Originally posted by Matt
View Post
-
If it has nothing to do with the Origin exploit then it all starts to look like an inside job. If it is a rogue employee or employees, questions have to be asked about Microsoft's internal security procedures. -
Matt the original title was changed by TTF i think , cause i originally called it 360 hacked and people said i was scaremongering and this was just a case of phishing.Last edited by MisterBubbles; 27-11-2011, 01:07.Comment
-
YepOriginally posted by MisterBubbles View Post
Well, it may be EA related, it may not. All I know for sure, a lot of people are having money stolen from them via the XBox Live services and MS are blaming the users
Comment
-
I have a dedicated email and password for XBL. This is why.
Comment
-
Just to add, I think there is some convincing phising going on as well. I got what looked like a genuine email from MS saying that I had free points. I was dubious as they have that rewards scheme but it didn't match up from previous emails. On closer inspection it was an attempt but I could see that some people would have clicked.Comment
-
One thing to remember with emails, if it's too good to be true, it is.
Also a quick google of the senders email address reveals much.Comment
-
My Xbox email account is just one I set up for that, so even if they sent the World's Greatest Phishing EmailTM, I wouldn't read it
Of course, it also means I wouldn't know if someone had been poking around my account but, judging by the posts on here, it seems MS sees fit to not let you know your email/password has been changed or whatever.Comment
-
I read it as Xbox Live Pished.Comment
-
I find it unlikely I fell for the phishing email. I always check the real URL on an email link, and wouldn't of entered my Live password without thinking "Hold on this is usually saved, why is it asking me to enter it.... what's the URL here?"
Not to say I couldn't of made a mistake, but I think it unlikely.Comment
-
Mine never bloody saves! I genuinely hate it for that.
There are loads of ways they could of got the details, it wasn't long ago that an absolutely huge security vunerability was found in a piece of code used by thousands upon thousands of wordpress based sites. It wouldn't take much for someone to go around looking for sites that haven't been updated and hacking those,
Older Versions of Vbulletins have plenty of vunerabilities, just as an example of how easy it is to find a website running an old version, I just googled the version of VB that was widely reported as having a security hole and plenty of sites came up including some quite well known ones like http://forums.anandtech.com/
godisageek's forum is running a version of VB that has some fairly well known security flaws.
It's one of the reasons we were so keen to get the forum upgraded so it would remain safe. It's also one of the reasons we don't have which version of VB we are using, so people can't just google us and hack us!Last edited by EvilBoris; 28-11-2011, 17:06.Comment
-
Yep, but I've yet to hear of anyone's PS3 account actually having money stolen from in the same way. Or Steam. Or any other service - not saying it doesn't happen, but there is a blight of Live theft going on right now. So it is possible my password / others were taken from some other site, but surely some of those people would of had matching passwords on other sites where transactions are possible? Unless the list pre-dates the PS3 "everyone has to change their passwords since the hack" update?Comment
-
On PS3 it's treated like an online store transaction isn't it? You have to enter your card details and security code each time to load up your wallet then it takes that money from your wallet.
Steam needs your card security number too I think.
The problem that perhaps needs to be addressed is that you aren't required to enter your card security code or anything on 360 should you have your account breached. I prefer not having to do that to be honest, but it's obviously increases security if you do.
The problem exists with Itunes too, you don't need any additional details although Apple partially solved the problems by recognising that purchases were being made on a new device and would ask for payment information.
itunes has been "hacked" before too, with thousands of people having their account details fished by an app that was approved by Apple. DOH.Last edited by EvilBoris; 28-11-2011, 17:47.Comment
-
You could be right. Though again, I have yet to hear of PSN credit being spent. In my case, my Live points were spent, then ?85 via PayPal. As you say, I don't believe there are any checks on Live, you click Buy and that's all you need to do
Comment
-
Phishing is just as easily done by a trojan or virus of course...
I genuinely believe that if there was a proper full on XBox vuln here we'd ALL be affected, not just a few of us.Comment
-
Taking only Xbox log in details is quite specific, so we'd be looking at a hitherto unknown virus that has so far evaded detection despite being seemingly widespread and in the wild for some time. (EDIT: Ok, maybe not, but a keylogger still wouldn't explain cases where the victims claim to have never used their account password on a PC)Originally posted by Flabio View Post
How do you know the size of the leak? Whoever's doing this is obviously doing it for a purpose, and even if the culprits had the entire customer database they could only misuse accounts at a certain rate if they are abusing them manually. I still call inside job. Exactly how much customer info are customer support agents able to access? Security leaks have occurred from rogue employees at call centres before.Originally posted by Flabio View PostLast edited by Silanda; 29-11-2011, 17:29.Comment
Comment