Xbox Live customers not hacked but phished

A wireless black Microsoft Xbox 360 controller with white background

Xbox Live customers are the latest gamers to fall victim to a cyber attack.

Thousands of accounts have been hit across 35 countries, with most victims losing between £100 and £200, according to The Sun newspaper.

But the Sun report that the cybercriminals had “hacked into thousands of Xbox Live accounts to steal millions of pounds” is not entirely accurate. Actually, the users were victims of a phishing attack.

The fraudsters sent emails to users with links to bogus websites offering free Microsoft points which are used to buy games. The gamers were then invited to enter their personal details, such as addresses, emails and credit card information.

Small amounts were then taken from the victims’ accounts over a few weeks which made it harder to detect the thefts.

Other victims were targeted by people befriending them online and duping them into giving them their password and other personal details.

Victims only realised they had been conned when they tried to access their online profile and saw they’d become “locked out”, meaning someone else had used their account.

Xbox Live operator Microsoft is looking into the cyber thefts, according to the BBC, who quote a Microsoft spokesman.

"We take the security of the Xbox Live service seriously and work to improve it against evolving threats.

Very occasionally, though, we are contacted by members regarding alleged unauthorized access to their accounts by outside individuals.

We work closely with impacted members directly to resolve any unauthorized changes to their accounts and, as always, highly recommend all Xbox Live users follow our account security guidance in order to protect their account details."

XBox Live customers are just the latest gamers to be affected.

Steam, the online empire of computer game giant Valve Corporation, was hit earlier this month.

And just last month 93,000 Sony accounts were hacked. This follows the attacks earlier this year where up to 70 million people had their personal data stolen and the Sony PlayStation network was forced offline.