Honestly, when I consider the effectively year long timeframe that this fraud has been occurring, I think Microsoft has had a breakdown in the feedback loop from End Users -> Customer Service -> Developers. It seems like CS has been handling this issue, but the problems haven't fed back to XBL development teams such that they can work on countermeasures. By any standard, 9 months is just too long to be handling this on a case by case basis without any response from the development team.
Potential Xbox Live hacking related to FIFA 12
- Thread starter Scott_Arm
- Start date
Honestly, when I consider the effectively year long timeframe that this fraud has been occurring, I think Microsoft has had a breakdown in the feedback loop from End Users -> Customer Service -> Developers. It seems like CS has been handling this issue, but the problems haven't fed back to XBL development teams such that they can work on countermeasures. By any standard, 9 months is just too long to be handling this on a case by case basis without any response from the development team.
Silent_Buddha
Legend
It also depends on the scope of the problem. If it's limited to FIFA 12, and only a small fraction of FIFA 12 users at that, it may not have been a large enough problem that it triggered whatever reporting requirements were in place. If it's 1% of FIFA 12 users would it raise a flag? 2%? How many of the total Xbox Live membership would that be? If it was 10-50% I'm sure it would have been addressed very quickly. Or maybe not depending on what the actual root source of the problem was.
And you can't accurately gauge the extent of a problem through just internet forum posts and blog posts. Although those do draw attention to potential problems.
I agree that at the very least they should have increased the support staff required to handle the situation. But having worked in the support industry in the past, you first wait to see if the problem is going to be prolonged of it's just a short spike that can be dealt with via overtime. Hiring new staff is expensive. Training is expensive and takes time. And if it's just a short spike (say one or two months) then you'll end up having to lay off those people just as quickly. Training is often 3-4 weeks for properly trained support staff. So a short spike of one month would mean you'd just wasted money for nothing.
Still all that considered that's still only a potential 2-3 month delay in getting an appropriate level of support staff online to deal with it Maybe a little longer if you are limited by number of trainers and places to train them, as well as locations that can handle additional support staff. So lets say anywhere from 2-5 months for appropriate levels of support staff depending on the extent of the problem. If there's any area I'd knock MS on, it's that it took almost 9 months to start ramping up support staff to deal with affected customers.
And that's something I find surprising. As from what I know (or knew, it's been a while since I was involved in that industry) internally about the support industry, Microsoft was (at least since 1999 and onwards) one of the companies that was more proactive and concerned about support quality and appropriate support levels.
[EDIT] Hahaha and speaking of which. I just now got a phishing e-mail attempting to get my password and other information.
Regards,
SB
But it's not. FIFA just happens to be the system by which the stolen funds are fenced, it appears. Non-FIFA players are getting hacked, so it's more like 1% (or 10%, or 0.1%. We' ve no numbers) of all XBLive than 1% of FIFA 12 players.
The feedback seemingly only went from Victims -> Customer Service.
But luckily one of the victims managed to find the flaw and get it fixed.
I've not seen many new reports of user-scams lately on the forums I frequent, those stopped the day they added better captcha-security on the xbox recover account-page, so I assume the most frequently used security flaw is fixed.
It's not like 360-gamers are extra susceptible to phishing, compared to other platform-users.
But those were most affected.
http://www.engadget.com/2012/02/12/microsoft-store-hacked-in-india-leaked-passwords-stored-in-plai/
Kinda related perhaps. I wonder how different systems there might be between MS store and XBLive accounts.
Kinda related perhaps. I wonder how different systems there might be between MS store and XBLive accounts.
Giant cup of tea and a perfect storm as well. It made the headlines in mainstream media and there are examples of people waiting way longer than a month to get their accounts sorted.
Was the podcast from Microsoft?
No relation at all. The MS Store in India is contracted out to a 3rd party called Quasar Media. Apparently they provide services in India for several large corporations.
link me this mainstream media coverage
Where you completely gone for a few months?
Google blocked at your place?
Since you don´t have faith in your fellow posters
http://news.bbc.co.uk/2/hi/technology/6477155.stm
http://gizmodo.com/5849835/xbox-live-users-are-being-hacked-for-virtual-fifa-gear
http://arstechnica.com/gaming/news/...-hacked-accounts-fifa-11-and-12-purchases.ars
http://www.huffingtonpost.co.uk/2011/11/22/xbox-players-hacked_n_1107335.html
It even made headlines in a Danish newspaper, but it was me that read that and posted about it somewhere in this thread so i guess that isn´ valid.
Sigh...
THE TIMES:
http://www.thetimes.co.uk/tto/technology/article3234542.ece
THE GUARDIAN:
http://www.guardian.co.uk/technology/2011/nov/22/xbox-live-users-phishing-attacks
THE BBC (so sorry i linked the wrong story)
http://www.bbc.co.uk/newsbeat/15837971
Learn Danish:
http://politiken.dk/tjek/digitalt/i...-brugere-faar-stjaalet-penge-fra-deres-konto/
Just to update. My account hacked was fixed quickly. However there was an issue with the points being refunded properly and I had to call back in. Due to the extra time it took, they refunded my points, give me some extra and left the content that was purchased (Cyrsis 1 on demand, RE4 on demand and some others). Since the hack, I've followed the recommended procedures for hardening my account. We'll see.
do you know how you were compromised?
My yahoo account. Had the same password.
Here's another guy who was hacked twice. Second attack sounds like it might have been through a second account linked to Windows Live.
http://www.thesixthaxis.com/2012/02/26/xbox-live-accounts-still-being-hacked/
http://www.thesixthaxis.com/2012/02/26/xbox-live-accounts-still-being-hacked/
So they stole his password, but how if he didn´t use it on anything but his XBOX? Seems there is something about that reset procedure that wasn´t fixed.
Also, found in the comments:
http://www.hackedonxbox.com/
In this case, since his password had been changed, it's probable that they did not steal his password, but instead manipulated someone into resetting it for them. Whether it was XBL Support, the web form, or some other method, I don't know. But it definitely looks like XBL allowed something to happen that it shouldn't have.
Similar threads
