Xbox Live Clans

skyhome · Quote #1 (**permalink**) 02-12-2008, 09:24 AM

Hackers have hijacked the Xbox Live account of a celebrity gamer and made off with a prized piece of virtual armor in a brazen act that suggests the online Microsoft service still puts the security of its users at risk.

Colin Fogle, Xbox Live member and account hijacking victim Colin Fogle gained widespread acclaim in gaming circles after posting a video showing how it was possible for a Halo 3 player to shoot and kill himself with his own sniper rifle. Bungie Studios, maker of the wildly popular first-person shooter title, was so impressed it awarded him a special piece of in-game Recon armor and publicly acknowledged the feat.

Since then, the 18-year-old says his Xbox Live account has been hijacked three times. The most recent takeover came on December 29, when he was suddenly logged out of his Xbox Live account. When he tried to log back in, he got error messages saying his password didn't match his user name. And because accounts contain credit card numbers, home addresses and credentials used to log in to Hotmail and MSN Messenger accounts, the breach goes beyond a mere affront to a gamer's pride.

"With this kind of information, they can steal much bigger things than my virtual armor," Fogle says. "If somebody doesn't like you, anyone can do this. The thing that upsets me the most is that, as we looked into this more and more, we saw how easy it is."

Indeed, web searches like this one suggest it's not unusual for Xbox Live subscribers to report their accounts have been taken over.

Kevin Finisterre, a security researcher and Xbox Live enthusiast, has also investigated the topic when someone broke into his girlfriend's account last March after the pair accused some gaming rivals of cheating during a spirited session of Halo 2.

"At the end of the match, we voiced our opinion and a kid says, 'Shut up or I'll steal your Xbox Live account," Finisterre says. "About eight hours later, I wasn't able to log into my girlfriend's account."

Both Fogle and Finisterre say the thieves then took to online forums to brag of the exploits. In both cases, the thieves claimed they were able to access the accounts by coaxing information out from Xbox Live support employees.

The hackers frequently will call the toll-free number and pretend to be the owner of the account they want to take over. They will provide the Xbox Live ID and then ask for the physical address that's associated with the account. Later, they'll call back and ask for the phone number. Eventually, the hackers assemble enough information to convince a support person they are the rightful owners of the account.

Finisterre was able to piece together details of a friend's account when he (and the friend, who silently listened) used the technique last year. Managers from Xbox Live implemented changes designed to stop the abuse, Finisterre says, but even then, he continued to receive emails from frustrated game players who said their Xbox accounts had been broken into.

Microsoft representatives didn't respond to a request for comment. Fogle says he recently received a password reset form from Xbox support, but he has yet to complete it pending an investigation into the hack.

Meanwhile, the thief sporting Fogle's armor continues to cavort in forums and taunt its rightful owner.

Says Fogle: "Microsoft over time has shown they won't do anything unless it's a huge PR issue for them. We're paying dearly for this [service], and there's a huge security hole where we can lose our identity."

VanSlyke · Quote #2 (**permalink**) 02-12-2008, 12:03 PM

That's foxed!
I don't think I'll ever be important enough to be worth hacking into but it's still pretty unnerving.

OddLemonade · Quote #3 (**permalink**) 02-12-2008, 08:14 PM

I've seen they've ****** out credit card numbers. Thats a start. And I agree, no one wants my hayabusa armor since everyone can get it easily lol.

D3LTA26 · Quote #4 (**permalink**) 02-12-2008, 09:46 PM

Personally, I think it's

Microsoft should be on the top of their game dealing with these issues. If someone can hack an Xbox LIVE profile, it shows you that Microsoft's database isn't secure enough.

KreedGhost · Quote #5 (**permalink**) 02-13-2008, 03:47 AM

Though some of this issue might not be coming directly from a hack. If you have been to xboxlive.com lately and in the forums, there is a scam site that asks you to put your xboxlive account name and password in and it logs the information.

Though with the stability of windows not being completely hacker safe as it should be, hacking an xboxlive account is as easy as someone hacking into your computers harddrive or using your windows backdoor to gain entrance.

You would think by now, microsoft would have security to the point that hackers would nto be able to hack the live system as easy. Focus is backwards with MS and to make money they need to keep those who purchase their services happy.

OddLemonade · Quote #6 (**permalink**) 02-14-2008, 01:44 PM

To prevent all this, change the location information on your account to like Zimbabwe, USAF. No one will be able to get a hold of your account. And don't be a moron, write this stuff down on a sticky note and put it on your computer!

MADCOP144 · Quote #7 (**permalink**) 02-14-2008, 05:06 PM

This has been going on for years. I see ID Theft happen in my jurisdiction almost every day! Now that some kid gets his virtual armor jacked it makes Xbox news! I can't think it will make any difference what new security programs are installed. As long as you have retards answering the phone at Micro$oft things like this will happen. You don't have to be a computer expert to con a human.

Its the employees that need better training.

OddLemonade · Quote #8 (**permalink**) 02-14-2008, 08:47 PM

I agree. They need to stop trying to save $$ and having customer support centers in India because its cheaper. It should all be about customer satisfaction, not ripping off some other country.

Hangman · Quote #9 (**permalink**) 06-03-2008, 06:22 AM

Somebody I know of went through the same ordeal but eventually managed to get his profile back. He then called customer support and aksed if he could create like a security password or phrase so only he can access things regarding his account. Apparently, they 'were not able to do that' and his account was still as much at risk as it always has been.

It seems that M$'s security measures they have in place protecting accounts is pretty bad and I doubt things will change. I don't know myself what to do to protect my account either :/

SYNCorleone · Quote #10 (**permalink**) 06-03-2008, 10:02 PM

I had my account hacked before it sucks. I had to wait a month to get it back but with enough *****ing and complaing I got it back with a free year and 6000 ms points. This happened a while ago when i used to play halo 2. A rival clan member hijacked and and bought alot of points and changed my name so MS helped out alot but not at first.

Xbox Live Clans

Categories

Categories

Categories

Categories

Categories

Categories