FIFA-Loving Hackers Strike Xbox Live Accounts

FIFA-Loving Hackers Strike Xbox Live Accounts

Xbox Live users should keep an eye on their accounts, and any credit card associated with that account, and especially take notice of any strange activity involving FIFA 11 or 12. Several users have complained, through multiple gaming publications, of hackers recovering their accounts to a different machine and using them for purchases associated with the soccer game.

Ars Technica reached one of the victims, whose experience is broadly representative of what’s happening to others. The user received confirmation emails regarding Xbox Live purchases, investigated and found FIFA 12 had been played on his account (with two achievements unlocked), and his credit card had been used to buy two large lots of Microsoft Points, which were then spent on FIFA 11 downloadable content.

Microsoft’s response has been a boilerplate comment that, though it acknowledges “a limited number of members have contacted us regarding unauthorised access to their accounts”, they do not have any evidence suggesting Xbox Live as a whole has been compromised. They say they are working with the hack victims to resolve unauthorised charges to their accounts. That generally involves locking down the account while Xbox Live security investigates.

There’s no need to panic, but there is a need to immediately notify Microsoft if you spot unauthorised charges or activity on your account. That should be the case anyway.

Xbox Live Users Suffering Hacked Accounts, FIFA 11 and 12 Purchases [Ars Technica]


  • From the comments on Ars, this has been happening since July. But MS’ investigations still haven’t stopped it happening.

    How is it that this hasn’t received any media attention in that time?

  • I don’t understand why the ONE Sony incident gets a ton of negative coverage, and yet Xbox has a multitude of hacking issues that never get revealed…

  • Sony’s was one fucking enormous system wide breach brought about by poor security that potentially put every user of the service at risk and not only that potentially exposed their credit cards.

    The Microsoft one is far smaller scale (though far more bizarre, just FIFA?) and the important thing is that as long as its confined to the xbox account as it seems to be, there’s no risk to their credit card information (since the console can’t display the number, just make use of it).

    Thats not to excuse Microsoft, the situation is still fucking bad, I’m locked out of my account until they’ve finished investigating but they managed to refund the money I lost on the next business day and say they’re making every effort to solve the problem so I’m giving them the benefit of the doubt for the moment.

    In my case I can’t exactly remain blameless since my password was pathetically weak so in many ways I’m reaping the harvest of my own laziness in never bothering to change it. I’d not be shocked to find out that most of the other users were in the same boat

  • most likely linked to the virgin online gaming tourneys & other online tournaments u can sign up to which link ur gamertag to its site, maybe that site was hacked for user accounts and passwords.

  • Soccer?


    Blasphemy! It’s football you wankshafts!

    In any case, aren’t Fifa accounts managed by EA, and not Microsoft (as EA refuses to use Live itself but insists on their own servers)?

  • found this old post which if true I hope is fixed.

    This is a new discovered technique of hacking someones ultimate team to steal their players or coins.


    Make sure your Windows Live ID is a valid gold gamertag. Otherwise, the server wont work because it wont recognize you as an xbox member.

    (1) Send an E-mail to

    (2) In the subject box type: The gamertag you want to hack

    (3) In the message box type the following while also filling in the correct details (Type your actual windows live ID and Password, as i have seen people type {YOUR WINDOWS LIVE ID} and so on, it will not work if you do that)::
    /cgi-bin/start?v703&login.USER=passmachi­­­=&class=supervisor&f={YOUR PASSWORD}&f=27586&javascript=ACTIVE&rsa= {YOUR WINDOWS LIVE ID}

    (5)Check your email in about 3 hours.

    (6)It tricks the server into tricking live to get your victims password.

    • I doubt it actually tricks Live, it’ll trick the server. The server is trusted by Live.

      Again, how much of this is Microsoft’s fault and how much is EA’s?

  • By the sounds of it that’s what happened to me I lost over 3000 xbox live points luckily my credit card was not on there so it was not affected.

    I’m at day 11 of the 25 day lockdown and it’s really pi*#ing me off cause I do not know what is going on. 🙁

Show more comments

Log in to comment on this story!