For the last month or so, there have been reports of some kind of scam going on with FIFA and Xbox LIVE. Even trashy UK tabloid The Sun ran an appropriately misinformed story about “thousands” of Xbox LIVE accounts being “hacked” after users were directed to fraudulent URLs via email, and swapped their account details for free Microsoft Points (…lol).
So that looks like a pretty clear case of user stupidity, but it goes deeper – Dan Crawley of Venture Beat, a professional who’d know better than to fall victim to such an obvious tactic, managed to lose control of his account anyway. In a lengthy article, he describes what happened, and raises some troubling questions about the security of Microsoft’s network in the process.
Interestingly enough, the same thing happened last week to Geoff Burrows from NAG, who quickly resolved the matter with Microsoft, but was also left wondering how the hell it happened at all.
It’s always the same thing – basically, the user account information is somehow acquired, and the profile is recovered on the scammer’s console. Using the real owner’s available credit card details, the scammer then buys up a bunch of Microsoft Points and blows them all on FIFA Ultimate Team trading cards.
Microsoft remains adamant this is a phishing scam, but both Dan and Geoff’s stories suggest otherwise. As Dan also points out, the way Xbox LIVE saves a user’s credit card information and allows purchases without additional security checks is probably not a good idea at all.
“All the advice given by EA and Microsoft relating to the maintenance of safe accounts certainly makes sense,” he concludes. “Choosing unusual passwords, swapping them often, and not using the same password across multiple sites is good practice, and may help to prevent hacking.
“But while it is easy to shrug these incidents off, blaming them on the security practices of affected Xbox Live users, and a number of malicious hackers, could it be that Microsoft needs to look at its own security protocol and ask if it is good enough?”