Xbox Live Support Makes Bad Situation Worse For Hacker Victim

Game Rant

By Rob Keyes

Published Jan 6, 2012

One user is hacked then hacked again after Xbox Live Support failed to block an account under investigation, throwing her in circles and unable to find help.

One of the worst things coming from the modern tech age is electronic identity theft, and it comes in many forms. Hackers, which have become a sad mainstay of the current gen video game console services PSN and Xbox Live have brought a nightmare upon the companies and worse, the users victimized.

A recent victim of this form of theft is Susan whose Xbox Live account was hacked. If the hacking and stolen funds wasn't bad enough, it's the Xbox Live Customer Support team who've made it a lot worse for her and she's gone public to tell her story.

Susan is keeping a blog to update the status of the situation as it happens and we're currently four days in. This story begins on January 2nd when Susan received a few emails, receipts for "$214.97 + Taxes" worth of purchases on Xbox Live that she had not made herself. Someone had hacked her account, purchased a Family Gold Pack (which allows users to transfer MS Points from the associated family accounts) and 10,000 Microsoft Points, then transferred them out.

Susan couldn't login to her account because the password was changed by the hacker so she got in touch with Xbox Live Support who told her the Fraud Department would look after it and that they'd have to lock her account for 30 days to investigate. She also got in touch with her bank and Paypal who both logged the complaint but couldn't do anything else.

The following day, Susan received a confirmation email that her account was locked, sign-in disabled and they gave her a 30-day extension on her Gold account to make up for the estimated investigation time. So far, everything seems to be going as expected. She is however, without use of her account and down a significant sum of money for a young mother of a 1 year-old disabled boy.

Then, the next morning Susan received more email receipts. Another "$124.98 + Tax" was spent on her account and the digital goods transferred away to a dummy account. How did that happen if Microsoft said on the phone and in a confirmation email that her account and sign-in had been blocked for investigation? Isn't that the point of blocking it for investigation? Her account was still linked with her bank since Microsoft had told her it was blocked, when it wasn't, meaning Microsoft left her account open for the hacker to steal more money.

Susan quickly unlinked the accounts then got back on the phone with support who couldn't answer her questions, literally saying "I don't know" about why it was not blocked (when they said it was) and continued to ask her to try logging in... when again, they said it's blocked, meaning she shouldn't be able to login. Right? What?

With phone support being contradictory and useless, Susan - who also happens to be an Xbox Ambassador - took to Twitter to communicate @XboxSupport. After a little back-and-forth to acquire the necessary info, XboxSupport's mind-numbing suggestion was to get in touch with phone support. Do they mean the team who said "I don't know" on the phone and who suggested logging into blocked-but-not-really-blocked-or-is-it account?

The mess is ongoing and the Twitter convo is the latest update. You can follow what's happening with Susan on Twitter @ladyelysium or her blog about the matter: Hacked on Xbox. The last we heard was that she's again on the phone with Microsoft.

This isn't the whole story as Susan was able to do investigating on her own - because the account still hasn't been blocked of course - to find info on who was running this scheme, so be sure to check her blog for the full story and spread the word.

The morale of the story is, don't rely on customer support for protection or immediate rescue. Do your best to manage the risk, especially when you have financial accounts attached to your gaming accounts. Not one person stepped up from Support after the incident to actually block the account or to inform her that they couldn't and that she's still at risk. Four days in and the problem hasn't be resolved, the account still not blocked, and Susan has no answers. Now that it's making headlines, expect some resolution.

The scary thought is how many other people this may be happening too and how many other similar cases Xbox Live Support must handle, especially since the hacker is making a business out of it.

Follow me on Twitter @rob_keyes.

Source: Hacked on Xbox (via Destructoid)

Red Ring of Death from juutin.