This Saturday just gone was maybe the darkest experience possible in today’s world. I was locked out of my Xbox Live profile! Unable to hunt for achievements, level up my Battlefield 3 profile or even cyber-stalk my friends – life was suddenly confusing and void of reason.
After having my account compromised by some nefarious individual, seemingly on Friday evening, I have now regained full access to my account. A big thank you to Microsoft’s Customer Service and Fraud teams, for a quick turn-around.
As far as I can work out my password was brute-forced. It was only 6 lower-case letters so would have been pretty easy to crack. Not good on my part – but like many I presumed that I wouldn’t be affected.
Once they gained access, they managed to change the email address associated with my gamertag via the Chinese Xbox website – seemingly without access to my email account (I don’t use hotmail, so they aren’t one and the same). All I got was a confirmation email saying the change had been made. They then proceeded to spend all of my points on Gold Packs of virtual trading cards for FIFA 12‘s Ultimate Team mini-game. This seems to be a fairly common reason to gain access to other’s Xbox Live accounts as you can get in, buy the items and then trade them to a different gamertag and finally abandon the hacked profile. There also seems to be a reasonable demand for real-world money exchanges for particular cards – so incentive is definitely there for those looking to make a quick buck.
The only reason I caught on to this, is because I noticed that I had 3 achievements from FIFA 12, a game I have never owned or played. This was the following day – I had already logged an hour or so on Battlefield 3 and didn’t have to recover my gamertag. This seems to suggest all of this can be done on Xbox.com or via EA’s Ultimate Team website. Although, the fact they changed the associated email address may also be a factor.
Five minutes later, I had finished a call with Xbox Customer Service: now locked out temporarily (to ensure the hacker was denied access too), I was told I should expect contact from the Fraud team within 3 days.
To my happy surprise, Monday evening brought me an email granting access back to my account and redeemable codes to get my MS Point balance back to where it was. No further waiting, no disputes over refunds and only one small caveat (come on, nothing in life is perfect): I have a temporary email address currently assigned to my gamertag, that cannot be changed for another 30 days, due to Microsoft policy. A bit of red-tape nonsense – but it should have no real effect on my experience with Xbox Live.
All-in-all a rather positive story about getting you Xbox Live account hacked. After all of the reading around I did yesterday – I though this article was definitely needed, in the interest of balance.
- Xbox.com Account Security Information
- Microsoft: Creating a strong password for your email account
- AtariAge Forum Post: Xbox live account hacked!
- VentureBeat: How I was hacked – a tale of hijack, XBox Live and FIFA trading cards
- NeoGAF Forum Post: Wow was my Windows live/ Xbox account just hacked?