In our reports, none of the users felt they had fallen victim to phishing or social engineering scams--which includes my own situation reported last week. In my particular case, the Windows Live ID linked to my Xbox Live account was an address I rarely use. When first reporting the FIFA 12 hack, Ben Kuchera of Ars Technica--the first site to report the FIFA 12 hack--told Joystiq that he would take every precaution with his own Xbox Live account. "The easiest way to limit your exposure is to remove your credit cards and just use point cards for purchases and to pay for your account. It's slightly inconvenient, but I feel much safer," he said. Xbox.com's security page reveals a number of 'best practices' for users to protect their accounts; however, the majority of the site's security is linked to a single log in and password exchange between the user and the service. Meaning, once you log into an account you're free to make any account changes you wish. There are no security checkpoints along the way. In fact, once you log in you're free to examine every aspect of an account, giving hackers access to information such as your full name, phone number, and mailing address. Making substantial changes, like switching account regions, is a simple process. Why isn't Microsoft calling users or using other measures to verify account changes of this magnitude? Surely the volume of Xbox Live users switching accounts from the United States to Eastern Europe isn't enough to slow down customer service. In response to our inquires about the state of Windows Live ID, Microsoft says the service has not been compromised and maintains phishing and social engineering are to blame. "Windows Live ID was not compromised. The FIFA 12 and other similar incidents are cases of social engineering or phishing, which are industry wide problems," a company spokesperson told Shacknews. "Microsoft constantly audits its systems and reviews its processes in an effort to help protect customers from such issues. To help avoid becoming a victim of phishing, people can use the guidance found at the Microsoft Hotmail: Serious About Safety site. They can also visit the Windows Live Hotmail Help Center, if they believe their account was compromised." Our own recommendation is that users look to change their Windows Live ID and get into the habit of switching the passwords every few months. The headache now will be far less painful than the frustration later. If you have more information to provide, please feel free to contact us.
Multiple charges appeared on my own account, following a FIFA 12-related hack.