surf dtoid with 
Rising (10+)
People you follow
Rainbow tables and Bruteforce attacks can take years if your password is over ten characters, and has a number of different symbols, uppercase and lowercase characters. I suggest everyone who has an account change their passwords now - a unique password only for Xbox Live.
As for the hacks themselves, it's not like I don't believe most of these people; I just want proof. "Xbox Live Getting Hacked", and hackers phishing for emails and bruteforcing them are entirely different things. While Microsoft should keep the email of the account more hidden, I haven't seen anything so far that indicates that Microsoft's actual servers have been breached. That would be a much bigger problem, as no amount of personal security can ward that attack.
"do not have a credit card attached to your Xbox Live Gamertag."
That's a good practice, but some accounts require you to have a credit card attached under special circumstances. For instance, the "6 months for the price of 3" promotions through Xbox.com, or the Family Gold Pack.
For this, you can use pre-paid Visa cards - available at any grocery store. Just make sure it has a 3 digit number on the back.
As for the hacks themselves, it's not like I don't believe most of these people; I just want proof. "Xbox Live Getting Hacked", and hackers phishing for emails and bruteforcing them are entirely different things. While Microsoft should keep the email of the account more hidden, I haven't seen anything so far that indicates that Microsoft's actual servers have been breached. That would be a much bigger problem, as no amount of personal security can ward that attack.
"do not have a credit card attached to your Xbox Live Gamertag."
That's a good practice, but some accounts require you to have a credit card attached under special circumstances. For instance, the "6 months for the price of 3" promotions through Xbox.com, or the Family Gold Pack.
For this, you can use pre-paid Visa cards - available at any grocery store. Just make sure it has a 3 digit number on the back.
Removed my shit over a year ago. Why? Not the hacking (which was and is going on) but because ms insisted on trying to charge me for live after I already had 3 yrs fucking payed for. You see ms? This is why we have ants.
My account was hacked in August, they're still working on transferring it back from Brazil. I got my money back though, no big deal there.
"No, but Xbox Live is perfect and there has never been any scams and hacks that have ever affected it ever in the history of ever!!!!"
- Every Xbox Fanboy after the PSN hack.
- Every Xbox Fanboy after the PSN hack.
Wha...This isn't a "lol" article about the SUN newspaper posting a "joke" about a real issue? Mother of god....lol
Glad to know that people are taking steps to protect themselves!
Glad to know that people are taking steps to protect themselves!
I know a ton of people that have had their accounts hacked. This stuff needs to get figured out, because we are paying for this service and it should be more secure.
http://www.deals4gamers.com/
http://www.deals4gamers.com/
@EKG
Here's the thing. Sony was hacked. Their databases, which had PII on them and entrusted by users, was compromised. Hackers obtained millions of user's PII that could be used for identity theft.
The situation with Microsoft is different. Individuals are reporting that their personal accounts are being hacked - based on the article above, it seems like they're doing it through phishing and bruteforce attempts (phishing doesn't always have to be on the end user's end, nor is it always their fault).
That could literally happen with any service and any account on the internet ever. IMO, they're a bit different.
For additional information, check this part of the article out:
"Thanks to Facebook, Twitter, or any other links that have their email advertised, hackers now have a potential list of Windows Live ID’s."
As a general rule, posting your email on the internet is a bad idea. While I wouldn't say "it's their fault", it's not the same situation as actual Microsoft servers being hacked.
Here's the thing. Sony was hacked. Their databases, which had PII on them and entrusted by users, was compromised. Hackers obtained millions of user's PII that could be used for identity theft.
The situation with Microsoft is different. Individuals are reporting that their personal accounts are being hacked - based on the article above, it seems like they're doing it through phishing and bruteforce attempts (phishing doesn't always have to be on the end user's end, nor is it always their fault).
That could literally happen with any service and any account on the internet ever. IMO, they're a bit different.
For additional information, check this part of the article out:
"Thanks to Facebook, Twitter, or any other links that have their email advertised, hackers now have a potential list of Windows Live ID’s."
As a general rule, posting your email on the internet is a bad idea. While I wouldn't say "it's their fault", it's not the same situation as actual Microsoft servers being hacked.
Playstation Network 2011, Xbox Live 2012?
Jesus, I wish every hacker involved in these schemes would be caught and given the worst punishment for any hacker: a job.
Jesus, I wish every hacker involved in these schemes would be caught and given the worst punishment for any hacker: a job.
3 months ago I bought an Xbox, and only had it for 2 months before my account was compromised. I hardly even used it within that time frame (as I was in another country for a month), maybe a few battlefield games and I downloaded shadow complex.
While it was my fault as I didn't have the proper security features activated as I had assumed they were turned on by default; I was baffled at how my account was targeted in the first place considering the limited use I had put into it. Thankfully for me resolving the issue and getting my money back wasn't the horror story Susan went through.
While it was my fault as I didn't have the proper security features activated as I had assumed they were turned on by default; I was baffled at how my account was targeted in the first place considering the limited use I had put into it. Thankfully for me resolving the issue and getting my money back wasn't the horror story Susan went through.
While my account has never been hacked, I occasionally receive strange messages from people I have never met or played games with.
Stuff like "Hey, give my your netflix password and I will give you 1200 microsoft points", or "Wow, I just went to this site and it generated microsoft points for my account http://websiteaddress.extension". I never reply to these emails. As soon as I see them I report them directly to xbox live. Could it be that most of these people falling for these scams are the same ones who think they've been hacked? Or is it actually random accounts being hacked at no fault of their own? I wish I knew.
Anyways, I have an old credit card linked to my xbox account that I do not have anymore, and it is expired. If someone was to try to buy something with my account, I would think it would make a record of gamertag, xbox console ID, IP Address, Time, Date, Geo-location etc.. because the card is expired. Is this true?
What about this. What if everyone put fake credit cards linked to their accounts? If a thief tries to use it, it will fail and they will be caught?
Stuff like "Hey, give my your netflix password and I will give you 1200 microsoft points", or "Wow, I just went to this site and it generated microsoft points for my account http://websiteaddress.extension". I never reply to these emails. As soon as I see them I report them directly to xbox live. Could it be that most of these people falling for these scams are the same ones who think they've been hacked? Or is it actually random accounts being hacked at no fault of their own? I wish I knew.
Anyways, I have an old credit card linked to my xbox account that I do not have anymore, and it is expired. If someone was to try to buy something with my account, I would think it would make a record of gamertag, xbox console ID, IP Address, Time, Date, Geo-location etc.. because the card is expired. Is this true?
What about this. What if everyone put fake credit cards linked to their accounts? If a thief tries to use it, it will fail and they will be caught?
Sony gets hacked. their an evil corporation.
Microsoft gets hacked & robbed, and it's all YOUR fault!
Microsoft gets hacked & robbed, and it's all YOUR fault!
Like Magnalon, I don't want to say Microsoft is blameless on this one (infinite password attempts is a BIG no-no, especially when username/email is easily discovered) but I feel like if there were a true exploit that allowed access to Live accounts, we would see a lot more cases. If a server were grabbed, PSN style, or a hole in the website found that put you into others' accounts, it would be wildly rampant, not just 140 emails.
If I had to guess, what we're seeing is still fallout from all the other hacks with username and passwords this year- Lulzsec alone released how many hundreds of thousands of passwords? And the PSN hack and others mean that 'hackers' could just be trolling those lists and trying them on other services- that's why she doesn't see a 3rd party in common.
That is not to say that these people aren't being screwed by Microsoft, MS definitely needs to get its crap together and actually help victims. It's just that this is the age of the internet, when there's a hole somewhere, it doesn't trickle, it floods.
If I had to guess, what we're seeing is still fallout from all the other hacks with username and passwords this year- Lulzsec alone released how many hundreds of thousands of passwords? And the PSN hack and others mean that 'hackers' could just be trolling those lists and trying them on other services- that's why she doesn't see a 3rd party in common.
That is not to say that these people aren't being screwed by Microsoft, MS definitely needs to get its crap together and actually help victims. It's just that this is the age of the internet, when there's a hole somewhere, it doesn't trickle, it floods.
I'm going to guess that the answer to their security question was "pizza" as about a quarter of xbl users think that Noone would ever guess that was their favorite food.
Big passwords with lots of uppercase and numbers and symbols are not tough for a program to crack. Quite the opposite, in fact. those are tough for a human to remember, and easy for a program to crack.
As soon as this order goes through, I'm getting rid of my cc on my XBL.
Fuck MS & its shit security & hardware.
Fuck MS & its shit security & hardware.
As soon as this order goes through, I'm getting rid of my cc on my XBL.
Fuck MS & its shit security & hardware.
Fuck MS & its shit security & hardware.
So they use gamertags gathered from leaderboards cross referenced against our digital fingerprints on social networks to get potential email addresses linked to Live ID's and then use password generators.
I still don't understand the Fifa DLC link, having not played Fifa in a couple of years. Is there something specific about Fifa, does it have DLC that can be transferred to other gamertags making it something that could be sold?
I still don't understand the Fifa DLC link, having not played Fifa in a couple of years. Is there something specific about Fifa, does it have DLC that can be transferred to other gamertags making it something that could be sold?
@Katherine
Keep in mind though, that comic compares short "l33t" passwords to long easy to remember passwords - not really a fair comparison. Long "l33t" passwords are still much more secure - the honus is on the user to remember that password without writing it down.
While it may be hard for some people to memorize a 20~ character password that isn't four simple words, it is still more secure - especially if you only have to remember it for one service because it's the "hawt" thing to hack this week.
A good tip is to use jibberish words that you can recall, but are only really known to you.
Keep in mind though, that comic compares short "l33t" passwords to long easy to remember passwords - not really a fair comparison. Long "l33t" passwords are still much more secure - the honus is on the user to remember that password without writing it down.
While it may be hard for some people to memorize a 20~ character password that isn't four simple words, it is still more secure - especially if you only have to remember it for one service because it's the "hawt" thing to hack this week.
A good tip is to use jibberish words that you can recall, but are only really known to you.
Micro$oft bullshiting his costumers is old news, but it just incredible how persistent they are. They should look for the word humility in the dictionary.
Love how Sony and PSN got shitstormed over their hacking issue despite the fact they brought their entire system down and even gave out free stuff in response.
While MS sits back, refuses to lock accounts until its way too late, and then blames the consumer and refuses to do anything about the problem or even admit there is one.
While MS sits back, refuses to lock accounts until its way too late, and then blames the consumer and refuses to do anything about the problem or even admit there is one.
My live account was hacked in November. The hacker had bought $50 worth of points. I called and had them freeze my account and investigate since I received an email at the time of the purchase. The points hadn't been transferred out of my account yet. I'm still waiting to get my money back. Microsoft told me I was getting a refund after the investigation was complete, but then they told my bank it was a valid charge. I removed my credit card from my live account as soon as I got my account back. What horrible customer service. I'm sure I will have to call again multiple times to get my refund.
Perhaps more concerning is something I ran into the other day. I work at Gamestop and sold a prepaid card that buys from us often. They bought it, left for less than 3 hours and came back saying the card did not work, they had already called Microsoft and they put the burden on us. I called them myself and throughout an hour the customer and I talked to multiple Microsoft employees.
They gave all the information available, and the guy on microsofts side said the points went to some where else. They were incredibly unhelpful and came up with no solution.
It could totally be a 1 case thing, but it made me totally lose faith in their company and made me personally look like shit. Under normal circumstances id say the person was just lying, but that doesn't really add up. We gave them their address, gamertag, email address, and they didn't recieve the points. Even the ms rep told me it went to someone else based on the 25 digit code.
Tl;dr Microsoft is super shitty.
They gave all the information available, and the guy on microsofts side said the points went to some where else. They were incredibly unhelpful and came up with no solution.
It could totally be a 1 case thing, but it made me totally lose faith in their company and made me personally look like shit. Under normal circumstances id say the person was just lying, but that doesn't really add up. We gave them their address, gamertag, email address, and they didn't recieve the points. Even the ms rep told me it went to someone else based on the 25 digit code.
Tl;dr Microsoft is super shitty.
i got hacked into thanks to fifa 12 but the xbox customer service people gave me 3 months free and all my money back they were really helpful but i'm from the UK so might be different from the US. I only buy prepaid cards and points in gamestation now so.
Change your password frequently, never use the same password more than once and never ever save your credit card information to an account. ALL passwords can be cracked as long as a hacker is determined enough.
I just want to know why/how the EA games are involved. I had Madden 2012 played when I was hacked and I don't even own the game, so is their some kind of compromise in that particular game or what?
How can this be? How can the great unhackable Xbox LIVE be hacked? I cannot comprehend!?
I mean that's what you get when you pay for a service right? You get that tasty paid for security right? right?
Seriously though, this is a worry as a user of XBL. A worry and a bit of a pisstake considering it's a paid for "premium" service.
I mean that's what you get when you pay for a service right? You get that tasty paid for security right? right?
Seriously though, this is a worry as a user of XBL. A worry and a bit of a pisstake considering it's a paid for "premium" service.
Is NetFlix subscription information separate from XBL or are those intertwined? Because if I can still have NetFlix automatically bill me w/o having my credit card on there, I'd love to do that.
@Sexual
to be fair though, nothing is perfect even if you pay for it, especially when it involves people partially looking after their own interests.
by that logic all things should be free because they could break at some point.
to be fair though, nothing is perfect even if you pay for it, especially when it involves people partially looking after their own interests.
by that logic all things should be free because they could break at some point.
This is as much of a hack as a 13 year old girl stumbling on to her friends not signed out facebook account. That being said, certainly people are getting scammed or had their info leaked and never bothered to change passwords. With THAT being said, Microsoft still needs to take this shit a lot more seriously.
People buying stuff with stolen accounts login with your gamertag and then purchase content with linked credit cards etc right..
Well, when you purchase something on XBL it is linked to your gamertag, and ALSO linked to the Xbox Console ID that it was purchased on. I know this because I have gone through 5 xbox's and am on my 6th and have had to transfer licenses many times.
Knowing this, microsoft has info on all content purchased saved. This info contains at the very least the gamertag and console ID for each and every purchase. So say your account is stolen and purchases are made. Microsoft will now have a list of your gamertag associated with all your purchases and the hackers purchases. They will be the same and show Xgamertag or whatever bought them. ALSO, it will show that say Worms 2 was purchase on console ID 123456, and then there are some Fifa DLC purchased with the same gamertag but on Consold ID 888721.
There is a definate difference in these Console ID's. The true owner of the gamertag calls it in and tells microsoft about purchases made. They give their console ID number to microsoft, Microsoft sees there are 2 console ID's. If you have registered your xbox than they will have you as the one with the console ID 123456. They can then find out who has console ID 888721. When that console connects to xbox live next, or even if it keeps a history of what IP uses it, it can be tracked to the exact person and address of the hacker, in most cases.
This should be real easy to see, easy to fix, and easy to find who hacked your xbox and sue them and charge them. What do you think?
Well, when you purchase something on XBL it is linked to your gamertag, and ALSO linked to the Xbox Console ID that it was purchased on. I know this because I have gone through 5 xbox's and am on my 6th and have had to transfer licenses many times.
Knowing this, microsoft has info on all content purchased saved. This info contains at the very least the gamertag and console ID for each and every purchase. So say your account is stolen and purchases are made. Microsoft will now have a list of your gamertag associated with all your purchases and the hackers purchases. They will be the same and show Xgamertag or whatever bought them. ALSO, it will show that say Worms 2 was purchase on console ID 123456, and then there are some Fifa DLC purchased with the same gamertag but on Consold ID 888721.
There is a definate difference in these Console ID's. The true owner of the gamertag calls it in and tells microsoft about purchases made. They give their console ID number to microsoft, Microsoft sees there are 2 console ID's. If you have registered your xbox than they will have you as the one with the console ID 123456. They can then find out who has console ID 888721. When that console connects to xbox live next, or even if it keeps a history of what IP uses it, it can be tracked to the exact person and address of the hacker, in most cases.
This should be real easy to see, easy to fix, and easy to find who hacked your xbox and sue them and charge them. What do you think?
@Technicolor; Sexual
Seems like people aren't reading the actual issue at hand and just the headline. "Xbox Live" isn't being hacked. People's accounts are being hacked by standard methods after information is gathered and phished.
There is a big difference.
@Nick
I don't believe Netflix can bill you without a credit card or Paypal account. You can't even use Visa Gift Cards like you can on Xbox Live.
The only real options are to create a PayPal account, add like $100 to it, and link that as your auto-bill option. Or, you could fiddle around with virtual credit cards, but I'm not 100% sure that will work with Netflix, as it may detect them like it detects Visa Gift Cards.
Seems like people aren't reading the actual issue at hand and just the headline. "Xbox Live" isn't being hacked. People's accounts are being hacked by standard methods after information is gathered and phished.
There is a big difference.
@Nick
I don't believe Netflix can bill you without a credit card or Paypal account. You can't even use Visa Gift Cards like you can on Xbox Live.
The only real options are to create a PayPal account, add like $100 to it, and link that as your auto-bill option. Or, you could fiddle around with virtual credit cards, but I'm not 100% sure that will work with Netflix, as it may detect them like it detects Visa Gift Cards.
I'm willing to bet this is a mix of brute force allowed by the security flaw and keyloggers. This is a good reason to keep your accounts separated from things like your email addresses that you use daily. I don't even associate my facebook info with any logins, simply because of the potential loss of multiple accounts due to one being breached. It's all about being smart, mixing up passwords and keeping everything separated. I know there is no end all be all solution, but that's as close as you can get.
@dtomek
not quite. I was hacked and I was not scammed, phished, and I certainly didn't have a weak password. It was brute force or an inside job.
not quite. I was hacked and I was not scammed, phished, and I certainly didn't have a weak password. It was brute force or an inside job.
For people saying it is the users' fault, that isn't really the issue.
The issue is how Microsoft handles, or fails to handle, the problem.
Take the FIFA situation. (Do remember that this wasn't an exploit within FIFA. It was a regular password stealing situation. It was known for FIFA because the stolen accounts were being used by FIFA players to buy large amounts of DLC card packs.) While it wasn't big news on online gaming sites, it did get some coverage in some locations, and Google will turn up results. When mentioned in threads, some people would chime in with similar stories, so it wasn't just a few isolated cases.
But then you contact Microsoft and speak to someone who acts as if they've never heard of anything like it.
Then you get told that your account will have to be locked for a month for the investigation. Yes, it would take time for an investigation, but locking an account for a month? When just looking at its history should raise red flags? (Your account is "recovered" to a different machine, and suddenly all your existing points are spent on FIFA DLC, with no points being added beyond that point?) Heck, the red flags are so obvious that Microsoft should arguably have been investigating accounts automatically.
Then look at the other stories. Susan's, for example.
To dust off and twist the overused "steal a car" analogy, it is kind of like leaving your car door unlocked and having your car stolen, while parked in a police lot, and then having the police say they'll think about investigating it, but you have to give them your driver's license for at least a month, and then you find out that a car is stolen from the police lot every other week.
The issue is how Microsoft handles, or fails to handle, the problem.
Take the FIFA situation. (Do remember that this wasn't an exploit within FIFA. It was a regular password stealing situation. It was known for FIFA because the stolen accounts were being used by FIFA players to buy large amounts of DLC card packs.) While it wasn't big news on online gaming sites, it did get some coverage in some locations, and Google will turn up results. When mentioned in threads, some people would chime in with similar stories, so it wasn't just a few isolated cases.
But then you contact Microsoft and speak to someone who acts as if they've never heard of anything like it.
Then you get told that your account will have to be locked for a month for the investigation. Yes, it would take time for an investigation, but locking an account for a month? When just looking at its history should raise red flags? (Your account is "recovered" to a different machine, and suddenly all your existing points are spent on FIFA DLC, with no points being added beyond that point?) Heck, the red flags are so obvious that Microsoft should arguably have been investigating accounts automatically.
Then look at the other stories. Susan's, for example.
To dust off and twist the overused "steal a car" analogy, it is kind of like leaving your car door unlocked and having your car stolen, while parked in a police lot, and then having the police say they'll think about investigating it, but you have to give them your driver's license for at least a month, and then you find out that a car is stolen from the police lot every other week.
It should not matter if the live servers have been breached or not. These hacks are happening on THEIR service, so this does not make it any better or worse than actual server hacking. After sony has been made an example off, Microsoft shouldnt be such dicks about this, after all your paying them to get ass fucked.
regarding the xkcd comic.
while brute forcing will take a while with those type of passwords,
a dictionary attack will crack those passwords in seconds. Add numbers and capital letters to your passwords. and obviously don't be so simple with them.
while brute forcing will take a while with those type of passwords,
a dictionary attack will crack those passwords in seconds. Add numbers and capital letters to your passwords. and obviously don't be so simple with them.
Where is your RAGE Jim towards Microsoft's inability to keep its network safe from fraud and identity theft? I remember you being real angry about Sony's PSN hacking incident. Seems like MS cannot do wrong in your eyes. Tisk tisk...
follow
