I'm the author of the article that inspired this thread, and I saw a lot of great points being made here, and issues being brought up, so I wanted to hop in and say a few things.

First, as to my account getting hacked thanks to a phishing scam - nope. I take online security very seriously, and I'm well aware of how to spot and avoid a phishing scam. I'm also cautious (perhaps excessively so) about keeping my computer free of spyware and the like. On the rare occasion when a virus scan, or a malwarebytes scan turns something up, I make it a point to change passwords once the offending piece of software is gone. The odds that my account was breached because of some stupid thing I did are extremely low.

If I had to guess, I'd say it was more likely a social engineering attack on XBL customer service - those guys don't have the best reputation for keeping accounts safe and sound, but keep in mind that's just a guess - I don't have anything to back that up.

If someone does fall for a phishing scam,, personally, I don't think they should be blamed for it. Sure, it's a boneheaded move, but obviously they didn't set out to have their account information stolen. Think of it like this: if someone leaves their car unlocked by accident, and some [censored] comes along and steals it, the victim isn't going to be charged with grand stupidity, but the thief will most certainly be charged with grand theft auto.

As for the comparison to the PSN attack, one hacked XBL account obviously isn't as significant as the millions of PSN accts that got breached, BUT it's not just one XBL account. From the response I've seen to the article I wrote on various forums and websites, it looks as though this happens fairly often. That's strictly anecdotal, but it seems pretty safe to assume that this is happening at least a couple hundred to a couple thousand times a month - add that up over the course of a year, and you have a pretty significant security problem at Microsoft. Microsoft's response to that security problem is to completely ignore any concerns regarding personal information, and pretend that all the issues can be wiped away with a password change. If we're gonna get mad at Sony for giving out everyone's account information all at once, let's get mad at Microsoft for giving out our account information one person at a time.

Same thing would happen at your high street bank, i.e. if someone guesses your pin, in fact worse they make you prove you did not give out the pin to people.

Passwords are always guessable, and with enough time people will simply sit down and figure them out. How many people actually have unique passwords for every website and service that requires them?

In short we don't know that the information was given out by MS - if you do then time to go to the press, and the journalist would attempt the same phish on a test account.

In reply to a post by MrSaffron:

Same thing would happen at your high street bank, i.e. if someone guesses your pin, in fact worse they make you prove you did not give out the pin to people.

Passwords are always guessable, and with enough time people will simply sit down and figure them out. How many people actually have unique passwords for every website and service that requires them?

In short we don't know that the information was given out by MS - if you do then time to go to the press, and the journalist would attempt the same phish on a test account.

Assuming that it wasn't a security breach on Microsoft's end, they still refused to provide me with any concrete information on exactly how my account was used during the time it was hacked., I don't know whether the hacker gained access to my credit card information, my address / phone number, all of those pieces of information, or none of them.

Also, as I mentioned before, I'm extremely cautious about my passwords, and account security. None of my passwords would be easily guessed, and a brute force attack on an XBL account would almost certainly set off some flags at MS, effectively keeping the hacker out of the account. Their CSR's might not be to blame, but they definitely dropped the ball here between the breach itself and their refusal to work with me to help to keep me safe from identity theft and fraud.

For all they know you could be the person who has acquired the information falsely.

Revealing too much information, that then gets blogged could lead to more copy cat issues. On security issues not unusual for a firm to clam up.

Welcome to the murky world of internet security.

Best advice use pre-paid credit cards, so that any banking details do not lead to main account, and only limited funds would be available.

For all they know you could be the person who has acquired the information falsely.

I think that's a bit of a cop out.

Whatever they "think" they have a responsibility to investigate and share their findings with "their customer". If they thought the complaint was a fraudulent attempt to gain information then they would have a responsibility to inform the real account holder, "their customer".

Sure, your bank has particular protocols to establish who you are before disclosing information on any issue. But to ignore your requests for information pertainng to possible fraud on your account?

If your bank responded like this, I think you would feel rightfully aggrieved, as whathegeek does. I know I would.
.

Welcome to the gaming forum.
.

Try reading moneysavingexpert and you will see people being treated like this by the banks after cash machine fraud etc

In reply to a post by mrnelster:

Welcome to the gaming forum.
.

Thanks! Funny story - I didn't know about this site until I saw traffic coming to my site from this thread - seems like a pretty awesome forum.

In reply to a post by MrSaffron:

Try reading moneysavingexpert and you will see people being treated like this by the banks after cash machine fraud etc

Just because it happens, that doesn't make it right. Consumers deserve better treatment from the companies we entrust with our personal information.

I don't doubt it, but I bet those victims weren't happy either.
.

Yes people deserve better treatment, but be aware with online security the tendency is not give out too much that may help those crafting these attacks.

Drawing attention can all too often result in others who have a grudge causing yet more trouble.

Xbox live is far from unique, happens to many webmail accounts every day.