Xbox Live Fraud Probed By Microsoft 21
Several outlets are reporting on Microsoft's investigations into the possibility of hacking and fraud on the Xbox live service. After customer service complaints, rumours of hacked accounts, and allegations of mis-used credit card information, C|Net reports that the Microsoft has opened an investigation. At the very least, this will reassure frustrated customers. Kevin Finisterre has kept a log of his discussion with the 1-800-MY-XBOX folks and the service's ongoing problems. "Security researcher Kevin Finisterre was playing Halo on a recent night with several friends when some of their opponents threatened to steal their accounts, he said. 'Literally the next day my girl's account was locked out,' Finisterre wrote in an e-mail Tuesday. 'I received a message on my Xbox that said: "We are sorry we must log you out of Xbox Live because someone else is using your Gamertag."' The account was banned."
Method? (Score:5, Interesting)
And since they're charming people, I have no qualms about posting their method here;
Now you may be wondering HOW do we get your information? its easy, you call 18004myxbox pretend to be that person make up a story about how your little brother put in the information on the account and it was all fake, blah blah blah you might get one little piece of information per call but then you keep calling and keep calling everytime getting a little bit more information every time. once you have enough information you can get the Pasword on the windows live ID Reset, they may tell you they cant but its bull shit. people at bungie CAN and WILL reset your password. believe me
So, sounds like a classic social engineering scheme, as opposed to 'hacking the system'. Even so, you have to wonder if phone reps really are giving out information, even if it is a small amount. Anyone tried getting information out of the phone reps yet?
Same old story? (Score:3, Interesting)
I doubt this is much different from the trojans that target WoW accounts or the organised crime financed hackers that go for people's bank, paypal and ebay accounts.
Re:Method? (Score:4, Interesting)
I have a hard time believing whoever at tech support would be so unprofessional that they'd give you identifying information needed to reset something when you cannot produce it. For example in EverQuest the tech support seems to use the first credit card used on the account to determine password resets for hacked accounts. I've never heard of anyone ever able to convince them to give the first credit card number used on the said account no matter how often you call. If you don't know the CC number, they simply won't reset it for you. Maybe you can find out some other interesting info about the account, but they should never give you the info that'd reset the account just because you pester them long enough.
Re:Method? (Score:5, Interesting)