Formal Complaint Regarding X-Box Account Investigations

Before I begin this post I would like to disclose that I was told to post my formal complaint here by the X-Box Live support hotline at 1-888-4MY-XBOX.

At the beginning of last month, someone gained access to my X-Box live account and was able to get my credit card information to make purchases for their own X-Box. In response, I contacted X-Box Live support and had them open an investigation. In the meantime, I cancelled my credit card and had my bank refund the funds associated with the fraudulent use of my account.

During this initial phone call, I had asked: "I work with technology for a living and know my passwords are strong and I obviously don't disclose my password to anyone and haven't used it outside of my X-Box login. How could this infiltration have occurred?"

The support agent stated, "Did anyone invite you into a private party to play a game?"

I stated, "Not me, but my nephew has been playing Borderlands with people he met online and probably joined one, why?"

The agent said, "Oh, well, people who invite you into private games can get access to your login information on your console."

I said, "Wow, that's a gaping security hole, why wasn't I informed of this when I log into live?"

She replied, "Oh, we always recommend you don't accept game invitations from people you don't know."

I responded, "No you don't, I've never been recommended as such, wouldn't it make more sense to require someone to be your friend before inviting you if such a security hole exists?? Or at least let people know?"

She responded, "We are working on getting the issue resolved and apologize for the inconvenience"

I stated, "That's fine, no big deal, how long will this take?"

She stated, "An average of 2 weeks you will not have access to your full gold membership."

I said, "Understandable."

So two weeks go by and I didn't hear a peep from the X-Box live investigation team, or from Microsoft Support. On week two, I decided to give them a call because my friends wanted to play Call of Duty MW2 and I didn't have access to my profile.

I asked the agent when they expected my account to be released from the investigation. The lady said, "Oh, we are currently backlogged, it could take up to three weeks for the investigation to complete." Somewhat annoyed, I shrugged it off and told her that's fine, I'll just wait it off.

So week number three shows up and still no word from X-Box regarding my account, so I pick up the phone and call again. The gentleman on the phone was courteous and I began to express a little bit of frustration when he told me, "Oh, investigations are taking from 21 to 30 days and they should have told you that doesn't include weekends or holidays."

I asked him to look into my account and he seems surprised to see that the investigation was never actually opened! "Something is definitely wrong here, I will send a personal letter over to the investigation team to see what's going on. It should take up to 72 hours for them to receive it and do something about it" I told him I appreciated his looking into it and it seems ridiculous that after 3 weeks not only have I been feed mis-information but no one has even looked at it when I've called over three times regarding it. Naturally, he agreed with me.

So I hung up the phone and two days go by then I receive an e-mail from the technical support team stating they just received my case and it may take up to 21 days for the investigation to complete... at this point I was stating, "You've got to be kidding me." So I picked up the phone again and called support. The gentleman on the phone could not tell me whether or not it was going to take another month. I asked him if there was anyone I could talk to regarding the status of the investigation, he said no. I asked him if there is any way what-so-ever I can get this expedited due to their obvious mistakes, he said no. I asked him if there was anyone I could talk to at all to explain the situation to them, he said no.

Finally, I asked him if there was anywhere I could post feedback regarding this experience so someone from X-Box live can actually realize how much of an inconvenience they have put me through, that was when he told me to post it here at the forum.

What Microsoft doesn't realize is I run a technology based website that often reviews the quality of technology, and up to this point I've had three great years with live. But the past four weeks have been a total train-wreck.

Essentially I paid Microsoft a monthly fee to give my credit card information away through a gaping security hole, then lock down my account profile with all of my work on it, then lie to me three times about when it would come back up and in the end simply state, "Sorry man, there's nothing you can do, you'll just have to deal with it."

I will be contacting Microsoft again once this whole issue has been resolved and let them know I am planning on doing a complete investigative report regarding the issue and placing it on my YouTube channel of over 3500 subscribers and my Website which receives well over 50,000 pageviews per month. They will have one opportunity to explain the following:

1. Why it is even necessary to lock your account to investigate an issue (I still have yet to get a legitimate response to this question).

2. Why no one in support can actually look into the status of your investigation.

3. Why their employees are lying to end users to get them off of the phone.

4. Why their support team cannot communicate with the investigation team.

5. Why they are not informing their customers of obvious security holes that can cause them to be the victims of fraud.

6. Why they have not increased their security as a result of the recent "surge" in fraudulent claims.

7. Why I am greeted with a dashboard advertisement for getting gold for 1 dollar by simply putting in my credit card information in when they are well aware of these security holes.

8. How I can, in good conscience ever recommend their service to the countless people who ask me for technology advice.

So this is my informal report. Microsoft needs to get themselves together. I, for one, will likely be switching back to PC gaming through Steam, because their service is both secure and if you are a victim of fraud, no account locks are necessary and they take care of you in a timely manner. I will also be recommending users never EVER place their credit card information on their X-Boxes or make purchases through them because they are inherently insecure. They will need to purchase pre-paid everything.

 

Question Info


Last updated July 4, 2018 Views 0 Applies to:

Thanks for your thoughts.

  1. Unnecessary to protect my account, a simple change of credentials and removal of credit card information is all that would be necessary.
  2. It would be pertinent to allow your "support" hotline to actually "support" customers who are victims of fraud. Or perhaps I am expecting too much.
  3. Incompetence and lying quite often go hand in hand, and neither are acceptable business practices for a service provider that charges a monthly fee
  4. See 2.
  5. Here we get into a ethical debate: Is it ethical to collect and store clients credit card information in your system if you know for a fact that system has been compromised and can still continue to be compromised? Is it not pertinent to warn those providing you the credit card information that the risk not only exists but is not repaired?
  6. Outside of their control but not outside of their responsibility to protect their clients.
  7. Yes it does, when you are advertising a service that has been compromised and will put your clients directly at risk of fraud.
  8. Not 4 weeks, we will be going on 8 weeks now. 4 weeks would have been acceptable, but as specified in my post, it took them 4 weeks to give me the 4 week notice.

Response to your notes:

PC Gaming does run on Windows, but the Steam platform stores credit and account information on their secured cloud in which they hold responsibility for the security of those credentials. Un-related to Microsoft, in this sense.

Whether or not Credit Cards are inherently insecure is irrelevant. The complaint here is that Microsoft has put no effort to notify their customers and clients of precautions to protect themselves against an obvious security threat that can result in the theft of their credit card information and Live Accounts (which store up to 5 years worth of work for some clients).

To address the issue " fraudulant claims are the result of the user's own idiocy" is completely wrong in this case. According to what I have researched, users need only accept a party or game invite from someone they don't know. Tell me, is not the purpose of on online gaming network to game with people you do not know? Also, if this behavior is considered "idiocity" then just about everyone on the internet is an idiot. The purpose of online gaming to is game with people other than yourself you have never met.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

1) This is clear - to block access from the people that stole your account.

2) Corporate red tape. Support is at the bottom here, they can't see what the "xbox detectives" do.

3) Incompetence =/= Lying

4) See 2. The teams likely aren't even in the same nation.

5) Exploiting that hole requires the thief to modify their xbox, the punishment for which is an instant console ban. Informing everyone this is even POSSIBLE will inform said thieves they can do this.

6) The recent surge has to do with a bug from the electronic arts website, outside of Microsoft's control.

7) Advertising has nothing to do with security holes.

8) 3 years positive, 4 weeks negative? Sounds fine to me.

-

Some notes:

PC gaming runs on windows. A Microsoft platform. Enjoy the switch from Microsoft to Microsoft. Steam is also much much smaller than Xbox live, so there is far less work to be done.

-

Credit Cards ARE inherently insecure. Seriously, the next time you are asked to sign a receipt, sign it "Superman". 99.99% of the time, THEY WILL NOT LOOK.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

[quote user="RevolverCC"]

As you know I posted this here because it was where the support team at 1-800-4MY-XBOX told me it was where I could leave feedback for actual representatives regarding this issue.

Since this has apparently fallen on deaf ears. Is there any formal complaint department with Microsoft I can contact regarding this issue?

I'm interested in Microsoft improving their customer service regarding these issues and assume there is a complaint department that handles feedback for just these reasons.

[/quote]

The users on the forum are mostly community members like yourself.  There are a few Xbox Support Staff, they will have "Level: S" under their name. 

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

I woke up this morning with an email saying that I purchased 6000 Microsoft points.  On my way to work, I received another email stating that I had just purchased 4000 more points.  I thought it was interesting that I had purchased points while I was sleeping, but purchasing them while driving is even more of a feat.

After speeding to work, I changed my password/security question, called Microsoft, and started the ball rolling.  Luckily

I guess I won't have Xbox live for 2 months....

Did anyone else ever have this happen to them?

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Sorry, I am really started to get annoyed now.

I knew this was happening to others in a big way.

I too have had an email saying they have opened my case.  And that I would NOT have any access to my account, live services etc.  Since I am posting here now, it seems they were lying.

I have already cancelled the card, so they are not getting their money.  It is at the point where they can cancel my account if they wish, I really don't care any more.  What I do care about is the fact the information was stolen in the first instance.

I want to make this more public, like Sony's break in was, but it doesn't seem to catch.

Anyway, I dont think it is as clear cut as a simple person hacking, too many coincidences makes me think this was something Microsoft did to boost its figures and hope people either didn't catch the emails, or would allow it to slide.

One thing that is sure, I wont buy another Xbox after this! Even if they do give me my money back.

Oh and forgot to mention, they also gave me a free months online pass, which I do not want. So if anyone has been affected by this, and wants a free month on-line, PM me and I will send you the code.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

As you know I posted this here because it was where the support team at 1-800-4MY-XBOX told me it was where I could leave feedback for actual representatives regarding this issue.

Since this has apparently fallen on deaf ears. Is there any formal complaint department with Microsoft I can contact regarding this issue?

I'm interested in Microsoft improving their customer service regarding these issues and assume there is a complaint department that handles feedback for just these reasons.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

[quote]"Oh, well, people who invite you into private games can get access to your login information on your console."[/quote]

Well this is a load of bullploop.

The most anyone can get from you in a private party is your IP address. The only way they can get a hold of your log in details is if you tell them yourself.

1. This is to stop people making purchases on your account

2. Because support are seperate from investigation

3. Pass

4. See 2

5. Because you were misinformed

6. Because the majority of these fraudulant claims are the result of the user's own idiocy (see 10th prestige lobbies and similar).

7. See 5 & 6

8. That's a personal matter for you.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.