Gamers using Microsoft's Xbox Live service have become the latest target of online phishing attacks as news spreads like wildfire about fraudulent transactions appearing on the credit card statements of its users.
Microsoft was very quick to jump the gate declaring their gaming platform had not been hacked, in a statement on Facebook. "Xbox Live has not been hacked. Microsoft can confirm that there has been no breach to the security of our Xbox Live service."
It appears that the ever-increasing number of affected users, now spanning 35 countries have been the victim of sophisticated online phishing attacks. Those using the service have been discovering payments, sometimes spanning months, in their credit card statements.
Those responsible for the theft have apparently been taking small amounts of money from users' accounts for several weeks, making the attack hard to detect. The fraud involved sending emails to Xbox Live users, directing them to sophisticated but fake websites offering free Microsoft point incentives. Having registered on the fake websites, the scammers then had all the personal information they needed to proceed.
In nearly all the cases, the purchases are for Microsoft Points, the currency the software giant uses to allow customers to download additional content, games and in-game objects. These appear to have been used to buy downloadable content from EA Sports, specifically Ultimate Team Packs for its FIFA 12, Madden and NBA titles, which can be traded between players for real money without EA or Microsoft recording the transaction.
According to the Sun newspaper, a Microsoft representative has said they'll offer refunds to anyone that can prove they have not handed over their password. That is a nice gesture, but how exactly does a person prove they are not guilty of providing a password when their account is already compromised is uncertain.
This incident follows on from the recent breach of Valve's Steam user forum that resulted in user information being stolen, and the devastating attacks on Sony's PSN network in April that forced the Xbox competitor's gaming service be turned offline for several weeks.