@Sugarfix said:
@Branthog said:
You know, I hear stories about people having their accounts here or there "hacked" every day. It really comes down to a failure on their part, except for the rare cases where the servers on the other end have themselves actually been compromised in which case it isn't the user's fault, obviously. The same goes for viruses, frankly. I know it sounds mean to suggest that people themselves are a big part of the blame, but it's reality. They need to lock down the network they're using, use a better password, or guard their personal information better. In almost twenty-four years, I have never had a machine become infected and I've never had an account hacked. Not at school, work, home, on BBSes, the internet. Nowhere. Ever.
Then you have people who are varying degrees of careless. They're the ones that you see REPEATEDLY updating their facebook status to say "my account was hacked, again".
But as I pointed out in the other thread, I'me incredibly careful with my security and managed to reset my password while they were using my account elsewhere (I not only changed it on my pc using an on-screen keyboard in case I had somehow become infected with a keylogger but I also changed it on the XBox. I also changed the method of password reset to send an SMS to my mobile and not my email, in case they had access to that too) and yet, they were able to take control of my account again immediately. The only possibility is that they used the answer to my secret question and NO ONE could happen to stumble across the answer, in fact I doubt they'd manage it with a any kind of guess or brute force. I get zero results if I try and Google the answer.
However they did it, Microsoft could still do more to help prevent people spending YOUR money when they do mange to gain access like requiring the 3 security digits off the signature strip to confirm purchases or better still using the SMS feature to require confirmation before allowing your gamertag to be restored to an unknown Xbox.
Lax security on the users part is being matched in equal measure by apathy from MS on this one.
You're right about the custodians of your accounts and data (Microsoft, Sony, etc) often being way too damn lax in their security. Not just them, but businesses of all sorts. That's why I made the point that the only exception is when it's actually a legitimate failure on the other end of things. Such as having a database server broken into and all the contents stolen. Or companies that easily succumb to social engineering (where you can just call and give two pieces of readily available public knowledge about a person and have the operator help you reset your (their) password, for example). Alternately, you have the ones that require you answer a couple questions on a form. My fucking *bank* did that. And so did my cell phone company. All you needed to "recover" account access (meaning ANYONE could do this with the right info) was answer something like "mother's maiden name" and "which of these four addresses do you currently live at". Information readily obtainable by anyone with an internet connection (or, at the most, a $10 fee at one of those background check websites).
As for the live accounts... it's strange that they so easily rolled over the information for someone else, because my brother lost his account due to not having an active email address setup for it any longer (the place he used for his email when subscribed to the service initially is no longer around). He called themand had all sorts of account information. He just wanted to get his several year old account going again and pay for a renewed subscription. However, since he didn't have an *active* email address on the account, it couldn't send him a recovery message . . . and they weren't willing to help him do anything on the phone. Kind of sucks for something Microsoft supposedly wants you to maintain and care about (your identity on their gaming/media/entertainment service and device).
On the user side, however, I can't think of a time when I saw someone have their accounts or machines compromised unless they were using short, simple, or dictionary passwords, not using proper basic networking security, and no clicking random shit. (I bet that 90% of the facebook accounts that are "hacked" which aren't just simple password guesses are the result of idiots clicking things like apps that say "click here to enter for a drawing for a free iPad!").
Oh, and about the Microsoft help and all that. Yeah . . . it's definitely hit or miss. I've owned many 360s in the last five or six years and after a home invasion, I figured I'd do what I'd read other people do. I'd call up MS and give them my serial number so they could flag it and notify me or the police when they detected it logging in from somewhere. But, nope. They said that isn't possible. Absolutely no way it can humanly be done. (riiiight).
Log in to comment