Man Loses Xbox Account To Thief, Gives Thief Virtual Smackdown

On Sunday night, Eric Graff put his son to bed. He flipped on his 360 and got ready for a session of Borderlands 2 with some friends. But when he tried to log onto his Xbox Live account, the password wouldn't work. His account had been hacked.

And then Graff did something usually reserved for daydreams and bad romantic comedies: he tracked down the hacker and found him/her on an Internet forum, trying to pawn off Graff's account for $US110.

Graff, who has used Microsoft's online service since it was first introduced almost a decade ago, has seen his accounts hacked before: last year, he lost an account named Fiend in a similar situation. So when Fiend II wouldn't work Sunday, Graff had some nasty immediate thoughts: "Shit! Did this really happen again?"

"First thing I did was call my 1800-4MY-XBOX customer support line to report this," Graff told me in an e-mail. "I knew that this process usually took days and was not looking forward to that. I thought maybe since I had noticed this only an hour or so after it happened (had checked my email not long before and it had worked) that maybe they could help me a bit easier. NOPE. Same ole same ole report email being sent to the unauthorised Access department, might get to hear something in a few days. That was deflating, but not unexpected since I had been through this process before."

So Monday, he got up and started searching the Internet for stories of Xbox hackings. Some googling let him to a Kotaku article about how scammers steal accounts (and what victims can do to protect themselves). He read about Forum Korner, a black-market website where people buy and sell other peoples' account information.

"I couldn't believe that a site like that could operate out in the open like that, it just blew my mind," Graff said. "Anyway, my brain just kind of filed that away and I gave up searching."

Later, he logged onto Xbox Live using a different account to look for Fiend II and see if anyone was using it. Someone was. The location and name had been changed -- the location now said "FK" and the name said "Forum Korner."

"That is when something in my brain clicked," Graff said. "Now this was hours after I had read that article so it didn't really click at first, but eventually I said to myself 'that name sounds familiar, where have I heard that before?'"

Then it hit him: ForumKorner.com. He immediately went to the website and entered FIEND in the search bar. This thread came up:

Legit 10 Year Tenure! PROOF

Selling legit 10 year Tenure account. You can add me as a friend aswell.

Current Bid: $US110

"My jaw dropped," Graff said. "I could not believe what I was seeing. Honestly I could not believe that I actually FOUND the person that stole my XBL account and was selling it on a website! That has to be a one in a million shot right?"

Graff was virtual face to virtual face with the person who had hacked him, someone going by the handle InsaneYo. Scrolling through the forum thread in rage, Graff found that people were very, very interested in buying his account.

"oh wow, that is a sexy account..." one poster wrote.

"Jesus, wish I had my money right now," said another.

So Graff made an account on ForumKorner, calling himself You Are Busted and fingering the culprit:

Hey arsehole. I found you. This is my gamertag that you stole last night. You are busted BITCH!

I now have screen shots of all 4 pages of this thread and you are all going down.

I have Microsoft looking at this page right now and everyone is IP logged. Sucks for you guys.

You fucked with the wrong guy!!!

Some people believed him. Others didn't. He continued posting on the forum:

Thanks. Fiend II isnt my original account. I was actually an XBOX LIVE! beta tester and my original GT was just Fiend. Too bad some other dipshit stolen that one last year. They probably sold that one on this site too. I have many friends that work for Microsoft, so this guy is soooo busted. I think he might have just changed the GT, but I have screen shots of everything so he can do whatever he wants.

Hear that knock at your door yet son??

InsaneYo wrote back:

If you have SO many friends working at Microsoft why haven't you got your original tag back? Kid just leave this site.

Graff:

So how did you steal it, just curious?

InsaneYo:

C'mon Eric, I thought you and your MS buddies would have known by now.

I work for Xbawkz and I dun hecked ur account.

This went on for a little while, and InsaneYo eventually admitted to stealing Graff's info. "It only took me about 5 minutes to take this," the hacker wrote. "Wasn't really hoping to sell this anyways as I know I wouldn't have had it for long, I just did it for the lulz."

Eventually a ForumKorner moderator closed the thread and banned InsaneYo from the forum. Graff says a moderator also sent him a private message saying "Don't tell Microsoft please."

"Yea buddy, I'll keep your secret safe," Graff snarked later in an e-mail to me.

But Graff still haven't gotten his account back, even after furiously calling and e-mailing Microsoft representatives several times to share his story. He says he has no ill will for the Xbox makers; he just wishes their security process was more transparent.

"Sure this whole experience has sucked, Graff said, "but I hope that sharing this story will make more people and Microsoft aware of all the stuff that is going on at ForumKorner and other sites like it and get it shut down."


Comments

    what smackdown? he still didn't get his account back- this is terrible!

    and then the "TO CATCH A HACKER"??

    where is the hacker caught?

      It's a twist ending!

    ...

    ...

    When did he deliver said smack down?

    10 years for 44563 gamer points?

    Achievment hunter - Sign this man up!!!

    and yes, I know it was his 'other' account.

    This kind of thing sucks.

    I had my Origin account stolen in July, just after a purchased Battlefield Premium. EA have kicked the pesky Russian off my account, but I still haven't got it back now two months later. :(.

    So, guy has poor enough security standards to lose two accounts, goes in to forum and yells at clouds, comes away with nothing. Yeah, he totally laid the smack down with that forum ban. Cool story, bro.

    All that effort. All those saves. All the DLC attached to that one account. Gone, because someone Dbag decided he wanted to make some money off of it. Disgusting. I hope this never happens to me.

    Yeah I have to say he found the guy in a forum but he didn't catch him, give him a smackdown, or frankly do anything to him. If anything the guy made himself look silly with the "I have friends at microsoft stuff". I feel sorry for this guy but the title of your article is bullshit

    I agree with all the bullshit calling.

    That smart thing would have been to pose as a buyer and gotten bank details.

      The*

        exactly, your in prime position to get name/location by posing a buyer or be-friending but instead he lost his advantage.

        such a anti-climax article, why is it even posted..

    Smackdown was not delivered sounds like the guy just embarrassed himself on some forum the title should read 'Idiot loses account and further embarases himself'

      Yep exactly, I would have pursued it to the point where you exchange paypal/account details so I had more of a hold on the guy.

    This article made me feel sad.

    Looks like the Forum Korner site is down - I get a SERVER UNDERGOING MAINTENANCE Message.

    I was hoping this would end with Chris Hansen walking out from behind a curtain saying "Why don't you take a seat over there?".

    I agree that the whole "I'm telling Microsoft!" bit is a tad lulzy. For maximum pwnage you need to get this guy's IP, inform his ISP then start searching for embarrassing dox on the guy. The real smackdown comes when you can give this guy his real name and location and inform his mother what he's been doing.

    I was totally with the guy... until his inner 12 year old busted out by calling on Microsoft.

    Need more linkbait!

    I dont get why people want to buy accounts with achievements, it's like buying someones life they have already lived and you're left with their postcards from said vacations... Wow aint that the best buy ever *facepalm* also why is this website still running, sounds more crook then pirating that's for sure.

    I was expecting a story on how he backtraced the signal and showed up at the guys house and gave him a good old fashioned pummelling .

    but no...

    1. How does one lose their account? I wasn't aware XBL was vulnerable?

    2. Who would want to buy someone else's account? What's the point of saying you've been on XBL or gotten 40000 achievement points if you haven't - and who would care enough to pay over $100 for it?

      Your Gamertag is associated with a Live account, and that Live account has a password that they either brute force or more often use various social engineering tricks (calling up customer support to 'confirm' bits and pieces until they get enough of your details to pose as you and get the password reset, or just checking facebook and finding all your details) and then after resetting your password to something new, they use the Gamertag recovery to take your XBL account b/c they now own the master account that it's associated with.

      Higher-tenure gamertags (10+ years like this guy mean you were in when XBL first launched on the Xbox, or even were a US beta tester), accounts with very high gamerscore and accounts with desirable names (most of the good shorter names are taken already) are very desirable.

        Yeah, but why is it desirable?

        I mean, who wants someone else's chosen name and years?

      Because idiots like this guy use passwords like Password123 and use this same password on multiple accounts. Your best bet is to use a long password with a mix of alpha, numeric, upper and lower case characters and change it every few months. I change mine every 3 months. I don't even know my latest Xbox live password, I have it stored in a passbook.

    "To get your account stolen and then having microsoft not help you with anything" Has a better ring to it.

    This is just stupid. The guy who delivered all that "smackdown" handled this in the worst way possible.

    He should have posed as a buyer, befriended the man, find out where he lives then organise some concrete shoes.

    Ah Google Cache... Looks like a mod stepped in and said they couldn't sell the account through their site if it was stolen, and the seller's been banned from the forum.

    vir·tu·al/ˈvərCHo͞oəl/
    Adjective:
    Almost or nearly as described, but not completely or according to strict definition

    Well I guess

    Wow do people really still pay to play sub fees just to play online? Anyone stupid enough to pay micro&soft to do what is free on every pc, ps3 or soon wii u has basically signed up to be ripped off already. Why the surprise when a company who over 15 years has not produced one secure browser cant secure your account. Its all a no brainer. Live failed on pc for a reason.

      It is worrying, i mean, isnt the point of the live subscription for security? Otherwise it may as well be facebook or psn.

        Funny you mention PS3 when giving examples of easy broken security.
        Mainly because XBL has been hacked a few times, they just pretended they didn't.
        Look it up.

        In all seriousness though, hackers are just the worst kind of people. Second only to those who make virus'. People like that should be drowned in shit

Join the discussion!