So late last year, people
began to complain that their Xbox Live accounts were being "hacked". Microsoft said
no, they weren't, but acknowledged there was an issue with unscrupulous types "phishing" for account info.
"It's not a hack, it's really just a different way to monetise stolen accounts", Microsoft's Doug Park said at the time.
Well, that was a few months back, and still, people are complaining that this is happening.
One such person, whose story makes for pretty grim reading, is 23 year-old Xbox Ambassador Susan Taylor, who claims that not only has her Xbox Live account been illegally accessed, but that when contacted about the problem Microsoft endlessly bounced her around customer support divisions then ultimately failed to lock her account, and as a result she's lost over $300 in purchases taken straight off her PayPal account, around half of it disappearing after Microsoft were supposed to have suspended her account for security purposes.
The scam supposedly works like this: an Xbox Live account holder's login information is somehow obtained (how exactly this happens is unclear, and is why this has been bubbling along for a few months now). The "hacker" (or however they obtained the info) buys a Family Gold Pack, which lets the culprit gift Microsoft Points to nominated accounts. They then buy a ton of Microsoft Points, set up new Xbox Live Gold accounts and siphon the points into these new accounts. Finally, on the black market these loaded accounts are sold to customers for less than it would cost to subscribe to Xbox Live Gold and buy the points themselves.
Susan tells Kotaku that she has never played FIFA 12, the title which is most often thought to have been the cause behind the scam. She also tells us that her PayPal account and Xbox Live account did not share either a username or password (though they were obviously linked via her Xbox system).
Microsoft's inaction had a slight upside, though, as she also says the fact she could still log into her Xbox meant she could track down and message one of the people who received the stolen points.
That user claims he purchased the Xbox Live account from a Polish auction site, and hands over some of the details of the person they bought the account from so Susan could track them down.
What sucks here is that, if the story checks out, Microsoft's failure to lock her console down once notified of the breach resulted in Susan losing even more money. What sucks even more is that, three months after this mess first blew up, it's still happening, and that even though Microsoft claims this is not a "hack", users are still losing accounts and money and receiving very poor customer service in return.
To see how poor, check out Susan's full account at the link below.
We've also contacted Microsoft for comment, and will update if we hear back.
