| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 8 Aug 2007 09:53:40 -0400 From: <Glenn.Everhart@...se.com> To: <kf_lists@...italmunition.com>, <amwilson85@...il.com> Cc: scothir@...rosoft.com, full-disclosure@...ts.grok.org.uk Subject: Re: Xbox live accounts are being stolen When someone fraudulently charges your credit card you should immediately complain to the card issuer in writing so the charge can be reversed and charged back to the merchant who accepted the fraudulent credentials. That is one of the advantages of a credit card - the loss can be charged back, and a merchant who accepts bogus information is liable if it turns out to be fake. There is often a 60 day period to notify of this, so if you have not written your card issuer before, don't delay. Some of the "wait..." tactics can have the effect of your losing the right to get the purchase charged back if you don't get the notice out in time. As with any such messages, too, send with return receipt requested so you can prove that you got the message sent and that it got to the bank. It is probably ok to send two letters, one normal and one with return receipt, mentioning they both exist, in case a mail room doesn't know how to handle one of them. That is not malice, just human confusion, but it's easy to print out two letters and might help especially if your time is now short. Writing in like this does not mean the merchant can't make things right; it just ensures the fraud claim gets known by the card issuer bank and that it should not be treated as an ordinary charge on your card bill. It can also sometimes get the merchant's attention since the bank will now be after the merchant to prove the charge was not fraudulent...it's not just you vs. the company. These kinds of cases are possibly harbingers of the future. Trusting some consumer owned box as evidence of who he is is not foolproof. Bets on that being an issue with consumer PCs, cell phones, etc.? Glenn Everhart -----Original Message----- From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk]On Behalf Of Kevin Finisterre (lists) Sent: Wednesday, August 08, 2007 9:34 AM To: Ashley Wilson Cc: Scott Hirnle; full-disclosure@...ts.grok.org.uk Subject: Re: [Full-disclosure] Xbox live accounts are being stolen Hi Ashley... I can certainly understand your frustration. Although my account was "taken care of" and I was ultimately given some things to quiet me down, I never got an explanation of what *really* happened, I never got any information about who I could prosecute or anything like that. As you can see I had to be very vocal about the whole situation in order to get my issue taken care of and the process was quite lengthy, time consuming and frustrating, so good luck. I have CC'd a gentleman from Microsoft that got me taken care of in the past. He should hopefully be able to help you out, no promises of course. I think it would be fair of me to say really don't like Microsoft's "disclosure policy" under these circumstances. -KF On Aug 7, 2007, at 5:08 PM, Ashley Wilson wrote: > Hey there, > > I'm so very frustrated with Microsoft and went on a search to see > if anyone else has had the same issue and low and behold, I came > across you're article of sorts. > > Its been over a month now, since I was hacked. I woke up on a > Sunday morning, check my email as I do everyday. I had 4 emails > from Microsoft stating I purchased 20000 Microsoft points and a > year subscription. As most people would, I panicked and wondered > what kind of insane thing happened. When I turned on my Xbox and > attempted to log into my account, I couldn't. My boyfriend shortly > after that, recovered my account on the Xbox and we came to find > out that my username had been changed, all my friends had been > deleted off my list and my motto was changed to "LOL I got jacked." > > I was furious to think someone could do such a thing. They not only > stole my account but over 400 dollars was spent on my credit card. > > I called Microsoft support shortly after that. I got the "run > around." Transferred to one agent and then another. They basically > accused me of giving out the information. I eventually got to speak > to a supervisor, who assured me that everything would be taken care > of. They even said they would catch the individual that did this > and assured me a phone call in a few days, as they had to send in a > full investigation the next day. > > 3 weeks later and I was still waiting for a call. > > I decided it was time for me to call them, since obviously I as a > customer wasn't important to them. Again, the "run around." I spoke > with again, another supervisor who informed me that they hadn't > even sent out the investigation yet. He assured me that he would > send it out that very day and I should receive a call within 3 days. > > I sat home waiting to receive a call for 3 days. > > Again, I never received a phone call. > > By the 4th day, I called again. > > Speaking with an agent who assured me, I will receive a call. "Its > under investigation now, you have to wait for a phone call." > > Now, 2 weeks later and I called again today. > > I'm told that they attempted to call me today and I have to wait to > speak with them because there is nothing they can do. I paid for a > subscription that I am not getting to use and apparently won't be > able to use. I'd also like to mention when he said they tried > calling today, he said they left a voice mail message. I don't have > voice mail, so I got concerned. Then he read "my phone number" It > wasn't even my number and I had never heard the number in my life. > Slightly odd, since I gave them my phone number the previous time I > had called. > > Now I'm suppose to receive a call this Thursday. We will see.... I > won't hold my breathe. > > I am so very frustrated that Microsoft as huge a cooperation as > they are, doesn't even have the decency to call me or reimburse me > for a 50 dollar Xbox live account. > > I apologize for this longwinded email and I'm not even sure if you > still care about this issue but I was quite overjoyed to see I > wasn't alone. > > Sincerely > > Ashley Wilson > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ----------------------------------------- This transmission may contain information that is privileged, confidential, legally privileged, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by JPMorgan Chase & Co., its subsidiaries and affiliates, as applicable, for any loss or damage arising in any way from its use. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists