? At the very least, the burden of proof is on them rather than the consumers at this point, right?
Occam's Razor cuts both ways, you know.
Given Microsoft's decades-long history of blaming the victim and trying to do everything it can to screw over consumers while avoiding liability, isn't the "more likely explanation" that Microsoft is at fault here? At the very least, the burden of proof is on them rather than the consumers at this point, right?
Occam's Razor cuts both ways, you know.
While I do agree that MS needs to update it's Windows Live ID login to eliminate possible exploits being used here, I'm still not convinced this cross-platform blowback from other services.
Facebook admits that 600,000 are compromised daily, that's 18 million compromised each and every Month (and only 0.06% of Facebook's billion+ total members). I don't think it's a stretch to assume that at least some if those accounts have shared passwords across multiple services, including Xbox Live.
Facebook admits that 600,000 are compromised daily, that's 18 million compromised each and every Month (and only 0.06% of Facebook's billion+ total members). I don't think it's a stretch to assume that at least some if those accounts have shared passwords across multiple services, including Xbox Live.
I love you Jim, I really do!
Until MS has proof they will not admit anything. Sony waited to see exactly what was infiltrated and more than likely lawyers are to blame.
My hotmail account that I had for almost 12 years was hacked and I used a 14 character password..... Even though I use many different passwords I suppose it was my fault. I am truly ashamed that I have only had my gmail account for about a year now.
Until MS has proof they will not admit anything. Sony waited to see exactly what was infiltrated and more than likely lawyers are to blame.
My hotmail account that I had for almost 12 years was hacked and I used a 14 character password..... Even though I use many different passwords I suppose it was my fault. I am truly ashamed that I have only had my gmail account for about a year now.
@TXYeti, DasPooch: WHAT THE HELL ARE YOU BEING CORPORATE APOLOGISTS FOR?! Are you in MS PR or something? If so you're doing an awful job by just attacking people and saying they're morons.
Way to miss the point entirely MS. no one with half a brain is trying to claim that your servers are being breached. What IS happening is a frighteningly apathetic approach to handling fraud. I think an incredibly easy solution to this would be to lock down family plan points transfers. Without that procedure available this little black market industry is instantly invalidated.
I find it odd that while all of these people are coming out with stories of this happening to them on XBox I haven't seen an equal amount of complaints from users of the other services. If this is truly because "...online fraud and identity theft are industry-wide problems" and not related to a particular vulnerability on MS's part (hack/phish whatever)than I would expect people would have similar stories about Steam or PSN accounts.
The one 'I had money stolen from my PSN account' comment I did see throughout all of these 'MS HACKED' stories was by a commentor whose stated purpose was to suggest that people claiming Xbox theft were just making it up. Other than that not a single other claim that I recall.
My personal experiance is as follows:
PSN: obviosly compromised during the 'big one' but no illicit charges were experienced, either on my PSN or in other areas.
XBox: No illicit activity noted (only active since x-mas)
Steam: No illicit activity noted
The one 'I had money stolen from my PSN account' comment I did see throughout all of these 'MS HACKED' stories was by a commentor whose stated purpose was to suggest that people claiming Xbox theft were just making it up. Other than that not a single other claim that I recall.
My personal experiance is as follows:
PSN: obviosly compromised during the 'big one' but no illicit charges were experienced, either on my PSN or in other areas.
XBox: No illicit activity noted (only active since x-mas)
Steam: No illicit activity noted
Let's not forget Microsoft is the same company that refuses to acknowledge that Hotmail accounts are easily compromised. I've (as we as a few of my friends) have had a dormant Hotmail account send messages to those on my contacts (which were still on the account), even with a long and secure password.
Thank you Jim for finally admitting that this is as much as a real problem as the PSN incident (this is just the beginning). The difference is Microsoft is being a dick about it and blaming users for human error. At least Sony (taking their sweet ass time) told the world that their network was hacked. I am going for the lesser of the two evils this time.
Microsoft won't admit something, the same company that took a year to admit the rrod was real is denying it.
Why am I not shocked?
Why am I not shocked?
Had $10 worth of points stolen from me, would've been more if I didn't have my card stolen and replaced. MS really needs to get their shit together.
So after this blows over, will people side with Sony on this or will people still have a blind view that Microsoft is better, when they blame you and give you nothing?
The issue here is not whether people have good password or not. The problem is when the customers report the theft, Micro$oft do fuck all or act 28 days later.
Of course, blaming users for their supposed negligence. Strange, I'm not surprised in the slightest though.
@dtomek you seem to be pretty hip to the methodology at work that is compromising accounts! ( JUST SAYING )
This is getting ridiculous....NONE of the other major gaming sites are reporting any kind of security issue with XBL....and they are more reputable than DESTRUCTOID (let's be honest).
There are 40 MILLION members of XBOX live (according to MS) and if 100 people 'claim' that their XBL accounts were hacked without any errors on their side...Destructoid has deemed this is a HUGE Issue on the level of the PSN being hacked.
This screams of sensationalism.....where is the proof? where are the 200,000+ people claiming their accounts have been hacked (5% of 40 Million = 200,000) to be statistically significant?? Where is the network outages if the system itself has been hacked?
We all know security is something you have to take seriously in safeguarding your personal information but lets be honest that 90% of people don't take those precautions.
There are 40 MILLION members of XBOX live (according to MS) and if 100 people 'claim' that their XBL accounts were hacked without any errors on their side...Destructoid has deemed this is a HUGE Issue on the level of the PSN being hacked.
This screams of sensationalism.....where is the proof? where are the 200,000+ people claiming their accounts have been hacked (5% of 40 Million = 200,000) to be statistically significant?? Where is the network outages if the system itself has been hacked?
We all know security is something you have to take seriously in safeguarding your personal information but lets be honest that 90% of people don't take those precautions.
@TXYeti and DasPooch
Ok, but if your Xboc Live accounts DO get hacked someday, you better commit suicide in front of a crowd of people. You both seem to be HUGE 360 fanboys right now, and that MS could do no wrong. However, if you both DO get hacked, then you'll see what was wrong, and thus will have to kill yourselves... Did that make sense??... I don't care. I just want you both to die for being ignorant pricks and blaming innocent people for a problem that a major company like Microsoft should deal with.
Ok, but if your Xboc Live accounts DO get hacked someday, you better commit suicide in front of a crowd of people. You both seem to be HUGE 360 fanboys right now, and that MS could do no wrong. However, if you both DO get hacked, then you'll see what was wrong, and thus will have to kill yourselves... Did that make sense??... I don't care. I just want you both to die for being ignorant pricks and blaming innocent people for a problem that a major company like Microsoft should deal with.
This is getting ridiculous....NONE of the other major gaming sites are reporting any kind of security issue with XBL....and they are more reputable than this METRO or Destructoid.
There are 40 MILLION+ members of XBOX live (according to MS) and if 100s of people 'claim' that their XBL accounts were hacked without any errors on their side...Destructoid has deemed this is a HUGE Issue on the level of the PSN being hacked.
This screams of sensationalist journalism.....where is the proof? where are the 200,000+ people claiming their accounts have been hacked (5% of 40 Million = 200,000) to be statistically significant?? Where is the network outages if the system itself has been hacked?
We all know security is something you have to take seriously in safeguarding your personal information but we know that 90% of people don't take those precautions out of convenience.
There are 40 MILLION+ members of XBOX live (according to MS) and if 100s of people 'claim' that their XBL accounts were hacked without any errors on their side...Destructoid has deemed this is a HUGE Issue on the level of the PSN being hacked.
This screams of sensationalist journalism.....where is the proof? where are the 200,000+ people claiming their accounts have been hacked (5% of 40 Million = 200,000) to be statistically significant?? Where is the network outages if the system itself has been hacked?
We all know security is something you have to take seriously in safeguarding your personal information but we know that 90% of people don't take those precautions out of convenience.
The problem here isn't the XBL network / databases being hacked, it's how MS (and other companies) have their password retrieval setup.
Because Windows Live and other services allow online password retrieval, people with malicious intent are simply using these services to get at peoples passwords. The people who use the same user / pass on different services then get their accounts "hacked".
Ultimately you can't rely on companies to provide fool proof ways of protecting your account. They're too busy protecting their copyright laws to care about you. So take precautions, like using different user / pass for every different service.
Because Windows Live and other services allow online password retrieval, people with malicious intent are simply using these services to get at peoples passwords. The people who use the same user / pass on different services then get their accounts "hacked".
Ultimately you can't rely on companies to provide fool proof ways of protecting your account. They're too busy protecting their copyright laws to care about you. So take precautions, like using different user / pass for every different service.
Even in the source article it clearly states MS has not been hacked, and that people are trolling 3rd party services like Twitter and Facebook for valid data. This is the second article falsely claiming that Mr.Coutee's case is the result of a hack. Brute force scripts are NOT hacking.
People criticized Sony for the PSN breach but Sony never denied nor treated their community like morons. It is also funny, and allow us to see how unfair were the media with Sony because they make it a big show. Now MS is having the same problem and the media give no attention to it and act like nothing is happening while MS treat their community like dorks. Shame on you ms, learn from Sony how to respect and treat customers.
calling BS on this. My account got hacked and someone bought these EA sport packs will my of my xbox points. Microsoft restored the points but i still have no idea how someone got into my account.
@ Gooniegoogoo
Joystiq and Game Informer both ran stories on MS security issues. While these may not be considered 'reputable' by your definition, could you provide some sites for me to check out?
Joystiq and Game Informer both ran stories on MS security issues. While these may not be considered 'reputable' by your definition, could you provide some sites for me to check out?
"Why is it that everyone was so quick to burn Sony at the stake, but act like MS can do no wrong?"
Tired of reading crap like this. Look, Dtoid, mainly Jim, likes to play with emotions, Jim does it so well that you Sony fanbois have come out again just waiting for your day to say "YOU GOT YOURS!"
What we have here is an isolated incident. There is no proof that hackers have gotten into the infrastructure of LIVE like they did the PSN. We have a few hundred users that got their accounts hacked and money stolen, sucks for them, but out of the millions of users worldwide on LIVE that is drops in a bucket.
This is what I'm saying about Jim playing with emotions. We have no where near substantial evidence that this is even a problem, but if someone makes a headline like the one above, everyone wants to freak out like it's the end of the world.
As far as I'm concerned, when we get actual proof that they have gotten into the infrastructure of LIVE then you all can claim "YOU GOT YOURS!" but as it stands right now, we just have a few idiots that can't keep their own accounts secure, plain and simple.
Jim why must you toy with the emotions of the interwebs? You sir need to lay off the trolling for once.
Tired of reading crap like this. Look, Dtoid, mainly Jim, likes to play with emotions, Jim does it so well that you Sony fanbois have come out again just waiting for your day to say "YOU GOT YOURS!"
What we have here is an isolated incident. There is no proof that hackers have gotten into the infrastructure of LIVE like they did the PSN. We have a few hundred users that got their accounts hacked and money stolen, sucks for them, but out of the millions of users worldwide on LIVE that is drops in a bucket.
This is what I'm saying about Jim playing with emotions. We have no where near substantial evidence that this is even a problem, but if someone makes a headline like the one above, everyone wants to freak out like it's the end of the world.
As far as I'm concerned, when we get actual proof that they have gotten into the infrastructure of LIVE then you all can claim "YOU GOT YOURS!" but as it stands right now, we just have a few idiots that can't keep their own accounts secure, plain and simple.
Jim why must you toy with the emotions of the interwebs? You sir need to lay off the trolling for once.
Thank you jim, for being the first site to say ms deserves as much if not more flak than sony got.
At least sony didn't lose any of our money
At least sony didn't lose any of our money
@Jim
You've expressed more criticism of Microsoft in the comments than in the actual article. How about changing that tone? I repeat, if this had been on PSN or WiiConnect you would shitting your bricks right now.
Microsoft is handling this problem FAR worse than Sony handled the PSN attack (for which by the way YOU slammed Sony).
@amg0D
I am primarily a Nintendo fan and can admit that proudly. But I call bullshit on the part about Sony fanboys.
Do you know what the absolute worst aspect about the PSN hack was? We lost online playability for about a month. No reported CC theft, no reported lost accounts, nothing.
Isolated or not, this incident is resulting a significant number of people losing their accounts or having games or MS points stolen from them right from their noses. This is FAR worse than the PSN hack. Suggesting otherwise is ignorant and stupid.
As for Jim, hopefully he'll stop being just as slow and stubborn as Microsoft.
You've expressed more criticism of Microsoft in the comments than in the actual article. How about changing that tone? I repeat, if this had been on PSN or WiiConnect you would shitting your bricks right now.
Microsoft is handling this problem FAR worse than Sony handled the PSN attack (for which by the way YOU slammed Sony).
@amg0D
I am primarily a Nintendo fan and can admit that proudly. But I call bullshit on the part about Sony fanboys.
Do you know what the absolute worst aspect about the PSN hack was? We lost online playability for about a month. No reported CC theft, no reported lost accounts, nothing.
Isolated or not, this incident is resulting a significant number of people losing their accounts or having games or MS points stolen from them right from their noses. This is FAR worse than the PSN hack. Suggesting otherwise is ignorant and stupid.
As for Jim, hopefully he'll stop being just as slow and stubborn as Microsoft.
@RockWallofMight359 Yes, because losing 7,000,000+ accounts information is far worse than a few 100+, awesome your logic is water tight!
People get hacked, they lose money, happens even in the real world. Shit, some Mexican stole my Social number a while back and I had to correct that shit. Had nothing to do with Microsoft. I've seen numerous people claiming they got fucked by Microsoft, I've also seen numerous people claiming they have been treated like kings.
So no, there is no actual proof of anything, claiming this is worse than the PSN outage is ignorant and stupid. We have people talking, getting attention, for that, all I can assume is what they wanted WAS attention. I'm not going to take one schmucks word on the internet as fact.
LET'S BURN MICROSOFT BECAUSE A FEW PEOPLE HAVE LOST $100, THAT'S WAY WORSE THAN 7mil ACCOUNTS COMPROMISED!!!!
People get hacked, they lose money, happens even in the real world. Shit, some Mexican stole my Social number a while back and I had to correct that shit. Had nothing to do with Microsoft. I've seen numerous people claiming they got fucked by Microsoft, I've also seen numerous people claiming they have been treated like kings.
So no, there is no actual proof of anything, claiming this is worse than the PSN outage is ignorant and stupid. We have people talking, getting attention, for that, all I can assume is what they wanted WAS attention. I'm not going to take one schmucks word on the internet as fact.
LET'S BURN MICROSOFT BECAUSE A FEW PEOPLE HAVE LOST $100, THAT'S WAY WORSE THAN 7mil ACCOUNTS COMPROMISED!!!!
follow
