Jan. 6, 2012 at 6:59 PM ET
Stories of Xbox Live users seeing their accounts hacked and used to make unauthorized purchases have continued to come in at a slow trickle since they were first widely reported last October. But one user has taken to the Internet with a highly personal account of her hacking experience, and what she says was, initially, an almost total lack of help from Microsoft on the matter.
(Msnbc.com is a joint venture of Microsoft and NBC.)
Susan Taylor's tale, as told on the HackOnXbox Tumblr account, describes how she logged on to her e-mail earlier this week to find over $200 worth of Xbox Live's virtual "Microsoft points" currency charged to her linked PayPal account, and then transferred to a separate dummy account.
On discovering the problem, Taylor contacted Microsoft support immediately and was told her account had been blocked to prevent further fraud while they investigated. So you can imagine Taylor's surprise when, as she tells it, over $100 more was taken from the supposedly blocked account for the same fraudulent purpose the very next day.
When Taylor called up Microsoft support yet again, she was told simply that the fraud department was "unable to block your account." She was also told that she should change her password, despite the fact that her password had been changed and she was unable to access her account through the Xbox.com web interface, she said.
"In short, I think [Microsoft's fraud handling process] is a shambles," Taylor told msnbc.com's In-Game in an online interview. It's an opinion borne out by her own experience, but also by those of dozens of people who've e-mailed her with similar tales since her story started gaining widespread attention around the Internet, she says.
"People are getting lost in the system, calls are being promised but never followed through, accounts that should've been blocked but are left open for attack, etc." she said. "The left hand doesn't know what the right hand is doing at Microsoft, basically."
For its part, Microsoft says that there "has been no breach to the security of our Xbox Live service" and says affected accounts merely "appear to have been victims of malicious scams" that expose their login information to third parties.
But Taylor is adamant she hasn't done anything to make her password vulnerable, and that, in any case, Microsoft could be doing more to ensure the safety of account passwords in general.
"I believe that Microsoft should force people to change their passwords every six months," she said. "As much as that is a hassle, it may be the only way to ensure that if someone does get hold of your account that you may have a chance to avoid it being abused."
The company should also streamline the process for fraud reporting, Taylor suggested, rather than letting reports get lost in a mess of phone transfers.
"The amount of times I was told 'we'll be passing it on to [another department]' was unreal and ended up becoming a bit of a joke," she said. "If I want to report fraud I should go directly to someone in the fraud department. Not to a customer service rep who is unable to help me."
Microsoft says it's "aware that a handful of customers have experienced problems getting their accounts restored once they've reported an issue" and that its "working directly with those customers to restore their accounts as soon as possible and are reviewing our processes to ensure a positive customer support experience."
But until that process is complete, Taylor writes on her Tumblr that she won't be so quick to trust her financial information to an online service anytime soon.
"I think it’s fair to say that many people would look at Microsoft as a reliable company and absolutely trust them with their bank details," she wrote. "What makes them any different than Blizzard or Sony? If this level of trust makes me a fool, than so be it, brand me as one. Just know that you are branding a hell of a lot of people with that marker than you probably know and we are not the ones to blame here."
While Taylor and Microsoft both confirm that her Xbox Live account has been reinstated and her money refunded since her story was first posted online, Taylor says she worries she got special treatment solely because of her story's prominence.
"I certainly can't say I'm unhappy that a refund is on it's way and that my account should be back to normal soon. What I am unhappy about is the unfair treatment, albeit positive treatment, that I am receiving because I decided to set out and get their attention and make sure they heard me," she said.
Taylor also said she thinks Microsoft is underselling the severity of the problem, suggesting that "hundreds if not thousands" of accounts have become victims of similar hacks.
"Without a doubt Microsoft have been downplaying the problem. They are leaning on low percentages of users being affected as making it seem like less of an issue," she said. "I would love for more people to come forward and speak out. There is only so many gamers that Microsoft can ignore after all!"