Monday, February 13, 2012

XBOX update

I wrote about the "unauthorized access" (aka hacking) of our XBOX account a few weeks ago - here's the update. 

After another phone call to XBOX, I found out that it can take up to FOUR TO SIX MONTHS to restore our account (meaning four to six months to return our points to us, to return our gamer tag to us, and to make sure that everything we've purchased or saved comes back into our name). The reason for this - our account was "migrated" to another region or country. (Apparently our account wanted to create a better life for itself and its children, be near better schools and drinking water, and not be judged for its accent or the colour of its pixels but the contents of its heart.) So they have to restore our account from scratch to be the way it was on December 29th, before the hacking started.

In the meantime, I can't access any saved games, I can't download information, I can't download content or new games, and I can't see leaderboards to know how we've done as players. I can't download stuff for our youth programs, like games for competitions or new content for Rock Band or Guitar Hero. I know this seems like a first world problem - oh no, I can't play video games! - but someone managed to hack into our account, steal our identity and steal the equivalent of money, and to me that is concerning. The fact that it is taking forever to fix the problem without any contact from XBOX - they've admitted they wouldn't have been in contact if I wasn't the one calling - is very concerning. They talk about unauthorized access, instead of using the words "fraud" or "theft"

As an aside...I think that's part of the problem. Using corporate speak sanitizes the matter. It isn't unauthorized access - it's theft, hacking, and fraud. It's illegal activity. Our account didn't migrate - it was forcefully moved to another location. Why make it sound okay?

As an aside, I spoke with Jennifer and Cody today at XBOX and they were very helpful. Patrick on January 27th was great, but last week's conversation with Kyle and Travis didn't go so well. Why today is the first time I'm hearing that it could take four to six months to restore our account I'm not sure. 

How not to be me? DO NOT PUT YOUR CREDIT CARD ON YOUR ACCOUNT. Buy points. And don't buy a lot of them. Buy a Wii. (The Playstation network isn't secure and I think we can extrapolate that XBOX isn't as secure as we'd like, either. I've never heard anything about Wii getting hacked.)

May I suggest a few games for the Wii? If you want a good party game, I'd suggest Super Smash Bros., Mario Party 8 (although 9 is coming out shortly), and Mario Kart. Animal Crossing is a fantastic game and any of the Harvest Moon games. (Yes, a farming simulator. I remember when Raymond brought it home - a farming simulator? And I've played it for years and years and years!) It's a fun system for the whole family!

More updates soon...


Ingrid said...

Hi Susan,

I can sympathize with you. My credit card # was stolen last year and they managed to rack up $8,000in 2 weeks. Thank God I had called Visa for an updated balance, our statement was not due for another 2 weeks. They could have put us in the poorhouse. Or rather Visa's poorhouse.
I was dumbfounded to hear that Visa simply reverses the charges to the mechant and the merchant will do NOTHING to track down this vermin. There were charges for playstations, I-tunes, bus tickets, Rogers phone cards and internet movies. They told us people steal the card number and sell it - Try your luck and see how many purchases can be racked up before the cardholder puts a stop on the card.
Very upsetting - yes- But until the merchants decide that enough is enough and employ security personnel to track these people, nothing will change, I'm afraid there is nothing we can do about.I really hope you get your credits back - you are doing a great job helping the younger generations.
Big Hug,

sl meyer said...

For subscriptions to services like NetFlix, Wii, Amazon On Demand and whomever, get a reloadable debit card and have your payments made from them. Only put the money needed for those subscribtion and payments on them. If it or the site itself gets hacked, snatched or jacked, you are only out what's on the card. and then you can cancel the card. Also, when you set up your site accesses and DC passwords/pins, pick names or things not even remotly related to you or those close to you. It's amazing how passwords can be cracked just by following an online trail and deciphering the habits, likes and then the passwords.

Susan Barclay-Nichols said...

Ingrid! I'm so sorry for having to go through all of that! Security is so lax these days! Little wonder it's worth the risk to the criminals, eh? And considering when I got my iPod stolen right out of my purse by someone we knew, the police did nothing. And considering when I've had my car broken into, the police did nothing. And considering when a young person stole money from my wallet and confessed to me and the police and the restorative justice board, the police and the board did nothing, it's little surprise that people see stealing things as being no big deal. After all, nobody does anything about it!

Hi SL! I didn't use a credit card on the account. My issue is with the taking of our name, our saved games, and so on - personal information - as well as points, which we bought so we didn't have to use a credit card on the account.

And no one could guess my password. It's a phrase I heard on TV when I was setting up my first internet account in the mid-90s. It has nothing to do with me - it's not my school, my husband's name, my dog's name, or even a show I like - so there's no reason someone should be able to hack me by knowing social information about me! (It's on par with making something like "the sealy mattress event" my password. It was something random on the TV at the time! I forget it sometimes!) We've done everything right - my husband is/was a computer programmer - and our security is tight!

As I've said before, if they had written to us and said "Hey, it looks like you're changing your name, password, security question, country, and language. Are you sure you want to do that?" in an e-mail that we had to click, this wouldn't have happened. Microsoft is the one with terribly lax security!

You offer good advice! Thanks!