Microsoft's customer service is almost legendary in terms of how awful it is, but one woman in particular may have unlocked the Master Sword of incompetence. Susan Taylor awoke one day to find that her Xbox Live account was hacked, and $214.97 of MS Points had been purchased and transferred out. Microsoft would do all in its power to help. Or rather, help the hackers get away with it.
At first everything went somewhat sensibly. Susan notified Microsoft and PayPal, and they logged the complaint. After giving out a complimentary thirty-day Xbox Live code, Microsoft promised the victim that her now unobtainable Xbox Live account would be frozen so that nobody could use it. Naturally, this didn't happen -- the account wasn't blocked and another $124.98 was stolen.
Taylor called customer service once more and demanded answers, only to be told, "The fraud department was unable to close your account." When pressed for a reason, she got, "I don't know," and was advised to keep trying to log into her account. Because when a hacker changes your password, that's the sensible thing to do.
Oh ... and it gets crazier!
After getting the run-around from Microsoft on both the phone and via Twitter, Susan was added as a friend by one of the Gamertags that her stolen money had been transferred to.
Susan took matters into her own hands and contacted the new Xbox Live account holder. After some pretty smooth Columbo work, she got the details of the middleman who sold the account. Armed with knowledge that Microsoft should have been gathering itself, she was able to figure out that the hacker's entire plan to crack into accounts, transfer out points, use the points to create new accounts filled with games, and sell them on at a bargain price. All of this is stuff Microsoft should have known and been looking into, but it fell on the shoulders of one frustrated gamer.
The story currently ends here. Susan has an impressive amount of details for the hacker, but she's biding her time before pulling the trigger. You can read the continuing story in full at Hacked on Xbox, and I suggest you do, as it's an amazing story -- not just for Microsoft's bullshit, but for the pretty enthralling detective drama going on.
I certainly wish Susan the best, and hope that some resolution is found soon.
Contest:
8:20 AM on 01.06.2012 | 
*snicker*
While this is in no way her fault, I wish that she had not given Microsoft the benefit of the doubt (when she logically assumed "locked" meant she couldn't de-link Paypal). The moral of the story for everyone here is "never trust customer service" - always do your due process before it gets out of hand (as she ended up doing after the second charge).
@Dtomek
"A quick scan of the Internet seems to indicate that this is impossible as I had thought."
Well, yes and no. Something doesn't add up, but you CAN transfer points from a Family Account to other accounts linked to that family account. However, you NEED to have both family accounts linked to the same Xbox (which should have her serial number on file).
Unless she didn't link her Xbox (hint - you really should). Then the guy could have "recovered" her Gamertag to his Xbox, linked the family account, and transferred the points.
From the link -
Step One: Obtain username/password of account currently in use (I cannot work out how he obtains this information)
Step Two: Purchase Family ‘Gold’ Pack for the hacked account (this means he can now transfer points between the accounts he lists on the family pack)
Step Three: Purchase 10,000 MS Points (4000/6000)
Step Four: Create multiple (number unknown) brand new Xbox accounts (typically American accounts)
Step Five: Transfer all purchased points to these accounts (divide among multiple accounts or send full amount straight to a single one)
Step Six: Sell the account that has these points on to people, charging a smaller amount than Microsoft would charge for the points alone
Step Seven: Rinse, repeat, profitprofitprofit!
PSN was cracked, yes, but I don't remember any account getting robbed.
What's the deal then?
(Well, that, and the fact that the adds take up way too much space on my dashboard, online gaming is free everywhere else, the only game on Xbox I care about is Halo, etc)
I'm not positive how they do it, but it happened to me. Granted it wasn't this extensive, so somehow I fail to believe this isn't even a little bit hyperbolic but that's beside the point.
Basically it went down like this. I get an email saying I changed my password to my Live ID, one of those confirmation emails, and that someone added a new email to the account (since you can have multiples). I checked out the official site, and surely enough I couldn't log in, so I took the link and reset my password immediately and removed the back-up email the guy added. I changed the rest of the passwords associated with my Xbox Live account just to be safe. I then sent two emails to different departments of Xbox Live Account Services or whatever you'd like to call them, and made sure I put the help number in the second email. The next morning I had a reply, one being the traditional (no refund for purchased points bs) and the other one being a nice gentleman saying I'd be escalated to the fraud department with him openly admitting that this is an occurrence they are aware of and deal with. 24 hours later I had my refund without even getting my bank involved. Harrowing, I know.
Enraged by this news.
Seriously though that sucks. I have a similarly mostly unrelated story though. My Steam account gets stolen from me like twice a year and always takes a least a month to get Steam to help me reclaim it. I guess the moral of the story is that the people you give your money too don't really give a shit about what happens to your account. Because they still have your money.
She's one of us.
They do seem to be tarnishing the whole ease of use thing they had going don't they? Clearly they need more public shaming on cases like these. Time to go shoot a consumer rights blog this tip.
I mean consumers USED TO call the shots and be in charge of purchasing and services, but now it just feels like we're all kinda like the humans in the Matrix, you know, like we're wired up to cash extraction machines working for one man to earn money to give to another, being pushed around by both the givers and the takers, being told wha we can and can't do with the products we purchase.
I dunno man, but I kinda feel like we're all cash cows, literally treated like cattle with cash spewing udders.
Not a fan. Not a fan at all.
Deep man, deep. lol.
Yep - ladyelysium! Recognized the avatar on her blog. Unfortunately there's nothing we can do really, except spread the news of Microsoft's incompetency, so maybe they'll get wind of it and change their policies (or help her out).
She's asked people not to try and contact the Polish offender.
All the more reason to cant wait to go back to fucking PS3/PC.
Oh what's the point of anything anymore?
...which is a ridiculous hassle. :/
1) Compromise login credentials. 2) Purchase family plan and points with payment info stored in compromised account. 3) Add a fresh XBL account of your choosing to family plan. 4) Forward points to previously designated account. 5) Sell new account on Eastern European Ebay.
Yep that was me. Microsoft should be more clear on their own site. In the faq that I skimmed it explicitly stated that it was impossible to transfer points from one account to another. Clearly this faq has not been updated since the introduction of family packages.
When people you pay money to for services and they are incompetent and hurtful to you is the most frustrating consumer experience ever. (side note: Fuck you Canon camera repair warehouse in Virginia!)
Seriously, though, this is completely unacceptable... but not at all surprising.
No matter how secure the system in question might be, other services (where you use the same email address and password) might NOT be, and if one of those service's login info databases is compromised, the hackers now have access to everything you use.