Potential Xbox Live hacking related to FIFA 12

patsu said:
Some victims reported that they have unique password for XBL, and some of them don't have EA accounts prior to the hack. It may be due to a number of techniques but XBL should develop capability to detect and minimize them further.
Click to expand...

How seriously are you taking online posters in regards to their memory of PSW integrity and account registration?

As for that later point, I am pretty sure MS has a fairly robust strategy for hacking as well as constantly updating it (everyone I know who works with MS says they are extremely security oriented) *but* there is no way you are going to be able to prevent advanced data mining approaches from compromising individual attacks. Sorry, when you have banks, online services, and social networks (which have HORRIBLE security and freely gleaned data provided by the users themselves) tossing tens of millions of user account info right into the general data pile it is impossible.

Yes, MS has to do their part (and they still may get hacked, it isn't impossible) but users are a prime source of data. This is why phishing is so popular--because you don't even have to data mine as many users will GIVE you the data.

We will see how this shakes out but I am sure even if users are to blame it will still be said to be MS's fault by some.

As for me? I missed out on all those free PS3 games so I could use a couple good new games for free on the 360 side ;)
 
And if you go to the source article you will see it's not MS saying any specific numbers at all. Microsoft never said the 1 million number. Please do some comprehensive reading before going off on tangents.

http://www.guardian.co.uk/technology/2011/nov/25/microsoft-refunds-xbox-live-phishing
Microsoft has played down the phishing scam in an attempt to distance it from the Sony PlayStation Network attack earlier this year that affected more than 70 million gamers.

The company has denied that Xbox Live had been "hacked or breached", but said a small number of users in the UK had reported unauthorised access to their accounts.

Fewer than a million Xbox Live users are thought to have been affected worldwide. However, Microsoft is continuing its investigation and has not ruled out an increase in the number of phishing emails before Christmas.

Some gamers have been scammed out of "multiple purchases" of £42.50, according to the Sun, which first revealed details of the scam attack on Tuesday. Microsoft is understood to be contacting and refunding those customers.

"We take the security of the Xbox Live service seriously and work to improve it against evolving threats," a Microsoft spokesman said.

"Very occasionally, though, we are contacted by members regarding alleged unauthorised access to their accounts by outside individuals. We can confirm that only a small percentage of Xbox Live customers have been affected here in the UK.

"We work closely with impacted members directly to resolve any unauthorised changes to their accounts and, as always, highly recommend all Xbox Live users follow our account security guidance in order to protect their account details."

Microsoft said there was no evidence that customer information had been released or sold.
Click to expand...
 
patsu said:
Article says...
Click to expand...

Don't be dense, I said "quote."

Ok, I shouldn't be so hard, English may not be your first language. In journalism in the US/English a quote is verbatim from the speaker. When it lacks quotation marks (" ") it is not a quote and is open to the reporters usage as long as it generally represents what was said. Filling in of blanks and various ball park numbers are dubious as cited material unless they are citing specific data, e.g. "The Pentagon said 4,122 troops were killed" whereas in a general exchange:

"How many compromised accounts were there?
"We have not released specific numbers.
"Less than a million?
"Yes.

Which turns into, "Microsoft has said that less than a million of its Xbox Live users have been affected by this latest attempt to gain access to user accounts."

Hence the importance of a quote and context.

It is very common practice to create exchanges like the above to get those responses. The other one is, "We asked MS for a response but MS has not responded at the time of press." When was MS asked? 60 seconds before hitting the publish button.

True story. :yes: Journalism 101.
 
Acert93 said:
How seriously are you taking online posters in regards to their memory of PSW integrity and account registration?
Click to expand...

It would be case by case.


BRiT said:
And if you go to the source article you will see it's not MS saying any specific numbers at all. Microsoft never said the 1 million number. Please do some comprehensive reading before going off on tangents.

http://www.guardian.co.uk/technology/2011/nov/25/microsoft-refunds-xbox-live-phishing
Click to expand...

The quote comes from NeoWin. Like I said, if MS doesn't specify an accurate number, it will be subjected to people's interpretation.
 
BRiT said:
And if you go to the source article you will see it's not MS saying any specific numbers at all. Microsoft never said the 1 million number. Please do some comprehensive reading before going off on tangents.

http://www.guardian.co.uk/technology/2011/nov/25/microsoft-refunds-xbox-live-phishing
Click to expand...

Haha, see, this is how things twist in reporting:

BRiT's article: Fewer than a million Xbox Live users are thought to have been affected worldwide.

patsu's article: Microsoft has said that less than a million of its Xbox Live users have been affected by this latest attempt to gain access to user accounts.

So one reporter throws out, through the info he has gleaned, it is *thought* that fewer than 1M were compromised. Then the second article reporting it says MS *said* this.

Hence the importance of asking for a quote ;)
 
That was my point though. MS may have acknowledged "less than 1 million incidents" casually to Guardian during the clarification. If they had provided a (more) accurate number, then it's much better communication. The press will usually latch on to the larger number for reporting.
 
Acert93 said:
I have no clue if MS has been compromised. I haven't followed this much, but it seems that there is some odd association with EA online enabled software so there may be a compromise somewhere between Live and EA.
Click to expand...
It seems to me that EA's involvement is just a way to monetise the transactions or something. People without EA accounts or FIFA are finding FIFA content being purchased on their Live accounts. Earlier in this thread people explained to me that the content could be sold on.

patsu said:
That was my point though. MS may have acknowledged "less than 1 million incidents" casually to Guardian during the clarification.
Click to expand...
And they may have not, with the milion figure being a pie-in-the-sky amount, which is Acert's point. ;)
If they had provided a (more) accurate number, then it's much better communication. The press will usually latch on to the larger number for reporting.
Click to expand...
The press are dicks with no regard for reporting the truth on anything. Hence the need for verbatim quotes to know what poeple are really saying instead of paraphrasing by the newspaper to spin their agenda. Which isn't really disagreeing with you - the more open MS are, the less ammunition they give the press to spin it unfairly - but Acert's requirement for a quote before believing these numbers on any level are equally valid.
 
The important bit :

This is the one question that has repeatedly nagged at me throughout this incident. Microsoft and EA both admit that there are dishonest people currently looking to exploit honest gamers’ accounts. But why are all these reports of FIFA related hacking coming from Xbox Live, with no similar tales emerging from the Playstation Network? While I am no security expert, and I can by no means claim to provide a definitive answer, there is one big difference that strikes me, when looking at the Playstation 3 and Xbox 360 side by side.
It appears to me that it is far too easy to recover someone’s full Xbox Live account, including profile and payment details, to another 360 console. If a hacker manages to get access to a linked Windows Live ID and password, it seems they can recover the account, access the profile information, and use the stored credit card details to make purchases.
On Playstation 3, registering an existing account on a new console is just as simple, also requiring the email address and password of the user. However, if there is a credit card linked to the account, Sony requires you to verify this information, by providing the expiry date and security number on the card. Failure to do so results in the stored card details being wiped before you are allowed access to the account.
It is such a small difference, but maybe it is the one thing currently limiting this wave of hacking to the Xbox Live network. I have contacted Microsoft to ask for comment on this issue, and am awaiting a reply.
Click to expand...
 
On Playstation 3, registering an existing account on a new console is just as simple, also requiring the email address and password of the user. However, if there is a credit card linked to the account, Sony requires you to verify this information, by providing the expiry date and security number on the card. Failure to do so results in the stored card details being wiped before you are allowed access to the account.
Click to expand...

If this is how it works on PS3, then I say Microsoft needs to have the same or better layer of protection for verifying the credit card information. That way the customer's money isn't stolen. Hopefully it also protects the MS Points that are connected to the account. I would hope Microsoft would be open to making those changes.

Tommy McClain
 
AzBat said:
Not just any writer. It's Dean Takahashi, former writer for San Jose Mercury News & the guy who wrote both "Opening the Xbox" and "Xbox 360 Uncloaked" books. Hopefully with both Dean & Geoff Keighley's accounts getting phished maybe it spur Microsoft into some change.
Click to expand...

Oh, but surely they both just fell for the sweet siren call of free MS points!
 
There's something serious goin' on, and MS needs to fix it pronto. This is seriously degrading my faith in their Xbox live service. The service itself is fantastic, but security is the most important part. I'm switching to points cards.
 
Scott_Arm said:
I'm switching to points cards.
Click to expand...

Stock up when Superstore has its sales. ;) For some reason they had 50% off a few weeks back. lol

But yeah, never really trusted putting my CC info on there, so I've always done it that way. The only time I had it on there was to get in on some of those dashboard deals for the gold subscription.
 
AlStrong said:
Stock up when Superstore has its sales. ;) For some reason they had 50% off a few weeks back. lol

But yeah, never really trusted putting my CC info on there, so I've always done it that way. The only time I had it on there was to get in on some of those dashboard deals for the gold subscription.
Click to expand...

Why didn't you tell me a few weeks ago, Al! Some Internet friend you are!
 
Forgot to mention it here of all places. >_> :oops:

---------

hm... Wonder if using PayPal is any more secure if you get hacked.
 
I reported my account issues on the 15th of Nov to Xbox support and they were resolved today. I made just 1 call. The refund amount on my points is not accurate so I'll have to address that but my account have been fixed and I changed the password.
 
Shifty Geezer said:
Bizarrely me bank recently changed it's added security from requiring a separate card password per transaction to none whatsoever. They've actually reduced security! :oops:
Click to expand...

In norway we have a personal password and a tiny password generator(for each user) that creates a unique code every 30 seconds. U also need it for every transaction not just to log in.
 
You must log in or register to reply here.

Similar threads

A
Xbox Live Gold not needed for Free-To-Play MP, No Price Changes [2021-01-22]
4 5 6
Replies
119
Views
15K
BRiT
BRiT
A
Holy Wall of Text: My impressions post Playstation 4 (PS4) unveil
2 3 4
Replies
70
Views
20K
(((interference)))
I
A
Forza: A Test Case for next gen hardware discussion
2
Replies
32
Views
9K
tuna
T
F
Image Quality and Framebuffer Analysis for Available/release build Games *Read the first post*
125 126 127
Replies
3K
Views
789K
SumoSaki
S
Back
Top