An alarming number of 360 users are reporting that their Xbox Live accounts have been compromised and, curiously, used to purchase content for EA’s FIFA 11 and 12 games, according to a report by Ars Technica. It’s a curiously specific problem; gamers have been alerted via mail that purchases were made against their Xbox Live tags – some to the tune of hundreds of dollars – and have found that FIFA 11 or 12 were played on their accounts. Many of the affected don;t even own FIFA…so what’s the deal?
"Yesterday, my live account got hijacked and charged just over $100. Specifically, two large purchases of points followed by the download of FIFA 12, which had 2 achievements unlocked for the game, and every MS point spent on Gold Premium Packs and DLC," one ARS reader said. HE says his Xbox was off at the time, and that he received notification of the football themed spending spree via email.
Reddit, the odd community where everything on the internet ends up has evidence of just how common a problem it is. One affected user blogged about his ordeal said “all of the Microsoft points that were stored in my XBL account had been spent on in game items for FIFA 11 (I don’t own that game… hell, I don’t even like soccer video games) and whoever spent my MS points had then tried to purchase more. Presumably, when that purchase failed, they abandoned my account and went on to steal from some other unsuspecting gamer.”
So what’s going on? Has Microsoft’s Xbox Live service been compromised, is there a dodgy exploit to be found in EA’s FIFA games – or is it just a widespread case of greasy social engineering and stupidity? Here’s Microsoft’s statement on the matter:
“We do not have any evidence the Xbox LIVE service has been compromised. We take the security of our service seriously and work on an ongoing basis to improve it against evolving threats. However, a limited number of members have contacted us regarding unauthorized access to their accounts by outside individuals. We are working with our impacted members directly to resolve any unauthorized changes to their accounts. As always, we highly recommend our members follow the Xbox LIVE Account Security guidance provided at www.xbox.com/security to protect your account.”
One way Microsoft has been dealing with the problem is by locking the affected accounts for 25 days while they investigate – but to their credit, many customers have reported receiving reimbursement for the unauthorised spend on their accounts. I just find it odd that for the most part, this all seems to be swept under the rug.
Last Updated: October 17, 2011