Potential Xbox Live hacking related to FIFA 12

[Scott_Arm]

Seems there may be some account hacking going on with Xbox Live that would be related to FIFA 12 in some way. If you are playing FIFA 12 on Xbox 360, watch your points carefully. If you have email notifications set up for points purchases through Xbox Live, you may want to keep an eye on that account.

I saw this was being discussed in the PS3 hack thread after reading this story, but thought I'd start a new one because Xbox Live users may not be looking into that thread.

http://arstechnica.com/gaming/news/...ues-microsofts-response-becomes-maddening.ars

 

[Shifty Geezer]

By accounts it's not a Live hack, but an EA hack. Edit: That article suggests it's social engineering and not a hack.

 

[patsu]

Probably don't have enough info to classify either way. The article doesn't really conclude it's a social engineering attack.

 

[Shifty Geezer]

It doesn't, but it mostly complaining about the time taken by MS to resolve things, while MS and EA are saying they haven't been hacked. Actually EA almost suggests they're getting hacked 'the same amount as FIFA 11'.

 

[patsu]

If it's an effective technique, and the hackers' intention is to make money, they will keep quiet and make sure not to trigger any defense as long as possible. Without any trail, it's too early to say what type of hack it is. Surveying the victims (in addition to looking at logs) may help give some hints though.

 

[-tkf-]

Xbox Live users suffering hacked accounts

I read about this in a Danish news paper,

Xbox Live users suffering hacked accounts

http://arstechnica.com/gaming/news/...-hacked-accounts-fifa-11-and-12-purchases.ars

In the danish news paper they are quoting Microsoft Support:

Supporters also said that Microsoft is fully aware of the security hole. They believe it is because the game developer company Electronic Arts, EA, not in control of their security so hackers can get in and steal Xbox Live usernames and passwords through EA's servers

You will need Google Translate, i think
http://politiken.dk/tjek/digitalt/i...-brugere-faar-stjaalet-penge-fra-deres-konto/

Brad Grenz may be right

EDIT: Reading the comments on the different websites that is reporting about this problem does indicate something organized.
http://forums.xbox.com/xbox_forums/xbox_support/f/27/t/3125.aspx?PageIndex=1
http://whatthegeek.net/2011/10/05/the-tale-of-a-hacked-xbox-live-account/
http://gizmodo.com/5849835/xbox-live-users-are-being-hacked-for-virtual-fifa-gear

 

[AlphaWolf]

If there is some systemic hack, it's certainly not widespread.

And MS is still denying that anyone at all has been hacked.

 

[-tkf-]

If there is some systemic hack, it's certainly not widespread.

And MS is still denying that anyone at all has been hacked.

Widespread will always be a question of definition and it´s really not the issue here.

I usually never read XBOX news in this regard, but your post made me do a little bit of google, and i think it is obvious that something is going on. Maybe it´s just Live that is the target now, maybe it´s the FIFA launch that opened some kind of weakness, maybe it´s the 60.000 accounts that was released by Lulz (http://techmento.com/2011/06/18/xbox-live-hacked-60000-accounts-leaked/#comments) maybe it´s just a bunch of people getting phished.

And Microsoft is not exactly known to be quick to admit faults or wrong doings so that says nothing about anything really

 

[dobwal]

What seems odd is that its just seems all FIFA related with losses coming from purchasing and downloading of the FIFA games and their associated DLC.

Almost seems like someone is able to spoof other live accounts on EA FIFA servers without actually gaining access to those accounts' passwords.

Unless there are a segment gamers that want nothing to do with Live merchandise other than FIFA related goods.

 

[Silent_Buddha]

If it's only FIFA being affected, then that suggests it likely isn't anything on MS' end otherwise the hacking would be more widespread.

So it's likely to either be extremely targetted social engineeering/phishing schemes or EA borked something again and opened up a security hole.

Regards,
SB

 

[Scott_Arm]

You kind of wonder if there's a flaw in the way you purchase DLC for FIFA in-game. Pretty sure you can buy ultimate team packs in-game. If people were hacking Live accounts, you think they'd be buying stuff other than FIFA DLC.

 

[AlphaWolf]

Widespread will always be a question of definition and it´s really not the issue here.

I usually never read XBOX news in this regard, but your post made me do a little bit of google, and i think it is obvious that something is going on. Maybe it´s just Live that is the target now, maybe it´s the FIFA launch that opened some kind of weakness, maybe it´s the 60.000 accounts that was released by Lulz (http://techmento.com/2011/06/18/xbox-live-hacked-60000-accounts-leaked/#comments) maybe it´s just a bunch of people getting phished.

You googled up something that supposedly happened 4 months ago? And are trying to relate it to this issue that seems more EA/FIFA related?

And Microsoft is not exactly known to be quick to admit faults or wrong doings so that says nothing about anything really

And a few people on forums aren't exactly a reliable source of information either. I fully expect that many people have had their accounts compromised over the life of xbl, but if this is a major security flaw, the people exploiting it are really really stupid, because all they seem to have managed to annoy a few people.

 

[AlphaWolf]

You kind of wonder if there's a flaw in the way you purchase DLC for FIFA in-game. Pretty sure you can buy ultimate team packs in-game. If people were hacking Live accounts, you think they'd be buying stuff other than FIFA DLC.

Maybe it's EA using peoples accounts.

 

[dobwal]

If it's only FIFA being affected, then that suggests it likely isn't anything on MS' end otherwise the hacking would be more widespread.

So it's likely to either be extremely targetted social engineeering/phishing schemes or EA borked something again and opened up a security hole.

Regards,
SB

If it social engineering/phishing scheme then why is it affecting (as far as it seems here) one EA franchise. Is it possible someone found a way to spoof EA's FIFA servers?

 

[Scott_Arm]

Your EA account gets linked to your gamertag. Maybe there is something "phishy" going on with credentials, so you can buy stuff in-game on someone elses gamertag if you log in with their EA account. The EA account should not have access to your Live account password, so I don't know how that would work.

 

[-tkf-]

You googled up something that supposedly happened 4 months ago? And are trying to relate it to this issue that seems more EA/FIFA related?

And a few people on forums aren't exactly a reliable source of information either. I fully expect that many people have had their accounts compromised over the life of xbl, but if this is a major security flaw, the people exploiting it are really really stupid, because all they seem to have managed to annoy a few people.

I googled other stuff, and the list is long but useless in a discussion with you in any case, the link i provided was clearly mentioned as an example/what if in my post. You just ignored that as usual.

I don´t know why you get so defensive, well i guess i do your blinded by something. But lucky me this thread was to old already since it had already been posted, though with another excuse.

Request for a lock.

 

[Shifty Geezer]

What's the motivation for the hacking though? To randomly make gamers buy FIFA DLC is perhaps the very definition of random! Just a case of Thrillz?

 

[function]

Maybe someone bought Fifa DLC, felt really bad about themself, then decided they didn't want to feel like that on their own?

But seriously, this is actually a potential motivator not to buy any EA 360 stuff. Will Mass Effect 3 be open to the same vulnerabilities? I wouldn't like the idea of EA getting access to my Microsoft pass simply through playing one of their games even if EA's networks were secure. I hope MS are using some kind of secure alias or something.

 

[mrcorbo]

It's unfortunate that MS isn't more proactive about communicating about these issues beyond boilerplate press releases. If there is a significant issue, they would do well to inform their customers. If there isn't one, they would do well to have someone made available to answer specific questions with as specific answers as is prudent.

 

[bkilian]

I wondered about the utility too. The only thing I could think of was that when you buy content it's registered to the console and the user account. So it could be used by other users on the same console that bought it.