Since October, we've heard anecdotal accounts of Xbox Live members finding suspicious purchases on their credit cards and learning their accounts had been recovered to another machine. Now it's happened to a games writer — just this past week. Dan Crawley of VentureBeat provides a detailed rundown of exactly what happened, and in the process asks some detailed questions of Microsoft.
The upshot of this is that it's probably a good idea to change your Xbox Live or Windows ID password to something completely random and completely unique, as Microsoft is insistent this is not a security breach but rather phishing, or some other form of social engineering. Crawley doesn't think much of Microsoft's posture in this, and notes that we're not hearing about it on PlayStation Network, probably because it's easier to recover an account to another console on Xbox Live.
The criminals behind this use the account to buy up lots of Microsoft Points, which are then used to acquire FIFA Ultimate Team cards. They're not trying to collect a set — Crawley notes that some of the rarer virtual items are being traded for cash or auctioned offline for up to $US280.
Electronic Arts has set up a couple of pages, one containing detailed information on how to spot a phishing site and how to recognise an authentic EA page, among other anti-phishing tips. "With dedicated pages set up on the EA Forums to deal with this issue, at least the company is admitting that there is a problem," Crawley notes. It's important to realise, however, that EA has no role either in Xbox Live account security, or in any Xbox Live transaction where actual money changes hands.
"All the advice given by EA and Microsoft relating to the maintenance of safe accounts certainly makes sense," Crawley concludes. "But while it is easy to shrug these incidents off, blaming them on the security practices of affected Xbox Live users, and a number of malicious hackers, could it be that Microsoft needs to look at its own security protocol and ask if it is good enough?"