lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 8 Aug 2007 09:33:42 -0400
From: "Kevin Finisterre (lists)" <kf_lists@...italmunition.com>
To: Ashley Wilson <amwilson85@...il.com>
Cc: Scott Hirnle <scothir@...rosoft.com>, full-disclosure@...ts.grok.org.uk
Subject: Re: Xbox live accounts are being stolen

Hi Ashley... I can certainly understand your frustration. Although my  
account was "taken care of" and I was ultimately given some things to  
quiet me down, I never got an explanation of what *really* happened,  
I never got any information about who I could prosecute or anything  
like that. As you can see I had to be very vocal about the whole  
situation in order to get my issue taken care of and the process was  
quite lengthy, time consuming and frustrating, so good luck.

I have CC'd a gentleman from Microsoft that got me taken care of in  
the past. He should hopefully be able to help you out, no promises of  
course.

I think it would be fair of me to say really don't like Microsoft's  
"disclosure policy" under these circumstances.
-KF

On Aug 7, 2007, at 5:08 PM, Ashley Wilson wrote:

> Hey there,
>
> I'm so very frustrated with Microsoft and went on a search to see  
> if anyone else has had the same issue and low and behold, I came  
> across you're article of sorts.
>
> Its been over a month now, since I was hacked. I woke up on a  
> Sunday morning, check my email as I do everyday. I had 4 emails  
> from Microsoft stating I purchased 20000 Microsoft points and a  
> year subscription. As most people would, I panicked and wondered  
> what kind of insane thing happened. When I turned on my Xbox and  
> attempted to log into my account, I couldn't. My boyfriend shortly  
> after that, recovered my account on the Xbox and we came to find  
> out that my username had been changed, all my friends had been  
> deleted off my list and my motto was changed to "LOL I got jacked."
>
> I was furious to think someone could do such a thing. They not only  
> stole my account but over 400 dollars was spent on my credit card.
>
> I called Microsoft support shortly after that. I got the "run  
> around." Transferred to one agent and then another. They basically  
> accused me of giving out the information. I eventually got to speak  
> to a supervisor, who assured me that everything would be taken care  
> of. They even said they would catch the individual that did this  
> and assured me a phone call in a few days, as they had to send in a  
> full investigation the next day.
>
> 3 weeks later and I was still waiting for a call.
>
> I decided it was time for me to call them, since obviously I as a  
> customer wasn't important to them. Again, the "run around." I spoke  
> with again, another supervisor who informed me that they hadn't  
> even sent out the investigation yet. He assured me that he would  
> send it out that very day and I should receive a call within 3 days.
>
> I sat home waiting to receive a call for 3 days.
>
> Again, I never received a phone call.
>
> By the 4th day, I called again.
>
> Speaking with an agent who assured me, I will receive a call. "Its  
> under investigation now, you have to wait for a phone call."
>
> Now, 2 weeks later and I called again today.
>
> I'm told that they attempted to call me today and I have to wait to  
> speak with them because there is nothing they can do. I paid for a  
> subscription that I am not getting to use and apparently won't be  
> able to use. I'd also like to mention when he said they tried  
> calling today, he said they left a voice mail message. I don't have  
> voice mail, so I got concerned. Then he read "my phone number" It  
> wasn't even my number and I had never heard the number in my life.  
> Slightly odd, since I gave them my phone number the previous time I  
> had called.
>
> Now I'm suppose to receive a call this Thursday. We will see.... I  
> won't hold my breathe.
>
> I am so very frustrated that Microsoft as huge a cooperation as  
> they are, doesn't even have the decency to call me or reimburse me  
> for a 50 dollar Xbox live account.
>
> I apologize for this longwinded email and I'm not even sure if you  
> still care about this issue but I was quite overjoyed to see I  
> wasn't alone.
>
> Sincerely
>
> Ashley Wilson
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists