Xbox Live account hacking turns out phishy
Regular Xboxic readers may have wondered over the past week why the whole net was exploding with rumors on Xbox Live being hacked with millions of accounts stolen, and there wasn’t a single word on Xboxic about it. Thing is, we saw all the rumors, and simply didn’t believe them. Stuff like Bungie websites being hacked while linked up to Xbox Live main servers with administrative access was just too far-fetched for us to buy it. Turns out we were right too.
While Microsoft was busy categorically denying each and every accusation of Xbox Live security having been breached, the ball started rolling elsewhere. Computerworld tells us the story of Kevin Finisterre, well-known Apple security researcher, who suddenly lost his account and was equipped to do a bit more scrutinous research as to the reasons why. Xbox Support was less than helpful, and could only ban his account increasingly longer as they reiterated the corporate statement that there really couldn’t be hacking going on. After contacting Xbox Live’s Major Nelson it turned out that it’s probably Xbox Support themselves who are to blame for the recent cascade of nasty rumors.
It seems frauds have been successfully attempting to lure Xbox Support into divulging private information using a technique known as pre-texting, what you could see as the opposite of the more known phishing. Whereas phishing is a mass-emailing scam aimed at common elements, hoping to lure unsuspecting readers into sharing private data about their bank, eBay or PayPal accounts, pre-texting is the technique of using limited private information to lure support personnel or clerks into the illusion that you are another person, thus learning more information from them than you started with.
Major Nelson issued a public mea culpa on the matter, and promised that support personnel is already being retrained as we speak to better handle this kind of scamming. For the time being this is a wise lesson to everyone again that private information should be kept private as much as possible: don’t share data on Xbox Live or online forums that could possibly be used by someone else to fake part of your identity. And when speaking to support staff of any company, don’t accept it if they help you after minimal questioning, since it’s in everyone’s interest that they perform their checks thoroughly.
Nice article.
My friend told me today that when he tried to sign on a message popped up saying that his account didnt exist. He called MS and they fised the problem. He thought it had something to do with the upcoming maintanence on Live but maybe it had something to do with this?
Phising is common place in all industries that require call centres, even if the fraudster isnt calling MS to steal your live profile he can be compiling information about you that he/she can use with other areas of your personal life, banking and investments being the main target.
All a company can do is train there staff have a good team for taking these cases to prosecution but the chances are they get 2-5% of their calls a day being phising attempts.
If you dont like it then dont have a live account, or any other kind of account that requires your details to be handed over.
Excellent article, Curry. And I still love that picture.
Xbox support has been “screwed” for a long time now, (as ANYONE who has called them knows), and it shouldn’t have come to this for them to realize it.
I take no faith in the retraining either- major told us not too long ago about how xbox support would fix all the wireless headset problems… and whaddya know? they were still telling people that ms didnt warranty them, they were saying to some people “oh is your 360 still in warranty? no? well, we cant do anything for you” etc etc, (made up lies).
see, people like major dont ever HAVE to call support, so until something blows wide open, they are about as ignorant on the matter as a peon like me is about what will be on the xbox arcade in 2 weeks.
Even an article saying something simple like “it stinks” would be better than ignoring what was a major news event on every other site … even if it is just an unproven rumor.
It would be interesting to see the list of readers that submitted the news to xboxic.
Christ the public are never happy.
You print a rumour people bitch.
You don’t print a rumour people bitch.
Conclusion = All people are bitches.
It was a relatively small list, but you’re missing the point of what we do. Our job is not, in my very humble opinion, to write on whatever is thrown our way. We’d be rephrasing press releases all day.
Our work is to sift through the endless stream of rumors, press releases and news articles, and find those that are trustworthy, plausible or in general interesting, and present those to our audience. In the case of the Xbox Live Account hack reports, we deemed them untrustworthy and inplausible, and expected the Truth to come out before long. Hence this article.
I had several very good reasons for not believing some of the most fundamental problems, but while I’m not afraid to try my hands at making complex problems understandable in layman’s writing, I didn’t see the point in ‘wasting a post’ explaining complex technical reasons for why we distrusted dodgy information (the Bungie hack foremost).
In short, the lack of an article was sufficient information in my opinion. We didn’t trust it, so we didn’t waste our readers’ time with it. I trust you are a loyal reader because you trust us to make that decision for you
good response, I will click on some banner ads for you
It wouldn’t have been “wasting a post”; it would gave helped calm the people that saw the rumors and thought they were real. This is a news site, and that’s what news media does sometimes - they reveal fradulent information to the masses so there isn’t mass panic (and sometimes use rumors to incite that same thing… but that’s a different matter all together).
On a lighter note and only because (as confirmed to Rival last night) I can’t get into the forums anymore from the work PC (laptop puchasing at the start of April so I will be back by then), cheers for the Happy Birthday message.
So uh, anyway… yeah, xbox support still sucks (as it has since 360 launch at the very least).