Compromised account

Hi,

First off, I don't know if this is the right forum to post this but if its not please direct me to the correct one.

Today I discovered my account was compromised.  Here's the chain of events.

I typically use the Live ID associated with this account to manage my company's business relationship with Microsoft via Volume Licensing Agreements (VLA).  The last time I signed in was the first week in Jan, 2012 to get some product keys.  Today I had to update our agreements with Microsoft and attempted to sign in.  The password I used did not work and after some time I was able to get it reset on my own.

With lots of suspicion, I did some poking around and noticed several interesting emails one of which was a survey from Xbox support about my recent call to them.  From this I can extrapolate that the hacker used social engineering techniques to get the support staff to get the email reset for them so they could assess this account.

I also notice two email confirmation for Microsoft Points purchases - 4000 and 6000 points.  Lastly, there was an email for an EA Master account registration.

I also went to the billing website and noticed a credit card attached to my account.  At no time did I ever attached a credit card to my account and I suspect it belongs to someone else.  Furthermore, I do not recall ever creating an Xbox Live gamercard with this account but I am not sure about this part. There is a name that is not mine in the billing info on the billing website.

My concern is that I don't want someone coming after me for fraudulent conduct and I would like xbox live to thoroughly investigate this issue and involve the authorities as necessary.  I will happily provide a cell phone and/or home phone if someone in the U.S.A. would like to talk to me about this.

 

Question Info


Last updated July 5, 2018 Views 27 Applies to:

You would need to call support and have them open an unauthorized access investigation.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

I don't even game with this account and as you can see the only game is FIFA.  From what I've been reading there are some type of hacking going on with FIFA.

Furthermore, I'm afraid to contact support because I don't want to speak with anyone outside the USA.  I've read to many nightmarish stories with support outside of the USA where people got their account deleted, etc, etc.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Phone support are the only ones who can help with these kinds of issues because they are the ones who will have to verify you are the owner of the accounts.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

dsanman - As Smwutches mentioned, please contact Phone Support at your earliest convenience to file an Unauthorized Access claim on your account. You can find the number in your region by following the prompts here: support.xbox.com/contact-us

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Ugh we just went through this same thing last week! Except it was in fact MY credit card they were using to buy points with.  $135 worth of points.  Just call Xbox.  Their support is really great in this situation and they resolved our case in 3 days.  

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

I think people have misinterpreted  the problem.

The OP's compromised WLID was used to create the account he's now posting with (although the OP isn't sure). He didn't actually have an account associated with the compromised WLID prior to being hacked. I am intrigued to know how Xbox support would know about that being a WLID and the personal info contained therein without that e-mail having an account associated with it. As such I'm wondering if what actually happened was that they (the hackers) called up in the hope that the OP's WLID was attached to an account and found that it wasn't which would indicate they got the info from elsewhere which would explain the e-mail survey and how they got the info required to reset your password. 

As is I'd suggest that you make your e-mail provider aware that your account was compromised and have them take care of it then inform EA that an account was created using your unlawfully obtained e-mail address and that you'd like said account closed. As for the credit card I'd make absolutely sure it isn't yours first. If it is yours then you'd need to have words with your credit card provider, if it isn't then there's not much you can do. At least if you do everything above board with regard to getting your compromised account sorted you can point to that and say "actually I had no part in this" if someone tried to implicate you in something. 

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

I called support and they've started an investigation.  Its is beyond me how they got my email as I haven't send any emails from this WLID in several years.

As far as EA is concerned, I got an email from them with a link to click on if I did NOT create the "Master account" which I did click on.  I'm 100% sure the credit card is not mine.

I'm also certain I did not create a GT using this WLID and as you can see, there is only 1 game listed on the GT and the achievements are dated Jan 10, the day the fraudulent activity occurred.

Here's a link to the fraudulent purchases.  Its a pdf file.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Strangely your culture level is at three so the account appears to have been in use for some time on the forums (CUL goes by post count). This makes me think the account was created before your e-mail was commandeered and then your e-mail was added to it at a later date. That said it could just be a bug. 

The story gets stranger and stranger. 

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.