How to protect yourself from Xbox Live hackers
by Justin McElroy 
{ Oct 12th 2009 at 5:30PM }
- While you aren't able to hide your gamerscore, you can make your account a bit less desirable on the black market by hiding the games you've been playing.
- Avoid services like Mygamercard.net that promote your gamerscore and, in doing so, make you a larger target.
- Put fake information in your Xbox Live account, then use pre-paid cards to buy things and pay for the service, thereby making identity theft less damaging.
Reader Comments (Page 1 of 1)
SibSpi @ Oct 12th 2009 5:33PM
Should only really be necessary to hide what games you've been playing.
People target live accounts to get at the DLC and Live Content that has been purchased on them - they don't care as much about the gamerscore.
SibSpi @ Oct 12th 2009 5:35PM
Oh yeah, and DON'T ACCEPT FRIEND INVITES WILLY NILLY.
Besides there being genuine creeps online (I've been asked to show my wang more times than I've ever been asked out by females) it allows people to monitor your activity - what game addons you're playing, what movies (downloaded/bought on Live) you're watching, stuff like that.
Solace @ Oct 12th 2009 5:40PM
you forgot one major tip that rules out everything you just said
Don't buy a Xbox 360 or just sell your current Xbox 360 duh
DPolski @ Oct 12th 2009 5:47PM
/facepalm
Not even funny.
Solace @ Oct 12th 2009 5:49PM
I know but it was just something I couldnt pass up
Militant07 @ Oct 12th 2009 5:44PM
how could they hack account without knowing his account information ?!
Shadsy @ Oct 12th 2009 5:52PM
Social hacking. They'll figure out your account's email or search for the Gamertag on other websites, then engineer information out of it, and be able to impersonate you while talking with a support rep. to "recover" the account.
It even happened to a Bungie exec once (if I remember right).
Conor @ Oct 12th 2009 5:55PM
You have me worried now :(
John Z @ Oct 12th 2009 6:09PM
Summary: To safely enjoy Xbox Live's social capabilities, turn off everything social about Xbox Live. (only half-kidding; don't downvote me yet)
Really most of this is common sense, a commodity which seems to be greatly lacking on the internet. While all that stuff about turning off the show-off-your-gamerscore stuff certainly reduces your chances, the main problem is that as long as you play online, people will be able to get at least that info. Your best bet is, in truth, to play primarily with a core group of people that you know and trust, and only friend random people after you play them enough to know they're not scammers (how long that takes is up to you but "thirty seconds, and they say they can get you into the super secret Modern Warfare 3 beta" is probably not enough time).
The Dark Wayne [Planeteer: Power of the Batusi] @ Oct 12th 2009 6:27PM
Does the fake information mean fake stuff in your bio and motto on your gamercard or your actual account information? Because that seems a little excessive
sonicspike41 @ Oct 12th 2009 6:33PM
I think they mean like use a throw away email (or any extra ones you may have lying around), list a fake address or even a relative's address, avoid using your real phone number, things like that.
You want these hackers on steroids to get as little information about the real world you as possible.
Dragod @ Oct 12th 2009 6:37PM
I used to have a friend who would write totally nonsensical things when he signed up for anything. I remember him telling me that he would do stuff like put "Mt. Rushmore" for the recovery question "What is your favorite book?". Apparently, he'd also do random letters and numbers, print out a sheet with the answers, then keep it in a safe of some sort in his room... He was a bit paranoid.
Gunstarz @ Oct 12th 2009 7:40PM
"Should only really be necessary to hide what games you've been playing.
People target live accounts to get at the DLC and Live Content that has been purchased on them - they don't care as much about the gamerscore."
Once your gamerscore goes past a certain amount, people who steal accounts tend to assume someone with 20,000 GS or higher will have a bunch of stuff unlocked anyway - and there is a specific portion of the leet community who do little else other than try to steal accounts with high GS, or failing that use modding tools to inflate their score artificially then sell the account on.
Morgon @ Oct 13th 2009 9:14AM
Whoah, whoah whoah.
First off, this report does NOT recommend 'avoiding sites like MyGamerCard', and I am deeply troubled that Joystiq would not only interpret it this way, but post it exactly as such.
Secondly, MGC does not condone or even exist to cater to people who would do illicit activities on Xbox Live. The promotion of GamerScore is for entertainment purposes - users can create their own personal Leaderboards for friends or clans, and some people enjoy vying for the top spots in their particular country.
Thirdly, this is not 'hacking', this is social engineering, which are two giant continents of their own and should not be confused. This is all about people who fall for the 'Give me your Live ID and Password for free MS Points' or 'Give me your account and I'll activate Prestige on Call of Duty' (which I personally received two days ago). Being a member of MyGamerCard puts you at no greater or less -risk- if you are of sound mind to realize these are scams.
Paperghost @ Oct 13th 2009 11:06AM
Yeah, I feel I need to chime in here. I'm the person who gave the talk at the security conference. At no point did I ever suggest NOT to use the site mentioned above - and I certainly didn't advise anybody to "steer clear" of sites such as MGC or any of the other similar services. I merely highlighted how people such as phishers will use the data that's viewable on the site - in much the same way they'll trawl for info on sites like facebook, myspace etc - and use that to ascertain who their next potential target will be.
I also never suggested that sites like MGC are somehow dubious themselves - MGC clearly isn't, it's a Microsoft community developer. I mentioned how people will cut and paste stats from the Bungie site (in the same way they'll reference data on MGC, or how profile spamming tools will show a MGC badge in their browser window when hunting for targets) when trying to buy & sell stolen accounts - yet nobody is saying to "avoid Bungie". This strikes me as unfair.
Finally, if anyone is to "blame" for gamerscores being viewable causing targeted phishing / social engineering attacks, it would be Microsoft for not providing the option to hide the score. Sites such as MGC are simply doing interesting things with that data, but ultimately as long as MS don't let you have the option to hide said score, the problem will continue.
Nobody could have predicted at the time that as GS increased, so did the desire in bad actors to try and steal those accounts, but here we are and now MS needs to address it. Be critical of the way we throw all of this data around for people to see, sure. But specifically saying to "avoid MGC" - no. It's a bit of a wasted effort anyway, as by the time 99% of people become aware their GS might make them a target, it's already out there in the wild and pasted across a whole bunch of sites whether we wanted it or not (mine included).
Alex @ Oct 13th 2009 12:11PM
I thought I could just not accept friend requests from people with Gamertags lik 'FreeXboxL1ve'
ColorblindMonk @ Oct 13th 2009 12:16PM
I don't pay $8 a month to worry about Xbox Live hackers. Microsoft needs a better way to maintain security.
zak @ Oct 13th 2009 1:10PM
just keep it sensible and you will be ok.
zak @ Oct 13th 2009 1:11PM
Alexs comment is a good one also.