Before I begin this post I would like to disclose that I was told to post my formal complaint here by the X-Box Live support hotline at 1-888-4MY-XBOX.
At the beginning of last month, someone gained access to my X-Box live account and was able to get my credit card information to make purchases for their own X-Box. In response, I contacted X-Box Live support and had them open an investigation. In the meantime, I cancelled my credit card and had my bank refund the funds associated with the fraudulent use of my account.
During this initial phone call, I had asked: "I work with technology for a living and know my passwords are strong and I obviously don't disclose my password to anyone and haven't used it outside of my X-Box login. How could this infiltration have occurred?"
The support agent stated, "Did anyone invite you into a private party to play a game?"
I stated, "Not me, but my nephew has been playing Borderlands with people he met online and probably joined one, why?"
The agent said, "Oh, well, people who invite you into private games can get access to your login information on your console."
I said, "Wow, that's a gaping security hole, why wasn't I informed of this when I log into live?"
She replied, "Oh, we always recommend you don't accept game invitations from people you don't know."
I responded, "No you don't, I've never been recommended as such, wouldn't it make more sense to require someone to be your friend before inviting you if such a security hole exists?? Or at least let people know?"
She responded, "We are working on getting the issue resolved and apologize for the inconvenience"
I stated, "That's fine, no big deal, how long will this take?"
She stated, "An average of 2 weeks you will not have access to your full gold membership."
I said, "Understandable."
So two weeks go by and I didn't hear a peep from the X-Box live investigation team, or from Microsoft Support. On week two, I decided to give them a call because my friends wanted to play Call of Duty MW2 and I didn't have access to my profile.
I asked the agent when they expected my account to be released from the investigation. The lady said, "Oh, we are currently backlogged, it could take up to three weeks for the investigation to complete." Somewhat annoyed, I shrugged it off and told her that's fine, I'll just wait it off.
So week number three shows up and still no word from X-Box regarding my account, so I pick up the phone and call again. The gentleman on the phone was courteous and I began to express a little bit of frustration when he told me, "Oh, investigations are taking from 21 to 30 days and they should have told you that doesn't include weekends or holidays."
I asked him to look into my account and he seems surprised to see that the investigation was never actually opened! "Something is definitely wrong here, I will send a personal letter over to the investigation team to see what's going on. It should take up to 72 hours for them to receive it and do something about it" I told him I appreciated his looking into it and it seems ridiculous that after 3 weeks not only have I been feed mis-information but no one has even looked at it when I've called over three times regarding it. Naturally, he agreed with me.
So I hung up the phone and two days go by then I receive an e-mail from the technical support team stating they just received my case and it may take up to 21 days for the investigation to complete... at this point I was stating, "You've got to be kidding me." So I picked up the phone again and called support. The gentleman on the phone could not tell me whether or not it was going to take another month. I asked him if there was anyone I could talk to regarding the status of the investigation, he said no. I asked him if there is any way what-so-ever I can get this expedited due to their obvious mistakes, he said no. I asked him if there was anyone I could talk to at all to explain the situation to them, he said no.
Finally, I asked him if there was anywhere I could post feedback regarding this experience so someone from X-Box live can actually realize how much of an inconvenience they have put me through, that was when he told me to post it here at the forum.
What Microsoft doesn't realize is I run a technology based website that often reviews the quality of technology, and up to this point I've had three great years with live. But the past four weeks have been a total train-wreck.
Essentially I paid Microsoft a monthly fee to give my credit card information away through a gaping security hole, then lock down my account profile with all of my work on it, then lie to me three times about when it would come back up and in the end simply state, "Sorry man, there's nothing you can do, you'll just have to deal with it."
I will be contacting Microsoft again once this whole issue has been resolved and let them know I am planning on doing a complete investigative report regarding the issue and placing it on my YouTube channel of over 3500 subscribers and my Website which receives well over 50,000 pageviews per month. They will have one opportunity to explain the following:
1. Why it is even necessary to lock your account to investigate an issue (I still have yet to get a legitimate response to this question).
2. Why no one in support can actually look into the status of your investigation.
3. Why their employees are lying to end users to get them off of the phone.
4. Why their support team cannot communicate with the investigation team.
5. Why they are not informing their customers of obvious security holes that can cause them to be the victims of fraud.
6. Why they have not increased their security as a result of the recent "surge" in fraudulent claims.
7. Why I am greeted with a dashboard advertisement for getting gold for 1 dollar by simply putting in my credit card information in when they are well aware of these security holes.
8. How I can, in good conscience ever recommend their service to the countless people who ask me for technology advice.
So this is my informal report. Microsoft needs to get themselves together. I, for one, will likely be switching back to PC gaming through Steam, because their service is both secure and if you are a victim of fraud, no account locks are necessary and they take care of you in a timely manner. I will also be recommending users never EVER place their credit card information on their X-Boxes or make purchases through them because they are inherently insecure. They will need to purchase pre-paid everything.