...seems like a pretty awesome forum.

It has it's moments.
.

In reply to a post by mrnelster:

For all they know you could be the person who has acquired the information falsely.

I think that's a bit of a cop out.

Whatever they "think" they have a responsibility to investigate and share their findings with "their customer". If they thought the complaint was a fraudulent attempt to gain information then they would have a responsibility to inform the real account holder, "their customer".

Sure, your bank has particular protocols to establish who you are before disclosing information on any issue. But to ignore your requests for information pertainng to possible fraud on your account?

If your bank responded like this, I think you would feel rightfully aggrieved, as whathegeek does. I know I would.
.

Good luck getting your bank to tell you how someone got into your account.

here's the thing - I don't really care HOW they got access to my account, but I do care what information they had access to.

I even made it clear when emailing Microsoft that the details of the investigation process were their business, not mine, but that I did need to know what information on my account was accessed so I could take necessary security precautions.

They were either unwilling, or unable to tell me anything more than what I already knew - someone that wasn't me used my account.

A hacker might have access to different amounts of my personal information depending on how they accessed the account. For example, a disgruntled MS employee would probably be able to poke at all sorts of fun information like credit card numbers, and the answers to my security questions, while an ordinary hacker wouldn't have direct access to that stuff through xbox.com or the Xbox 360.

Again, they don't have to tell me how. I'm curious, but ultimately, that part doesn't matter. As a customer trusting them to be careful with my personal information, they really should at least tell me what information was accessed though.

In reply to a post by whatthegeek:

For example, a disgruntled MS employee would probably be able to poke at all sorts of fun information like credit card numbers

Very unlikely.

Presumably Microsoft comply with the various standards and regulations around storing credit card details which means employees poking around credit card numbers is impossible.