Xbox Live has a significant problem with its security. It’s not something that is easily provable, and Microsoft is still in denial over the issue, but there is clearly a problem. Pretending there isn’t won’t make it go away.
i used to do it back in the day but sold my xbox
They've never been hacked. Sad lil website trying to get hit like this?? Wow. Move on lil boys. Jokes over. There's a huge difference between getting hacked and users having an issue on there end.
So, what.....Pachter fell for a phishing site? That person that Microsoft themselves APOLOGIZED to....was not hacked? Or best yet.....the Director of Policy and Enforcement for Xbox LIVE getting his account hacked. Do you think THAT was some gag? http://www.destructoid.com/... http://www.destructoid.com/... http://www.destructoid.com/... http://www.ripten.com/2011/... Even if it were "just" Fifa, and the evidence clearly shows that it is not, there are still obviously holes in the system not being plugged. No online service or security system is foolproof, "Xgamer". XBL is no exception.
"Xbox Live ACCOUNTS still being hacked" Read more carefully next time. No one said Xbox Live itself was hacked, only some user accounts.
@SilentNegotiator ***Or best yet.....the Director of Policy and Enforcement for Xbox LIVE getting his account hacked. Do you think THAT was some gag?*** Which tells me you are either clueless or trying to miscontrue the truth! Stepto wasn't hacked through Xbox Live, the hacker socially engineered Network Solutions and hijacked the domain name from a third party provider. Once you do that, you can redirect email and take over any account attach to that email, including bank accounts, paypal and even PSN accounts! Unless you think Xbox Live includes "network solutions", your claim is misleading. So which was it, ignorance or dishonesty? ***Pachter fell for a phishing site?*** I don't know about Pacther, but could it be that he is a higher target, being somewhat of a public figure? It wouldn't surprise me if his password is weak, being a really busy guy after all.... Paypal would have been considered hacked by now, if the same number of users' account was compromised. I'm pretty sure they have a much higher number. The number of people affected is minimal, they just so happen to be very vocal. You keep hearing about 1 or maybe two a week out of the 20+ million paying members....
You can play the ostrich all you want, but it's happening.
I believe the problem lies in Hotmail being hacked. Some of those hotmail accounts that are stolen on a daily basis are going to have Xbox accounts tied to them.
This happened to me two weeks ago. My account was hacked, and the person responsible used the attached card to buy over $250 worth of xbl games and accounts. (Stupid, I know, shouldnt have had the card attached.) At first xbl customer support was going to give me three months of xbl gold and 1800pts....which was exactly what was IN my account before the investigation team shut my account down. I debated with them for a bit and they compensated me for it but it just stunk that I had to do even that because they had a breach. So don't think something like this is user error.
It makes it sound like if the Nextwork was hacked, when it wasn't, just some accounts and 90% of the time is people being Social engineered, that happens always and everywhere...
spinning it will not help.
FYI, TSA is not a 'sad lil website', nice try though. The issue is accounts being stolen(hacked as the article says), not the service as a whole being hacked. And the facts of the matter are that it is very frequent and MS doesn't seem to want to do anything about it. And to claim phishing is just silly now. Major Nelson and many others who are well aware of phishing and similar scams have had their accounts hijacked. It's clearly something different.
I don't care HOW it happens. Invade Troy by wooden horse, the front door, or by setting up a puppet government.....it doesn't matter. The point is, no service is completely safe. XBL accounts are getting hacked, sold, and stolen from, and it's NOT just from Fifa, hijacking providers, or phishing.
SMH, i bet if this was Sony. The gaming press and the media would be all over it but since it MS. People will just ignore the problem.
I like this part. "This is not a phishing problem, as Microsoft has repeatedly asserted." It's crazy how there's almost no coverage on the hacks. Meanwhile on N4G "Why you shouldn't buy a Vita. Sony shafted us all, not really, but still." Edit: @ Titanz I'll be sure to use that whenever I run into someone who's Live account has been hacked. "Don't play the victim card". Grow up.
A worldwide PSN shutout affecting 100% of the millions of users causing confusion and frustration to gamers who play on a daily basis does not compare to a marginal number of accounts getting hacked. If the issue is big enough, it will get picked up the same way and cashed in on the same way by websites who see the opportunity to dig into a story. The Sony issue was much bigger, and the media made it even larger, no doubt, but that doesn't mean that the issue is comparable to what's happening on the Xbox.
Except...PSN was put down to prevent people from being hacked. It was preventive, while MS is letting it go on. There's a big difference there.
^ I didn't deny that, and that difference proves my point about how the media reflects the situation of a given story. Saying that if this was Sony that the media would be all over it is a silly remark since Sony did something completely different to get the attention they got. The media makes a deal where the story is there. Sony shutting down PSN was a huge thing and got everybody's attention, on top of that the government wanted details, add this to the fact that average gamers who dont check gaming news on a daily basis were also confused just allowed for the issue to be bigger. That affected everybody, so of course the media was over that. Point is that it's not an issue of the media having it out for Sony, it's a matter of the issue being a lot different than what we see here. Most of the "media" just cashes in on existing stories to get the easy attention. As this article says, it's hard to prove for certain because of how MS handles the situation, which is why you don't see the media all over it.
we actually dont know the extent to the x360 hacks, microsoft isnt telling anyone, it could be worse then the psn hacks, we wont know until microsoft tells us specifics. at the moment they seem content to just ignore the problem, but theres obviously a problem. theyve already 'fixed' the problem a few times, yet it persists, people are still being hacked. it could be phishing or something that microsoft cant really prevent, but it could also be a hack, we wont know until microsoft gets some balls, admits theres a problem and hires outside consultants to look at their systems for any problems, just like any other company would do. im surprised that a premium service like this didnt bring in outside experts within the first month of hackings to assure their customers that everything all right.
@coryok One thing I know for sure, is I haven't experienced any missing points, unauthorized credit card use or loss of account associated with Xbox Live. I do know that PSN lost my information, including my birthdate and name which is frequently used to verify accounts over the phone. Point being, one is a certainty, the other a wild speculation that I have seen no effect of other than two handfuls of people crying foul play with their account on the internet. With millions of users, there are bound to be people that fall for phising scams and of course they will deny it, because if they recognized it... they wouldn't have fallen for it. The other one is "easy" to guess passwords. Just scour any leaked username/password databases and see how many use 123456 or simply "password" as their password! In fact, a clue seems to be that the people hacked tend to be public i.e. bloggers that often times publicly display their gamertag..... If the network is hacked, I expect a lot more accounts to be lost than what we have seen so far.
The PSN hack was a huge STORY in comparison thanks to Sony shutting down PSN, but the direct result was just a loss of online and potential sales from Sony owned games and partners. The consumer didn't eat a few hundred in fraudulent charges, unlike what's happening with XBL. The ongoing hack of XBL, however, appears to be a larger PROBLEM. It's easy to simply call it a phishing scam and bury it, and blame the consumer, like MS has done, but that's only possible thanks to the complete lack of attention this issues is generating. Since no one seems to be reporting on this problem, there's no possible way to gauge how many have been affected. So the issue will, most likely, continue to be glossed over, while MS quietly (hopefully) searches for a fix. The problem with that is, if a single account gets compromised, everyone on Live is susceptible to fraud, thus, everyone is affect.
The SixthAxis.com wrote this tripe. Since when is it cool for a Sony site to troll the 360? How about someone makes an Xbox site then writes a bunch of troll articles against the PS3? I bet that shit wouldn't float around here. On topic: What I get from this is partly phishing scams, and also the result of EA.com getting hacked. MS lets EA use their own servers on Live as well. Everyone that gets hacked always has a game like Fifa pop up on their recently played list. If you want to blame someone blame EA. It's not like this is effecting a large percentage of users. Unlike the PSN hack. And MS has acknowledged the issues with the people who have a problems. Thats why they don't argue about getting your account restored. The process has already been streamlined from what I hear across the net, so it's as painless as possible for the victims of these scams. It's pretty pathetic how sony fanboys including the SixthAxis have jumped on this. "Alpha" and "gamingdroid" have made good comments. Most of the rest of you will never be affected by this so you are just trolling. So give me as many disagrees as you can, just like you have the sensible people in this story. I like it.
The difference between the two is Sony actually did something (at their expense) to stop it going any further. They did what they had to do and bore the brunt of the media for it. Microsoft are doing their usual head in the sand tactic which is doing nothing. Ignoring it. An the media arent saying anything. The other difference is while everyone screamed that 77 million accounts were hacked, or whatever the number was, how many people actually lost something. I'm not sure I ever heard one confirmed report of something going missing. XBL customers are actually being robbed. Point are missing and purchases not made are showing up. No one can say there isnt a double standard here.
^ But there isn't a double standard here. All you did was explain the fact that Sony's approach resulted in more attention while MS's approach has not warranted that sort of attention. To say there's a double standard with the way the media is covering the issue when you are comparing two differently handled issues does not prove anything. It's like saying a worldwide bank that decides to shutdown its operation should be getting the same coverage as a bank where customers are getting jacked in an inconsistent and indefinite manner. If MS doesn't make a big deal of it, you can't expect the media to pay as much attention If MS shuts off LIVE and makes the same statement Sony makes and if the media acts indifferently, then I will concede, but until then you are comparing apples to oranges and saying they should be treated the same
If this were Sony or even Nintendo you can bet the media would be all over this quicker than a Zombie sighting. Of course this is MS here, the US love child.
Alpha, it seems to me is, you're saying the psn hacks are a bigger deal, just because it got bigger attention from the media. I believe these xbl hacks are way worse, because people aren't getting any info about protecting their account and no one is doing anything to stop this from happening. It's a huge problem that this isn't getting the coverage as it should. Like your example, if a bank gets hacked and peoples accounts get hacked and no one says anything, it should get the same amount of attention of a bank suspending accounts to prevent peoples money being robbed. IMO, this is the worst thing to happen this generation of gaming. I just hope MS finally investigates, and at least admit there may be an issue. Like Bathy said, MS putting their head in the sand won't fix anything.
Alpha, I'm not saying MS's tactic isnt working. It clearly is just as well as it has worked in the past. I'm just saying its wrong that its working. Sony try to do the right thing and get crucified for it. MS do their usual stonewalling and apparently are being rewarded for it again. I know this isnt a perfect world and things arent always fair, but you cant blame people for b*tching about it. Never mind. MS will probably wait until it actually starts getting abit of media attention or a class action suit appears and then buy everyone of when a month of free XBL.
@Bathyj ***MS do their usual stonewalling and apparently are being rewarded for it again.*** What rewards are MS gaining from this? There already an article on N4G that stated that MS changed the security of Xbox.com to prevent bullish password scamming. Other hacks come from the FIFA site and other non MS ran sites. Just the other day I received an email from "MS" claiming I won xx amount of points, definite scam. A lot of these scams/hacks are coming from outside Xbox Live. Unlike Sony which it was very easy for them to fix (get a handle of) since it was an actual attack on its own network.
... if you really feel like the media is out to get your favorite company, most likely it is because you feel the effects of "one news more than the other". Which means...
Except its not just the media. When the PSN hack happened, congress got involved. No credit card info was confirmed stolen, it was a data base that by all rights shouldn't have even been online, but Sony had to speak before the US Congress about the problem. Meanwhile when RRoD on the 360 and reports of over 50% were coming in, at no time was there even mention of a government or consumer agency stepping in to look at the issue.
@ gamingdroid Only two handfuls of people? Actually Read up on http://www.hackedonxbox.com... and you'll see the issue is with more than two handfuls of people and goes deeper than phishing. I just find it very strange that Microsoft hasn't offered a clear explanation to these "hacks" other than denial. Where is the conclusive answer? No solution to the problem it seems, and the customer service is still quite poor as shown with the reported cases. It's incompetence on Microsoft's part that even when the customer's problem was reported to them and their account was "locked", additional money was taken from their account by the culprits. So Microsoft failed to actually lock their account... Somehow... And with some cases, even if the people have been fully refunded, they are still left with a suspended account pending an investigation, and are still left for many weeks without an answer from Microsoft. Read up. @ Brosy Take off those fanboy tinted glasses and actually examine their content. They've always provided multiplatform news and opinion. TheSixthAxis might be a reference to "SixAxis" but it doesn't dictate the content of the site. Again. examine before you speak.
"Microsoft is still in denial over the issue" Obviously....if they admitted it then they would be in a similar predicament that Sony was with the PSN hack. Yes the PSN hack was completely differen't in terms of the aftermath but MS problem seems more spread out like how it's been going on a while but in such small quantities that no one bats an eye lid....really for MS there is no aftermath because it hasn't stopped yet and MS themselfs havent admitted it.
Well they should bat an eyelid. When PSN got hacked, i didn't see anyone credit card info getting charged. This is way worst than the psn hack. Gaming sites need to stop being fanboys and start bringing attention to this issue.
True, even gaming journalists and video game critics are getting hacked now. Crazy how Microsoft tries to blame everything on it's customers. Edit: @ Mika True, I think there was even an article on how Live accounts were being sold on a website (The website was even still live and going on after the article was posted lol), but once again, MS turned a blind eye and blamed it on the people.
Holy Hell, ground breaking news! Everything gets hacked, you can use as many precautionary measures with something as you want but eventually someone will hack it. This isn't the case with most XBL hackings, it's usually down to users being loose lipped (fingered) with their passwords.
Obviously that not the case because there are just too many accounts being hacked and they are only getting hacked by the 360.
"they are only getting hacked by the 360" wut? It is the case. A lot of these will be down to people telling people they think they can trust their passwords and a lot of the others will be down to people to stupid too spot a phishing attempt. piratethom Didn't see that bit, still can't. But I'll take your word for it.
From the article: "This is not a phishing problem, as Microsoft has repeatedly asserted."
Yet, people refuse to believe that.
If it's a simple phishing problem where are the PSN, Steam, Origin, Capsule, OnLive etc. articles regarding compromised accounts? While at it's core it could be a phishing scam, but there surely has to be more to it.
I think the issue is that on XBL you can resell the stuff purchased and convert the stolen account to "real physical money", something I believe you can't on the other type of online services. However, you do hear about WoW accounts compromised all the time, because again they offer a monetary incentive to take accounts... Why steal accounts that can't convert to real money? It will just be shut down when discovered anyhow.
Good point. If that's the case shouldn't this feature be disabled until it can be addressed? That's the least I would do.
@Gamingdroid So all you use is XBL? That's how it sounds... I have about $80 sitting in my Steam wallet. Someone could easily gift a few games on my dime. XBL is not unique, despite what most believe.
@InTheLab ***I have about $80 sitting in my Steam wallet. Someone could easily gift a few games on my dime*** ... and again, once Valve notices the account was compromised, they will revoke the gift. The "items" are never converted to real money, hence there is no real incentive. This type of crimes are financially motivated as they have no interrest in obtaining an account with somebody elses games and friends list.... @Flatbattery I'm assuming that this issue is far less prevalent than people make it out to be. Most likely it only affects a very small fraction of users within the norm of fraudulent cases. It just so happens the group is very vocal....
@gamingdroid It may not be prevalent but it's still happening, the least MS could do is blanket email everybody to change their passwords and give advice on creating strong combinations. There will be plenty of MS customers out there that are unaware of this issue, in my opinion MS trying to avoid exposure are not taking due care of their userbase.
Hackforums much? TROLLFACE.
It sucks that MS still can't find a way to protect their hardware and network... :(
From what I know I believe it's a design flaw in xblive and the console itself, that and Microsoft is too scared to introduce barriers of security because it would hurt xbl sales. Basically, Sony's system detects that the user is using a different console, and then prompts you for the 3 digit security code once that happens. XBOX 360 can't do that, or if it can MS doesn't want to introduce barriers to spending money on the console. Plain and simple: MS may never fix this issue with the 360, they screwed up from the start.
Wow, bad news for Xbox users. The worst thing is MS are not even admitting there's a problem so loads of accounts are being hacked without MS trying to get to the bottom of the problem.
I'm pretty sure MS knows exactly what's going on, the problem is they're too scared to change XBL so everyone has to re-enter cc details each purchase. Because it's pretty obvious that change would fix this issue.
I'll start whining when my account gets hacked. For now, I'm all good so I'll keep playing my games.
BF3, GoW3, SSF2, Tekken, Skyrim, UFC, Fallout 3, Crysis 2, Splinter Cell Conviction, COD4, Fight Night Champion, Saints Row 3, and some pretty fun XBLA games like Outland. and BTW i'm pretty sick of getting crap by PS3 fanboys because I have an Xbox. seriously I don't even care which is better because both have pros and cons and I could care less if I had an Xbox or PS3. They both play similar games.
Fanboy Patrol..pull over!!
It's pathetic that anyone would click "Agree" under stage88's comment.
Because it was funny, Yoda. He didn't say "ZOMG xbox doesn't have no gaemz. pstree haz lots of dem. blah blah blah blah blah blah blah blah....." No, he simply said in hilarious fashion...."What games?" lol
I applaud your confidence, I just hope you have an elaborate password to back it up.
No network is really all that secure, this problem seems to be isolated cases not the entire network being hacked! I think people are making more of it than they really should. I personally have not encountered any problems and no one I know has either.(knock on wood) I also don't believe that MS is sitting back and watch their $$$ Network get hacked and not do anything about it. Good thing I only use prepaid cards!
Personally, I go on the theory that any of my accounts can and will be hacked. For things like PSN and Xbox Live, I will never attach a credit card to it and will buy all my DLC through gamestop or point cards. It's just smarter that way in my opinion. You leave yourself open to less problems because if your account gets hacked, the most they could get is whatever I have in there (usually less than 1000).
Oh damn. This is like the new PC vs consoles, Xbox vs PS3 etc pointless debates, isn't it? Regardless of what system it is, or who made it, or who's hacking it. It's still something which MS need to address. It's good it seems minimal, atm. However, MS need to get down to business, and sort it out/inform users of what's happening. Giving consumers tips/prevention advice is always nice. No matter how big the scale is, it's a cause for concern. Stop trying to justify the lack of information being given by MS. Sad, people don't really notice a problem, unless it happens to them.
Theres a big difference in finding your account information out and hacking..... Microsoft allows you to guess your account as many times as you want.First they can find out your username and email and name.They type it in.They find other account with your name/email/username see what is on it and look at the names on that other account and hopefully that your password.For example:My wii account is 29364 and has the email [email protected]"Hacker&a mp;q uot; types that in and sees a account with my email and the username is 555 and he trys this on my wii account for pass and works and if not he has unlimited trys until he gets it right!
The service is still up and running. This doesn't compare to what happen to PSN when the whole service was brought down for a Month. Xbox live is still tops even with a few careless users.
-sigh- SO eager to cling to nonsense. 1. Sony brought PSN down themselves to PROTECT their users. Instead of just blaming things on others, they 2. It's not "careless users" when careful users have been just as subject to this. Lies and denial are bad things.
"Sony brought PSN down themselves to PROTECT their users. Instead of just blaming things on others," Well not until multiple lawsuits were filed and various countries cried foul and on the non-disclosure laws Sony violated to notify card holders, but ya....
@server-1 Sony brought the service down when they found out account details had been stolen, no accounts were compromised. MS has left the service up even though numerous users have stated their accounts are being compromised and therefore information has also been stolen. So which is worse again you say?
FYI: thesixthaxis.com isn't a PS site.
Is there even a point in even telling people that? You'll just get ignored by people driven by fanboy rage.
Don't bother Thom...