Okay, I wasn't planning on this being the next entry, but like the Steve Jobs tribute, I feel this is more of a "priority posting". I've been hard at work, tailing leads, getting insider info, and sniffing out the facts, so that I can deliver to YOU the loyal readers, gamers, and users, the information that you really want to know!! For the record, let me first explain, I'm seriously not trying to hate on Microsoft. Admittedly, on the PC software side of things, I'll say straight out, I can't stand Windows whatsoever, nor how they've handled it since the very first Windows. I play on a 360, and I'll admit, it is an impressive system; I will say there are areas that are minor cons or some stuff that's lacking, but that's my own preference. I also play on a PS3 and Wii; I honestly like to have all consoles, so if any exclusive game comes out for any system, and it's one I think I'll like, I can just play it, thus I try not to fall into any fanboy narrow-vision. Yes, I do have my favorite preference for systems, but that doesn't mean I take anything away from the other two. Now with that aside, on to the security alert... I just wanted to clear the air to make it clear that this is not an attempt to hate on Microsoft or make them look bad... this is however what I feel is a needed posting to help protect the end-users/players of 360 and/or XBL (XBox Live) as well as ensure their safety.
From what I've been seeing, reading, and witnessing, there seems to be a really large number that's kind of spiraling out of control, in regards to the number of XBL users that are being hacked. I know, I know, many are going to say, "oh that's the LulSec list of leaked accounts thing", which at first I gave that a fair chance, but upon further investigating and digging, I'm finding that's actually NOT linked, or at least not to the recent account hacks. As you'll see in the posts I plan to link for you, people are being quoted as saying: "This has nothing to do with LulzSec hack of a bunch of random accounts, because I was not on that list, and got broken into anyways", another user says, "This account is only used for Microsoft accounts and services, nothing else, and it got hacked". So there's something definitely amiss on the Microsoft Network. I will say, read this all, let it all sink in, then give it a fair judgement, as you may read one link and think, "oh that's this or that, they're just jumping the gun", actually read thoroughly and actually see the large number of reports coming in, including LockerGnome saying he was told directly by an MS Rep that it'd be "3-6 weeks before his account could be fixed" and when he asked why, he was informed by the same MS Rep, "it's due to a high number of recently hacked XBL accounts". 
First link up for grabs, the questioning doubt to the network security:
This is just a report of somebody else that's been noticing the same thing I have, numerous reports coming in from all over the internet of complaints about hacked XBox Live accounts along with those accounts being used to purchase MS Point Cards which are then redeemed, etc. They also quote what Microsoft reps seems to be telling them about "safe security" as they've told some other people, yet other reps have been quoted in referencing high numbers of hacked accounts, hrmz!
Next article to ponder, these are posts made DIRECTLY on the actual forums of Xbox.com, where multiple users are not only saying they've been hacked, but also where the one person is quoted in saying: "This has nothing to do with LulzSec hack of a bunch of random accounts, because I was not on that list, and got broken into anyways"... Xbox Forums.
Now moving right along, let's take a look at an actual video recorded not so long ago by the infamous LockerGnome, who usually defends Microsoft, DRM, and actually typically only has praise for Microsoft, who was hacked, while pointing out his account is only used for Microsoft services and nothing else... LockerGnome speaks his mind about XBL/Microsoft hacking. Also don't forget to check out his follow-up article about this at: XBox Live Hacked reported by LockerGnome.com!
Another piece of the puzzle to ponder over coming in from "Quarter to Three" Forums, more posts of various people being hacked on XBL, again, pointing out that this may not be as related to the LulSec list leak as many had thought, where some are even linking to other posts of people being hacked!... Quarter to Three Forums.
Finally, I throw in this last article, because it actually kind of bothers me. Now, keep in mind, this is a news article from back in March of 2011, but oddly, the article points out hackers exploiting the XBL service to acquire over a million dollars worth of MS points (which oddly, many of the recent hackings seem to be hackers in search
of more free MS points, coincidence!?). The difference here is, the hackers in this article managed to figure out the algorithm used in generating the MS Point code given for redemption, and exploited the bajesus out of it by keygen'ing themselves a buttload of MS points obviously! Now, before I get to the link, the major reason I have a problem with this, is Microsoft has been swearing since back in April or May that they've NEVER been hacked, if that's the case, what the hell is this from March reading... Microsoft Xbox Live Marketplace Hacked for $1.2M!?
UPDATE: Found another one -
UPDATE: Late entrance to the dance, but was doing some more searching, and decided to expand all the different linked threads found about "xbox live accounts being hacked" on Xbox official forums, here's the search results, brace yourself, there's LOTS:
UPDATE: From what I'm now findings, seems a lot (I won't say all, or even most) of the hacked accounts are being hacked in order to purchase items for Fifa Soccer on the Marketplace (UPDATE: Once the account has been hacked, they can purchase anything they wish, as reports have come in that the hackers have purchases XBL Arcade games, as well as Zune Points with the credit cards attached). Also to point out, as seen in some of the articles I've already posted, you don't have to play Fifa to become targeted; I think a couple of the articles the people said "I don't even play Fifa and my account bought stuff for it!". Microsoft is STILL staying tight-lipped and not saying anything, the only real peep that's been mentioned as far as I know, is as typical, Microsoft is trying to point the finger of blame at EA's servers, claiming they have an instability that allows for an exploit; though, that still leaves the remaining question, if the instability is with EA, why is it compromising the security of the accounts located on the XBL server!? There's more and more articles starting to turn up online about it, and Microsoft is still claiming, "we're just as secure as ever"... RIIIGHT; anywho, here's a listing of matching articles on Google related to hacked accounts used to purchase Fifa Marketplace items.
UPDATE: Here's a couple more articles that have recently poured in, be sure to check out the comments on the first one, and closely read the second one. More and more are coming to the forefront saying they're not happy and want answers... Microsoft can only deny it for so long. Anyways, here's the first article addressing the situation and here's the article pointing out that people want answers!
UPDATE: Another article with quoted blurbs about members posting how their accounts have been hacked on forums at SecurityNewsDaily. And here's another from NeoSeeker pointing out now it's XBox Live, as well as Games For Windows Live, and now even PayPal accounts aren't safe!!
UPDATE: This article from VideoGameWriters is a DEFINITE must read. It's shedding some light on the how and why XBox Live account are so easily being slaughtered by hackers. Seems there's an exploit supposedly within the FIFA coding that allows a person to recover another person's XBL account straight to their console for free access to their account, linked credit cards, and any linked services. Now, it's worth pointing out, the coding for "account recovery" is hard-coded into the console itself (as can be found in the console/account menus); so even though Microsoft is trying to shove the blame off on EA, the exploit actually takes advantage of the coding that MICROSOFT has in place to recover accounts. It would also indicate why Microsoft, as they say, "have no evidence that accounts are compromised"; where this is a standard function, it won't raise a security red flag. Though, one would wonder just how many ongoing recovered accounts they'd need to log before they stopped and thought, "this is unusual activity!".
UPDATE: Here's an article from Giant-Bomb, that focuses on both Microsoft and EA pointing out that FIFA itself is NOT directly responsible for the exploit, and that's it's no one particular game. The article eventually tries to curve to social networking, but at one point it brushes on the topic of "tricking services", which actually couples with some other evidence I had found on this issue recently. The evidence (although theoretical at best at this point) suggest embedding a certain javascript of sorts into an email and sending the email to the network server responsible for account recovery, which in turn the javascript with trigger authorization, tricking the server to believe the sender is the rightful owner of any given gamer-tag/account, thus restoring full authorization rights to said account as the [new] owner. Somewhat reminiscent of an old trick back in the day on some websites that weren't properly secured, where a person could insert the right values on the URL in the form of URL variables, which would in turn trick the server into giving one user access to another user's account/profile where they could fully view/edit any data in that account; even view data not typically seen by others.
UPDATE: Here's an article from Neowin focusing a bit more thoroughly on some hacks, as well as some screenshots of point balances and transactions. What's also interesting to note, is recently it seems many accounts are now also being transferred/migrated to Russian servers in the hack. Could it be the hackers are leaving a paper trail now? What's sad though, from what I've read on the Xbox forums, is there are many users whose accounts got migrated to Russia, that can't be transferred back, at least not yet, as the MS reps seem to inform them that the que for account transfers to the US are full, and there's no "open slots" as they put it.
UPDATE: Microsoft can't dodge much longer now... it seems now lists of XBL gamer tags, associated valid passwords, email addresses, and other account information are being leaked around the internet, it what's being dubbed a "test run" to show that it is possible to hack XBL... similarly to what happened not long before Sony got broken into. Microsoft is still attempting to call it a "phishing scheme", however, if it was "just phishing", they would have had no reason to come clean MONTHS ago informing people, "major phishing incidents are going on, beware of this and that"; but no, they keep brushing it under the rug... why? Check out this article on Gadgets + Gizmos that covers some of the details.
UPDATE: Check out this in-depth view of one of the many victims, and fellow friend of the Raptr community... on GameRevolution!
UPDATE: Microsoft is STILL trying to call this a phishing scam; big hole in that theory though, is a phishing scam usually has a detectable similarity between incidents. In all incidents so far, there's not really much of any link, not even the suspected link to an EA compromise, as many that have been hacked haven't had an EA account. I even heard from somebody that works at Microsoft support that one of their fellow co-workers was hacked. I'd really think that if it was a phishing scam that Microsoft Support is helping their users with, they wouldn't actually fall for the same "scam". I know when I worked as a network engineer and desktop support technician, typically when I knew what was hurting/effecting systems, I knew what to be careful of, how to avoid it, and not fall victim to the same issues. (Which on a side note, makes troubleshooting your own errors/issues that much harder, as most times when you can't figure it out, it's something not all that common nor easily fixable... which probably holds true for the MS employee that got hacked!)
UPDATE: Microsoft FINALLY starting to ACTUALLY admit there's a genuine HACKING issue, rather than continuing to deny it and blame it on "user stupidity"; check it out on cNet!
UPDATE: Further look at Microsoft ACTUALLY admitting to many of the XBL users being hacked, while still attempting to beat around the bush a bit, at least they're FINALLY owning up to it... after how long now, almost a year!? Check it out here on ITproPortal!
UPDATE: Turns out hackers are now also using XBox Live to prank the local authorities/police and SWAT teams to targeted homes. As seen here on ABC Action News. Wasn't long before this I recall seeing another article about a hacker that was losing on XBL sending a SWAT team to a gamer's house for "payback" under false pretenses. Seriously!? THAT is what hackers do now and days!? Things sure have changed since back in my day. In the above linked ABC Action News article, its pointed out the hackers are able to grab social security numbers, personal information such as addresses, and credit card numbers. Come on Microsoft... even IF the account gets hacked, the information should be ENCRYPTED... especially for a MINOR!
Another swatting: here in Florida.
And: here on Channel 6 News.
Also found: here on Macon News.
UPDATE: It seems Microsoft security is so weak that not even its own EXECUTIVES are safe, as the accounts of several MS execs are being hacked now too!!! Source - "Microsoft execs' Xbox Live accounts hacked, investigation still underway". (March 20, 2013)
UPDATE: Proof that the problem was never fixed as again accounts are being hacked, while hundreds of dollars are being charged on attached credit-cards for the sake of purchasing goods that are transferred off the account and later auctioned. Source - "11-year-old boy among victims of hacking, mom on hook for game purchases". (March 25, 2013)
UPDATE: It seems Microsoft security is so weak that not even its own EXECUTIVES are safe, as the accounts of several MS execs are being hacked now too!!! Source - "Microsoft execs' Xbox Live accounts hacked, investigation still underway". (March 20, 2013)
UPDATE: Proof that the problem was never fixed as again accounts are being hacked, while hundreds of dollars are being charged on attached credit-cards for the sake of purchasing goods that are transferred off the account and later auctioned. Source - "11-year-old boy among victims of hacking, mom on hook for game purchases". (March 25, 2013)
OBSERVATION: I'm truly thinking that Microsoft is somehow trying to cover this up and sweep it under the rug. I can't prove it for certain, but I've noticed something quite oddly STRANGE. Most the stuff I've linked in here, I truly had to SCOUR for. I mean, I had to toss in numerous search strings into "news" on Google to find them; such as "xbl hack", "xbl exploit", "xbl security", "xbox hack", "xbl scam", "xbox breach", etc. Most times when I would, I'd be LUCKY to find a handful of any articles that matched and were actually pertinent to the subject. I used to notice that as I found new references and material, some of the old stuff didn't seem like it was there, or wasn't being found. Now, today on March 10, 2012 (yes over a year since all the XBL issues started), I'm again scouring, but what I find odd is if I type those same strings into Google, only SOME are lucky to get 3-4 matches TOPS, and typically one MIGHT be related. While on other search engines like Ask Jeeves, Dogpile, Altavista, etc, I go under "news" search, and I don't find jack. But oddly, type in any other subject matter, and you'll have matches show up from 3-5 years ago. I truly think that Microsoft or somebody affiliated is going out of their way to have criteria, or subject matter either blocked from being found, scrubbed of meta-link search tags, or something, so that it stays off the radar. Just seems so odd, that after the whole "Playstation Hack" in April or so of 2011, the news was EVERYWHERE. You only had to go to a news site and BOOM there it was, and EVERYBODY was aware of it. But while Xbox Live users have been being hacked for over a year, with an overall stolen money amount having to be in the hundreds of thousands, maybe even millions, you have to be a friggin' private-eye detective just to find a MODERATE lead on anything!? While still yet there's absolutely nothing at all from Microsoft relating to a plan of action, the cause of the issue, any form of found exploits, what their plan is to fix it... absolutely nothing. Something smells rotten and fishy here. I've said it before, the consoles themselves, the Xbox 360 and the PS3 are each equally good, each has their pros and cons... but for the love of God, please bare this in mind, Microsoft has been a shady company for ages. Even the original start of Microsoft, what they did to Steve Jobs, and anybody else they could step on while they climbed to the top was crooked. Just keep in mind, if you're not already an Xbox Live user or an owner of an Xbox 360, but are planning to invest in the near future, I can't point out strongly enough: BUYER BEWARE!!! If you are a current Xbox Live user, just to keep yourself safe, remove any and all credit-card information, debit-card information, paypal information, and ANYTHING that could link to anything you have money in. You may hate this article, you may hate me for saying it, you may be a Microsoft fanboy, but is it really worth chancing your bank account being drained dry over? Is that a gamble you're willing to take? At the very least, remove any and all payment and financial information until Microsoft can get their head out of their rear, actually address this issue, actually give some sort of plan of attack (as Sony did with taking down the whole of PSN and fixing it), and then afterwards can prove beyond the shadow of a doubt their network is as bulletproof as they've been preaching it *supposedly* is!!!
FYI: If your account has been hijacked, or if it gets hijacked in the future, from what I've read, the best course of action is to contact your credit card company ASAP, and have them reverse the charges, maybe even reissue you a new credit card with a different CC#. Still call Microsoft to have them investigate, but from what I've read, if you only go through Microsoft, it could take over a month to recover the money, and in some cases users have reported having to take a loss on the money and never getting it back, as some MS Reps inform them of something along the lines that they can't verify the authenticity of who made the actual transaction or how it was made. If you haven't been hijacked yet, it'd be best to remove any and all credit card information from your XBL Gold account and for the time being use prepaid point cards and try to use up all the point on stuff you want or might have fun with as there's nothing for the hijackers to take. If you do need to keep a card on your XBL Gold, try to make sure it's NOT a debit card, as I've been finding that it seems near impossible to recover lost money through a debit card. It's sad this is happening, in this current time-frame Christmas is right around the corner, and these funds could be better used to pay bills and/or get Christmas presents and decorations for friends and family, so please, by all means possible, keep yourself as safe as you possibly can!
Now, the follow-up. I've been hearing chatter from some "inside source" that shall remain un-named. But one is a former Microsoft employee who now works for another big-name gaming company, who has actually confirmed and verbally said "Microsoft has been hacked". Another "inside source" from the same company informed me that their friend attempted to call Microsoft to remove their credit card data to remain safe, the MS rep informed them that they couldn't until their subscription was over, so when that friend inquired about whether they'd been hacked or not, the rep actually told them, "our network is secure as ever". Secure as ever? Okay, how do you explain all the number of reported hacked accounts that I just shared with you, as well as what could be tons of others that I still haven't found scouring the interwebz yet!? (BTW, as I find new references I'll be sure to post them here and keep all the users updated!)
Overall, the biggest problem I have with all of this. It seems Microsoft has been being hacked for quite some time now, and at first it was them losing the money over MS Points; okay, that happens, they kind of covered it up and swept it under the rug. But guess what, in doing so, it now shafts the players and end-users, because now YOU the loyal subscribers of XBox Live are now the hackers targets. The hackers can no longer keygen their own MS Points, so now they
target YOU the players, in order to get the MS Points they so seek. Here's where the problem gets even bigger; as Microsoft continues to deny any security issues, it gives YOU the players a false sense of security, as well as leaves you prone to being blind-sided. The other major issue with this, as Microsoft sits back and denies any security issues, they're stocks continue to rise and boom, while other outfits such as Sony and Nintendo who are admitting to their services being hacked, are losing butt-loads of money; so let's re-evaluate this equation. What we primarily have, is Microsoft getting richer and making more money, at the expense of Nintendo, Sony, and YOU their loyal clientele! WTF!?
Honestly, with already accumulated shady incidents in the past with Microsoft, (one of which comes to mind was the infamous blue-screen that occurred on worldwide television while Bill Gates himself was firing up the initial launch of Windows 98), if they keep sweeping this under the rug and covering it up, they're only digging their own hole that much deeper. Can you imagine the fallout this is going to have if and when it every finally surfaces? "Oh yeah, Microsoft has been being hacked for almost a year now, but we just didn't want to tell the users, and felt we'd let them keep being the victims while we hushed it up and cover it over". As much as it pains me to say it, that could ultimately be the hair that breaks the camel's back for me; how many exploited clientele is it going to take, to pad their stocks and profits that much more, before they finally come clean?? A hundred XBL users? A thousand users? A million? Maybe I'm old school, but I believe that every single individual customer, client, guest, or whatever you want to call them is just as valuable as any other, thus every single one are just as important as a million. The other thing, if and when it ever surfaces, that's going to end up plummeting Microsoft's stock value far more than it's being increased now by letting their colleagues take the fall.
Anyways, in closing, it'll be interesting to see what unfolds in the coming days, weeks, even months; perhaps Microsoft will finally come clean with their security issues. Though, if Windows was any example, they kept paving over their numerous network security issues there and wanted to pretend like they were no big deal. So, I'll let you the loyal readers decide what you think, please be safe, and by all means, if you have ANY credit card information or traces of it on your XBox Live accounts, please, please, please remove any and all traces from your console, from your account, etc. If for whatever reason you really do have to get anything on the XBL Marketplace, do as Jeff Dunham has Walter say, "get yer' sh*t and get out!", lol. Until further notice, I know it's a pain in the ^_^ , but if you need MS points, please be safe and purchase them from retailers, don't take a chance of your credit card information tying into your account and then being stolen. w0rd 0ut mah h0m1ez... Peace!¡! \m/,
No comments:
Post a Comment