From what my husband and I have been reading, this has been going on for a while, but today we were victims.
Thankfully it wasn’t for too much money, but any amount of stolen money is bad enough in the scheme of things.
His XBOX Live account was hacked today. Around 2PM he texts me and asks if either our daughter or I had purchased anything on XBOX. Not that I was aware of, because my daughter had been playing the Disney Kinect game, and we purposely log out of his account and use hers since it has no payment methods on it, every time she plays. And anyway as far as I could tell, the game she was playing wasn’t even capable of making Points purchases.
He tried logging into his Windows Live account and found it was inaccessible, or didn’t exist. I tried logging in under his gamer tag on the XBOX and got in OK, and it immediately popped up saying he had been logged in from another console. Since I know his gamer tag had been logged in just before my daughter started playing her game, and my husband was at work, I KNEW that was fishy. Uh-oh… HACKED!
Apparently MS tries to blame this issue (which is fairly common we came to discover) on phishing scams or social engineering.
Sorry MS, but we’re not that stupid. We fall for none of that crap that those sorry saps try to pull. Which leaves either brute force attack attempts at password guessing, or some kind of flaw in MS’ system.
Whatever the case may be, MS has to lock gamer accounts down for nearly a full month in order to “investigate” the matter. Thankfully it seems like my daughter’s gamer tag is unaffected, as mine probably would be OK, too (we have the Family pack, but my husband’s tag is the primary one with all of the billing information tied to it). He called the bank and they canceled his debit card (which was on the Live account), and he also notified PayPal of the open dispute with MS since THAT was also associated with his Live account, and which appears to have been the source of the charge that was made.
The nefarious intruders seem to be using hacked Live accounts to buy FIFA 12 downloadable content. So if you happen to check your Live account online and see you’re logged into a console and playing FIFA 12 while simultaneously sitting at your computer (and no one in your household plays that game, either), well, your XBOX Live account just might be hacked.
When we get his access to his gamer tag back, our plan is to get a re-loadable prepaid card and tie it to the account (since Family Live accounts require some form of payment method to renew it every year). This way if it only holds the minimum balance needed to pay that renewal fee shortly before that due date arrives, and in the interim, has pennies sitting in it, we won’t have to worry too much about potentially losing more money should a greedier hacker force their way into our XBOX account again.