Xbox Live Account Hacked? Credit Fraud? No Customer Service If We Don’t Consider You A Customer, says Microsoft.

I apologize for the lengthiness in getting to the point in this article, but I feel that it’s important to precisely describe the situation that lead up to why Microsoft does not consider some of us to actually be their customers, and how they will therefore turn a blind eye to credit card fraud and account hijacking on their online service.

 

Hi. My name is Greg.

You can find me on Xbox Live using the Gamertag “Gregalor”. However, I almost positively won’t be online and if I am I won’t be able to play any games with you. Confused? So is Xbox Live Support and their fraud investigation team.

You see, I primarily play games on the PC and I don’t actually own an Xbox 360 yet (due more to lack of money than lack of desire, and already having a backlog to get through). You may have heard that Live on PC is a thing that exists; but probably not. In fact, its usage is required to play certain games. If you take a look at my all-time Live activity, you’ll see a scant duo of titles: Batman Arkham Asylum (which requires Live) and Viva Pinata (which was on sale for 99 cents, and opened the door for $125 in unresolved fraudulent activity on my account).

It's okay, you can laugh.

It was Tuesday morning, August 23 and I was toiling away at my office job when I decided to take a break to check my email. At the top of my inbox were two bizarre emails from billing@microsoft.com.

“Purchase confirmation for Xbox Live 6000 Microsoft Points bundle”
“Purchase confirmation for Xbox Live 4000 Microsoft Points bundle”

Uhhh, what? I think I would know if I had spent $125 on Microsoft Fun Bucks, quite a feat for not being in front of a computer at the time of purchase. My brain went to Code Yellow as my first thoughts were of phishing schemes or spam. Ignorable. The only way to be sure was to head over to xbox.com and, more importantly, to check my bank account.

What are these, and what do I do with them?

Okay, yes, that is certainly 10,000 virtual monies in my “created-because-I-had-to” Xbox Live account. And my bank account is indeed missing $125. How did this happen? Oh, right, I had a credit card on file from when I bought Viva Pinata on a whim during a 99 cent sale. Did some well-meaning hacker crack my login credentials and buy Points with my Visa, figuring that I could really do with some right about now? What’s the point? It’s still my account. Wait… Oh no…

Code Red.

I quickly visited the Password Reset section of my account. I still had access, but for how much longer? The page loaded and my fears were confirmed. There it was, the address “mustaefr@guerrillamail.com” sitting in the “Alternate Email Address” field like a cancer, ready and waiting to have a password reset confirmation mailed to it. This is why it was pure providence that I checked my email when I did. GuerrillaMail is a service that provides temporary, anonymous, free email addresses that people can use to register for websites without fear of signing up for spam; it’s also very popular for less-than-honest purposes. I knew that whoever it was, he was sitting on that account page, too, both of us occupying the same private space in separate dimensions.

Immediately I removed the alternate email address, re-confirmed my own email address, changed my security question, removed my credit card, and changed my account password. Then I called Live Support to get what I figured would be a simple refund on unused virtual goods. Little did I know that my money would instead be trapped in a month-long limbo of mistrust.

 

Upon calling, I explained the situation and was commended for my prompt re-securing of the account. The operator seemed at odds with what to make of the fact that I had a Live account but not their console, which caused me a chuckle. Games for Windows Live has become reputable in the PC gaming community for being neglected and mismanaged by Microsoft, but here was their Support staff seemingly ignorant of its very existence.

The operator gave a knowing “Ahhhh, yes” when I mentioned GuerrillaMail; she was familiar with this tactic. She explained that my account would be locked for security reasons for a few weeks while a fraud investigation took place. I was optimistic that their records would show the suspicious activity that I had described, proving that I hadn’t been the one to make the purchase. I was reassured not to worry, that my chances were good. I had expected the refund to be a swifter process, but I was told that this was the standard procedure. An annoyance, but fine, corporate bureaucracy, I get it.

 

A month went by. Monday, September 19, the email arrived.

“Your report of unauthorized access to your Xbox LIVE account was reviewed by our fraud investigations team. We’re pleased to let you know that we found no evidence of unauthorized access to your account. “

Yeah, I’ll bet you’re pleased.

So I called, of course, having to re-explain everything. This operator was also somewhat flustered by my lack of their precious box. I didn’t even care about the security breach, I took care of that myself; all I wanted was for them to change the number “10,000″ on a screen to a “0″ and give my money back. Back to square one, no harm, no foul. I didn’t see why a month-long investigation was necessary for a standard retail scenario that takes place in millions of stores every day.

After being put on hold twice for about 30 minutes, I was ultimately told flat-out that nothing could be done, that their investigation could not proceed because I didn’t own an Xbox. That’s right. They don’t consider me to be their customer, they don’t have time for me because I didn’t buy an Xbox 360. Never mind that they have 125 of my dollars and I have a very large sum of virtual currency that is useless to me. I don’t own the device on which they are redeemed. That’s like buying my 60 year old technophobe mother a $125 iTunes gift card.

I was told that what I must do is convince my bank that these are fraudulent charges, and have them do a charge-back. If that’s the next step, so be it, but now I’m worried as to what sort of standing that will leave my Live account in. Will I someday buy an Xbox to then find out that my account was banned? No longer able to use that Gamertag? Forced to start my Gamerscore over from 0? My Arkham Asylum save files (which are stupidly tied to your Live account) rendered inoperable? The copy of Viva Pinata that I purchased from the Live Marketplace (I guess that doesn’t count in their book) no longer under my ownership? Thank god I haven’t yet gotten around to purchasing the Minerva’s Den DLC for Bioshock 2, or started the time-sink game Fallout 3, or I’d be worried about my future access to those, as well. They assured me that a bank charge-back would have no negative impact on my account, but my confidence in their word is understandably shaky.

Be warned, 360 users. If someone hacks your Live account some day and buys Fruit Ninja HD on your dime, you may want to think twice about telling Microsoft that you didn’t buy a Kinect.

 

Microsoft: If this is indeed your hacking/fraud policy, I find it disturbing. It is not acceptable to ignore credit card fraud that was committed on your service on the grounds that the victim doesn’t own the device that you want them to own. It costs you nothing to simply reset some intangible numbers, refund some money, and let bygones be bygones. This could have been a very simple matter, but now look at what I’ve had to do. By the time you read this it will be too late for you to make good; the bank will have already been notified. I don’t get by on a lot of extra money after debts and bills are factored in. And yet I was very understanding of your procedure, waiting a month, a month when I really could have used that money. But you blew it.

It is too late for you to make good of your own volition so now it’s my turn to take my money back. You didn’t even lose any product to whoever committed the fraud, so I leave public shaming to be your punishment. I hope everyone who reads this is as appalled as I am at how flippant and uncooperative you were over a serious matter like credit fraud.

Why are unused non-physical products becoming increasingly harder to return than physical ones?

No. Fucking. Shit.

 

Greg Knight lives in Los Angeles with his wife and cat. He doesn’t own a 360, but he does own an original Xbox and 39 games for it, 42 Xbox 360 games (ready to play when he finally buys a 360), a wired 360 controller for PC games (some of which are published by Microsoft Studios), and a Windows 7 upgrade disc. He thinks he has spent plenty of money on Microsoft.

 

UPDATE: Less than a day later, the issue was resolved. Thanks for all your help!

Tagged fraud, games for windows, microsoft, xbox 360, xbox live

Comments

  1. whimura says:

    It’s so simply, meanwhile the consumers don’t defend their rights and allow companies do whatever they want, this kind of things will continue happening. The reason is on your side but even if we are paying for their products we don’t have any mean to defend ourselves from this kind of companies politics.. I hope you can get your money and your rights refunded. (And they (the companies) are always wandering why there are so many people hate them and other ones that support piracy…)

  2. Juan says:

    That’s a shame Micro$oft

  3. Joe says:

    I do have an xbox 360 and had 6000 MS points hacked on July 3rd. Today is October 20th and the “investigation team” has yet to respond. It doesnt seem to matter if you are a customer or not they are not going to give you service. Looks like Sony and Apple purchases in my future.

  4. Lee says:

    Yep, I’m in the same boat. My family mambership (at £80 per year) is suspended. MS don’t give a shit. been 2 months now. Got a telephone call last week to update me. The rep said that there was “no progress” – what a waste of time. I am So pissed with MS right now. I have Forza 4, BF3 and 2 copies of MW3 that are virtually useless to me without live.

  5. Diane Reardon says:

    Back in October money was stolen from our bank account via my son’s xbox live account, by a hacker. The hacker bought £85.00 worth of microsoft points. We discovered the money had been take the following day and immediately notified microsoft. Microsoft said they would investigate.
    In November we received an email from microsoft saying that their investigation concluded that the money had been taken fraudulently and we would be getting our money back. They said this would take up to thirty days.

    Thirty days came and went and still no money. At this point, we made the first of many phone calls to microsoft asking why we had not had our many back. We have had several explanations including the rather lame excuse that the refund was coming from America and that it would take time to come through to our bank account. In this satellite age, I found this excuse rather ludicrous.

    Five months later and we have been refunded just £17.00 from microsoft (this equates to one of the transactions made on our account. The money was taken in three consecutive transactions of £17.00, £17.00 and £51.00). Our last contact with microsoft was about two weeks ago when they said they would have to start another investigation. We have heard nothing since nor have we had any further refunds.

    We cannot afford to lose this kind of money, we are not wealthy people and we need every penny we can get, and just cannot afford to ignore microsoft’s refusal to give us this money back.

  6. Cary Wynans says:

    A further issue is that video gaming has become one of the all-time biggest forms of fun for people of all ages. Kids play video games, plus adults do, too. Your XBox 360 has become the favorite gaming systems for those who love to have a lot of activities available to them, as well as who like to play live with other people all over the world. Many thanks for sharing your opinions.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>