Jump to content
LCVG
Sign in to follow this  
GreenMonkey

Xbox Live Statistics Android app - account hacked...coincidence?

Recommended Posts

Hi guys

 

My Xbox live account was compromised at 2:35 this afternoon. They charged 10,000 points onto it. Luckily I happened to check my email, rushed home, and did a quick password reset and re-seized the account with an absurdly strong password before they could spend the points, and had MS CS call me to do an investigation. I don't think they got away more than 1000 points (if any) and I got my account back (until MS locked it for a few days to investigate).

 

The weird thing is, I'm an I.T. professional, and I'm pretty damn secure / resistant to phishing attacks. My password was moderate (not strong, but moderate at least).

 

Coincidentally, I JUST used the Android Xbox live Statistics app (the one risky place I had my XBL password) last night and had to plug in my username/password data. I considered this App low risk since I normally have no credit card tied to the account (I have an expired card as the renewal...) but I guess last time I did a 1-time purchase of points they must have saved my info or something. Thanks M.S.

 

Xbox live Statistics is a well reviewed/trusted app. But I thought I'd give anyone using it a heads-up.

 

I see one or two other people on the market reviews mention something similiar. Thought I'd mention it. I've not plugged in that password ANYWHERE else. Period. It's possible it was brute-forced somehow...but the coincidence is suspicious.

 

I'm expecting horrific experience getting the account back, but I hear MS C.S. has improved...I'll find out I guess.

Share this post


Link to post
Share on other sites

Interesting, I don't have the app now, but I did for a year with no issues. I'll still change my password for the heck of it now. Thanks for sharing! Hope you have no more issues..

Share this post


Link to post
Share on other sites

So you've never logged into the xbox.com website?

 

Yeah, I've logged in there. I guess I don't understand the underlying reason for the question...why?

 

My acount is still locked for investigation. *sigh* I really thought I didn't have a valid CC on file with Live. I'll have to be more careful in the future.

 

I just found it weird the XBL statistics app suddenly wanted my login info refreshed the night before all of the sudden. Just thought people should keep an eye out.

Share this post


Link to post
Share on other sites

Yeah, I've logged in there. I guess I don't understand the underlying reason for the question...why?

 

I've not plugged in that password ANYWHERE else.

 

Because of that statement.

 

Sorry your account got hacked. It sucks. Increasingly common, other people have had it happen to them here.

Share this post


Link to post
Share on other sites

Because of that statement.

 

Sorry your account got hacked. It sucks. Increasingly common, other people have had it happen to them here.

 

Hahaha. OK, I get it. Yeah, I've used it at xboxlive.com...but my desktop is pretty secured, and I ran a couple of virus scans just to be safe.

 

I'm in XBL withdrawal here!

Share this post


Link to post
Share on other sites

Had my account hacked, and took 65 days to get it resolved. i was locked out of all Passport based services during that time, including Xbox Live.

Share this post


Link to post
Share on other sites

Just had this happen to me. Last played my account on 4/28 when I gave the Walking Dead trial a look. Just turned on my console and was greeted with a message saying I was last signed into another console. Went on xbox.com and saw not only around 1600 points missing but a game played on 5/9 with 3 achievements. Called and was told that my account will be suspended from Live activity while an investigation gets underway. It can take "up to 25 days" but recently they've been good with a 3-5 day turnaround. We'll see. :(

Share this post


Link to post
Share on other sites

Well, that was quick. One day later and my account was restored and my stolen points given back via redeemable codes. I doubt that much was done about whoever hacked my account but what can I do? Oh well.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×