Account Compromised - Ridiculous Recovery Delays (Part Two)

Because microsoft effectively did not answer the question in the first thread located here http://forums.xbox.com/xbox_forums/xbox_support/f/12/p/103475/493600.aspx#493600 and locked it, I'm making a new thread to update for the people who were involved in the discussion. (And hopefully let microsoft support know what's going on.) I fully expect this thread to be locked or even deleted, but with some luck some of the people affected get to read this before they do.

 

 

The problem (well not my specific problem, but the problem of a number of people having their accounts compromised and microsoft not recovering them to their proper owners) has made it into the gaming media, making the front page of Ars Technica, Joystiq, Eurogamer, and probably more gaming websites I'm not aware of. Hilariously, microsoft did respond to the media saying. "We are working with our impacted members directly to resolve any unauthorized changes to their accounts." Apparently telling people on the phone to "be patient" and refusing to give out any information whatsover is considered "working directly with our impacted members." Gotta love how they flat out lie to the media.

 

 

I did finally get an answer from microsoft after I officially filed a complaint with the better business bureau, telling me they were looking into it and would call me next week to discuss the issue. Frankly, I doubt it'll do much good, but it's something. I strongly suggest that all affected users file complaints with the BBB as I did, microsoft is actually taking notice of them. Keep contacting the media with your stories. It's the only way we'll get microsoft to acknowledge and fix the problem.

 

 

To microsoft forum support staff members reading this: please report this situation and as well as those of other people in the same situation as me (as evidenced by countless threads here with the same issue and the large number of replies to my initial thread) to your superiors as frenquently as possible. I understand that you would help us if you could, but are either not being put in a position to do so, or are told not to talk about this to users. However I'm sure that you are aware of the ridiculousness of the situation, and that something has to be done. Even if you can't answer us or help us directly, you can be part of the solution and not of the problem by relaying as many of these stories as possible to your superiors, and making them understand that it is a significant issue with the service that urgently needs to be resolved.

 

Question Info


Last updated July 5, 2018 Views 0 Applies to:

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

Get em!!

I'm right there with you. Coming up on 3 months now and my account still isn't fixed. I've been making weekly calls, and only recently been told that "fires have been lit" under the appropriate people to get this resolved. Why there isn't a safeguard for an irreversible, account crippling region change with all these account compromises going on is a mystery to me, but it NEEDS to be fixed.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Same here 64 days! Why is it taking so long?

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

I feel bad about this hope you get it back

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Hi dnx,

I'm right there with you. My account was hacked on 9/11/11, and I'm still waiting for the investigation to be completed. To be honest, my interactions with XBL support has been positive. Although, I, too, get the sense that MS isn't being forthcoming with details about the increased number of accounts being compromised. If that's true, then the only reasons I can think of are obviously, liability, but also, if they haven't fixed the leak (yet), then describing how our accounts were compromised wouldn't be smart.

I am not interested in hurting Microsoft or XBL, however I do want to emphasize that they've created a community that is important to a lot of us. Even though they have no monetary value, I care (a little bit) about my achievement score. I care about my save games (I wonder if they'll be lost when I eventually recover my gamertag). I value the opportunity to play video games with my friends across the country and strangers that I'll never know. However, with the recent compromise to my account, I feel vulnerable. I don't know if I can safely play online anymore. Was I targeted somehow? Was I a victim of "social engineering"?

Yes, I've been to the XBL Security page and have activated all those identity measures that weren't already activated. I just still feel that going back online isn't safe anymore. I think MS needs to say something on this matter to give their users confidence that it is safe to be part of the community that they've built.

And I give this thread until about 1:00 pm PST 10/15/11 before it's locked down.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

I guess we have to get those posts in in the next 14 hours!

 

I agree with your points. I chose to buy an xbox instead of a competitor's system specifically because of microsoft's long history in writing software and providing services, with the idea that they would be better at it than the competitors who do not have this sort of background. I actually liked their service... back when I had access to it.

 

That said, I find that microsoft's way of handling this whole thing has been absolutely terrible. I get that it's probably not in microsoft's best interests to disclose what is clearly an increasingly significant security problem related to their services, but not not communicating any information whatsoever to their customers and telling them to "be patient" seems like the worst possible way of handling it. There are ways for companies to protect their interests without treating their customers like complete garbage. It seems to me that the moment they made the decision to tell their support staff not to give out any infomation whatsoever to their paying customers, (which is an obvious pattern in the large majority of stories I've read about this issue over the past week) they chose not to their us with respect. Consequently, despite the fact that like you, I take no pleasure in yelling about this from the rooftops, I won't exactly feel bad about it if that's the end result. I'm pretty sure it would have been pretty easy to come up with a better answer than "be patient" over the course of seven weeks.

 

In any case, the large number of reports I've seen on the websites that reported on the story earlier today tells me that the information is already out there, so if their lack of communication was an attempt to not give potential thieves information as to how to more effectively compromise their system, I'd say that did not exactly work. What microsoft needs to do is to:

 

1-  If this hasn't been done already, immediately put a stop to account transfers to different regions until they put in the ability to change in back in the case of accounts being compromised.

2- Put every available resource to fixing this issue for all the customers affected.

3- Immediately communicate with the affected customers, explaining in detail what happened, what they're doing to fix the situation, and when they expect it to be fixed. (And that better be very soon...)

4-  Provide adequate compensation to people affected for the weeks/months that they did not have access to the service.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

On day 61 here.  Used up my 1 Mo. prepaid code and now I'm just waiting.  Don't understand why its taking so long.  

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

hi there if your thread was locked or deleted please do not repost it as the support forum is not a place to chat about anything im sorry that your accounts are taking so long but micrsofts enforcement team must do their investagation and there is nothing that can be done to speed them up im afraid like i said im sorry but any type of repostinig after your forum is locked is spamming so dosent that violate the forum rules so by reposting this surly you can expect more then a forum deletion im not a moderator but i know spamming is a violation and hope you do not take any offense of my post theres no spamming aloud here sorry

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

@Misconfigured

Hi there. Please don't take offense to this post. The threads that I have been interested that have been locked or deleted seem to want to discuss the mechanisms of how so many XBL accounts were compromised. As you can see, many of these accounts had credit card information attached, and therefore we are paying customers. For you to label such threads as "spam" - defined as indiscriminate use of electronic messaging systems to send bulk messages - is intellectually lazy.

It is not unreasonable for the paying consumer to inquire how his or her account was compromised. If it is entirely my fault - letting trojans or keystroke loggers run free on my computer, then tell me how to remove them (followed by a strongly worded letter to the producer of my antivirus program). Social engineering? Please. That's such an inefficient way to get personal information - for the dozens/hundreds/thousands of accounts that have been compromised, the criminal(s) might as well have just gotten a real job with that time. Did a bunch of us have the gall to have a duplicate password on another site? If so, then that site got hacked and hasn't been forthcoming either.

In the end, those of us who have had their account passwords leaked are still looking for answers. And finally the media is picking up on it. Can't hide forever...

 "any type of repostinig after your forum is locked is spamming so dosent that violate the forum rules so by reposting this surly you can expect more then a forum deletion"

I think this is harsh and inappropriate for you to say. Are you really a Xbox Live Ambassador? How did you get that title? Did you send in a curriculum vitae with a personal statement? I hope you used more punctuation in that essay than you do in your forum posts. Really, no offense - but punctuation works.

http://beidaenglish.com/learn-english/why-do-we-need-punctuation-marks-in-english-language/

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

[quote user="Mikey Mud"]I think this is harsh and inappropriate for you to say. Are you really a Xbox Live Ambassador? How did you get that title? Did you send in a curriculum vitae with a personal statement? I hope you used more punctuation in that essay than you do in your forum posts. Really, no offense - but punctuation works.[/quote]

Those are the rules and if you continue berating & patronising the regulars for daring to tell you those rules and politely asking that you abide by them you'll quickly find your thread locked and your access to the forum revoked. In spite of what has happened you cannot demand that certain rules not be applied to you nor does that give you free reign to say what you want to whom you want. Questions?

Now onward to people asking why they're not getting any answers. I ask those people this; would you prefer an answer that is definately 100% correct, will have been shored up to prevent further breaches and provides the most painless method for you to reclaim your accounts at the cost of being a bit slower to get out to the masses. Or would you prefer an answer that gets out to the masses inside of 3hrs of it being discovered but then changes 3hrs later when it turns out they were wrong...Then changes again...And again....And again?

They're obviously aware of the problem as they stated to Eurogamer and other sites.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

hi i would like to apoligise i obveously did offend you im sorry but i was just reminding you of the rules you are paying customers yes but i told you it cant be changed they need time to do an investagation i am just simply following the rules but you questioning me being an ambassador now that just offended me i can understand your anger but ambassadors are gamers like you and your friends we just awnser questions and help others im not superior and i have helped others but please follow the rules i respect you and all but thats just put me off this thread so im going to go befor i start an arguement i dont want this i apoligise yes i was a bit harsh i dont know the enforcements issued but im afraid this is reposting when locked it dose count as spam and plus no one here can do anything to your account they can say i agree but im pretty sure tier_3 agents are phone only

im sorry for any inconveniance

im not going to be reaplying anymore so

have a nice evaning

bye

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.