Note: iOS 9 + Facebook users w/ trouble scrolling: #super sorry# we hope to fix it asap. In the meantime Chrome Mobile is a reach around
hot  /  reviews  /  videos  /  cblogs  /  qposts

Xbox Live hacking is a very real problem

12:30 PM on 01.13.2012 // Jim Sterling

Microsoft says that recent thefts targeting Xbox Live users are isolated incidents, and often tries to portrays the problems as phishing scams -- effectively blaming the consumer. However, an eyebrow-raising amount of comments and emails seem to suggest that it's a big more common than that. 

A few days ago, I spoke with Susan Taylor, the hacking victim who famously exposed Microsoft's awful customer service. She let me know that of the two hundred emails she's received since resolving her own situation, one hundred and forty were from customers who have had similar experiences. Other emails came from those who have used black market sites -- places that sell accounts loaded with games bought using stolen Microsoft Points. 

"Quite a few people have also questioned the third party servers and services, but I am not seeing a trend in the stories I have read," Susan told me. "Some people have EA accounts connected to their XBL accounts, some people don't; some people have PayPal linked, others just their cards; most have never played FIFA 12.

"I personally have Uplay and Raptr accounts linked to my Xbox account. Unless people are outright lying to me, there is definitely not a specific service (aside from XBL itself) that absolutely everyone who has had accounts compromised has in common. Microsoft's arguments are looking very weak at best."

Microsoft has indeed tried to blame a variety of third-party services. One of my contacts said that a customer service rep blamed third-party servers, while FIFA 12 has been accused of allowing exploits to take place. The one unifying strand in all these stories is Xbox Live, however. 

A security flaw on has allegedly been discovered by one victim, who learned that indefinite password attempts allows a hacker to force his way into any Gamertag they like, just by learning the corresponding email address (which Microsoft itself makes easy) and assaulting the site with a password generator. Whether this is how the hackers are getting in remains to be seen, but it's the most credible idea so far, and it once again points to Microsoft. 

For right now, the only advice one can give to those users wishing to protect themselves is this -- do not have a credit card attached to your Xbox Live Gamertag. You can renew your subscription or add Microsoft Points using pre-paid cards bought in stores, without the need to open a conduit to your bank account on Microsoft servers. It seems to be the best way to keep yourself safe.

From what we've seen, this is a very real problem, but there are practical steps you can take to defend yourself. You're going to have to, because it seems Microsoft doesn't have what it takes to look after its own customers.

Jim Sterling, Former Reviews Editor
 Follow Blog + disclosure JimSterling Tips
Destructoid reviews editor, responsible for running and maintaining the cutting edge videogame critique that people ignore because all they want to see are the scores at the end. Also a regular f... more   |   staff directory

 Setup email comments

Unsavory comments? Please report harassment, spam, and hate speech to our community fisters, and flag the user (we will ban users dishing bad karma). Can't see comments? Apps like Avast or browser extensions can cause it. You can fix it by adding * to your whitelists.

Status updates from C-bloggers

siddartha85 avatarsiddartha85
I finally backed Indivisible. After hearing about Red from Transistor, I played the demo again. That platforming is solid and I'm used to the combat now.
GoofierBrute avatarGoofierBrute
Man, I completely forgot how awesome Pokemon Black and White's soundtrack is. The Vs. Trainers theme is probably one of the best I ever heard, if not the best in the entire series: [youtube][/youtube]
EdgyDude avatarEdgyDude
Indivisible's campaign is over $1.4 million! just a little more!
Dum, dum, dum! Another blog bites the dust! And another done, and another done! Another blog bites the dust! #RIPtumblrbecausefuckit
Jed Whitaker avatarJed Whitaker
Ugh, I've been sick for what feels like 3 weeks. If I die I leave all my games casket because they're mine. Stay away! *hiss, hiss*
TysonOfTime avatarTysonOfTime
Apparently the upcoming Tri-Force heroes update makes the local-play only items possible to get for everyone. That's pretty great!
FlanxLycanth avatarFlanxLycanth
What youtubers y'all watch? I need more.
RadicalYoseph avatarRadicalYoseph
Playing For Glory earlier today, some guy beat me and changed his name to "ifukdu_up". I won next round and he changed it to "ILETUWIN". I then 2-0ed the little sucker, and he left the lobby. I took great pride from this incident.
Dalek Sex avatarDalek Sex
Henshin into a person with a larger disposable income.
The Dyslexic Laywer avatarThe Dyslexic Laywer
Why the hell are we suddenly accepting micro transactions in fully priced games? It used to be only acceptable in free-to-play games but its sickening that even AAA developers like microsoft are on the bandwagon.
OrochiLeona avatarOrochiLeona
If you're ever writing about something from the heart, and you stop and think "I don't know how people will react to me if I write this" then you absolutely should go ahead. Passionate conviction is often the only voice you'll have.
VeryImportantQuestion avatarVeryImportantQuestion
Wait a second...has the blog editor been changed with the idea being that the formatting be done in Word or something and then pasted in? Have I been using it wrong these last few posts?
OverlordZetta avatarOverlordZetta
guys I'm standing in a Target looking at a Xenoblade X special edition what do I do
Zer0t0nin avatarZer0t0nin
Dear Dortmund Zoo: how's it possible for people to steal 3 monkeys, 3 squirrels and 2 penguins while killing a manatee and another penguin since April and you still have no clue how to stop this?
WryGuy avatarWryGuy
We got Xbone! We got Xbone! We got Xbone! We got Xbone! We got Xbone! [img][/img]
Flegma avatarFlegma
Two more reasons not to preorder: the game might appear in stores before release day (Hello, Xenoblade Chronicles X for 60EUR at my local mall) or the mail workers may be on strike (well, they were until Monday).
Rad Party God avatarRad Party God
ModDb's MOTY (Mod of the Year) votes are up, there's quite a TON of interesting mods this year, give it a look and vote for your favorite! ---
OverlordZetta avatarOverlordZetta
Hey, US Pokemon fans! Apparently if you just rename your SSID to Mcdonalds Free Wifi, you don't even need to go anywhere to get your Hoopas. Seems like they could've just made this one a normal download.
Archelon avatarArchelon
It may have been a war of attrition, but I just took out a Snowspeeder on foot in Battlefront. Aww, yeah.
Gamemaniac3434 avatarGamemaniac3434
Last night, for one reason or another I watched the endings of bloodborne via vaatividya, and in so doing made myself sad that I will never get to play it. Still cool that they seem to have really nailed that lovecraftian exestential horror and despair.
more quickposts



Invert site colors

  Dark Theme
  Light Theme

Destructoid means family.
Living the dream, since 2006

Pssst. konami code + enter

modernmethod logo

Back to Top

We follow moms on   Facebook  and   Twitter
  Light Theme      Dark Theme
Pssst. Konami Code + Enter!
You may remix stuff our site under creative commons w/@
- Destructoid means family. Living the dream, since 2006 -