Xbox Hackers Alert-EA Servers etc

pH

gizmo wrote: »

They haven't been quiet though? MS have already made a statement on the matter, they said XBox Live (and by extension its security) hasn't been breached. Technically speaking, they are correct even if it turns out the above system is the one which is being used. That doesn't mean they shouldn't change the current system. Personally I think they should lock the account down after 3 password attempts but that opens up a veritable can of worms with regard to dealing with the consequences.

Which means if you know just someone's liveid (and not the password) you can lock them out of live just by typing 3 random passwords - you'd open the door for barrel-loads of griefing.

NORTH1

gizmo wrote: »

They haven't been quiet though? MS have already made a statement on the matter, they said XBox Live (and by extension its security) hasn't been breached.

The evidence would seem to say they have a security issue. The fact the credit has been stolen from accounts, Ms is locking these accounts must lead people to believe that there has been unlawful access to these accounts. At the moment Ms is blaming the consumer, but they do that a lot, until the weight of evidence is too much to deny.

Ms denying they have a problem is nothing new for them....

gizmo

pH wrote: »

Which means if you know just someone's liveid (and not the password) you can lock them out of live just by typing 3 random passwords - you'd open the door for barrel-loads of griefing.

Exactly. Realistically they can't lock down the account due to entering incorrect passwords at all, only supplement the password request with additional security information such as CAPTCHA or a secret question.

NORTH1 wrote: »

The evidence would seem to say they have a security issue. The fact the credit has been stolen from accounts, Ms is locking these accounts must lead people to believe that there has been unlawful access to these accounts. At the moment Ms is blaming the consumer, but they do that a lot, until the weight of evidence is too much to deny.

Ms denying they have a problem is nothing new for them....

Having a security issue and having your security breached are two different things.

At no point have MS blamed the consumer, they've suggested they've been the victim of a phishing scam. Again, two completely different things.

Meesared

gizmo wrote: »

They haven't been quiet though? MS have already made a statement on the matter, they said XBox Live (and by extension its security) hasn't been breached. Technically speaking, they are correct even if it turns out the above system is the one which is being used. That doesn't mean they shouldn't change the current system. Personally I think they should lock the account down after 3 password attempts but that opens up a veritable can of worms with regard to dealing with the consequences.

As for EA, they have also said they haven't been hacked and have simply provided users with the usual directions on how to spot phishing attempts et al. As I said above, if they really felt they were being left out to dry by MS then they'd say something. The FIFA brand is far too valuable to be exposed to such criticism, especially when the Ultimate Team feature is involved which is also a significant money maker for them.


Because, depending on the regions involved, MS would be legally obligated to inform its users of a hack.

MS make next to no money from Ultimate Team

gizmo

Meesared wrote: »

MS make next to no money from Ultimate Team

Which is why I was referring to EA throughout that paragraph.

Meesared

gizmo wrote: »

Which is why I was referring to EA throughout that paragraph.

Hmm the way you have it written seems like your referring to how much money it makes MS

DemoniK

Just adding my 2c worth..

I have separate passwords for both XBOX Live and EA.
email is the same - but unless I want a billion email addresses I can't see any way around this.

My passwords are typically the first or second letter of each word of a phrase from a number of books that I've read over the years that I enjoy a lot, mixed with random capitalisation, numbers and punctuation (e.g. hhHHiotwig15; (btw that's not one I use )). I don't store these anywhere except my head!

I'm also very savy about phishing attempts and will always on seeing requests for paypal, xbox, EA or others never click on the link in the email, instead I will open a new browser instance and type in what I know is the correct URL and start from there..

Despite all this my account was hacked. My only mistake was the linking of my xbox account to my paypal account so they got my 2000 MS Points and got another e96 worth and drained just as I spotted the paypal notifications. In fact - it was the paypal notifications that alerted me to the issue, I went online removed my paypal info and changed my password and then contacted support who locked out the account.

I've now got back my money, and waiting to get my account unlocked.
EDIT: just checked and my account is restored and my previous MS points re-instated..

Anyways - Something is clearly wrong somewhere. It's easy to find info to associate a gamertag with my email address, but it would have been difficult to brute force attack my password - something else had to have been done.