Users at risk from Xbox Live account hackings

By on

Hackers have hijacked the Xbox Live account of a celebrity gamer and took off with a prized piece of virtual armour in an act that could suggest that the online Microsoft service account holders are at risk.

Colin Fogle gain widespread attention and acclaim in gaming circles after posting a video showing how it was possible for a Halo 3 player to shoot and kill himself with his own sniper rifle. The creators, Bungie Studios, were so impressed that it had awarded him with a special piece of in-game Recon armour and also publicly.

However, after the video, the 18-year-old has said that his account has been hijacked three times. The recent takeover came on December 29, when he was suddenly logged out of his Live account. When he tried to log back in, he got error messages saying the password didn’t match the user name. As well, since the accounts contain credit card numbers, home addresses and login information to your Windows Live account; it is seen as identity theft.

“With this kind of information, they can steal much bigger things than my virtual armor,” Fogle said to The Register.

“If somebody doesn’t like you, anyone can do this. The thing that upsets me the most is that, as we looked into this more and more, we saw how easy it is.”

Checking the Xbox forums, it is not unusual to see that subscribers to report that their account has been taken over.

Kevin Finisterre, a security researcher and a Xbox Live enthusiast, has also been investigating this topic when someone broke into his girlfriend’s account in March after the pair accused some gaming rivals of cheating during a spirited season of Halo 2.

“At the end of the match, we voiced our opinion and a kid says, ‘Shut up or I’ll steal your Xbox Live account,” Finisterre said to The Register, “About eight hours later, I wasn’t able to log into my girlfriend’s account.”

According to The Register, hackers frequently will call the toll-free number and pretend to be the owner of the account they want to take over. They will provide the Live ID and then ask for the physical address that the account is associated. They will also call back and ask for the phone number. This then provides enough information to convince a support person that they are the rightful owners of the account.

Microsoft representatives did not respond to any questions provided by The Register. Meanwhile, the thief sporting Fogle’s armour currently is taunting the owner.