Topic: Microsoft Probes Possible Xbox Live Fraud (Read 155 times)

Xbox-Scene · « **on:** March 20, 2007, 09:40:00 PM »

Microsoft Probes Possible Xbox Live Fraud
Posted by XanTium | March 20 22:04 EST | News Category: Xbox360

(IMG:http://www.burstnet.com/cgi-bin/ads/ad9520b.cgi/ns/v=2.1S/sz=300x250A/

Quote

Microsoft is investigating possible fraud on its Xbox Live online gaming service, the company said Tuesday.

The investigation comes after gamers reported having their Xbox Live accounts hijacked and their credit cards used to buy "Microsoft Points," the virtual currency on Xbox Live, which has more than 6 million users.

"Recently, there have been reports of fraudulent activity and account theft taking place on the Xbox Live network," a Microsoft representative said in a statement provided to CNET News.com. "Security is a top priority for Xbox Live, and we are actively investigating all reports of fraudulent behavior and theft."

Gamers have been reporting the incidents for some time in online forums--including on Xbox.com--and to Microsoft's Xbox help desk. Many users of the Microsoft console have been frustrated with the software giant's response to date.

While some users believe the security of Xbox Live was breached, others suggest that users were tricked into giving up enough information while in a game so fraudsters could call Microsoft to change the account information. Users may also have been duped into giving up their account information through phishing scams.

Full Story: zdnet.com

BoNg420 · « **Reply #1 on:** March 20, 2007, 09:41:00 PM »

Keep the thread on topic please, topic cleaned.

This post has been edited by BoNg420: Mar 21 2007, 04:44 AM

capboy210 · « **Reply #2 on:** March 20, 2007, 10:27:00 PM »

This happened to me a year an a half ago. And NOW they are investigating? i never gave away my account by any means. Never even went on another xbox but mine.

rocarmy4life · « **Reply #3 on:** March 20, 2007, 11:35:00 PM »

all someone has to do is create a phishing site that looks like a passport login page... make the page look xbox related and bam... when someone trys to log in with their passport, their info is recorded... thats why you gotta make sure every passport login page is legit

signal-to-noise-ratio · « **Reply #4 on:** March 21, 2007, 01:35:00 AM »

QUOTE(rocarmy4life @ Mar 21 2007, 12:06 AM)

all someone has to do is create a phishing site that looks like a passport login page... make the page look xbox related and bam... when someone trys to log in with their passport, their info is recorded... thats why you gotta make sure every passport login page is legit

unless this is an internal leak in xbox live encryption or databases

its probably one of the following

other people probably have spyware / trojan / keyloggers installed on their pcs without their knowledge or they are accessing their passport account from a public pc like at a library which has a keylogger / trojan or are using unsecured or low secured wifi

another thing could be happening is fake emails sent to people saying problem with your account and a link to a phishing site

ways to solve this
dont access personal data from a public pc
do regular spyware scans on your home system
dont use wifi below wpa for accessing personal data
if you get an email about a problem with any account you have dont use link in email enter adress in browser directly you know Ie paypal enter www.paypal.com and check for https if aplicable

jelle25 · « **Reply #5 on:** March 21, 2007, 02:19:00 AM »

yes exactly...

it's the knowledge level of the pc-user and his intellectual level.

people with low knowledge of PC get easily faked, hacked, or phished...

people with low intellect, they are too stupid to even know that they're giving out important personal information...

i'm 100% positive XBL databases cannot be accesed by unauthorized users.. if so then the security of this database is not good enough and about each database on this globe will have similar problems, because i think XBL database is secured with best security

BasicAir · « **Reply #6 on:** March 21, 2007, 07:27:00 AM »

I'm with most of you here... I think it's a PC-related issue and most likely is the whole MS Passport that's to blame.

I'm not saying MS's Passport system is bad, because it isn't, but I think this is a clear phishing case.

If a lot of people are having their accounts hijacked, the probability of it happening from people in-game soliciting personal information from gamers is impractical. At the same time, if it was an external hack into MS's database(s) and/or an internal leak of sensative database information, then surely we'd see a much larger stink than this. Also, the probability of a leak or a hack is highly unlikely.

This leaves the PC for the medium where these accounts were compromised.

As one guy on this thread has already stated, he himself was a victim of this at one point and swears it has nothing to do with his 360. He's probably right. It was probably from his PC.

To be honest, I've personally seen many fake MS Passport phishing pages, so the fact they exist is already widely known. Of course, I'd never fall for such ridiculous crap (and never do nor have), but at the same time I can see how less fortunate people could easilly buy into it.

All MS has to do is start sending messages either in email form and/or in XBL form to all users reminding them how to make sure a website is an official MS one, etc. Case closed.

1nsan3 · « **Reply #7 on:** March 21, 2007, 07:40:00 AM »

First thing yes it sucks,

If your not smart enough to look up in the address bar at the URL of a website you are at and figure out your in a phishing site then ya deserve it. If your REALLY dumb enough to give out your personally info on live or the internet for that matter than ya really deserve it. Every single website i visit, yahoo , google etc, i always "ALWAYS"look at the URL. Now days if you have a computer you have heared about hijackers, phishing sites, its been on the news, radios, etc.
Keep your systems secure, i know u can never keep it 100% secure but atleast take a second look at what you are doing and where your at. I dont think anyone actually hacked into the xbox live servers since there a tad bit more secure than fort knox.

Im pretty sure most of these people are under 18 that get there accounts hijacked. ..

... What you expected an imediate response from M$?

those people need to start using there noodles.

Radioedit420 · « **Reply #8 on:** March 21, 2007, 08:28:00 AM »

QUOTE(BasicAir @ Mar 21 2007, 08:58 AM)

I'm with most of you here... I think it's a PC-related issue and most likely is the whole MS Passport that's to blame.

If a lot of people are having their accounts hijacked, the probability of it happening from people in-game soliciting personal information from gamers is impractical. At the same time, if it was an external hack into MS's database(s) and/or an internal leak of sensative database information, then surely we'd see a much larger stink than this. Also, the probability of a leak or a hack is highly unlikely.

This leaves the PC for the medium where these accounts were compromised.

To be honest, I've personally seen many fake MS Passport phishing pages, so the fact they exist is already widely known. Of course, I'd never fall for such ridiculous crap (and never do nor have), but at the same time I can see how less fortunate people could easilly buy into it.

Yea in game I heard people telling their address, name, and birthdate and shit like that. Come on people use your head. or atleast someone elses.

And It is very easy to create a phising site that looks like the MS passport thing. Infact I personally know a few who did that. But they werent asses about it. they were doing it for a survey in economics about the theft of info due to technology. And they only sent the link to people they told about it.

l0tics · « **Reply #9 on:** March 21, 2007, 09:28:00 AM »

Just a reminder, don't use the same password for everything.

0794 · « **Reply #10 on:** March 21, 2007, 09:52:00 AM »

more than likely this is a case of phishing - but anyone giving away birth date and addresses in game is just ridiculous.

being careful will definitely help, but scams are becoming more and more sophisticated.

not really sure there would be much to gain with just buying MS points.

Kernelz Klukz · « **Reply #11 on:** March 21, 2007, 10:55:00 AM »

i never had my account stolen but 2 guys on halo2 threatened to steal it once and i just called them deushbags, but then one of them started telling me all my account details, including my service provider, ip address, and my bandwidth. now how did he do that?

ProphetOfPain · « **Reply #12 on:** March 21, 2007, 11:36:00 AM »

QUOTE(Kernelz Klukz @ Mar 21 2007, 05:26 PM)

i never had my account stolen but 2 guys on halo2 threatened to steal it once and i just called them deushbags, but then one of them started telling me all my account details, including my service provider, ip address, and my bandwidth. now how did he do that?

maybe they worked for xbox live and you called them deushbags ?? (IMG:style_emoticons/default/laugh.gif)

bucko · « **Reply #13 on:** March 21, 2007, 11:58:00 AM »

Glad they are looking into the issue.

bonevichio · « **Reply #14 on:** March 21, 2007, 12:01:00 PM »

http://kotaku.com/gaming/top/xbox-live-hac...olen-245887.php

According to a group of Xbox 360 gamers and Kevin Finisterre, a security researcher at Digital Munition, there are rumors that Bungie.Net was hacked and that a portion of Xbox Live was taken over. This hack allowed people to control gamer tags and either steal their points or purchase more points through the accounts.

Author Topic: Microsoft Probes Possible Xbox Live Fraud (Read 155 times)