Report: How Scammers Are Stealing Xbox Live Accounts, and the Few Things You Can Do to Protect Yourself

By Luke Plunkett @Kotaku


For months now, Xbox 360 owners have been complaining of a surge in account thefts, incidents when people wake up one day to find themselves no longer with access (or even possession) of their own Xbox Live accounts anymore.

At first believed to be the result of hacks in relation to EA’s FIFA series, it’s now looking more likely to be the result of a widespread scam run by shady types out to either make money or score cheap games.

One of the more high profile victims of these “jackings” (not “hacks,” we’ll get to that in a minute) was Susan Taylor, who wrote an account of her experiences, and which we covered back in January. Having stood up and identified herself as an unhappy victim, Susan soon got something she was probably never expecting: members of the jacking community reaching out to her.

Three such types contacted Susan and tipped her off to sites and forums where jackers congregate and trade. They were also, as members, able to access the sites (most are obviously restricted from public viewing) and pass along some of the information contained within, including techniques on how to obtain someone else’s Xbox Live account information.

You can see one such site, which is publicly accessible, here. On its “black market” forum, you’ll see members both selling stolen Xbox Live accounts and making requests, one person looking for an account with good Modern Warfare 3 stats, another selling an account with the presumably desirable name of “One V One”.

The key distinction between “jacking” and “hacking” is that these guys aren’t forcefully circumventing any software protection measures. What they’re doing is, in a nutshell, contacting Microsoft, pretending to be the legitimate account holder, and through poor security and a whole lot of bluffing (usually making excuses as to why information was incorrect or why passwords could not be remembered), getting hold of the necessary reference numbers and information they need to then go on and access a stranger’s Xbox Live account.

Here’s an excerpt Susan was able to obtain, outlining one such strategy:


1. First you go to and click support at the top left of the website.

2. Then go to the bottom of the page and click Contact Us.

3. Once on that page click the Email Us link. Then click Xbox Live.

4. Now this is where it gets SERIOUS. For the name put a name. I personally use an actual agent’s name ([Name redacted by Kotaku]) then put there employee ID which I put a fake ID. For the reason put Technical Support.

Then for the email put or something to do with the agent’s name but Microsoft. For the reason put something like this “Customer (put there name if you have it on the account you want) verified the 16 Credit Card digit number. He has made an inquiry about how he has forgotten his accounts information, since I am a Tier 1 agent I am unable to view the customers GT. He has requested to have the answer changed to (put some realistic for the answer). The Xbox Live Gamertag is (put GT). – [Name redacted by Kotaku]”


5. Now you should see something like this


6. Call up Xbox 30 minutes later. After they answer say that you were disconnected from a Tier 2 agent and ask to be transferred back.

7. After they transfer you to the Tier 2 agent give them the number (remember your the customer so you have to act like you have pretty much no idea what’s on it). Once they pull it up they will take a little while and change it. DO NOT ASK FOR THE EMAIL so that you can know where to reset it.

8. Then call back and say you forgot your email but know your Secret question answer. They will ask for the GT and answer tell them and they will give you the email.

Congrats now you get the OG. This wont work every time so don’t get discouraged.

All comments of post - "Report: How Scammers Are Stealing Xbox Live Accounts, and the Few Things You Can Do to Protect Yourself":

:Haha! I'am the first! Yeh~

Comments are currently closed.

Add a Comment / Trackback url

Comment begin from here or jump up!