Xbox Live a goldmine for hackers

Fraudsters have etched out a goldmine grey market from Xbox Live by selling hacked gaming profiles loaded with Microsoft Points.

SC Magazine has visited dozens of lawless auction and retail sites that are freely selling Microsoft Points for a fraction of the cost charged by Xbox Live.

Microsoft Points are used to purchase video game content from the Xbox Live online gaming store.

According to numerous victim reports, the fraud begins when Xbox Live profiles are hacked. Precisely how the Xbox profiles are hacked remains a mystery. Many victims claim to have not fallen victim to phishing and Microsoft says it is not aware of vulnerabilities in Xbox Live.

Hacked accounts for sale

Once hacked, the profiles are then loaded with Microsoft Points purchased using credit card and PayPal details that stored with the profiles.

Hackers then purchase Family Packs that open new Xbox Live accounts linked to the hacked profile.

The Microsoft Points are then transferred to the new accounts which are sold for bargain prices online.

Gaming retail outlet EB Games sells 3000 Microsoft Points for $59.95. But grey market site xbox360-point.com offers 10,000 Microsoft Points for $50. TradeTang, one of many shady Chinese auction sites offers the same Microsoft Points for $25 and is brimming with other hacked profiles for sale.

Hacked sites even offer wholesale prices for large or repeat purchases.

Many profiles appear to be stolen from victims in the US and Britain, but the underground sellers have told SC Magazine that the profiles have been purchased and used by Australian Xbox gamers.

The illegal trade in hacked profiles is nothing new. Hacked profiles have been sold off for years, but it appears the issue is reaching fever pitch with some gamers publicly blogging about what they say is Microsoft’s lacklustre efforts to help them reclaim their stolen profiles.

One victim, tweeting under ladyelysium, told of how Microsoft failed to deactivate her stolen profile for a week as she watched hackers spend hundreds of dollars from her bank account on Microsoft Points. She even contacted a user who had purchased a profile to which the Microsoft Points were transferred and was told that the profile was purchased from Polish auction site allegro.pl.

Microsoft was contacted for comment. So far the software giant has maintained that the problem is not with Xbox Live, and had worked with victims to resolve the problems.

A similar underground grey market is operating within FIFA 12 in which hacked accounts are used to trade points bought online.

However Electronic Arts told GiantBomb that it had not “seen a spike or increase in reports of FIFA 12 players having their accounts hacked”.

Ladyelysium had her Xbox profile restored yesterday and stolen money reimbursed by PayPal, but numerous cases reported online remain unsolved.

Copyright © SC Magazine, Australia