Some of you may already know that my account was hacked last week. It started just after I uploaded some points onto my account one night, and then the next day I get an email saying somebody had tried to add an email account to my Live ID, and checking to see if it was me that requested it. I cancelled that request but I also went and and checked my billing to see that 5,040 points had been used.
Pretty much the next thing I did was change my password on my Live account, followed by getting on the phone to the Hong Kong branch of Xbox Support. I gave them all my details, and was then told that my account would be locked for up to 25 days whilst they “investigate”. That was Friday morning. On Friday night when I got home, I checked my 360 and noticed I still had access to Xbox Live even though I had been told I would not have access to live from the moment I hung up the phone. So given that the Hong Kong office was closed, I decided to try and contact them via Twitter, and they advised me not to connect it to Live. So I did the only thing you can do, and that was to unplug the network cable. You’d think they would have an nice easy option to just not connect to Live….
So fast forward to yesterday evening, when I log into my email and I see two emails there. One is a password reset from Microsoft, and the other from Xbox Live Support. I decided to read the Live Support one first to make sure the password reset was related, and it seemed to be. They told me I would have to reset my password (which I did) and then I would need to move to step 2. Step 2 was to turn on the 360 and download my profile, which again I did. However, once that was done I quickly went to check my balance and found out I still only had 5 points.
When I went back to the email, I noticed this:
・ Our investigation revealed that no purchases were made while your account was out of your control.
Now, ok I’ll be the first to admit that maybe just maybe some people out there are using this hacking thing to their advantage, after all there are plenty of unscrupulous people out there constantly on the look out to get the situation to their advantage. However, I have been on Xbox live for around 5 years now, I’ve had gold throughout that, I’ve purchased a number of points (nowhere near to make me one of the top spenders but consistent enough), and I already told them before they locked my account what happened (that I bought points and the next time I check all those points were gone). I would also hazard a guess that if they looked through my account history they would see that this is something that doesn’t quite match my purchase history.
I would also hazard a guess that if they spent more than maybe 2 minutes “investigating” that they could have maybe checked the IP address of where the points were spent; along with the email account that I provided them of the person who tried to add it to my account; and maybe they could have checked the serial number/ID of the 360 my account was accessed on, other than the one I provided and they might, just might have been able to realise that this clearly was not me.
Of course it may well just mean that I will have to swallow the bitter pill of not only losing the 4,200 points that I bought but also the 840 points that I also had on there before. If that is the case then I really don’t see me using Microsoft Points much in the future. In the past I’d added 4200 points and then as they are sitting there on my account I might just get the odd XBLA game, that will definitely cease. From now on the only points I might get are just enough to purchase DLC, and even then it might only be for very good DLC. Sure I might lose out on a few maps here and there, but it’s a price I’m more than happy to pay to ensure a) I don’t end up losing 5,000 points again with nothing done by Microsoft and b) I don’t end up funding Microsoft any more than I have to until I can be certain they are actually doing what they’re supposed to be.
It does make you wonder though just what is going on with this. My EA account and my Xbox live password have been different ever since I heard about the FIFA hacks. EA was hacked, and due to the linkage between EA games to the xbox live id, some people’s accounts were made vulnerable. Now Microsoft claim this was nothing to do with them (well other than the fact that this was a stupid system to allow). However, as soon as this happened my Live ID password was changed, and has been different to my EA account since. I also have never plugged my hotmail account details into anything other than hotmail, and I’m fairly confident I don’t have a virus on my computers, as I do all my email checking in a normal internet window, whilst I do everything else in a sandboxed environment. On top of that I constantly run virus scans, not just through installed software but through trend micro.
When Sony was hacked, the first thing they did was block all of their accounts, check their systems, revamp it, then give people back access to their accounts and give them some compensation. The situation may be a little different but in Sony’s case, they made sure that any damage done would be limited to their users. It may well be EA’s fault that the hacking occurred, but let’s be honest it was Microsoft that allowed the linkage too. When I first linked my Live account to my EA account it was done years ago when I first played Fifa on the 360. I believe that may have been FIFA 06? When it happened I was asked if I wanted to create an EA profile to save my EA game progress. Of course I selected yes, and I was told that my live ID was now linked to my EA account. As far as I remember I didn’t even have to put in my password, it just created an ea account with the same details.
However, given that the hack on the EA servers was clearly affecting Microsoft, should they not have done something similar to Sony? Sure it would have meant the Live system was down for a while, but then people’s money wouldn’t have been stolen. I know at the time people bitched about Sony, but I know plenty of people who are happy with what Sony did to ensure that their accounts did not lose money. They also compensated people with free games. What has Microsoft done? Pretty much nothing, except investigate my account for 2 minutes and tell me nothing was stolen when it was not in my control.
When I was at university, some people stole my car. That car was used in a robbery. The police phoned and asked if I knew where my car was and I assumed it was still parked outside. It wasn’t. Guess what the police did then? Well they did this thing called investigation. They checked the CC tv footage and realised it wasn’t me, they found the car and they had it towed to a pound. They didn’t give me back my car and arrest me for the robbery purely because I hadn’t reported the car stolen until after the crime had happened.