Thursday, 26 January 2012

Xbox Live hacked - protect your account

I know this isn't part of the usual London Makeup Girl blogging schedule, but on the basis that some of you may have an Xbox Live account or know someone else who has one, I'm putting this post up.

Mr London had his Xbox Live account hacked last night. He didn't fall for any phishing scams, and hadn't given out his password anywhere. The first he knew of it was when he received an email from Xbox Live (which he didn't even open) in chinese characters, saying he'd added another email to his account, and another email saying that his attempted purchase (well, not actually his attempted purchase) of 6000 MS points had failed.

Luckily, the credit card attached to his account had expired and he'd never linked his Paypal to it. He did lose 2000 MS points he had on the account though, and an internet search of this problem reveals it is anyone's guess when he might get this back - he's reported it to Xbox, who have frozen his profile pending investigation. The hack happened just before their support phone line closed for the evening, so the points have probably already been spent.

A quick google revealed that this appears to be caused by a brute force hack of the XBox Live login, which is set up in a way that allows this exploitation:

  1. It gives a different error message if you enter an incorrect password as opposed to an invalid email (which tells the hackers there is an account attached to a particular email).
  2. It allows unlimited attempts to login, without freezing the account (which allows brute force hacks - a computer programme entering many thousands of different passwords until the programme hits the right one). 
  3. An additional email account can be added without requiring verification from the main email account on the account. 

Microsoft continues to maintain their security hasn't been compromised, despite lots of complaints about this happening to different users. If you have an account, or know someone else who has, make sure you have a strong password on it - preferably not a real word, and a combo of alpha and numeric characters. Most importantly, remove your paypal and credit card details from your account, and don't leave unused points on it.

You can also set up your account so that you need a passcode every time you go on Xbox Live, separate from the password. Hackers could probably brute force that too, but it just makes it a bit more difficult for them.
Posted by Grace London at 18:35
Labels: ,

9 comments:

  1. Thanks for this Grace. Will let The Boy know when he gets home. They are slippery little suckers, these bloody hackers!! x

    ReplyDelete
    Replies

    1. We were wishing a pox on them last night! x

      Delete

  2. THIS happened to my brother! Great post to raise awareness, it's sooo annoying xxx

    ReplyDelete
    Replies

    1. Gah! Hope he got his account back okay.

      Delete

  3. God... I better check Antons account! Thanks hun.

    ReplyDelete

  4. Thank you Grace! Passed this along....
    Stacy

    ReplyDelete

  5. That's so scary! Last year PSN was hacked, too... Hope Mr. London can get back those points!

    ReplyDelete

  6. Thanks for the heads up! P.S. Limbo is an awesome game. :)

    ReplyDelete
    Replies

    1. Limbo is an excellent game, if slightly disturbing :)

      Delete

Subscribe to: Post Comments (Atom)
 
>