Xbox Live's Hack Wasnt A Hack, Says Microsoft

Last month, a surprisingly large-scale hacking attack went down on Xbox Live, all centred around EA Sports' FIFA 11 and FIFA 12. Microsoft today acknowledged the intrusions, but is adamant they weren't the result of hacks.

Microsoft's online safety director Doug Park has told Eurogamer "It's not a hack, it's really just a different way to monetise stolen accounts."

"Any service has compromises. Facebook has compromises, WOW has compromises. What they're really doing is trying to make money off those compromises. So FIFA is a very popular title - it's just a new way for the bad guys to make money. It wasn't, based on our investigation... we didn't see anything new. It was just a different avenue."

Pushed for just what the attack actually was, Park would only say it was the result of a form of phishing.

I know that technically he's right, if it was phishing it's not a hack, but that doesn't stop "It's not a hack, it's really just a different way to monetise stolen accounts" from being my favourite publisher quote of 2011.

FIFA Ultimate Team XBL account hijacks were "not a hack" [Eurogamer]


Comments

    Nice article title, Luke.

    Good to know that KotakuUS is all about the page views and not actual content.

      What are you on about now Chazz? How was the title not relevant?

      You are one of the biggest whingers on this website. Please. Stop.

    Lots of accounts were compromised, stuff was stolen. Definately a hack to me.

      Then you don't know what a hack is.

      A hack is just the result of thinking outside the box. Breaking security software is properly called a "crack", as in "you crack the defences". Hacking is the mindset used here, provided it's an actual intrusion and not "LOL I MADE U GO 2 WRNG PAEG!" phishing(also known as human stupidity), but hacks are also used for the very same software the protects you, medicinal research, national defence, energy research.. anything that requires you coming up with completely foreign solutions in tight requirements. I mean, the first recorder hackers were a model railway club that used old phones to make a remote switching system.

      It's nice to see someone use the proper wording for a change, instead of just encouraging the ignorance, but they still screwed up security.

        So you'd like to argue semantics?

        Either way, lots of accounts were compromised, end of story.

        It may not have been hacking or cracking but it sure wasn't user targetted phishing either, I can damn well guarantee that I've not fallen victim to a social engineering attack but I was out of pocket a hundred bucks (I got it back next business day which was admirably fast) and "in profit" of a copy of fifa 12 (that I wasn't allowed to keep and which has since been removed entirely from games on demand) and 2 achievements for it that I can't get rid of. The only way I could have been hit with a social engineering attack was if xbox.com was compromised since its the only place on my computer where I have ever entered my password.

        My gut says it was a bunch of weak passwords that got brute forced. Mine was about as strong as a damp tissue after all, I'd not be surprised if it was the same for other people.

        Overall I can't fault microsoft support, they were great about it even if it did take 25 days to resolve.

    You're both wrong -- a hack is a rough cut, blow, or stroke.

    ...For better or for worse, language changes.

    Back on topic, if this was done via social engineering, it must have in some cases been targeted at MS or EA customer support (could be coincidence, but in every case I've heard of so far, the affected user had a linked EA account). While it's easy to assume everyone but you is stupid or lying, the volume of reported circumstances where phishing wasn't a possibility has been overwhelming in this case. A bruteforce attack on weak passwords is more plausible, though if that is the case, it still indicates lacklustre server security.

    Well what ever it was, it wasnt fun losing my account for a week, losing all my microsoft points attached as well as my CC being charged almost $200 during the happening. It was all refunded in the end but still wasnt fun .... (and my CC has been removed from my Xbox Live account now)

    It's not over yet. I got hacked 4 days ago. And I've been around the block: I don't go mailing out my Live details to public mailing lists or anything.

    Microsoft were helpful when I called, but at the time I had no idea this was an ongoing problem, until I happened across a thread talking about the exact same MO of my hacker:

    Steal account. Buy a bunch of MS points (in my case $150), then spend it on FIFA 12 DLC.

    P.S. I had a linked EA account.

    Mostly, when it's all fixed, I hope they remove the dirty FIFA 12 achievements from my gamertag.

    (Huge number of affected commenters on the Ars "Microsoft's response becomes maddening" article, by the way).

Join the discussion!

Trending Stories Right Now