The Ridiculous Three-Month Ban Of An Innocent Xbox Gamer

Reclaiming a hacked account is always a nuisance, but Josh Hinkle's nightmarish story of losing, reclaiming, re-losing, and then re-reclaiming his Xbox Live account takes the cake.

Settle in for a hell of a yarn that reads like a world tour of the Xbox's worst problems. We've got Russian hackers. We've got inexplicable bans. We've got customer service nightmares. And we've got the Red Ring of Death. Of course we've got the Red Ring of Death!

It all started when Hinkle, an American assistant university professor and gamer, had his Xbox Live account hijacked last October by Russian Hackers. In an email Hinkle sent to Kotaku, he details how it went down:

My account was stolen and migrated to Russia on October 25th, and 1200 points were spent. I reported it immediately to Microsoft, but nothing had happened for over 2 months. As such, in late December I filed a complaint with the Better Business Bureau, and finally got a call from an Exceptions Analyst with the Microsoft Corporate office in response to the complaint.

He got things moving and I got the e-mails confirming the investigation was over and I could recover my account in less than a week. At first I was thrilled that the process was over after 3 months of being locked out of my account. However, I then noticed another e-mail saying my account was permanently banned for a code of conduct violation. I got the run around over this past weekend with phone support and the Xbox Live Policy Enforcement Team's Suspensions forum, and just had to file another unauthorised access claim to have them look into what the hacker had done to get my account banned.

I called up the Exceptions Analyst again on Monday when he was back in the office to get more info. He said the file indicated that the policy enforcement team had ruled that the violation happened before the account was reported as stolen, and thus banned it. The violation was using the account to try to steal other accounts! So obviously these hackers are stealing accounts and then using them to steal other accounts to cover their tracks. The analyst believes me and says that's probably what happened and forwards the case back to the Policy Enforcement Team for review, though he warns me that he doesn't have any direct contact or influence with them. A day later he calls me back and informs me that they ruled that the ban will stay in place. Since the hacker had my Windows Live ID and Password, they apparently have no way of knowing when my account was compromised before it was migrated to Russia on October 25th, and the violation that got the account banned happened before that.

So now my account is permanently banned, and I thus lose all my DLC and XBLA licenses, and can't play my game saves online on other gamer tags and so on. All because of the Policy Enforcement Teams absurd zero tolerance tactics, and unwillingness to listen to reason. It's not complicated to realise that when a stolen account was banned for trying to steal other accounts, it was the hacker doing it before the user realised the account was compromised and reported it to Customer Support. I'm a 33-year-old college professor, not a Russian hacker!

Today, Hinkle reached out to us while simultaneously posting a longer breakdown of the situation over at the blog Cheap arse Gamer, where he writes:

It's just baffling that Microsoft can treat a loyal customer this way. The 360 was the only console I've owned most of this generation, and I've spent a great deal of money on the hardware (two consoles since the first got the RROD outside of the 3-year warranty), X-box live memberships, X-box live points and games. I've never had any suspensions or other disciplinary action on my account prior to this debacle.

Yet when I'm victimized by a hacker, I get the run around on getting the account back and then get accused of being a hacker myself when all logic and reason clearly illustrates that the violations which got my account banned were committed by whoever stole my account.

Hinkle forwarded Kotaku the two emails he received from Microsoft; one telling him his account had finally been recovered, and the next one... banning him forever. Somewhat unbelievably, they came mere seconds apart from one another. The first is all good news (We've blurred out some of the specific information):

The email then details the steps necessary to reactivate his account and notifies him that he will be refunded the 1200 Microsoft Points that were taken from his account and given vouchers to extend his Xbox Live membership.

Immediately after receiving that email, Hinkle says he received a second email from Xbox Live customer support. This one reads:

And with that, Hinkle says he was permanently banned, losing access to his account balance, gamertag, and the licenses to all of the XBLA games he had downloaded.

Kotaku reached out to Microsoft earlier today, and a little while later we heard from Hinkle again, who let us know that he had gotten a call from an assistant manager with Microsoft. The caller had informed him that apparently, his old 360 (which had died from the notorious Red Ring of Death), had ended up in the hands of someone who had used it to hack other accounts.

A Microsoft investigation (entirely unrelated to the Russian hacking investigation) had turned up the fact that Hinkle's account had used on the offending Xbox, which makes sense, since it used to be his. Microsoft jumped to the conclusion that Hinkle must be the hacker in question and banned his account.

In an email to Kotaku, a Microsoft spokesperson issued the following statement:

"We have further investigated this incident. Unfortunately, a series of disconnected events led to the ban of this account which we can confirm was our mistake. We have contacted the member directly to explain our findings and express our sincerest apologies to him.

While we do not discuss specific case details, we can assure our members we take account security very seriously and take security enforcement actions to ensure a safer ecosystem for all members. We have immediately revised our investigation policy to evaluate additional login details that will ensure this series of coincidences does not result in future bans for other members."

And so we arrive at the end of our story. Hinkle's account has been reinstated, and he says Microsoft is sending him a new console to replace the one he got rid of in frustration. All's well that ends well, right?



    See, if he had a PC, this probably wouldn't have happened.

      yeah, because between various customer punishing DRM implementations and Steam account bans, this could really never happen on PC *rolleyes*

        Steam has the steamguard protection now so unless they get your steam and EMAIL username and password they cant get you.

          As stupid of an idea it is, I've disabled that, I log into Steam on 4 different PC's on a regular basis, and the frequency it was asking me to confirm my identity was just annoying the crap out of me.

            Well sure, you can choose not to protect yourself. Or you can choose to use Steam Guard, or choose a different online store, or buy retail games, etc. The point is that on the Xbox you're locked into Microsoft's system for better or worse.

      Because no one on a PC has even been the victim of hackers, or had sensitive data recovered from a discarded hard drive unit.

      On the other hand maybe his bank account would have been drained if his PC was hacked.

        consoles arn't exempt from that either... PS3 got hacked remember.

      If only he had a SNES, then this never would have happened.

    It would be nice, wouldn't it, if you didn't have to take a complaint to Kotaku before anyone at Microsoft bothered to turn their brains on.

      Yeah, the whole process seems a bit dodgy to me... no kind of due process. Surely they should contact the account holder first and at least give them a chance to tell their side of the story? Rather than an email saying "Your account has been banned", how about "You have 48 hours to respond before your account is banned due to (whatever)".

      This is the biggest objection I've got to this ongoing rush towards digital distribution - even though he's bought these games, because they're tied to a service, he can lose all access to them. It's not like he just couldn't play online because of the XBL ban, he lost all access to the games/DLC he'd bought. At least if you've got the disc you can play offline even if you're banned. It brings to mind the fiasco with users being unable to play Final Fight: Double Impact on PS3 during the PSN outage. You couldn't even play offline because the DRM in the game required it to sign into PSN.

    I don't know how they're allowed to get away with these heavy handed tactics with opaque issue resolution processes. Surely this must be against the law? And if not, why isn't it?

      Its not against the law because unfortunately when we sign up we agree to their terms and conditions, however much we like to think we own the account and its contents its Microsoft that actually does. Same goes with PSN and Steam.

    I feel sorry for this bloke, surely there is something that can be done right? Sometimes when media publishes incidents like this (relates to that OceanMarketting incident a while ago) things may improve, right? D:

    atm the more i read and experience the more i think i should sell my xbox and just stick to my pc, i just cant trust any consoles these days :/

    All's well that ends well - provided a major media outlet takes interest and the company in question are forced to look reasonable!

    The problem with contacting the "support" of any large company is that you're not speaking to anyone who is capable of helping you beyond updating your details and adding notes to your account, while they stick to a prepared script.

    You're basically calling up robots incapable of independent thought, which works fine for basic queries they get all the time, but as soon as you have something a little more complex they're useless.

      You're spot on there, when my account was suspeneded for supposedly soliciting funds(the exact same thing twice) i rang the support centre and they said there was nothing they could do because they just handle the money side of things and then when i went to the forums to enquire i got a stock response 2 weeks later. Both times. When i tried to explain that this is all a misunderstanding it was just a joke and i never took any money off anybody and nor would i ever they gave me the same response again. When i informed them i had contacted the accc about it and the accc instructed me to tell them they cant suspend someone without proof of the allegation(ie money changing hands). One of the forum moderator decided to send me a private message telling me to F*** off and no one gives a s*** about my problem and if i kept it up i'd recieve a permanent ban, so i decided to leave it at that. When i tried to contact someone about this every person i got told me they had no power to do anything. Don't get me wrong i loved my xbox but i dont love poor customer service and no one should be treated the way they treat the customers.

        While I certainly agree that Microsoft's support is terrible (I've had to deal with them myself with the current Fifa '12 issue), and the reply from the forum moderator is completely out of line, if you make a comment that refers to possibly soliciting funds from other users on their service, you can't be surprised when they investigate it.

    As with any Support, it all depends on your wording, how nice you are being and who you actually are talking to.

      Exactly this.
      Both times I've had to deal with MS support regarding 360 problems, I've had people who knew their stuff, and helped me incredibly quickly to actually solve my problems.

    Woah woah woah woah woah. Woah.

    Since when can you migrate accounts accross regions?

      Yeah good point, hasn't there been quite a few of our british friends coming over and not being able to switch their details? Also thats u.s. to russia, you think that'd be harder. Strange.

      You can migrate to a country that was added. The UK, US, Australia, etc. are some of the older countries on the list of where Live is available. You can't migrate to one of them, but you can migrate from them. People from countries that didn't have Live tend to pick a country near them that does. Once their country gets it, they can migrate to their own. Russia was added later and can be migrated to.

    lol, i am not surprised at all.
    and having a pc only for gaming won't save you from crap like this either.

    I used to play world of warcraft, and had my account hacked, the result was almost the same, i got my account back after several phone calls to blizzard , with faxes of photo i.d and cd keys, then two days later got permabanned for attempting to sell the account while it was out of my control.
    Trying to explain to them that the bannable offence happened while the account was stolen was quite difficult, and i felt quite lucky to get the account back in end, but it soured me on anything game related where the security is'nt under my control.

    Ha he doesn't sound like a University Professor.... playing on xbox live and letting his details leak to Russian hackers.

    Oh wait they said he was an American professor? Now it makes sense. Cool story btw.

      All my uni lecturers/tutors/etc are gamers (even head of faculty). Although I am studying game development. Games are for adults too you know....

    what a load of shit gonna break one of my 3 xboxs

    "... letting his details leak to Russian hackers."

    LOL! Put your head back in the sand buddy, there is nothing wrong with Xbox Live security and everyone that has had their account hacked has been stupid and let their info leak.

    Yeah right. MS refuses to admit that its live account system has been thoroughly owned by hackers for months now.

    Seriously we are all treated like 11th century peasants when it comes to digital ownership. What the world needs is a universal 'Magna Carta' for digital ownership.

    I had a similar run-around with microsofts useless team. The hacker got into my emails and everything, made purchases, and continued to steal neraly everythin on the internet I owned (including steam). I recovered every single one of my accounts quite easily, except my hotmail, which took about 6months. They kept saying that I failed to provde enough information to prove my identity. So I replied: "Ask me anything, and I will give you an answer to prove I am who I am". They never replied. I think I opened like 4 cases all up, and it was mostly due to their lack of effort, I very rarely got a reponse from support, and when I did it was some generic copy+paste bull.

    For all the people asking how can they do this sort of thing, actually read the Terms of Service you agreed to.

    I'm surprised it doesn't read "If the product fails to work or does not even exhist you should feel honoured to have given us your money for no benefit to yourself what so ever."

    And when I read that line I decided not to sign that immortality contract.

    Good lord, poor guy. I hope the hackers get what's coming to them!

Join the discussion!

Trending Stories Right Now