Robert McLaws: Windows Edition

Blogging about Windows since before Vista became a bad word

More on the Xbox Live Account 'Hack' Scandal

Yesterday, Xbox Live's Major Nelson admits that the Xbox Live Account scandal involved pretexting. For those of you that haven't been following this situation, Microsoft has had numerous complaints of people having their Xbox Live accounts closed, changed, or charged for things the account holders didn't do. Until this week, Microsoft has been hiding behind the security of their network, blaming end users for the problem, and has flatly refused to investigate any of these issues. Then, someone decided to record a call to Xbox Live support, where they sucessfully misled the support personnel into gaining access to an account that wasn't theirs. That recording was then posted on the internet, and Microsoft couldn't do anything but admit there was a problem.

So Major nelson said that they're now retraining support staff to prevent it from happening again in the future. While that's all fine and dandy, that's only half of the solution. Microsoft needs to make take some serious steps to rectify the problem with their CUSTOMERS as well, and they need to do it immediately. It should happen in two parts:

  1. Anyone who has been affected by this issue should have their accounts restored, any charges reversed, and either a year of Xbox Live Gold for free, or 5000 Microsoft points. Microsoft will lose a core gamer audience if they don't make it right with the victims, and then some.
  2. I've seen several reports online about the people who hacked the accounts. Since pretexting is illegal, Microsoft should open a criminal investigation, find those individuals, and charge them with the appropriate crime. That would send a clear message that Microsoft is not screwing around, and will not tolerate that kind of behavior on their network.

But Microsoft, the clock is ticking. You guys have a finite window to make this right before it has a serious impact on current and future sales. If you want to be #1 in the console market, you can't afford to lose any existing converts. Please, do the right thing, and do it quick.



  • Shawn Oster said:

    While I agree they need to take steps to help with their over-all good will and market image I do disagree on a phrase you used:

    "Until this week, Microsoft has been hiding behind the security of their network..."

    I've worked for large corporations and I highly doubt Microsoft was "hiding" behind anything.  First, you check your tech side of things and once you verify that is secure you then do some poking around on the tech support side of things, the human side, but the nasty, scary reality of the situation is that pretexting, unless caught red-handed is *extremly* hard to catch.  It's also true that it usually *is* user error.  It's amazing that in this day and age how many people's passwords are still easily guessable.  I once guessed someone's gamertag password on *accident* while joking around with them.

    The issue is, how do you investigate a distributed call center made up of a high churn work force?  What questions do you ask and how so as not to make it feel like a witch hunt?  How can you even review recorded call logs when perhaps only 1 in 25,000 calls contain the tech support person giving information that, when looked at individually, seems rather harmless.  How do you do all of that in a cost-effective way?

    I've had friends that worked in call centers and let me tell you, these are not highly motivated people.  Almost everyone views it like the tech support version of flipping burgers, just something you do until a real job comes along.  Those that rise in the ranks usually become burnt out because turn-over is so high and you deal with crazy people all day.

    Another issue is that for every pretexter out there getting just a bit of personal info there are probably 2000 people that were *helped* by getting that info.  I myself had signed up for XBox Live when it first came out while living the college-lifestyle of moving every year.  When I went to change something on my account years later I couldn't remember which of 7 addresses I had been living at when I signed up and I had a credit card on file that I had canceled.

    The tech support person was nice enough to prompt me with a bit of info until I remembered the right address and zip code.  Without their help my account would have been dead in the water.  My new fear is that they'll change their policy so much that you'll get a huge new crowd of people saying that now the legitimate users are being punished.

    So, while I completely and 100% agree they should do something for those people whose account were ripped off I do take issue with your spin that Microsoft just completely ignored the issue.

    March 24, 2007 11:21 PM
  • Sidebar Geek said:

    Robert, I absolutely LOVE how you make important sentences bold. ;-)

    March 25, 2007 2:34 AM
  • Mihai said:

    "The 1999 Gramm-Leach-Bliley Act makes it illegal to make fraudulent statements or use forged or counterfeit documents to get information from a financial institution or a customer of a financial institution or to ask another person to obtain this financial information on your behalf."

    Is MS a financial institution?

    If it is not, then is was not illegal.

    March 25, 2007 2:30 PM
  • That's not the only law that was passed. One just passed recently after the HP debacle.

    March 25, 2007 4:17 PM
  • "Microsoft has been hiding behind the security of their network, blaming end users for the problem, and has flatly refused to investigate any of these issues"

    This has been the default Microsoft answer on many things related to the xbox. They still don't want to admit that in some cases the xbox360 can eat up discs, even if you are not moving the unit or there is no seismic activity at that time.

    Extremely loud drives is another issue. (Partly a software problem because the drive only spins up at max rev when playing x360 games, not with DVD's, CD's or original xbox1 games. Something in the software is telling the drive to spin up to max rev when an X360 game is inserted.)

    March 26, 2007 6:21 AM
  • May 16, 2008 5:16 AM