Microsoft quelled reports that its Xbox Live Internet gaming service has been a victim to a security breach concocted by several hackers.
The statement came after news broke out on media channels that members of Xbox Live fell for assorted scams and malicious schemes, including one user account that allegedly created new accounts with Microsoft points for sale on the black market.
“Microsoft can confirm that there has been no breach to the security of our Xbox Live service,” said a post issued by a spokesperson for Microsoft to Eurogamer.net. “In recent cases, some Xbox Live members appear to have been victims of malicious scams. Unfortunately this is something that affects many Internet based services.”
The series of faulty solutions from Microsoft started when Xbox Live user Susan Taylor took her long-drawn-out story to Tumblr, which involves her Xbox Live account that links to her PayPal account and how somebody managed to buy Microsoft points and transfer it to a dummy account for sale to another country – everything happened without her knowledge and verification.
More than $350 of Taylor’s money went to the hacker, which left her confounded, and like any other account holder, contacted Microsoft’s customer support to answer the problem.
After a series of calls and emails, Microsoft repeatedly failed to lock her account upon her request to stop further problems.
In her post, Taylor showed several messages and conversations with another user using the same account name she currently uses, which led to the other person giving details on how he/she ended up Taylor’s account.
Taylor even posted her own deduction on the hacker’s so-called game plan, and it goes like this.
Step One: Obtain username/password of account currently in use (I cannot work out how he obtains this information)
Step Two: Purchase Family ‘Gold’ Pack for the hacked account (this means he can now transfer points between the accounts he lists on the family pack)
Step Three: Purchase 10,000 MS Points (4000/6000)
Step Four: Create multiple (number unknown) brand new Xbox accounts (typically American accounts)
Step Five: Transfer all purchased points to these accounts (divide among multiple accounts or send full amount straight to a single one)
Step Six: Sell the account that has these points on to people, charging a smaller amount than Microsoft would charge for the points alone
Step Seven: Rinse, repeat, profitprofitprofit!
Taylor has now gained back the money taken from her account and inadvertently became popular online as thousands of Xbox Live account holders report their own experiences with phishing attacks since November of last year.
“The online safety of Xbox Live members remains of the utmost importance, which is why we consistently take measures to protect Xbox Live against ever-changing threats,” read Microsoft’s statement. “However, we are aware that a handful of customers have experienced problems getting their accounts restored once they’ve reported an issue. We are working directly with those customers to restore their accounts as soon as possible and are reviewing our processes to ensure a positive customer support experience.”