Reclaiming a hacked account is always a nuisance, but Josh Hinkle's nightmarish story of losing, reclaiming, re-losing, and then re-reclaiming his Xbox Live account takes the cake.
Settle in for a hell of a yarn that reads like a world tour of the Xbox's worst problems. We've got Russian hackers. We've got inexplicable bans. We've got customer service nightmares. And we've got the Red Ring of Death. Of course we've got the Red Ring of Death!
It all started when Hinkle, an American assistant university professor and gamer, had his Xbox Live account hijacked last October by Russian Hackers. In an email Hinkle sent to Kotaku, he details how it went down:
My account was stolen and migrated to Russia on October 25th, and 1200 points were spent. I reported it immediately to Microsoft, but nothing had happened for over 2 months. As such, in late December I filed a complaint with the Better Business Bureau, and finally got a call from an Exceptions Analyst with the Microsoft Corporate office in response to the complaint.
He got things moving and I got the e-mails confirming the investigation was over and I could recover my account in less than a week. At first I was thrilled that the process was over after 3 months of being locked out of my account. However, I then noticed another e-mail saying my account was permanently banned for a code of conduct violation. I got the run around over this past weekend with phone support and the Xbox Live Policy Enforcement Team's Suspensions forum, and just had to file another unauthorised access claim to have them look into what the hacker had done to get my account banned.
I called up the Exceptions Analyst again on Monday when he was back in the office to get more info. He said the file indicated that the policy enforcement team had ruled that the violation happened before the account was reported as stolen, and thus banned it. The violation was using the account to try to steal other accounts! So obviously these hackers are stealing accounts and then using them to steal other accounts to cover their tracks. The analyst believes me and says that's probably what happened and forwards the case back to the Policy Enforcement Team for review, though he warns me that he doesn't have any direct contact or influence with them. A day later he calls me back and informs me that they ruled that the ban will stay in place. Since the hacker had my Windows Live ID and Password, they apparently have no way of knowing when my account was compromised before it was migrated to Russia on October 25th, and the violation that got the account banned happened before that.
So now my account is permanently banned, and I thus lose all my DLC and XBLA licenses, and can't play my game saves online on other gamer tags and so on. All because of the Policy Enforcement Teams absurd zero tolerance tactics, and unwillingness to listen to reason. It's not complicated to realise that when a stolen account was banned for trying to steal other accounts, it was the hacker doing it before the user realised the account was compromised and reported it to Customer Support. I'm a 33-year-old college professor, not a Russian hacker!
Today, Hinkle reached out to us while simultaneously posting a longer breakdown of the situation over at the blog Cheap arse Gamer, where he writes:
It's just baffling that Microsoft can treat a loyal customer this way. The 360 was the only console I've owned most of this generation, and I've spent a great deal of money on the hardware (two consoles since the first got the RROD outside of the 3-year warranty), X-box live memberships, X-box live points and games. I've never had any suspensions or other disciplinary action on my account prior to this debacle.
Yet when I'm victimized by a hacker, I get the run around on getting the account back and then get accused of being a hacker myself when all logic and reason clearly illustrates that the violations which got my account banned were committed by whoever stole my account.
Hinkle forwarded Kotaku the two emails he received from Microsoft; one telling him his account had finally been recovered, and the next one... banning him forever. Somewhat unbelievably, they came mere seconds apart from one another. The first is all good news (We've blurred out some of the specific information):
The email then details the steps necessary to reactivate his account and notifies him that he will be refunded the 1200 Microsoft Points that were taken from his account and given vouchers to extend his Xbox Live membership.
Immediately after receiving that email, Hinkle says he received a second email from Xbox Live customer support. This one reads:
And with that, Hinkle says he was permanently banned, losing access to his account balance, gamertag, and the licenses to all of the XBLA games he had downloaded.
Kotaku reached out to Microsoft earlier today, and a little while later we heard from Hinkle again, who let us know that he had gotten a call from an assistant manager with Microsoft. The caller had informed him that apparently, his old 360 (which had died from the notorious Red Ring of Death), had ended up in the hands of someone who had used it to hack other accounts.
A Microsoft investigation (entirely unrelated to the Russian hacking investigation) had turned up the fact that Hinkle's account had used on the offending Xbox, which makes sense, since it used to be his. Microsoft jumped to the conclusion that Hinkle must be the hacker in question and banned his account.
In an email to Kotaku, a Microsoft spokesperson issued the following statement:
"We have further investigated this incident. Unfortunately, a series of disconnected events led to the ban of this account which we can confirm was our mistake. We have contacted the member directly to explain our findings and express our sincerest apologies to him.
While we do not discuss specific case details, we can assure our members we take account security very seriously and take security enforcement actions to ensure a safer ecosystem for all members. We have immediately revised our investigation policy to evaluate additional login details that will ensure this series of coincidences does not result in future bans for other members."
And so we arrive at the end of our story. Hinkle's account has been reinstated, and he says Microsoft is sending him a new console to replace the one he got rid of in frustration. All's well that ends well, right?