As powerful as the players in the gaming console market are, they ain't bulletproof. Sony discovered this last year, when their entire system was breached, leaving millions of users to face unexpected downtime while security was tightened on their network. Though all other security infringements seem trivial in comparison, Microsoft has a bit of a problem of its own. Two weeks ago, I experienced it first hand.
My first warning was an email sent to my Windows Live email address warning me that my purchase of 6000 Microsoft Points was denied due to outdated credit information on file. I didn't remember authorizing that purchase, but I was a little to busy at the time to dig, so I let it slip through the cracks. A day later I go on Xbox LIVE's web portal to download one of the newest demos only to notice that my long standing balance of 1000 some-odd points had been fully depleted, and I was staring at a big donut. Now something wasn't right. I checked out my account history, and sure enough my digital funds had been hit for a few 200 point "Gold Pack" items - a sort of booster for FIFA '12 - as well as a few attempts to buy 6000 point cards on an outdated credit card tied to the the account.
Confused and enraged, I did what any logical netizen would do at a moment like this: bitch about the happenings on a public forum. To my surprise, Microsoft promptly intervened to assure I'm informed on how to handle the situation. The voice of the Xbox brand, Larry "Major Nelson" Hyrb, chimed in on my Google+ thread, while Xbox Support hit me up on Twitter. Both parties informed me of the best course of action which, as a former paranoid schizophrenic, I was already well on the path to. The assistance cannot be discounted though.
After changing all Windows Live credentials, I phoned Xbox support directly who, after the 5-step verification system, informed me of the investigation procedure: the account would be locked from all online activity while the digital gumshoes did their sleuthing. With the review of SoulCalibur V under construction at the time, I decided to put off the investigation until said review was completed. My account was already stripped, what could a few extra days hurt?
Once I was all done parading my created SoulCharacters on the online stage, I called Xbox support again. I was helped by a nice young dude who probably moonlights as one of those guys in Black Ops who snipes you from across the map and calls out your mom for giving birth to a failure. Really nice guy. I called while I was on my way home from work, and he was kind enough to hold the line as I power-walked home and booted my console to retrieve the necessary IDs for the investigation. He handled my information smoothly and reassured the process wouldn't cause my account too much down time. Three days later I received an email stating my account was reactivated for online use, along with codes for one free month of Xbox LIVE Gold service and 1100 worth of Xbox funny money - 20 points more than what was stolen from me.
The FIFA hack is not an isolated attack. Others have experienced it, and until Microsoft figures it out, people will continue to. This story is every bit a cautionary tale as it is a testament to the fantastic Xbox support system. Here are the takeaways:
- Use strong passwords: preferably a nonsensical mix of letters, numbers, and symbols. Change it every few months
- Monitor your activity: keep an eye on your usage to assure that it is indeed yours
- Do not keep credit cards on file: Prepaid cards exist for a reason. They aren't as convenient but they are secure. Use 'em!
- Act now: if you have the slightest inkling that your account has been jeopardized, contact support and raise your concerns. Better safe than sorry!
Finally, to the hacker that got me: thanks for the FIFA '12 achievements. Hope you enjoyed being me for a night, and I hope you get what's coming to you.