The year of 2011 could be considered the year of the Hack. Sony, Steam, Citigroup, EVE Online, The Escapist, Minecraft, Square Enix. All attacked in some manner. LulzSec, Anonymous, and hackers of the world made their rounds.
Sony waited a week to officially announce that user information was compromised, which made most of the 77 million hacked users ‘lose it’ in some manner; they then coped in different ways. Some removed their PS3s from their home, some jumped on the class action suit, others kept calm and went outside. Steam’s forums were vandalized and then taken down. In about a week’s time — after further investigation — it was discovered the database was also compromised. Gabe Newell informed the users, despite no signs of malicious activity, to watch credit card activity and statements closely. Citibank had to replace about 100,000 credit cards of North American users that were affected by a breach. Eventually EVE was again Online, as were The Escapist and Minecraft. Square joined the list just this week as their own personal early Christmas present. Who was next to be added to this list of unfortunate events?
At this point, all signs point to Microsoft. If you asked them, they would say that it’s not a breach in the Xbox Live security but rather a case of internet fraud or a phishing scam. The thing about both these terms is that somehow, in a technical way, they happen because it’s your fault. You shared information with an unknown party, chose weak passwords; or you really believed that you won an iPad or free games for a year, provided you enter your personal information to receive said gifts. With those descriptions, it makes it clear that your hands are the ones that led you to your fraudulent doom. (Also remember, in all these particular cases, everything is your fault, not Microsoft’s.)
Xbox Live has had some issues since, well, forever. Since the beginning of Xbox Live, I’ve seen reports on forums and from friends — and not like ‘I know a guy that knows a guy that works with another guy that goes to this corner store’ — I’m talking direct contact with people that have had their accounts hacked. I haven’t been ‘lucky’ enough to have my credit card info taken off Xbox Live. Mainly because, with all the horror stories, I’ve stuck to buying points cards and memberships from retail stores.
A recent tale of hackery comes from June, when LulzSec claimed that they stole and leaked login information from multiple places. One of the places claimed? Xbox Live. Microsoft in turn said that Xbox Live was not compromised, and they take security seriously and are looking out for threats. Funny, Microsoft, I was unaware that you too released statements for the lulz.
From late August until now, there seems to be an issue with two little games called FIFA 11 and FIFA 12. It first showed up on NeoGAF, where someone had posted that their account was hacked and the hacker bought some points. The very next comment bet $10 that the hacker would buy EA Ultimate Gold Card packs. These Ultimate cards can be sold online for real cash monies up to $300, and it turns out someone owes that commenter money. The hack involves someone recovering your Live account to another Xbox, using your credit card to buy more Microsoft points, and purchasing EA Ultimate Gold card packs for FIFA. This led to a nearly 800 post-filled thread about the issue with others confirming said issue. The thread continues up until the end of November discussing the problem that Xbox Live is still having.
Despite the internet being abuzz about the hacking involving FIFA and EA Ultimate cards occurring on Xbox Live, Microsoft was as quiet as a church mouse. In two months time, Microsoft started issuing statements. But these statements of the non-issue taking place mean nothing when it is still happening and starts happening to game journalists.
Geoff Keighley was first, but then it also happened to Dan Crawley, a writer at Venture Beat. He had received an email saying that he purchased 6,000 Microsoft points and he could no longer access his account. When he recovered his account, he saw that “he” had played FIFA 12. Luckily for him his credit card issuer handled the case as fraud and cancelled his card in a timely fashion without hassle. He continues on with the curious case of Xbox Live:
I was told by Microsoft Customer Support that my account would be suspended, pending an investigation, which could take between 21 and 30 days to complete. My existing points would apparently be restored once the investigation was complete, and the £51 that had been fraudulently spent would also be refunded (I said this was not necessary, due to the actions being taken by my bank). In the meantime, I would be unable to access my Xbox Live account, and would only be able to play my console offline.
In some cases, those affected have had the money spent on points refunded by Microsoft customer service within a few days, and others have had their account suspended for up to 45 days while an investigation took place.
For two people that cover gaming and these types of issues, I’m sure their passwords aren’t admin or 1234. And they are smart enough to know that Xbox does not hand out free games or points — developers email them codes. So, what gives? Microsoft believes that this is not a security breach within Xbox Live.
This isn’t the first time that Microsoft was adamant that the problem wasn’t their product. Vista: technology is evolving, get a tutorial. Red Ring: it only affects a small percentage. The marketing campaign for Zune. Well, no one ever really understood what they meant by “Welcome to the Social.”