Microsoft refunding Xbox Live customers, accounts hacked

By Gary Johnson - Nov 25, 2011

A few days ago we told you about some users of the Xbox Live service who had been tricked with a phishing email scam. This had cost users money but also saw them locked out of their accounts. Now there is news that Microsoft is refunding Xbox Live customers after accounts were hacked.

The company has begun by sending out warnings or refunding some customers as it ramps up its investigation into the scam. This follows earlier reports of Microsoft stressing that the service itself had not been hacked, and users were tricked into sharing sensitive data via email.

According to The Guardian the company is suggesting Xbox Live customers change their passwords after many accounts being hijacked by the phishing scam. It is now thought that criminals in China or Russia are behind the attack, and have managed to gain access to accounts via a fraudulent email.

Microsoft has played down rumors of wide spread hacking as it tries to distance itself from what Sony went through earlier this year with its PSN service. The problem is thought to have affected less than one million users worldwide, but Microsoft hasn’t ruled out the possibility of this increasing.

Some users have been cheated out of multiple purchases of £42.50 in the UK, which are now being refunded by Microsoft. The company said in statement that they take security of its services seriously, and added “Very occasionally, though, we are contacted by members regarding alleged unauthorized access to their accounts by outside individuals”.

They advise gamers to follow the company account security guidance to protect their accounts, and that there is no evidence that user’s information had been sold or released so far. Have you received one of the fraudulent emails?

Follow us on Facebook, Twitter or Google Plus.

Also See: Could Microsoft’s Folding Tablet be the gadget of 2018?

  • Bill

    Today, my account was compromised, e-mail account changed, and billed 10,000 MS points using my linked CC. Microsoft is investigating it and I am sure it will be resolved. However, I believe Microsoft is sweeping something under the rug. In early November, my co-worker told me his accounted was hacked, as 6,000 points were added to his account. And the day before Thanksgiving my friend had a similar problem, with someone using his points to buy FIFA DLC (he doesn’t even own FIFA). These two guys are very tech-oriented people, but even still, I thought maybe they just clicked a bad link, or shared a common-link between forum names/passwords. That was, until today – when MY account became compromised.Microsoft claims there was no security issue, and these victims are just falling for phishing attempts.
    For a little background: I am an IT administrator at a 100+ user company. I have my CCNA, Comp TIA – A+ Hardware, MCITP, and more. My email account used for my XBox Live account is solely used for Xbox Live. I have never used it anywhere else. My password was over 10 characters long, including uppercase, lowercase, and numbers. I did not, and would not fall for any phishing attempt. I have had the same XBox Live account since the original Xbox and never as much as a blip with problems.
    The influx of Xbox Live users that this occurred to recently seem to be tech savvy people like myself. I do not accept Microsoft’s response as simple ‘phishing.’ There has to be more going on here. I want a better official response from MS. And until then, I advise you all to change your xbox live/windows live ID password.

  • Bob

    Just goes show you services are never as secure as you think.