Main > Everything Else
Just had my Xbox live account hacked
saint:
So timely enough, I just signed up my son's account on X-box Live. I used a pre-paid card to buy a 12-month gold membership, but didn't have any points. I used PayPal to buy some points. I then immediately changed my PayPal account password.
Anything I should be worried about? They're playing Halo Reach and Dance Central 2 mostly.
AtomSmasher:
--- Quote from: saint on February 12, 2012, 08:40:25 pm ---So timely enough, I just signed up my son's account on X-box Live. I used a pre-paid card to buy a 12-month gold membership, but didn't have any points. I used PayPal to buy some points. I then immediately changed my PayPal account password.
Anything I should be worried about? They're playing Halo Reach and Dance Central 2 mostly.
--- End quote ---
I'm sure you're fine, although since PayPal is connected directly to my bank account, I went ahead and use the added security their security key system. You link up your phone to your account, then anytime you want to make a paypal purchase, they text you a six digit key you need to enter in along with your password. I figure the added security makes it more then worth the minor annoyance, plus it's free.
https://www.paypal.com/securitykey
ark_ader:
--- Quote from: saint on February 12, 2012, 08:40:25 pm ---So timely enough, I just signed up my son's account on X-box Live. I used a pre-paid card to buy a 12-month gold membership, but didn't have any points. I used PayPal to buy some points. I then immediately changed my PayPal account password.
Anything I should be worried about? They're playing Halo Reach and Dance Central 2 mostly.
--- End quote ---
If the account gets hacked then whoever will just use your paypal account to buy whatever they want. Xbox Live doesn't care and the hacker will hammer that account for all its worth.
Yes you can dispute this with paypal, but it is just added grief. Go on Xbox Live and stop that paypal account ASAP!
This should put you in the picture..
hypernova:
I agree with ark. Remove that information from your Xbox immediately.
Back then, when I put that old CC info in, it was because LIVE was running a special renewal fee for $40 for a year, so I did it. Like I said, though, no harm this time since it was an obsolete number.
From now on, only prepaid Live and MS Points cards will be used on this thing.
ark: I did not play BF3. I've only played these on the 360: CoD (MW2, MW3, Blops, WaW) Halo 1/2/3, FFXIII.
This incursion doesn't really bother me, as I already pretty much know the outcome. Just takes about a week or so. I'll most likely get my points back. And I just need to get a better password.
Oh yeah, I just remembered. My daughter went to play campaign on a game, and she had the same message when she signed in, too! Her ID had been signed in on a different console. No big deal there either, as there wasn't anything on that ID to do with. No points, no CC info. Might just nix her name in case I can't get the password. She's not on LIVE now anyway. It expired and she doesn't play enough to warrant the expense. She still managed to get a 5 point FIFA achievement tagged on it.
hypernova:
Been doing some small looking around the web...
Seems like some people like me have an old email address attached to the Live account, so they can't change their password, because the hackers already did. My parents still have that ISP, so I'll try going that route...but this may seem pointless because...
I've found numerous youtube videos, albeit they are over a year old, but all talk of composing an email with certain information, including some hash code. This code is apparently supposed to fool the MS servers and such into thinking that the email sender is the genuine account holder. It then sends the username and password of that gamertag for Live. There's multiple videos for this, each at differing times. Most seem to be to the uploader or someone he knows, and they "recover" that information for you. Could be a scam, but I don't know. Other videos show some program that will do this for you that supposedly works to this day, but the one I found is mired behind numerous surveys.
Point is, is if there's some boneheadedly simple way to fool MS into giving out our ID and password, what's the point of changing the password? I don't think this is some sort of brute force method. I don't think this is some phishing scam that millions of us have fallen victim to or any other type of scam. I think there is a real flaw in their servers that gives up passwords in this fashion. Even these ones that are years old, if someone with a good knowledge of how to automate that process for thousands upon thousands of users used it, he could have all these IDs, and is checking them one by one via a script or whatever...or maybe they just go through them by hand...I don't know. So even if MS did fix these problems, if someone stored this information that was vulnerable a year or two ago, they could still be going through them all, taking advantage of any valid ones.
My questions to all of you are:
1. How old is your Live account?
2. When was the last time you changed your password?
3. What's the first character of your gamertag (just to check if it's alphabetical, but I doubt it.)
For me:
1. Over 2 years
2. ...Over 2 years
3. H
I'm definitely interested in your answers, ark.
If you haven't changed it in the last few months, I highly suggest you do so. In addition, disable automatic renewal, and remove ALL types of payments!
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version