Microsoft Could Do More To Stop Xbox Live Fraud - Ex-Hacker

NowGamer: Poacher-turned-gamekeeper comments on Xbox Live hack claims.

Read Full Story >>
The story is too old to be commented.
fastrez2577d ago

Is this going to get drawn out and made into scapegoat fodder by the media in the same way PSN was?

HSx92577d ago (Edited 2577d ago )

PSN is actually more limited to account recovery, which is why you can't do it on PSN. For the most part it's nor phishing, with phishing you usually only get their login details, and you can't do much with that in terms of fraud.

The way people commit fraud on Xbox live is very simple actually and I'm telling you from experience. Basically all you have to do is collect information on any random person, and create a DOX. A dox is someones information, with an exploit in hotmail you can get the information someone inputted in their Xbox live. ONce you got that information you contact Hotmail support and give them the information, and you pretend you are the actual owner of the account, once that is complete, you have access to their account, you check if their credit card is connected to their account, if it is, there is a high chance that person has a couple of months on his Xbox live, so what you do after is call microsoft and tell them you dont want xbox live no more and you want to redeem it in xbox live codes, and they will need you to verify your name and last 4 credit card number, but thats on your xbox acc, so then u pretty much just made free money. You sell the xbox live codes online and profit.

This has been possible since the beginning of Xbox live and it was much worse it the past, im surprised they barely caught on to it, I know friends who have made thousands off this.

To be protected from this, don't insult people you don't know, it's real easy to get doxed with the right programs.
Don't give out personal information, when someone asks you random things like "what was the name of your first dog" they are most likely Social Engineering you into giving them your secret word to have access to your account.
Do NOT USE HOTMAIL, its very easy to exploit, I recommend gmail.
There is really no way to 100% prevent this, but the MAIN step is not to use hotmail because thats how half the exploit works.

You just got tips from someone who knows how it works, so don't be stupid and not listen to this information I provided, stay safe.

And I have never committed fraud, but I have done it to a few people that pissed me off (not the fraud part) just locked them out of their accounts and got them suspended.

dark-hollow2577d ago

Why you people on n4g want xbox live to get hacked so bad?

_Aarix_2577d ago

Because this is a pro-Sony website and they got a taste of their own medicine for a bit when psn got compromised.

TimmyShire2577d ago

Let's see every enraging about this like they did with Sony's hack.

enfestid2577d ago (Edited 2577d ago )

There's a massive difference: this isn't a hack. It's simple phishing. People are being stupid with where they input their passwords and they have no one to blame but themselves.

Not saying it doesn't suck, but it's not even remotely comparable to the Sony incident (which Sony handled fairly well). There's certainly things Microsoft could do to help the phishing victims, but that doesn't make it analogous to a massive hacking incident.

Edit: @ ziggurcat: No, it's not the same thing. Sony's hack was a group of hackers gaining access to an otherwise restricted area full of sensitive information. Phishing, however, is when a user GIVES data to an untrustworthy third-party due to techniques to make the third-party look legitimate. The third-party did not gain access to Microsoft's systems through hacking, but essentially stole someone's password to gain access to their account and their account alone.

ziggurcat2577d ago (Edited 2577d ago )

"There's a massive difference: this isn't a hack. It's simple phishing. People are being stupid with where they input their passwords and they have no one to blame but themselves."

hate to break it to you, but it's the same thing.

edit: lol it is the same thing - both cases involve user information being compromised, except in sony's case, it was only allegedly compromised, in this case there are reported cases of people's information being used maliciously.

enfestid2577d ago (Edited 2577d ago )

@ ziggurcat: What on earth do you mean only "allegedly" compromised? Sony admitted their systems were hacked into. Unless you're changing the definition of "compromised" now. I'm not saying that doesn't mean every last bit of information was gathered, though -- the credit card information was protected, but still stolen in its protected form.

And of course their information was compromised through phishing -- they GAVE THEIR INFORMATION AWAY. It's not a difficult concept to grasp: if you give someone your password to your account, they have access to your account.

sjaakiejj2577d ago (Edited 2577d ago )

"There's a massive difference: this isn't a hack. It's simple phishing."

Phishing is a form of hacking. But that's besides the point, as that's not the only thing going on.

Phishing is very common, but what is not is the number of reports that have been coming in for the last month or so, something which started here:

"It's not just random gamers who are suffering from hacked accounts, we're seeing community managers get hit and discussing it on podcasts, those in the PR business, and many others in the industry who don't feel comfortable talking about the issue publicly. Even more disturbing is the fact that many people report that they follow best practices for online security."

That doesn't sound like phishing.

As for your definition, it's a bit off the mark:
"Phishing, however, is when a user GIVES data to an untrustworthy third-party due to techniques to make the third-party look legitimate"

It's a bit more general than that. Phishing is to, through any means, obtain confidential information of a person by pretending to be a trustworthy entity. It does not necessarily involve a user giving data away, but can also be done through exploits in services.

ziggurcat2577d ago

@ enfestid:

"What on earth do you mean only "allegedly" compromised?"

there's no proof, nor has there been any reported cases of fraud/identity theft as a result of the PSN hack. the reality/fact is that people's information *may* have been compromised (meaning there's a *chance* that it was), but people have automatically jumped to the ill-informed, knee-jerk reactionary conclusion that that information was actually stolen. that's why it's alleged.

and phishing isn't necessarily the result of people willingly giving away their information.

+ Show (1) more replyLast reply 2577d ago
Feckles2577d ago

Remember when MS denied the RRoD for months? Change your passwords now!

2577d ago Replies(3)
SITH2577d ago

Users can do more to stop fraud. Lock your accounts with a password, quit telling your real name and where you live on your account bio (two things essential to stealing a account via the phone), and stop running your mouth off to strangers online. Plus you should change your email password frequently. Most people literally hand their accounts to people because they can't shut up or have all their information available on their account for public viewing.

Show all comments (18)