Report: How Scammers Are Stealing Xbox Live Accounts, and the Few Things You Can Do to Protect Yourself [Update]
Kinda creepy and so far I've been lucky. I guess MS has a weakness and it sucks that they haven't done much about it.
Three such types contacted Susan and tipped her off to sites and forums where jackers congregate and trade. They were also, as members, able to access the sites (most are obviously restricted from public viewing) and pass along some of the information contained within, including techniques on how to obtain someone else's Xbox Live account information.P
You can see one such site, which is publicly accessible, here. On its "black market" forum, you'll see members both selling stolen Xbox Live accounts and making requests, one person looking for an account with good Modern Warfare 3 stats, another selling an account with the presumably desirable name of "One V One".P
The key distinction between "jacking" and "hacking" is that these guys aren't forcefully circumventing any software protection measures. What they're doing is, in a nutshell, contacting Microsoft, pretending to be the legitimate account holder, and through poor security and a whole lot of bluffing (usually making excuses as to why information was incorrect or why passwords could not be remembered), getting hold of the necessary reference numbers and information they need to then go on and access a stranger's Xbox Live account.P
Here's an excerpt Susan was able to obtain, outlining one such strategy
PERSON A
1. First you go to Xbox.com and click support at the top left of the website.
2. Then go to the bottom of the page and click Contact Us.
3. Once on that page click the Email Us link. Then click Xbox Live.
4. Now this is where it gets SERIOUS. For the name put a name. I personally use an actual agent's name ([Name redacted by Kotaku]) then put there employee ID which I put a fake ID. For the reason put Technical Support.
Then for the email put XXXX@microsoft.com or something to do with the agent's name but Microsoft. For the reason put something like this "Customer (put there name if you have it on the account you want) verified the 16 Credit Card digit number. He has made an inquiry about how he has forgotten his accounts information, since I am a Tier 1 agent I am unable to view the customers GT. He has requested to have the answer changed to (put some realistic for the answer). The Xbox Live Gamertag is (put GT). – [Name redacted by Kotaku]"
(IMAGE)
5. Now you should see something like this
(IMAGE)
6. Call up Xbox 30 minutes later. After they answer say that you were disconnected from a Tier 2 agent and ask to be transferred back.
7. After they transfer you to the Tier 2 agent give them the number (remember your the customer so you have to act like you have pretty much no idea what's on it). Once they pull it up they will take a little while and change it. DO NOT ASK FOR THE EMAIL so that you can know where to reset it.
8. Then call back and say you forgot your email but know your Secret question answer. They will ask for the GT and answer tell them and they will give you the email.
Congrats now you get the OG. This wont work every time so don't get discouraged.P
You can read more at Report: How Scammers Are Stealing Xbox Live Accounts, and the Few Things You Can Do to Protect Yourself [Update]
Kinda creepy and so far I've been lucky. I guess MS has a weakness and it sucks that they haven't done much about it.