Xbox Live users having their accounts hacked and used for FIFA purchases

Posted 18 October 2011 02:00 CEST by etdragon

A slew of Xbox Live users are reporting that their accounts have been hacked and used to purchase content for either FIFA Soccer 11 or FIFA Soccer 12. Microsoft has responded, rather slowly, to these reports by locking down affected Live accounts for as many as 25 days to investigate the fraudulent activity.

One gamer blogged his story of his hacked account and his interactions with Microsoft trying to revolve the issue.

“Sure enough, all of the Microsoft points that were stored in my XBL account had been spent on in game items for FIFA 11(I don’t own that game… hell, I don’t even like soccer video games) and whoever spent my MS points had then tried to purchase more. Presumably, when that purchase failed, they abandoned my account and went on to steal from some other unsuspecting gamer.”

A Reddit thread was also started by another gamer to voice his frustration with Microsoft’s slowness to respond to accounts of hacking.

In all of these accounts the story is largely the same. A Xbox Live user will find a bunch of fraudulent FIFA 11 or FIFA 12 purchases on their account via email confirmations of purchases, missing Microsoft Points, or charges to their credit card. When those users contact Microsoft about the issue their account is locked down so Microsoft can investigate. Microsoft claims it takes 25 days to investigate a claim like this and they need the credit card information on file with the account to remain there for the duration of the investigation.

Neither Microsoft nor FIFA publisher EA is taking responsibility for a security breach. Microsoft responded to Ars Technica’s request for comment by issuing the following statement,

“We do not have any evidence the Xbox LIVE service has been compromised. We take the security of our service seriously and work on an ongoing basis to improve it against evolving threats. However, a limited number of members have contacted us regarding unauthorized access to their accounts by outside individuals. We are working with our impacted members directly to resolve any unauthorized changes to their accounts. As always, we highly recommend our members follow the Xbox LIVE Account Security guidance provided at to protect your account.”

While it is possible that Microsoft or EA isn’t having a security issue, the account information is coming from somewhere. It’s possible the hackers are reusing login information obtained from another database. The real issue isn’t how the hackers are getting login information but instead how Microsoft is handling it. Taking 25 days to investigate a claim like this when a large number of users are reporting the same problem is excessive. Even more annoying is the fact that getting a credit card off your Xbox Live account requires a call to Microsoft instead of a few simple clicks on the account management web page.

There needs to be an easier way to get credit card information off your Xbox Live account and a faster process for investigating claims like this. Waiting nearly a month to get resolution on fraudulent charges is insane. Was your account hacked for FIFA downloads? If it was tell us your story in the comments including how your interactions with Microsoft went down.

New Member
Posted on: 19 Oct 11 11:59
Found out mine was hacked this morning and phoned Microsoft. They say it can take upto 20 days to investigate which is not good when Battlefield 3 is due out next week so I won't be able to get on. Why they need to take 20 days to investigate it is beyond me. I wish I could find out who it was that did this as well.
0 Agree

MyCE Resident
Posted on: 19 Oct 11 18:29
Typical Microsoft buffoonery. And its disgraceful the lack of security keeping Xbox Live users credit card numbers on file the way MS does and having it displayed on my TV when I go to purchase content.
0 Agree

MyCE Senior Member
Posted on: 20 Oct 11 01:36
brocklaser, that's awful. I keep checking my account just to be sure. For my reference did you previously share the user name and password combo you use for Live for any other service?

It's really likely these logins are coming from somewhere else and not a breach of Microsoft's security but without some help from MS or EA we'll never know.
0 Agree

New Member
Posted on: 20 Oct 11 07:27
I never give out my usernames or password and am always careful to not open emails that look dodgy. I don't even really use my live account it is just there for the xbox account.
It does suck but the support guys were very freindly and although it may take upto 3 weeks to sort at least they have freindly and understanding staff.
0 Agree

Reactions closed

Sorry, you can't comment on this item anymore. It's either too old or comments are disabled for this post. settings

Several settings at can be changed, they are stored in cookies, which means they will be reset if you clear cookies


Change the background to a plain color or trianglified image (similar to the default image)

No tracking features

At Myce most social media feature are done server side and impose no privacy risk to the visitor when not used. Several features use Javascript with you can turn off here


Switch to the List layout for an index with chronologycally listed news items or Grid layout for a block based layout. To see the change you need to reload the page