Xbox Live customers not hacked but phished

Filed Under: Data loss, Law & order, Privacy

A wireless black Microsoft Xbox 360 controller with white background

Xbox Live customers are the latest gamers to fall victim to a cyber attack.

Thousands of accounts have been hit across 35 countries, with most victims losing between £100 and £200, according to The Sun newspaper.

But the Sun report that the cybercriminals had "hacked into thousands of Xbox Live accounts to steal millions of pounds" is not entirely accurate. Actually, the users were victims of a phishing attack.

The fraudsters sent emails to users with links to bogus websites offering free Microsoft points which are used to buy games. The gamers were then invited to enter their personal details, such as addresses, emails and credit card information.

Small amounts were then taken from the victims' accounts over a few weeks which made it harder to detect the thefts.

Other victims were targeted by people befriending them online and duping them into giving them their password and other personal details.

Victims only realised they had been conned when they tried to access their online profile and saw they’d become "locked out", meaning someone else had used their account.

Xbox Live operator Microsoft is looking into the cyber thefts, according to the BBC, who quote a Microsoft spokesman.

"We take the security of the Xbox Live service seriously and work to improve it against evolving threats.

Very occasionally, though, we are contacted by members regarding alleged unauthorized access to their accounts by outside individuals.

We work closely with impacted members directly to resolve any unauthorized changes to their accounts and, as always, highly recommend all Xbox Live users follow our account security guidance in order to protect their account details."

XBox Live customers are just the latest gamers to be affected.

Steam, the online empire of computer game giant Valve Corporation, was hit earlier this month.

And just last month 93,000 Sony accounts were hacked. This follows the attacks earlier this year where up to 70 million people had their personal data stolen and the Sony PlayStation network was forced offline.

, , , , , , , ,

You might like

7 Responses to Xbox Live customers not hacked but phished

  1. Justin · 1065 days ago

    FYI - Valve doesn't make Call of Duty or Skyrim.

  2. Trial · 1065 days ago

    Yes but then again, not as bad as what happened/is happening (lol) to PS3.

  3. roy jones jr · 1064 days ago

    I see all those millions that Sony & Microsoft are making (because they area making a profit) are being spent very well. I have no online services as far as the games go (even my Nintendo Wii doesn't get a connection at my house) and it will stay that way until they learn network security to prevent the issue from happening.

  4. Nigel · 1064 days ago

    Microsoft said:

    "Very occasionally, though, we are contacted by members regarding alleged unauthorized access to their accounts by outside individuals.

    Hmmm...a bit of semantic legerdemain? What does "very occasionally" actually mean? Is the person who wrote that illiterate, or is that deliberate double-talk spin?

  5. roy jones jr · 1062 days ago

    Get used to it Nigel. Microsoft has not trouble molding their responses to sugarcoat the issues they are having and wait around to fix.

  6. Lizzie · 1005 days ago

    Sons X box live account was hacked or bruteforced,not phished or social engineered. How do I know ? The account has auto sign on on his console in his bedroom and he doesn't know the password which was used only once when the account was created in 2009. So how could he have been duped into divulging a password he doesn't know ? Microsoft almost insist you have a debit/credit card attached to the live account , and make it difficult to remove said card, so silly parents such as myself pretty much forget that we gave these details when the account was created, and as our child is good and has never abused our credit card, (he purchases rarely or uses prepaid cards) all is forgotten until multiple charges start appearing on our card statement. Son also has two friends who have recently been robbed via xbox so Microsoft stating 'very occasional' Mmmm.... really!!!!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Anna Brading is Naked Security's editor. She has worked in tech for more than ten years and as a writer with Sophos for over five. She's interested in social media, privacy and keeping people safe online.