Reports of rampant Xbox Live hacking have continued to surface, causing heightened concerns about the security of Microsoft's online platform.
The story first broke last October, when Ars Technica culled together several firsthand accounts of Xbox Live users whose accounts were compromised and used to purchase DLC for FIFA Soccer 12. The latest high profile victim of the attack is Shacknews editor Xav de Matos, who discovered that his account had been hijacked and used to purchase more than $30 worth of in-game items for FIFA.
So, why the obsession with FIFA? It's simple, really. While anyone who can gain access to your Xbox Live account is free to spend your saved points (or, if your credit card info is saved, purchase new ones), games and videos are non-transferrable, effectively tied down to the account that bought them. As soon as you file a report with Microsoft to reclaim your account, all the spoils will be gone, pretty much eliminating any incentive to hijack Live accounts.
EA's popular FIFA franchise, however, provides a dangerous loophole for hackers. The last few iterations of the game feature an Ultimate Team system, which allows players to buy and swap packs of digital trading cards. As with many virtual goods, the cards have spawned their own grey market, giving them real monetary value. In effect, a hacker can jump onto your account, buy packs of cards, trade them to their own account, and offload them for real money at a later date.
Of course, FIFA isn't the only method that allows hackers to take advantage of Xbox Live. Another common scam includes linking the stolen account to a legitimate one through a family plan, then purchasing Xbox Live Gold subscriptions for themselves, at no cost.
Still, no matter what method hackers choose to employ, the real concern lies in discovering the underlying problem. Microsoft has remained admant that Xbox Live's security has not been compromised. According to the company's official stance, all affected accounts are the product of phishing, usually via malware on your PC or spoofed login pages, or social engineering, where someone posing as a Microsoft rep cons you into giving out your login info.
While such schemes are common and provide a plausible enough explanation, the sheer volume of incidents being reported are cause for serious concern. We're hardly suggesting that Microsoft is involved in some kind of cover up, but almost everyone who falls victim to the hack seems confident that it occurred through no fault of their own, suggesting, at the very least, that the method employed by the hackers is especially shrewd.
Even if the Xbox Live service has not been hacked directly, it's probably a good idea to be extra cautious until the situation is resolved. We suggest changing your Windows Live password as soon as possible and monitoring your account history very closely. If you're especially worried, you can also any credit card info you have associated with your account and rely on pre-paid point cards instead. While it might be less convenient, it'll also save you the hassle of going through a lengthy arbitration process with Microsoft to get your money refunded.
