XBox Security Chief Says Account Hacks Linked To Phishing, Resale Schemes

In a pattern that is becoming more common, hackers are hijacking XBox Live accounts, then tricking them out with expansion modules and other add-ons before trying to resell them to unwitting third parties.

XboxIn a pattern that is becoming more common, hackers are hijacking XBox Live accounts, then tricking them out with expansion modules and other add-ons before trying to resell them to unwitting third parties.

Recent XBox Live account hijacks are most likely the product of phishing and identity theft scams that happened outside of XBox Live, and that are aimed at reselling and profiting from the stolen accounts, according to Stephen Toulouse, Director of Xbox LIVE Policy and Enforcement.

In an interview with Threatpost, Toulouse said that Microsoft hasn’t found any evidence of a compromise of the XBox Live infrastructure, nor has it seen evidence of a flaw in FIFA 11 or FIFA 12, the games by Electronic Arts that media reports have linked to fraudulent in-game purchases. However, he said that the takeovers and illegal purchases fit a pattern of crime in which XBox Live accounts are taken over, tricked out with hot games and expansion packs and other features, then resold online.

The fraudulent activity affects a tiny sliver of Microsoft’s 35 million active XBox users – much less than one percent, Toulouse said. However, with such a large user base, even a small percent represents a lot of customers. Microsoft is continuing to investigate the incidents and takes any suspicious activity seriously, he said.

Toulouse said he does not know how the XBox live accounts in question were hacked, but suspects that the compromises typically follow phishing attacks, in a variety of forms.

They may send out a blast e-mail or create a Web site that promises them in on an exclusive beta for some blockbuster game,” Toulouse told Threatpost. “The gamer looks at that and doesn’t think of their gamer tag as an identity, so they might be induced to enter their password.”

In other cases, hackers take advantage of XBox live users reusing passwords with other online accounts that have been compromised, Toulouse said. Gamers can be tricked into giving up passwords using social engineering tricks online, or even within the XBox Live environment. In some cases, even XBox Live support staff are also the targets of phishing scams by those who want to get access to valuable accounts, he said..

Once in control of the account, Toulouse said attackers find popular or “hot” games then load up the account with content for that game using available Live credits or credit card accounts on file, then try to resell it. That would explain the focus on fraudulent purchases within FIFA 12, he said.

“We’ve seen the exact same situation in Call of Duty. Its not specific to the title,” he said. Rather the attacks are opportunistic – taking advantage of hype around a new game on XBox Live and a passionate fan base, but then switching to a different target when the opportunity arises.

Toulouse said Microsoft hasn’t seen evidence of organized efforts to hijack and flip XBox Live accounts. Microsoft has done well, so far, to simply ban accounts that appear to have been hijacked and resold. Microsoft’s Terms of Service prevent the resale of XBox Live accounts. Still, he acknowledges that even a small number of incidents can fuel suspicion that XBox Live has been hacked, or that one of the platform’s games is leaking information on users.

“Its a challenge sometimes – we strive for transparency, but we don’t want to aid the attackers. So we have to balance how much information we want to be able to give the customer to help them understand that we’re on (the problem), versus information that allows the attacker to know they’re on to us.

Suggested articles

It’s Not the Trump Sex Tape, It’s a RAT

Criminals are using the end of the Trump presidency to deliver a new remote-access trojan (RAT) variant disguised as a sex video of the outgoing POTUS, researchers report.



    nice article .....
    <a href=>HTC In Pakistan</a>

  • Anonymous on

    He's full of crap. Live support said it's a common problem. All they will do is block your account for a month while they investigate. They claim they will return my money once they confirm it wasn't me that purchased them. I think the email change, password change, security question to Chinese, and $120 purchase all at once are one hell of a red flag. The $120 worth of purchases where for FIFA. I didn't click on any links in emails and I haven't used my xbox in over a month before I got an email saying all these charges hit my account. It's a security issue.
  • Anonymous on

    I was playing campaign mode, COD MW3, but signed in to XBox Live, and I got kicked off Live with a notice in the upper right corner of the screen, "You've been signed off XBox Live and signed on at a different location" (something like that).  I went back and forth a few times with that as I signed back in.  I reviewed my account profile, happened to check achievements, and noticed FIFA12 had posted with 0/50(?) achievements (I don't own FIFA12).  I deleted the FIFA12 game info under achievements.  Using the XBox website, I changed my password and security question, checked my point balance, etc.  When I logged back on the next evening, someone had used all but 40 of my XP pts buying something to do with FIFA12 to gain 3/50 achievements and if I'd had a credit card on file, I'm sure that would have been fun for them.  I called support and they're investigating.  At least I can say XBox/Microsoft is being professional and responsive.  If you currently have a credit card on file, I recommend you remove it.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.