Microsoft Lock Out Hacked 360 User After Three Month Wait

Update: It looks like this particular situation has been resolved, presumably a result of the media. The author states that his account was banned due to an old RROD’d machine being fixed and used to hack other accounts, and Microsoft are sending him a brand new machine.


I’ve lost track of the number of articles and blogs we’ve done on this – it must be approaching ten – but we’re not SuperDuperMegaGamer and thus nothing appears to change over in Redmond; the coverage from major sites on this whole ‘Xbox hacking’ thing just isn’t there.

– ARTICLE CONTINUES BELOW –

Hopefully, then, this latest story might pick up a bit of traction, I know that the likes of Kotaku have been given the nod.  Until then, here’s the sorry story of a “30 something, college professor” that found himself permanently banned from his Xbox 360 Gamertag after suffering three months of having no access after his account was hacked.

Now, it’s worth pointing out that at no stage does the author blame Xbox for the security issue – the truth is that no-one really knows how all this is happening – this is clearly just a finger pointed squarely at the way he was handled by customer services, and the rather incredulous ending that just beggars belief.

The blog doesn’t make for happy reading.  The episode starts in October when the individual’s 360 account was compromised and migrated to Russia, and yet despite filing an immediate contact with Microsoft, nothing had been done by December apart from some empty offers of (pointless) one month Xbox Live Gold vouchers.

[drop2]After filing a complaint with the Better Business Bureau at the end of last year (which was processed on the third of January) Microsoft called him back, on the 23rd.  Over the next few days things finally started moving, and his account was gradually returned to its rightful owner.

“Later in the day on the on the 27th,” said dmaul1114, “I got e-mails confirming the investigation was completed, my 1200 points had been refunded, and instructions on how to change my Windows Live ID password and recover the account to my console.”

But that wasn’t the end of it, by a long way.  “Then I noticed another e-mail from Xbox,” he continued, “this one stating that my profile was permanently banned for a code of conduct violation.”  Upon calling Microsoft, he was told that this was now a matter for the Xbox Live Policy Enforcement Team, and was instructed to post in the relevant forum on Xbox.com.

Ultimately, after a few more calls, dmaul1114 was told the notes showed that the XBLPET had ruled the violation happened when he was in control of the account. “I asked what the violation was for,” he said, “and he stated it said it was for attempting to steal other accounts.”  Incredible, right?

After this, the gates remained shut.  The ban stays, and he’s lost all his licensed for purchased Arcade titles, all his DLC and his game saves, unless he just wants to play offline.  “Thus I cannot import my Mass Effect 1/2 characters into Mass Effect 3 if I want to play the online modes with my existing characters,” he says, by way of an example.

“What kind of customer service is it to not give the customer the benefit of the doubt in such a simple case as this?” he asks. “Are account thieves reporting their own accounts stolen, going so far as to file Better Business Bureau complaints to try to get them back? Am I omnipresent so that I can be hacking accounts from Russia while living and working in the US?”

“It’s just baffling that Microsoft can treat a loyal customer this way.”

He’s responded further on NeoGAF.  The chap sounds like a reasoned individual and one remaining remarkably calm given the situation.  “I’m glad my story is getting some exposure,” he says.  “I really don’t care about getting the account back as I just can’t support MS after this experience. I just hope this gets some buzz and causes them to handle any similar cases in the future properly.”

Hopefully, if enough coverage is made of this, Microsoft will be finally pushed into some decent security for their system – but more interestingly, some customer service. Three months might be the exception, but it’s just simply not good enough – not to mention the ban at the end of it all…

– PAGE CONTINUES BELOW –

35 Comments

  1. So glad I own a PS3 rather than a 360 right now. The poor man, it’s unlikely I would be as calm as him in the same situation.

    On the basis of how MS treat their customers I will definitely be continuing into the next gen with Sony, I’ve never liked Microsoft but this is just appalling.

  2. Awful. I actually considered purchasing a 360 not so long ago. Really glad I never if that’s what they call “customer service”.

  3. I brought an 360 last year. As I’ve got a Windows Phone I get to play Xbox Live games on my mobile. Reading all this had lead me to change my details on Xbox to give wrong info meaning I won’t buy any more games on my 360 online or buy any apps for my mobile now.

  4. Xbox Live. Probably the only thing keeping me from ever buying a Microsoft console.

  5. I just read the ‘update’ on the original blog. This still smells pretty bad for Microsoft but of course now that they have sent out a new Xbox everyone will just forget it and move on. Here is what was posted in the update:

    ———

    “He explained the situation to me in detail. What had happened is that apparently my old XBOX 360, which had gotten the RROD on January 1st, 2011, ended up back in circulation somehow. I’d simply taken it to Best Buy for recycling when I bought my new Slim 360 because it was out of the 3-year warranty period.

    It somehow ended up in the hands of a hacker who used it to hack some high profile gamertags of MS employees etc. I got blamed for it as the IP address was still traced to the general area where I live (wonder if a Best Buy employee took it and fixed it rather than sending it in to recycling?), and my Gamertag showed up as the one most logged-into on that console–which is no surprise since I had it for over 3 years.

    What they somehow didn’t think to check until today was what the last log-in date for Gamertags on that old console was. Mine was of course January 1st, 2011 when it got the RROD. And this was well before the hackings committed from my old console occurred. Whoever got my old console couldn’t sign in on my account as the HDD was wiped–and I’m not even sure I recycled the HDD at Best Buy. I think I held onto it a while thinking maybe I’d have a friend with an old Xbox who needed a 20GB HDD for some reason, and then eventually just tossed it.”

    ———

    There are several things MS need to be held accountable for here.

    1) They continually say Xbox Live isn’t being compromised and that people are losing accounts due to phishing scams, yet here is (unverified) evidence of MS saying an old Xbox was used to hack high profile MS employees gamer tags. Hmmm. Unless of course that was made up to appease the customer (which wouldn’t surprise me at this point).

    2) If this wasn’t high profile due media coverage, one innocent gamer would still have his account perma-banned and whoever was using his old Xbox to ‘hack’ gamer tags with would have no action taken against them.

    3) How dumb are they to simply ban the most used Gamer tag on a console and not even attempt to correlate who was logged into the machine at the time of the offenses being committed.

    4) This is just one story in hundreds or thousands that go unresolved because they don’t get media attention. MS are still in full denial and have been for months – the evidence is overwhelming collecting here and still nothing happens.

    • Very interesting update, indeed. MS needs to get their act together.

  6. That is pretty shocking. Personally glad I only ever use points/xbl cards that I have bought from a store as opposed to giving Microsoft my payment card details… :|

  7. That is piss poor customer service. If i treated someone like that, i would get sacked. I can’t believe noone at MS went”shouldn’t we not ban him as a hacker has hijacked his account?”

    I am now going to refuse to get an Xbox untill they improve their customer service. If they keep this up, they risk having a lot of people, turning their backs on them.

  8. My Xbox account was hacked some months ago. Called customer service and was told that it would all be sorted in 30 days. Three months later I still had no joy so I got rid of the Xbox and closed my account. My bank, however, was first rate about the whole thing. I will never buy another Microsoft console product, because I just don`t feel safe using the things.

  9. they are hands down worse than nintendo for that mario kart glitch that theywont fix

  10. To anybody who says that no cc details were obtained in the PSN hack…….i’m sorry, but you’re talking pish.
    Despite my card not being out of my possession, my account was used to top up an 02 fone……..which i don’t own (T-mobile is the network i use)
    The only way they could’ve gotten my details, was via PSN, as the card was used exclusivly for purchasing off the PS Store.
    Unless some sherlock can prove otherwise, i stand by my previous statement.

    • There are still plenty of ways your card could have been compromised that make a lot more sense than suggesting hackers have a) obtained the CC database (that was never a given) and b) have managed to remove the encryption used on the CC database.

      Getting the raw numbers is as easy as pinching a credit card statement from your mail box, or even just any correspondance from your mailbox that indicates your name, address and possibly your bank. These guys are clever, with enough info they can fool the bank or any one of your utilities companies into revealing more information over the phone such as your birth date or recent transaction (electricity bill paid recently etc). From there, they can call the bank and they have enough information to pass off as being you.

      Additionally, some merchants don’t require the verification code for transactions to go through (and most don’t check your address at all – they are actually prevented for privacy reasons). Some that do check the verification code have poor spam filters which allow criminals try multiple times to purchase things. Given verification codes are usually only 3 numbers, it takes at most 999 attempts to guess a correct verification code – much less if it’s a low number. Once they have it confirmed through one of these weak venders, they are free to use it for much bigger purchases.

      People assume they are some kind of impenetrable fort knox of security, but the reality is that we are all susceptible to theft at any given time – that’s why credit card companies offer you refund protection. People don’t give these criminals enough credit – remember, they do this kind of thing for a living!

Comments are now closed for this post.