1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

xbox live hacked,accounts stolen

Discussion in 'Xbox 360 - Modding & Hacking' started by scorpNZ, Mar 21, 2007.

  1. scorpNZ

    scorpNZ Active member

    Joined:
    Mar 23, 2005
    Messages:
    4,031
    Likes Received:
    42
    Trophy Points:
    78
    Online gaming forums are buzzing with reports that Xbox Live accounts linked to Microsoft's Windows Live ID service are being hijacked by malicious hackers.

    Kevin Finisterre, a security researcher at Digital Munition, raised the issue on the Full Disclosure mailing list over the weekend, calling attention to rumors that Microsoft's Bungie.net was the victim of a breach that exposed a portion of Xbox Live.

    "Some folks are having their Microsoft points stolen and or points purchased via their stolen gamer tag," Finisterre said.

    A quick search of user forums at xbox.com and other gaming sites turned up multiple messages from Xbox Live users complaining about hijacked accounts, which typically link gamer tags to Windows Live ID (formerly .NET Passport).
    xbox live hijacks

    According to Finisterre, there is a group online called "Infamous Clan" brazenly offering to "jack" Xbox Live accounts and boasting about successful account theft.

    Several Xbox Live users contacted me to confirm the rumors and make it clear that the stolen accounts are being used for nefarious purposes.

    One reader writes:

    "I have been involved with Microsoft Support for days on this exact issue and have spent many hours on the phone trying to prove to them that, first, my Windows Live ID was stolen and, second, the ID and password associated with my ID were changed; two actions that Microsoft swears can NEVER happen; and third that the thief was able then use my credit card information associated with one of my Windows Live ID accounts to purchase over $800 of Microsoft products.

    Thank goodness for other websites that still contained my old Windows Live ID information and also the fact that, in order to gain access to those other websites, you NEED a Windows Live ID. After spending over 20+ hours on the phone with support and finally getting them to realize that I did indeed have a Windows Live ID, after pointing them to the other websites, I was told by a supervisor that "Yes, in fact, we have heard of some instances where a user's Windows Live ID had been compromized!"

    After finally getting this confirmation and having a case number assigned and forwarded to Microsoft Security Investigations, they, also, confirmed it as a breach, issued me another Windows Live ID and then reinitialized the stolen Microsoft Products that were associated with the old ID over to the new ID."

    Another gamer wrote in with an identical complaint, warning that Microsoft's product support staff have been unhelpful. "They admit this is an issue but say there's nothing they can do about it," he added. Digital Munition's Finisterre also made a note about the lack of support from Microsoft:

    I just got off the phone with a Microsoft Tech for Xbox live that has confirmed this to with me and they have stated that accounts are being stolen and that "Hackers have control of Xbox live and there is nothing we can do about it."

    Microsoft did not respond to a request for comment.


    http://blogs.zdnet.com/security/?p=131


    Come on microsoft get the lead out and fix it

    I originaly read this at console wars australia
     
    Last edited: Mar 21, 2007
  2. mikeismad

    mikeismad Regular member

    Joined:
    Feb 19, 2007
    Messages:
    2,426
    Likes Received:
    0
    Trophy Points:
    46
    is this legit? like is this really happening???
     
  3. elmunkee

    elmunkee Regular member

    Joined:
    Jul 7, 2006
    Messages:
    104
    Likes Received:
    0
    Trophy Points:
    26
    its on the scene so im pretty sure it is

    -el munkee
     
  4. bhetrick

    bhetrick Active member

    Joined:
    Aug 14, 2003
    Messages:
    4,681
    Likes Received:
    0
    Trophy Points:
    66
    Ya... been reading about it all over. But it's those who've linked to the WINDOWS Live service.
     
  5. mikeismad

    mikeismad Regular member

    Joined:
    Feb 19, 2007
    Messages:
    2,426
    Likes Received:
    0
    Trophy Points:
    46
    wow im linked, guess ill be unlinking now...
     
  6. tetrisds

    tetrisds Guest

    This is why I didnt like playing games online, all the effort turned out to be stolen by some lazy *****s..
     
  7. scorpNZ

    scorpNZ Active member

    Joined:
    Mar 23, 2005
    Messages:
    4,031
    Likes Received:
    42
    Trophy Points:
    78
    Hang tight folks it turns out it's not quite true one of the guys at CWA did a bit more digging


    Well MS are now officially responding (via Major Nelson and Gamerscore blog) that it's just not true. They're saying there's been no compromise of the Live or Bungie.net networks.

    The trouble is, the guys doing it have said how they're doing it. They're not hacking the system itself, and they haven't been getting account info from users (as MS are trying to suggest). They've been getting it from MS and Bungie's phone support. Classic social engineering. Spin bullshit stories and get one account detail out at a time via successive phone calls. They've even said that Bungie's support guys have reset account passwords for them.

    Looks like this is a timely wake up call to MS and Bungie to tighten up their security on the customer support end.
     
    Last edited: Mar 21, 2007

Share This Page