Skip to main content

A January account of Xbox Live hacking and fraud

UPDATE: Microsoft responds, issues refund.

UPDATE #2: Susan Taylor's Xbox Live fraud nightmare is at an end. She detailed the final stages of her case at the weekend.

She's now pledged to use her new found celebrity to help bring other people's cases of Xbox Live fraud into the public eye.

UPDATE: A spokesperson for Microsoft has issued Eurogamer with the following statement regarding the Susan T security breach:

"Microsoft can confirm that there has been no breach to the security of our Xbox Live service. In recent cases, some Xbox Live members appear to have been victims of malicious scams. Unfortunately this is something that affects many internet based services.

"The online safety of Xbox Live members remains of the utmost importance, which is why we consistently take measures to protect Xbox Live against ever-changing threats. However, we are aware that a handful of customers have experienced problems getting their accounts restored once they've reported an issue. We are working directly with those customers to restore their accounts as soon as possible and are reviewing our processes to ensure a positive customer support experience."

The spokesperson added that it was aware of the specific case mentioned in our original story and it had refunded any illicit transactions linked to that account.

"While we do not ordinarily comment on specific cases, Microsoft can confirm that the account in question has been reinstated to its rightful owner and all unauthorised charges are being refunded in full."

ORIGINAL STORY: Has Xbox Live been hacked?

In November we were told no - Microsoft blamed phishers.

Whether hackers or phishers, new evidence has arisen detailing how an Xbox Live account was fraudulently used to buy and then transfer large sums of Microsoft Points.

The Xbox Live account belongs to "Susan T". Her "Hacked on Xbox" diary of events began on 2nd January, when she was emailed confirmation of purchasing 10,000 Microsoft Points and a Gold Family Pack - $214.97 worth of goods. These were then transferred to an unheard of Xbox Live account.

"Susan T" contacted the "Phone Support Team", which forwarded her case to the Xbox Live fraud department. They said her account was now blocked while they investigated. (Copies of the emails are provided on the "Hacked on Xbox" blog.)

On 4th January, the Xbox Live account belonging to "Susan T" was fraudulently used again - and again to buy 10,000 Microsoft Points (around $124.98). These points were transferred to a different unheard of Xbox Live account - "RipplyCorgi16".

"In total (including tax), I have had $366.06 stolen from me. Just how I am going to feed my son this month I just do not know. "

"Susan T"

"Susan T" was told on the phone by Microsoft that, "The fraud department was unable to block your account."

Contacting the Xbox Support Twitter account proved equally fruitless.

"They were about as helpful as everyone else I have been in contact with regarding my stolen money," wrote "Susan T".

"In total (including tax), I have had $366.06 stolen from me. Just how I am going to feed my son this month I just do not know. I can only hope that Microsoft will return my money back to me soon.

"At this point in time I just feel like I am being lead around in circles here. I have spoken to numerous people from Microsoft and the only information I am given is that they will pass it on to the next person."

But on 5th January (mistakenly labelled 5th December on her site, it seems), "Susan T" had a breakthrough.

She managed to log in to her apparently blocked Xbox Live account and found a new friend was online, "RipplyCorgi16" - the account that had received fraudulently bought points.

"Susan T" innocently messaged "RipplyCorgi16" and discovered that the user bought the account on allegro.pl, a Polish eBay-like site.

"His listings all state that you must use the MS points 'as quickly as possible', and that if they disappear it's not his fault, as there was a stated 'warranty' in his auction site listing."

"Susan T" found the auction site for the person who sold the "RipplyCorgi16" Xbox Live account. She found listings of Xbox Live accounts with amounts of transferred Microsoft Points. Some Xbox Live accounts were being sold with a fraudulently bought game.

"His listings all state that you must use the MS points 'as quickly as possible', and that if they disappear it's not his fault, as there was a stated 'warranty' in his auction site listing," she shared.

"If the points have gone you will have to purchase more from him, end of story. The same goes for the games; you must recover the purchased GamerTag, transfer the licenses for the games as quickly as possible or you may miss out."

"Susan T" discovered the seller's contact details but has yet to make contact, and asked that you do the same.

"Susan T" also talked to Microsoft again.

"I have spoken to Microsoft again and the rep I chatted to was appalled that no one else had actually managed to get my account blocked since the moment I first reported the issue on Monday," she wrote.

"He said he is going to (wait for it) 'pass my case onto the Tier 3 team' who will phone me once my account has been blocked and the investigation began.

"I don't have much hope of it getting blocked. I'm beginning to get used to the idea of never being able to use my account again."

Please let Eurogamer know if you have been a victim of a similar hacker or phisher on Xbox Live.

Read this next