My account has been hacked

I've contacted Xbox. I can login to my account. I've changed my Login for Windows live. But when I sign in to my account, all of my information is in another language. How do I change this. What else do I need to do. I'm a 40 year old guy so I'm not overly tech savvy and have no idea what I need to do from here forward.

 

Question Info


Last updated July 5, 2018 Views 102 Applies to:

When you called into Xbox support what did they tell you?

Have you noticed charges on any credit card on the account? Has your live ID been changed? Does it say your account is in a different region?

If any of those are yes, I would call back and insist to file a UA claim. Sorry for the inconvenience! I hope this helps!

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

It was moved to Columbia. They did buy 4000 MS point and tried to charge another 6000 which didn't go through. I don't know why it didn't go through because I have a very high limit on my card. I have already filed a UA claim but don't know if I should try to change passwords. Are these people using my account now? I just don't know what to do.

And how does this even remotely happen? I don't post my info on any websites. My kids are too young and uninterested to play with the Xbox. This is just baffling to me. This is completely out of the blue.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Broker, the 6,000 point purchase may have went through but then was refunded right away due to the anti-fraud measures MS has in place. If you have filed a UA claim then the work on your end has finished, all you need to do now is wait patiently for the investigation to finish. The investigation WILL take a long time, likely longer than the 21-25 days support told you.

This is because your account has been migrated. They will have to re-build your account from the ground up, this sounds like it would be a simple process but it is not. Trust me.

I could try to explain to you all the ways that they could get your information but we would both get bored very quickly. I can tell you the main causes: Giving account info to other people over Xbox live, going to websites offering Free MSP, not using a strong enough password, selling Xbox to someone else without clearing your info off the Xbox. These are the most common causes of UA.

Some people will tell you that there are programs to locate the information on someone's account, but that is a VERY VERY rare circumstance.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Suggestions.

 

Do what your instincts tell you.  If you are unsure how this could happen, immediately change your WLID password and if set, secret passphrases.  At this point I am a proponent of eliminating secret passphrases and use the Trusted PC function only; no SMS, no secret passphrases, no alternative e-mail.  If the secret passphrase is guessable or if your alternative e-mail is somehow compromised, the Trusted PC function is your only 'true friend'.  The SMS option is another alternative.

 

Call your credit card company.  Inquire.  Find out if they accepted the first charge and if they received and then denied the second charge (i.e. their fraud detection kicked in).  If either charge has shown (or any other charges from Microsoft services like Zune) -- work with your credit card company independent of your UA filing with Microsoft to have those charges removed.  More paperwork yes; but it's your money.

 

For my, while not proven and Microsoft won't admit to it -- I have enough evidence to suggest I was the victim of social engineering.  I have plenty of SRs and account inquiries posted to my account / original gamertag that were not initiated by me -- several months prior to what is known as my first breach.  This style of attack does not happen to everyone but it may be worth your while or interest to contact Xbox Live support again and validate the SR / contact history on your account.  I received e-mails from Synovate (Microsoft's partner that sends out questionaires when SRs are closed) and phone calls from "PC Safety" apologizing for hanging up or losing connection on calls I did not make.  Enough to suggest someone else was prying.  Enough to suggest the source of the leak was Microsoft -- how else could someone map up my Gamertag to an e-mail address or other personal information.  It was never posted anywhere.

 

Some light reading . . .

http://gameolosophy.com/games/sports/total-club-manager/how-hackers-get-your-personal-details-from-your-xbox-gamertag/

 

 

In the end, if you have access to your WLID and can log in to your XBL account via your console; whether in Spanish or another language (Columbia?) -- at least changing your passwords and performing actions as suggested above will work in your favor.  It would be less likely to be breached again.

 

If you come to find you too were a victim of social engineering (you could have played a game with some kid you taunted and pissed off who took it too far and jacked your account) after verifying 'extra' calls made at times you didn't initiate them -- consider changing your WLID entirely and moving your account to it via the console and changing personal information like address/phone number/zip codes, etc to fake or alternative data.  Chances are, those people know who you are and know more about you than you want to ever know.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Well I am 40 years old. I don't go to any websites and I don't put my information on them. I don't do anything out of the ordinary. I just buy games and play them. Nothing more, nothing less. This is what makes it so puzzling for me. I appreciate the responses. I guess I will wait. Still haven't heard anything from Microsoft. Not one word.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Good luck. I had this happen to me as well.

I'm in the same situation except I didn't have a card on file so they were only able to spend my points I had on my profile. Also I mostly play single player games as well.

They've given me codes to replace my points and a 12 month gold as well. Then the initial investigation was closed with out them even informing me. I found out once I called back to see what was was going on with the investigation that it had been closed and never received contact in my email or alternate email. So I had them start another investigation and that was back in August. Also my account was Migrated to Brazil so everything is in Portuguese. The thing is I didn't even know that this happens or that they have Xbox down in Brazil until this all happened. This was back in July 9th and I'm still waiting to hear back from Microsoft. The last time I called the guy I spoke with seemed like he knew a lot more then people before me. Everyone else was saying when an account get's migrated that there's nothing that can be done. The last person I spoke to said that it when an account get's migrated that it adds about an extra month to the investigation. They have to contact the foreign countries side of things and investigate it on their end. He said they had to do that to override laws that are in place that prevent them from just being able to do migrate it back. It's these laws that prevent being able to self migrate accounts to the U.S. That was last week the last time I called.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Billowy, that's the dumbest thing I have ever heard. It took them less than one day to move me to Columbia. Microsoft needs to buck up and just give me the account back. Heck, just keep the $50 they stole from me. I just want the account back.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Hey Billowy they told you would get the account migrated back to the US?  All I have been told that there is no timeframe over and over again and there is currently no way to migrate it back to the US.  My account was stolen and migrated to Russia.........If what you say is true that is a relief and I hope I can get my full account back soon.  Here is a link to my thread.

http://forums.xbox.com/xbox_forums/xbox_support/f/12/t/104835.aspx

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Ouch man, hopefully you are able to get it back eventually. Don't feel too bad, more than likely you were one of the many who had their account info leaked by either EA or XBL. Last time I called they said they were investigating it but since your account is already migrated it could be quite some time (months) before you get it back, if you do get it back.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.