We know customer support reps have a lot on their plates -- especially those responsible for answer the queries of 13-year-old Halo mavens protesting supposed hackers stealing all their kills -- but it looks like the
Xbox Live support staff is dropping the ball on this particular issue. Pro gamer Skyllus vBi, a member of pro gaming group Team vBi, was awarded some super-rare "Recon Armor" by Bungie staff a few months ago for his entertaining method of suicide depicted in a popular online video. Naturally, his account became an immediate target for hackers, and they didn't have much trouble swiping his info. Turns out there's a bit of a flaw in the phone support system that allows a hacker to use social engineering to sweet talk account details out of a customer support rep without much hassle. Skyllus has had this particular attack performed on his account three times so far, and is having a bear of a time working it out with Xbox Live support staff. Not only is his precious armor in jeopardy from attacks like this, but all the credit card info and other personal details stored on a Xbox Live / Windows Live account. Stir in some of the
login and account retrieval woes that many users have been experience of late and you've got a recipe for some much-needed intervention over in Redmond.
[Via
Joystiq; thanks to everyone who sent this in]
Reader Comments (Page 1 of 1)
FThorn @ Dec 31st 2007 10:03AM
Wow. I'm worried. I hope this turns out okay. PLEASE keep us INFORMED!!!
jessy @ Dec 31st 2007 11:18AM
this has been happening for the last year.
the "hacking" oh please, i figured engadget to be more savvy on issues like this, i even know how its done.
all you do is call up Xboxlive and say, hey my brother did this or that or some BS story. tell them you forgot all this other info to deal with the account you "lost". naturally, you will get people who wont give you any of the info to recover and account onto your xbox. but their is some who will hand over small bits of that info. so 2-5 dozen calls later you just might have a new Xbox account
yeah, engadget "hacking"? i thought you would understand fraud and lying better then these 12 year old kids.
Skyllus vBi @ Dec 31st 2007 11:33AM
@Jessy
Yes, the proper term would technically be "Pre-Texting" or "Social Engineering". However, technically, they is accessing a network (Xbox Live Customer Support) and performing a security bypass (exploiting the staff), to gain access to account information which can be used to steal identities, fraud, etc. etc. Which could easily be described as hacking.
When we posted the news on our forums he had "hacking" mentioned a few times, and as such, it has been labeled as that despite us later learning that he simply called Xbox Live and was given the account information.
What is sad and scary is that anyone can pull of this technique with Live Support, whereas at least technical hacking would require some knowledge/ability.
Izzy @ Dec 31st 2007 12:50PM
Would the old term "phreaking" be better??
jessy @ Dec 31st 2007 12:59PM
is this something you just recently learned about? hey its fine, ive known about it for maybe 6months.
1 thing that is good about this, the publicity. maybe bungie/microsoft will change things so this will happen less.
anyway, i dont know the details but you can change your accounts name. seems like a shitty alternative, but hey look at the times we live in identity theft and credit card fraud are apparently rampant
jessy @ Dec 31st 2007 12:59PM
phreaking? please, cap'n crunch would be ashamed if this is the level it has become where you make a phone toll-free call for something.
if you think im referring to the cereal guy, maybe google the name and term
monstroy @ Dec 31st 2007 1:40PM
@Izzy
More like phishing I think, or even confidence tricking...
DWells55 @ Dec 31st 2007 2:01PM
As a long time Halo 2 player and having been involved with a variety of crowds at different times, the impression I got was that stealing accounts using social engineering wasn't the most common way. Phishing, thanks in part to the Windows Live ID account recovery system requiring only a GamerTag, password, and email, is a big issue. You can generally get people's email addresses simply by Googling their GamerTag. Many people use the same password everywhere, so if they get phished for anything, it often matches. I know a lot of people that used this method to steal accounts. Similarly, keylogging is also possible.
That's not to say "social engineering" isn't used at all. However, it's often used with already having a lot of info about the person. Between MySpace, Facebook, and various forums, it's easy for people to get enough info to the point where all they need is the answer to your password change "secret question." Even that can often be found, as many people and pros keep a blog with some tidbits of personal info that may be useful.
As a result, my suggestion is that if you're either: high ranked, well known, pro or semi-pro, or participating in Halo-based forums where you have the potential to piss people off, be extremely careful with your account info. Use an email address that you don't use for anything else and no one knows exists. Use a different password than what you've used elsewhere. Consider registering the account using information that is not your own, such as a family member or relative given that you have their permission.
I don't approve of account stealing or go out of my way to associate with the people who do it. But like a lot of people who played Halo 2 for a while, especially those who played competitively, you stumble across a lot of different people involved in a lot of different things. In fact, pretty much everything I just said could be picked up by listening to conversations and comments made in various MLG FFA games given you played a lot of FFA and played with tons of different people so long as you could get a game.
Anyways, it's good to know what's going on and I highly suggest taking my advice about protecting your account if you're in position where you're at risk.
tk @ Jan 9th 2008 2:47PM
@jessy
That's ironic because everyone I know in the phreaking and hacking community is ashamed of crunch.
I sat next to him for a bit at the last hope. Couldn't figure out how to use his cell phone. His friend/boy toy ("maybe google it..") had to show him how to use it.
I would agree there are times when it's worth arguing the put forth definition of hacked or hacking. You know, when it's blatant. When the news reports about the man who "hacked the cafe's wireless". When really all he did was connect to the open AP from his car as opposed to inside the cafe.
This, is not one of those occasions. Write the places that print stories like one above when you see them if it really bothers you.
Jonathan Bergeron @ Dec 31st 2007 10:15AM
Almost makes me want to cancel my XBox Live account.
I don't like the part about them being able to get my credit card and personal info.
Alan Partridge @ Dec 31st 2007 10:22AM
When I read this before and it said his account was 'hacked' I didnt think that meant a customer service rep gave out his details....three times. That's unacceptable
Mike10010100 @ Dec 31st 2007 11:01AM
Let's see, the score so far for XBox Live vs. the rest of the gaming community is.....
0 to 4? or maybe 5?
But seriously, these guys that are trying to steal his account info are complete jerks. Is it not possible to change his password to be a super long and completely random series of numbers, letters, sign language, and squirrel noises (Dilbert reference)?
Also, isn't it possible to change his account info so that the people at Bungie don't give any information to ANYONE? All it would take is a simple attached note saying, "Don't give anyone information on this account." It would suck if he ever lost his password, but it's gotta be a little more secure.
Andrew @ Dec 31st 2007 10:19AM
I like how its...
He may lose his super rare armor.
Oh, and credit card info and persona details...
But think of the armor!
jtc970 @ Dec 31st 2007 10:27AM
You know you're getting old when you think credit card info is more important than Super Rare Armor
Jhongerkong @ Dec 31st 2007 1:13PM
The hackers can take my credit card info and all my personal information for all I care;
But if one of them takes my Horse Armor, then there will be hell to pay...
Kookr @ Dec 31st 2007 10:22AM
Wheres The Feet?
Anthony @ Dec 31st 2007 10:30AM
Via Joystiq...your sister site that is for gaming...
Does Joystiq post Asus Eee PC news for its readers?
Big John @ Dec 31st 2007 11:42AM
Crossover happens all the time at Weblogs (frankly, it's quite annoying if you read more than one blog here) but I just don't understand this one.
nxtiak @ Dec 31st 2007 10:39AM
Whoopie.
Seriously you're playing fugging halo deathmatch or whatever, you're gonna go up to your opponent and look at him and hope he doesn't shoot you in the face?
This whole armor thing is gay.
Get over it. If this guy is so "famous" then Bungie can remove the armor on his hacked account and give him the armor on his new account.
Blake Bowen @ Dec 31st 2007 6:37PM
It's called replay.
drakono @ Dec 31st 2007 10:45AM
Deserves a link to the video of his suicide that earned him the armor:
http://www.metacafe.com/watch/1006850/worst_halo_suicide_ever_i_got_recon_armor_for_this/
Skyllus vBi @ Dec 31st 2007 10:51AM
Awesome. I wake up this morning to notice a new batch of readers and find it was posted on Engadget from Joystiq. Thanks so much guys for keeping this topic front and center. It really is the only way to expect much of a change from Microsoft. I've been astounded by the support from the Xbox Live community on the issue, and appreciate everything that people have been doing to help me and to help get MS to fix their customer support.
2-7offsuit @ Dec 31st 2007 11:54AM
The life of a "Pro Gamer" must be tough.
Dubb @ Dec 31st 2007 12:00PM
The life of a "Pro Hater" must be tougher.
2-7offsuit @ Dec 31st 2007 12:05PM
You'd be surprised. It takes hours of relentlessly trolling message boards and getting absolutely nothing accomplished at work.
Nicholas @ Dec 31st 2007 12:36PM
Wow, how happy you must be to pay for such a secure service. Live is certainly superior to the free alternatives :)
ethana2 @ Dec 31st 2007 3:45PM
Product vs. Service.
I will now take XBOX live of my list of 'Seven Things Microsoft Ever Did Right'
~ubuntu user
Mobius_1 @ Dec 31st 2007 10:10PM
@ethana
7??? Help me I've run out of versions of Xbox (-Live) when I tried to compile your list...
Nicholas @ Dec 31st 2007 12:36PM
Sorry about the double comment, but I forgot to say something:
Seriously, I feel with you, Skylus. Losing your account information and financial details must be horrible! I lost my Visa once, and lost the entire months wage. I really hope you make it through this with no financial consequences.
MbZbuGSy @ Dec 31st 2007 12:38PM
I say he probably deserves it. Most of these so called power players are very arrogant and have a shitty attitude against other players who don’t play at the same level. So this Skyllus, I bet that he really pissed someone off to get a punishment like this,, hehe. So this message better go to all you cocky asswipes on xboxlive. You better watch out!!
hmangus @ Dec 31st 2007 1:06PM
While I do agree that most "pro" gamer's these days exhibit poor and arrogant attitudes when playing with casual gamers, the team that he plays for is very well known for their professional attitudes and mannerisms. Trust me when I say "arrogance" this was not the case with Skyllus nor any member of vBi. They don't tolerate it.
jessy @ Dec 31st 2007 1:06PM
did you read the article? he was assigned the armor because of his suicide not because he may/may not be an amazing player.
id expect that kind of blind judgment from an apple/ipod person not an xboxlive person... oh wait, i forgot it typically the same kind of people
n3rd @ Dec 31st 2007 1:13PM
im pretty sure you're the cocky one here who needs a lesson about sterotyping...
DWells55 @ Dec 31st 2007 2:25PM
Sounds like someone's just bitter after getting destroyed in Halo by people that actually had teamwork and know what they're doing. I've seen so much pro bashing and people hating on people better than them in the time back when I still played Halo. It simply boils down to petty jealousy.
Jaymez @ Dec 31st 2007 12:59PM
Wait a minute? There's a helpdesk for this crap? Losers.
Ian @ Dec 31st 2007 2:44PM
yes yes there is help for when something that we pay for isnt working the way it should. so next time your computer stops working dont call the help desk because from what youve just said you dont have one for buying your computer. (and if you put it together your self) then dont call the individual components help desks cuz they dont exist either
Mobius_1 @ Dec 31st 2007 10:13PM
It exists so people know how to pay for Xbox Live
Mobius_1 @ Dec 31st 2007 10:13PM
It exists to people know how to pay for Xbox Live
xJOKERx @ Dec 31st 2007 1:37PM
well that was kind of the problem with halo 2 - alot of jerks cheated to get a cute colored number.. woo... half of those people were horrible at the game too... People talk trash to me just for having the security helmet and katana sword... and that's something everyone can get...
MbZ-buGSy @ Dec 31st 2007 4:47PM
haha n3rd, you don’t the first thing about it. As hmangus said, players in vBi are ok and I believe him. I still stand by what i said about arrogant pro gamers.
DWells55, I’m not mad or jealous. I do play halo3 sometimes and I do get a major woopass from time to time. Why ruin the fun game like halo3 with petty jealousy. If you think about it, then it’s probably something you feel.
SimbaDogg @ Dec 31st 2007 5:50PM
this is VERY shitty on microsofts part. i thought it was actually someone using a computer and hacking into someones account, but it just boils down to MS and crappy security. i'd be kinda sketchy about using my live account if i knew that security measures w/ MS were so lax.
Blake Bowen @ Dec 31st 2007 8:57PM
This is what happens when you give some players rewards that others can't get.
artifex @ Jan 1st 2008 2:48AM
Sure, and houses getting broken into is what happens when some people have things others want, too. Does NOT make it ok.
Skyllus, if you didn't deserve the armor for getting killed, you deserve it for your good humor in the face of people worldwide seeing this happen. Anyone hacking your account (or anyone else's) is a coward and deserves jail time to learn some perspective. And thanks for being open about this problem. Now, as a result of this, I'm going to go renew my account with a prepaid account card, and hopefully get my credit card number removed or suppressed.
skulldriveshaft @ Jan 1st 2008 12:24AM
Thanks for pointing us towards some interesting physics in Halo :p
@drakono thanks for linking up the video - LOL
MbZ-buGSy @ Jan 5th 2008 7:32PM
Hey Skyllus,
I’m sorry if I offended you in anyway. Let me offer you one year free webhosting solution including some limited support. If you’re interested contact me at our IRC channel, #mafiabrotherz @quakenet.org IRC servers. You'll have to proof your identity. Good luck in the future.