In an Tumblr post entitled "Microsoft: A Company with No Brains, Heart or Soul", a woman relays her story of how what she calls terrible customer service representative has lead her to lose thousands of dollars, "money that is meant to paying for food for my 1yr old disabled son", and discovering how her account her account was hacked in the first place.
On January 2, 2012, she received an email that someone had purchased 10,000 MSP and a "Gold Family Pack" on her account for $214.97 (not including taxes). The purpose of the Family Gold Pack was for the hacker to transfer MS Points to other dummy accounts, as she discovered much later:
Step One: Obtain username/password of account currently in use (I cannot work out how he obtains this information)
Step Two: Purchase Family ‘Gold’ Pack for the hacked account (this means he can now transfer points between the accounts he lists on the family pack)
Step Three: Purchase 10,000 MS Points (4000/6000)
Step Four: Create multiple (number unknown) brand new Xbox accounts (typically American accounts)
Step Five: Transfer all purchased points to these accounts (divide among multiple accounts or send full amount straight to a single one)
Step Six: Sell the account that has these points on to people, charging a smaller amount than Microsoft would charge for the points alone
Step Seven : Rinse, repeat, profitprofitprofit!
After calling Microsoft's "Phone Support Team", she was told that her claim would be forwarded immediately to their Fraud Department and that her Xbox Live account would be locked for 30 days for pending investigation. The next day, she received an box email stating that her account has been thus blocked and that her "Windows Live ID would be unusuable elsewhere online".
Unfortunately, on the morning of January 5th, she found that another $124.98 (not including taxes) was stolen from her once again. She thought that with her Xbox account blocked, that nothing would have happened. If she had to it over again, she would have unlinked her PayPal account immediately from her Xbox account regardless of what Microsoft stated. And thus, another phone rage ensues with the Microsoft reps:
“The fraud department was unable to block your account.”
“So why did no one contact me about this? You have my telephone number, you have my email address. You used my email address to tell me that you HAD blocked my account. Just what is going on?”
“They were unable to block your account, I don’t know. Have you tried changing the password online?”
“Yes, but whoever is doing this has changed my password and my security question. I am completely unable to access the account myself. That does not answer my question though. Why have I been told, twice, that my account was blocked, that an investigation had begun, when clearly none of that was true? Why is it you’re allowing someone to successfully steal money from me a second time when you were aware of the issue days ago? What the fuck is going on? I want my money, I need my money. Tell me what you are doing to help me.”
“You need to keep trying to log into your account."
She then has a lengthy Twitter battle (username: ladyelysium) with XboxSupport, which didn't result in having any more answers than she had before. At 5:11pm on the same day, she decides to create a temporary account, but finds to her surprise that it goes back to her regular account (yep, it still hasn't been blocked). Fortunately, she recognizes that a new supposed friend named RipplyCorgi16 has appeared on her friends list, one of the same people who received points from her account.
Through a few friendly messages, she discovers that RipplyCorgi16 bought the account from tradetang through allegro.pl, which is "like an ebay but polish", and then finds the middleman's login (named allegro). She unocvers that this "allegro" person has been selling multiple accounts stating that the purchaser "must use the MS Points 'as quickly as possible' and that if they disappear, it's not his fault".
So what did she learn from all this?
I realise now that I made a huge mistake in keeping my bank account linked to my Xbox account, but raise your hands if you too have done the same with some form of online account. World of Warcraft, GameFly, LoveFilm, Playstation – The list goes on. I think it’s fair to say that many people would look at Microsoft as a reliable company and absolutely trust them with their bank details. What makes them any different than Blizzard or Sony? If this level of trust makes me a fool, than so be it, brand me as one. Just know that you are branding a hell of a lot of people with that marker than you probably know and we are not the ones to blame here.