UPDATED 11:33 EDT / OCTOBER 17 2011

NEWS

Red Card! Xbox LIVE Users Targeted by Soccer Fan Hacker

Over the past month a large number of reports of hacked Xbox LIVE accounts have been flowing to a reporter at Ars Technica and the pattern emerging seems a bit specific: the hacker purchases FIFA Soccer 11 or 12 accompanied with a bunch of credits for the game. The FIFA Soccer series is part of Electronic Arts’ bestselling sports game series that allows players to go head-to-head over the Internet with other players and build their teams online.

The number and character of reports of these attacks have been increasing. Microsoft’s response so far has been to lock down Xbox Live accounts for 25 days while the company investigates. The corporation has also remitted a statement about the hacks,

“We do not have any evidence the Xbox LIVE service has been compromised. We take the security of our service seriously and work on an ongoing basis to improve it against evolving threats. However, a limited number of members have contacted us regarding unauthorized access to their accounts by outside individuals. We are working with our impacted members directly to resolve any unauthorized changes to their accounts. As always, we highly recommend our members follow the Xbox LIVE Account Security guidance provided at www.xbox.com/security to protect your account.”

It seems unlikely that these targeted hacks are endemic to a hack perpetrated against Microsoft’s Xbox network itself. In fact, the overall scarcity and specificity of the attacks suggest that the targets themselves have probably been phished or that it’s coming through EA Games or EA Sports.

When the hack happens, gamers notice that there’s been unauthorized access to their accounts, purchases have been made with their credit cards associated with their account usually in the form of downloading FIFA Soccer 11 or 12 and adding points to their account—the attacker then proceeds to use them.

Accounts are widespread, over months, but have FIFA in common,

“Yesterday, my live account got hijacked and charged just over $100. Specifically, two large purchases of points followed by the download of FIFA 12, which had 2 achievements unlocked for the game, and every MS point spent on Gold Premium Packs and DLC,” one reader wrote. His Xbox was turned off, and he learned of the breach from confirmation e-mails sent to his workplace.

The specificity of the booty being stolen in this series of hacks suggests that they’re part of a batch of compromised accounts that have been sold to an interested party. It’s not uncommon for “packs” of already phished accounts to be traded and sold in the hacker underground. Generally their freshness and proof that the accounts are still accessible can fetch higher prices.

We’ll have to wait and see if this turns into a real epidemic.

Meanwhile, anyone who uses a credit-card attached to any account should think about rotating their passwords on a regular basis. It reduces the chances that if you have been careless with your password (or unknowingly phished) that a compromise will happen. As a practice doing so every few months is simply good policy. While it makes passwords harder to recall, it increases the protection on your account somewhat.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU