Seems that this is becoming a widespread issue. A few simple questions really;
1.) How has no one at Microsoft/EA acknowledged that there is a problem with this?
2.) What steps are being taken withing Microsoft/EA to stop it?
3.) Why are some users being told their account are locked down for 25 days and others told 30 days?
4.) Why does it take this long? MS can surely see I sign in from one specific console ID/serial number. If my gamertag suddenly signs in from a random location, with an entirely separate ID and then start spending huge amounts of points, followed by me calling to report unauthorised access, surely common sense would dictate that this should be a simple and quick process!