Microsoft Thinks You Stole $67.50 From Your Own Xbox Account

In recent weeks, we’ve heard from quite a few Xbox Gold customers who report that points have been stolen from their accounts, but Microsoft doesn’t seem terribly concerned about it, or about stopping the account breaches. Today’s example: reader Jesse, who loaded several cards on his account before a move, for some reason assuming that the points would be safer in his account (in the cloud!) than packed for his move. Not so. Someone spent those points on content that Jesse never downloaded, and Microsoft isn’t giving him those points back.

Being a gamer, I own an Xbox 360 and subscribe to Xbox Gold. I can’t say my Xbox get a serious amount of love, but I do bring it out from time to time.

A while back, there was a deal for 1600 Point cards and I bought 4 or 5 of them. I would use them as needed. I was in the process of moving and instead of simply packing these cards, I added them all to my account thinking they’d be safe.

Well then in June of this year, someone got into my account and went on a spending spree and spent 5400 points ($67.50 MSRP) on a bunch of content. They then tried to buy more points using an expired credit card.

I started up my Xbox one day in July and couldn’t get into my account. I went through the full account recovery and password reset and was able to gain access to my account again. I noticed the problem and called Microsoft right away.

I told them about my problem and asked about getting the points back. They said this shouldn’t be a problem and I provided them with a bunch of information. They insisted on locking out my account so they could assist me in recovering it (I already had it back and changed the password, email and anything else to prevent someone to get access to it again).

Six weeks pass and finally I get an email from Microsoft informing me of how to recover my account. They provide me with 2 codes to extend my Xbox Live subscription and then inform me that no unauthorized purchases were made on my account when it was out of my control.

I call them back a couple days later and ask them how they came to that conclusion. They proceed to tell me that they understand my frustration and will need to lock me out of my account again to help me in recovering my account to get the points back.

Then early November rolls around and I get a similar email, this time telling me that it looks like I already regained control, provide 2 months of Xbox Gold for free, and tell me they would refund any of the points used during that time within 10 days.

Being the impatient person I am, I call Microsoft again, ask them to look into the Service Request to see if they were going to refund anything. The Service Rep says they don’t have anything in the system and he opens another case to get the points refunded.

Its been a full month now, and I’ve yet to hear anything back, but I’m sure they’ll tell me the same thing they have the last 2 times.

So now I’ve let my Xbox collect dust for all these months and I still am no further to getting any of these points back. Of course I was dumb for putting all the points into my account, but I didn’t know it would be that hard for them to see that my console didn’t download the content and they could easily mark the downloads as fraudulent, refund my points, and block access to the content on the thief’s console, but I guess that’s asking too much from a service that charges an annual fee to provide a better experience.


Edit Your Comment

  1. Dr. Ned - This underwear is Sofa King Comfortable! says:

    So maybe I missed it, where in this post did Microsoft accuse him of stealing 67.50 from his own xbox?

    I get that Microsoft is being a pain in the ass about resolving this, but it doesn’t look like MS is blaming the victim here…

    • SkyRattlers says:

      Microsoft is definitely providing some bad customer service here but once again Consumerist is sensationalizing an otherwise normal and not unique story.

      • Firethorn says:

        That it’s ‘normal and not unique’ makes it even worse, doesn’t it?

        It’s one thing if a customer with an unusual situation has a bad experience with a singe representative or store. It’s another if said bad experience is routine.

      • little stripes says:

        This shouldn’t be normal and unique.

        Also, if they aren’t accusing him of using points that he did not use, why won’t they return them to him? Hmm?

    • technos says:

      He had 5400 points ($67.50 worth) on his account. Someone stole the account, changed the password, and spent them.

      Microsoft claims that no unauthorized purchases were made by the other party, implying that he made them.

      Thats where he gets ‘Microsoft thinks I stole $67.50 from myself’.

  2. LightningUsagi says:

    Don’t they have a way to track content that was downloaded? If it didn’t go to the console you have registered, chances are you aren’t the one who purchased the items.

  3. midwestkel says:

    I hear about this happening all the time to people but I don’t understand how it happens because the points are supposed to be tied to that account and I didn’t think you could transfer them.

    • ajaxd says:

      Apparently thieves gain access to somebody’s account, spend all points on the account (and maybe use CC if it’s tied) to buy certain downloadable content (like FIFA player cards). The content can be transferred and traded for money to other users.

  4. dwtomek says:

    How is this happening? Points are non-transferable, purchases are also non-transferable between accounts. Are people stealing accounts?

    Decided to actually read before posting comment. Yes it would seem he let his account get phished, or had a ludicrously easy to guess password. Account recovery would not be conducive to brute force entry. Lesson to OP, dont get phished.

    • Loias supports harsher punishments against corporations says:

      That’s not a lesson. A lesson would be “develop a stronger password.”

      If I got mugged, your lesson would be “Don’t get mugged.” Real helpful.

    • tsukiotoshi says:

      I know there was a rash of it going around when other websites were hacked and account information was stolen. The information thieves then go to places like xbox live or amazon and try out the account information. If someone unwisely used the same username and password everywhere they were boned. A cautionary tale to use, at the very least, unique passwords on sites!

      • Blitzgal says:

        This is exactly correct. I had the same password for my Playstation and my Xbox, and stupidly did not change my Xbox password after the Sony hack. I had plenty of time. It wasn’t until that group released all of the passwords onto the internet that my account was compromised. The scammer bought a bunch of points and transferred them to another account. Luckily I still got the email notices that I was buying stuff and cancelled my credit card that same afternoon and contested the charges. My credit card company was much quicker in refunding me my money than Xbox was in “investigating” and returning my Xbox live account to me, but they did eventually get it back under my control. I don’t play enough to warrant a gold account anyway, so I no longer have any payment associated with my Xbox live account.

        • tsukiotoshi says:

          That is the way to go. I don’t keep any payment information on Xbox live and just use point cards on the rare occasion I need to purchase something through live. To be fair, though, I do this less because I worry about hackers and more because I don’t trust Microsoft.

    • erinpac says:

      I had my account hacked recently. The password had been saved in my Xbox for a long time, and was a random bunch of characters which I no longer had access to. It wasn’t ever on my computer or given away because I wouldn’t have been able to remember it.
      The email associated showed no outside access, no odd IPs recorded – they were not able to actually change the info or recover a new password, just log into the account and spend my points. Also, luckily no payment method was attatched – I’ve always purchased point cards.

      Luckily, Microsoft returned everything, but it did take them about two months. I reported the compromise the week it occured; directly after I’d added two 4k point cards from a sale. Usually I do not have many points, so it was quite noticable.

      Normally, I’d also figure that a phish, or shadey point buying, or shared passwords were the problem… but it seems like a lot of these are going around lately, my password was no where but the xbox, and the xbox had only the usual Microsoft stuff on it. Perhaps I should have also used an email that was never used for real purposes, but that alone would not give them a random password. This is more than just phishes.

    • coren says:

      Yes, stealing accounts, then buying a bunch of FIFA 12 shit (or at least that was the hot thing when mine got taken in October) which can be sent to other people (probably sold for half their retailer value). It’s a real racket.

  5. Emidawg says:

    I recently had my account stolen. Apparently my account was added to a family account without my consent and they proceeded to spend 120 dollars on the credit card I had linked to my account. Microsoft has told me that since the account was migrated to China I will not likely see my account back for 6 months. So I have a gold subscription account with at least 6 months left that I cannot use. They suggested I make a new account but “not buy anything” until I get the account back. When I asked what to do about the gold account they told me that if I start a new account I get one month gold free! Ok… 5-1= 4 … that’s 4 months of gold account I wont have to use. They should really give me 6 months of gold on a new account for free while they figure out how to get my account back from China.

    Not to mention my bank is treating me like Im the criminal when I went to contest the charges… From what I understand most banks will refund you the money right away on good faith… my bank told me 60 days. Guess who is switching to a credit union as soon as this stuff is sorted out?

    • Emidawg says:

      That math is good… it should read 6-1=5 … 5 months of gold account I wont be able to use.

      Sorry I’m really frustrated at the moment. I caught them stealing right as I was about to go out on a date and it totally ruined the evening!

      • TheMansfieldMauler says:

        I caught them stealing right as I was about to go out on a date and it totally ruined the evening!

        …because you didn’t have enough points to pay for your virtual date?

        • dwtomek says:

          More likely is that he was planning on using funds from his now depleted account (credit or debit).

        • tsukiotoshi says:

          I kind of assumed it was because he was bummed out someone was stealing from him. I’d be pretty bummed out, anyway.

    • Don't Bother says:

      I had a similar experience with my bank. My card was skimmed and they drained my account in two days (I didn’t check my balance until the third day because I had “a feeling” about the balance).

      They lead me through loop after loop until telling me my claim was denied. Let’s just say, I had my family members, who were also banking there, threaten to pull all of their accounts if it wasn’t resolved.

      Suddenly the money was in my account the next day plus.

    • Gorbachev says:

      That’s just not the standard procedure Microsoft follows on these issues.

      Call in again until you get a rep who actually knows what’s going on.

      I belong to a large online gaming community, with several hundred XBL users, and we’ve had several members go through this. All of them got their accounts back in very short order (days, not months). The rep you talked with didn’t follow the right process.

      • Emidawg says:

        The fellow with Microsoft said that because my account had been migrated to Chinese servers, it could take up to 6 months for them to be able to return the account to me. He also said it was possible I would never see my account again and that should that happen they would refund the remainder of the balance of my Gold subscription and any purchases that had been made on the account before it was locked down.

        Until either of those things happens it seems that I am in Limbo as far as it comes to playing online with my Xbox.

        PS – Yes it ruined the evening because the bank automatically cancelled my bank card which left me unable to pay for the evening. Most places dont accept checks anymore and since it was after 5pm there were no branches open to withdraw funds. Instead of a nice Italian restaurant it was hot wings at a local bar with what little pocket money I had.

        • BBBB says:

          “…the bank automatically cancelled my bank card which left me unable to pay for the evening…. “

          That is why you should have a backup bank and thus a backup card for this type of situation.
          I always have at least two bank ATM (not debit) cards and two different types of credit cards. Every few years I have one of the cards not work (usually an unexplainable one time failure) so I use another one and the crisis is avoided.

  6. ungeheier says:

    “Of course I was dumb for putting all the points into my account…”

    No, you’re dumb for having your account ‘hacked’. Also too, there’s history on EVERY purchase done on the Xbox. You should be able to see the addition of EVERY card he put there, and then ALL of the purchases he claims he didn’t make. Once he identifies those purchases he didnt make, he should ask to be refunded for them…

    I wonder if this guy gave his password out to anyone to get achievement points or something, or just had a really dumb password.

    • oblivious87 says:

      As i’m the one who sent this in, I’ll tell you this much, I didn’t provide my account to others as I could care less about the gamerscore. The password was a combination of lowercase and uppercase letters and numbers. It was not however a unique password.

      I told them the dates I added all the points from their own transaction database as well as all the transactions they went on a spending spree with the points with. They can’t seem to figure out that the guy speaking in Portuguese and adding a whole slew of friends from another country. If they even took 2 minutes to look at my account, it was easy to see that I didn’t have control over it.

      Its simple, I wrote this as a warning to others that Microsoft is useless when trying to resolve these issues. In the end, I won’t be resubscribing to Gold when it runs out and I won’t be purchasing another console from them when this one dies again.

      • ungeheier says:

        Uh, ok. So was this password used for other websites?

        I’m starting to not believe this… Ive had to deal with MS in the past with Xbox issues, but there’s always been a light at the tunnel. Curious as to what your tone is with them though. You should escalate your problem to the very top of their chain (its what I’ve done before and got results).

  7. SerenityDan says:

    Not surprised. A few months ago I saw a charge for xbox live on my credit card (My Xbox was at the time broken, and I only ever used the card to buy points, so I knew it was not an auto renew of LIVE)

    I call them and they tell me that it was used t buy points and they do see my Xbox has not been online for almost a year. They swear my Xbox account was not breached and someone must have gotten my card number some how. OK so I go about reporting fraud and get the card canceled.

    Fast forward to Black Friday when I buy a new Xbox, sign on to see most recent games are games I do not own and have never played. Eventually got them to admit that it was their system getting hacked and not me “having someone scan my card and get my number with a machine while walking by even though its in my wallet.” I swear to God that’s what they told me might have happened the first time I called.

    • ungeheier says:

      Why didnt you change your password anyways? Even if you DID expect you were hacked??

      • SerenityDan says:

        Why would I bother changing anything on my Xbox account when at the time I didn’t have an Xbox? The only card that was attached to it was the one I had to cancel. I did change everything when I got the new one, that’s when I saw the recent activity of games I’d never play.

        • ungeheier says:

          Because if there was a charge via an Xbox and your xbox is broken, it would look to me like someone is using your account without your authorization, regardless of what MS says…

          • SerenityDan says:

            Maybe, but not having an Xbox all I was worried about at the time was protecting my credit. I’m not saying you should not do that, in fact yeah I should have signed on to the website to check my activity before calling them but the point I wanted to make was that they just tell you anything to get you to hang up.

  8. Applekid ┬──┬ ノ( ゜-゜ノ) says:

    Just file a complaint to arbitration. I’m sure they’ll be… *hng*… fair and honest and…
    Yeah, I just can’t keep a straight face.

  9. cheezeit says:

    Ok, i’ll bite. Where’s all the screaming for MS heads because of security breaches they don’t seem to care about? Is it because the breaches aren’t as big as the Playstations?

    I’ve been down this road twice with MS for my original Xbox account. I keep getting emails about points trying to be added to my account with a credit card that has been in-active for 5 years. Call MS and they say something along the lines of, “nothing was taken because the credit card is inactive. We’re not going to persue it and you should just be happy.”

    • wallapuctus says:

      There’s been a lot of raging about this. These thefts have been going on for almost 6 months, and MS’s official line is it’s all a phishing scam.

      There’s plenty of people that have been compromised and had their credit cards charged that did not lose their account keys to a phishing scam.

      Something stinks at Microsoft, but since the hackers won’t declare their breach (since it’s making them money), MS will continue to blame the compromises on social engineering, phishing, or user error.

      I sent Consumerist a tip about this ongoing problem months ago but this is the first post I’ve seen about it.

      • benbell says:

        I too sent consumerist a tip about this. I have not played xbox for over 8 months and somehow my account was breached and used to purchase all sorts of points and spent on FIFA crap. I can assure you that I certainly was not phished. Is it possible that another site was hacked and these people are using those passwords for live accounts? Possibly except the fact that my brother and my accounts were both hacked the same exact day and he does not frequent any of the sites I am on regularly. Our gamertags do both happen to be the same with the exception of a number at the end.

        I managed to get 1 charge refunded my Micrsoft, Amex refunded another charge and Microsoft gave me all my points back. They did, for some reason, cancel both mine and my brothers gold accounts just 1 week after they gave us access back to the accounts (it was a 5 week resolution process while we were locked out). I called support again and they gave me credit for my months I had left on my gold so no harm was done there except for the pain I had to go through to re-setup my gold account.

        In the end, I believe Microsoft has had some sort of breach. This has happened to too many people in a short period of time for it to just be coincidental.

        • The_IT_Crone says:

          Don’t forget the Gawker account hacking. Too many people used the same passwords for their other accounts, and it set off a chain reaction.

          Also it would be easy if they had your email to go into it and find your XBL username, and then request a password reset for XBL- which is likely sent to that account, right?

          • benbell says:

            Not getting in my email, gmail with 2 factor authentication and every Google security layer set up, unique password 12+ numbers characters letters and unique. I know the accounts I need to keep secure.

            Like I said, yes the password I had before was used on other sites. But what are the odds that BOTH my brother and my accounts were both hacked on the same day within hours of each other? Our emails don’t start with the same letter, our passwords aren’t the same, the only thing that is really similar is our last name and our gamertags. We don’t use the same computers or live in the same house.

      • The_IT_Crone says:

        Eeehhh, I’m not ready to go all conspiracy theory on this quite yet. Though I’m one of the people who refuses to associate a credit card with their XBL account. Prepaid all the way.

    • The_IT_Crone says:

      The PlayStation breeches were of their actual servers being hacked.

      The Microsoft breeches are of individual accounts being phished or hacked because of bad passwords. Or because people used the same passwords for PlayStation and Xbox and didn’t change them when Sony’s breeches were announced.

      Those situations aren’t even comparable. Now, MicroSoft’s handling of the breeches is left to be desired, but still.

  10. Kimaroo - 100% Pure Natural Kitteh says:

    Microsoft is very poor at dealing with Xbox account breaches and things like that. I do not own an Xbox, and never have, but one day I was checking an email address that I don’t use very often and found that someone had used my email address to register their Xbox live account.

    I emailed Xbox Live support and they sent me back an email saying that they were sorry my Xbox account had been compromised and told me to never give my passwords to anyone while I’m playing online.

    I was extremely frustrated and disgusted by this response, so I just used their “forgot password” feature to completely shut down and disable the Xbox account that was tied to my email. Taking matters into my own hands was the only option Xbox gave me, so that’s what I did.

  11. Conspirator says:

    I recently had three purchases of points with my credit card but nothing was purchased with the points! MS did their investigating thing, refunded my credit card and gave me two free months of Gold membership.

    In the process they had me read off my console number over the phone. I imagine to see what console was used for the purchase.

  12. Alessar says:

    This is similar to experiences that TWO of my friends have had this year. The timeframe of many weeks, the need to lock the account (the case is passed on to a completely different department than the people you speak to), the lack of refund or actually useful resolution, the lack of followup on promised date, the vulnerabilities that let people get hacked again and again … it’s all added up to me NOT buying an XBox 360, even with the nifty Kinnect. In comparison, the PS3 hacking wasn’t that big of a hassle and at least we got updates and compensation!

  13. Macaddct1984 says:

    I had this *exact* same issue. At the end of August 2011 I bought a 4,000 point card on Amazon for cheap, added the points. A few days later I noticed 2,400 points had gone missing.

    After looking at my account, somehow a digital PC game was purchased. MS investigates, it takes them over 3 months to decide nothing wrong happened.

    At least now I have Dead Space 2 I can play? Something I could have gotten way cheaper on Steam…