Friday, February 10, 2012

Tomorrow is Four Weeks Since My XBox Live Account Was Hacked

Getting hacked is no fun, folks. What's worse is having just a miserable experience trying to fix the problem, especially with a company with as many resources as Microsoft does.

A little background: about a month ago on a Saturday morning, I randomly got some "you have purchased some Microsoft points" emails from XBox Live and from Paypal, since my accounts were linked. This was similar to the FIFA hack that's been ongoing(!) since October(!!), so I immediately changed all my passwords and got down to business with getting things righted again. I figured it would take a few days, and hey, I was going away for a few days anyway. They were fairly quick with their investigation, and got back to me rather quickly that, yeah, I had "unauthorized access," that the points would be removed, and I would be refunded "within 1 to 2 billing cycles." No definition of what a billing cycle is, and Paypal is, you know, one button. But okay, patience, young Padawan, etc.

This is where things kind of went downhill.

First, when I got back from my trip, I called XBox support again to see about my username. Typically speaking, when you're hacked? You want to do everything possible to protect yourself. Disassociate billing stuff, change the email address, change passwords, etc. The problem with the XBox situation is that you have to pay $10, or 800 points, to change your username. Why? I have no idea. I assume it's in part for tracking people, in part to keep kids from changing their names 3 times a week, etc. Okay, I can get that. But when I approached XBox about it, the response was "Well, they didn't change your gamertag, so there's nothing we can do for you."

Uh, okay.

This isn't a very sensible response, and I noted that, asking them to send it up the ladder anyway and see if, you know, since it's their security breach and their stuff being compromised, that maybe an exception can be made or something.

We'll fast forward two more weeks now. Since, yeah, it took them two more weeks to actually resolve this question. The answer? "Well, they didn't change your gamertag, so there's nothing we can do for you."

I've now spent probably an hour plus dealing with this over the last month, with the added bonus of still being out $125 (not really a small amount of money for me) because the refund still hasn't gone through. So, I figured I'd call and get an update today and see what's going on.

Hoo boy.

So, after grappling with their website for a while (since, unsurprisingly, a Microsoft site doesn't play well with Google Chrome), I finally get to speak to a human being who I believe was named Tim. We'll run with it, anyway. My first question? Where's my money:

T: Oh, that will be refunded in 1-2 business cycles.
J: Yeah, that was a month ago. Can you just let me know the status?
T: Sure. *delay* That was refunded three weeks ago.
J: *insert rage face here* Okay, where?
T: Your credit card.
J: ...but I've explained that it was my Paypal that it was debited from.
T: Let me put out a support request for this.

Sigh. To be fair, this might not be Tim's fault. Maybe he should have read the ticket (or, to be fair to Tim, perhaps the first person I spoke with or anyone in the investigation end should have made better notes, but I digress), but he can't refund me from where he is. That's fine. So I mention the second problem to him regarding the gamertag.

T: Yes, it appears that was resolved and that your gamertag wasn't changed, so we can't get you the points for a new one.
J: Well, clearly. That's what the email I got said. I would like to challenge that, since I was hacked and I don't know why or how.
T: Well, it wasn't your gamertag that was changed.
J: That's not the point! My tag could be on some strange site for compromisable accounts, doesn't it make sense to want to change that?
T: There's nothing I can do for you.
J: So who can I talk to who can help me?
T: Well, who do you want to talk to?

I'll repeat this line, because it's crazy that this even came out of his mouth:

T: Well, who do you want to talk to?

According to Tim, since he can't help me, I should probably know the internal hierarchical structure of Microsoft or XBox Live or whatever else to know where to go next. I'm trying so hard at this point not to get crazy passive-aggressively sarcastic at this point.

J: Well, how about your supervisor? Someone above you.
T: Let me check with my supervisor.
*on hold for 1 minute*
T: There's nothing my supervisor can do for you, unfortunately.
J: Uh, okay. Can I talk to your superior?
T: Who do you want to talk to, then?

Yes. He really said it again. And this was not a "I don't understand your question" question, but very direct.

J: Your supervisor. What's his name, I can ask for him when you transfer me.
T: I don't know his name.


I've worked for big companies, for small companies, public and private sector. I've never, ever, ever not known who my supervisor is.

At this point, what's left to say? I let him know how unhelpful he's been in this regard, and decide to take to the internets. As of the time of this writing, the surprisingly-responsive Xbox Support Twitter account is on it, but still, I'm at a loss because of these two issues:

1) How can such a large company like Microsoft not be able to handle what has been an ongoing hack, and, more importantly, not handle such an easy refund? It's Paypal, folks, it's not rocket science.

2) How in the world can they be concerned about security and not offer free gamertag changes to those who are hacked? I get that they may have a good reason to limit gamertag changes, but this is an exceptional situation with a rare request. How is this not an automatic question: "I see your account has been compromised - would you like us to send you 800 points to change your gamertag to reduce the chance of your account being compromised again?" Should be absolutely automatic, no question.

I don't expect big things from the companies I choose to interact with. After the massive PSN hacks of last year, you'd think XBox and Microsoft would be a little more on top of things. Instead, we get this sort of lunacy where someone who's sunk thousands into his XBox 360 over the last 5 years has to go on the internet and beg for basic internet security peace of mind from a company with billions of dollars. I'm not really a "damn the man" populist type, but this is just beyond the pale.


  1. Xbox has notoriously shitty customer service. I used to have Xbox Gold on an ongoing monthly payment plan and then decided to drop out of it for a while ( something I do frequently and easily with my Warcraft subscription). I don't know if things have changed in the last couple of years but at that point in time Xbox made me jump through all manner of hoops to prove my identity. And they initially led me to believe it could all be done electronically but then - after waiting for email response - forced me to waste about an hour on the phone.

    It's completely incongruous because they don't require any double-checking, or hoop-jumping to sign up or GIVE them money, as your hack story proves. But if you want to TAKE money from them expect a painful convoluted process of, "Hey, this time it's our money so we need to be really, really sure."

    I don't use the Gold service at all any more and buy most games on the PS3.

  2. Like, I'm pretty loyal, and this is just...I don't know. I feel like a sucker right now, even though I know I've just gotten caught in a bad feedback loop.

    Then again, I think about how they essentially had to be shamed to deal with the RRoD...

  3. Ah.. the RRoD. How can a company release a product with an almost 100% fail rate? Have you ever met an XBox that didn't ever red ring?

  4. My Xbox red ringed, they replaced it, and it red ringed. That said, my slim black Xbox has been fantastic. Not that I regularly buy games for it.

  5. Sadly you're not the first person this has happened to. If I can find it I'll post it back here but recently theres been reports of MS saying the account was locked down when its been hacked only to have the hackor waltz right in and buy another 10,000 points. MS response - we didn't let that happen, did you?

  6. Not going to work very well for me