No, it's affected anyone who's signed up to an EA account in order to play one of their games online. Fifa 12 was affected too.

No, it's affected anyone who's signed up to an EA account in order to play one of their games online. Fifa 12 was affected too.

That also includes Burny Pee, people.

One of Xbox Live's crucial vulnerabilities is the fact that a lot of people use a Hotmail address to login. I do, and I've had my Hotmail address since 2002. Imagine all of the people who haven't changed their Hotmail password since 2002. Almost all of them will have been phished at some point. Hell, even my Hotmail was phished a year or so ago - I was sending spam emails out from it. Fortunately I logged in one day out of chance an noticed before changing my password. I'm seriously careful online and I regularly scan for evils, but I still got my Hotmail phished because due to its popularity there are so many places it can be phished from.

So yeah, change your passwords guys.

Seriously, change your password - EVERYONE.

I don't even know what mine is, the xbox just logs in automatically.

It's your MSN account AKA Live account AKA passport account.

You will have an email address associated with it which is how you log into xbox.com , they have buttons there for "forgot your password" , click it , get a new one (secure so mixed cAsE and numbers/symbols) and then type it in once when your next on your Xbox

Huh. After being panicked about Burny Pee (though I'm on PS3 for that) I remembered I'd already changed mine since then, for some reason. Excellent.

Now move onto stage 2 and cancel your bankcards.

Wut? Phishing means typing your login into a page that purports to be your webmail account but isn't, yes? So how did you manage to do that? And why would you say "almost all" such accounts would have been successfully broken into in this way?

Well yeah either by manually typing a password in like a moron or some sort of spyware/keylogging software taking your password.

Stage 3, get your own domain and use a different email for everything...

No, phishing is specifically the former, not the latter; which is what kalmar is getting at as it makes your post a bit nonsensical. Although your general point stands of course.

Unfortunately, with xbox you're kind of limited to what kind of email you can use.

My xbox account is using my domain. I have no idea how I managed that though

Well yeah I know that, it was just a convenient term.

My xbox account is using my domain. I have no idea how I managed that though

My xbox account is using my domain. I have no idea how I managed that though

Now move onto stage 2 and cancel your bankcards.

Stage 3, get your own domain and use a different email for everything...

I do have an idea how I did it though. Just sign up for an (as then) passport with your email address. Certainly things would be lacking, but it was perfectly doable.

Hang on - what's the point of Mr Nasty Hacker buying MS points? Can you transfer them?

[myName]@hotmail.com with no numbers, dashes underscores or anything!

[email protected]?

No, it was my full name.

Hang on - what's the point of Mr Nasty Hacker buying MS points? Can you transfer them?

[email protected]?

Microsoft sources have denied a claim that Xbox Live has been hacked, stating instead that gamers said to have had up to £100 lifted from their accounts were victims of phishing scams.

Allegations that cyber criminals have "hacked into thousands of Xbox Live accounts to steal millions of pounds" in the UK were made by The Sun newspaper this morning.

However, sources close to Microsoft insisted there is no evidence that any account has been hacked.

But the source admitted there has been an increase in attempts to gain punters' login credentials through deception - phishing.

Other attacks involve criminals attempting to befriend gamers through social networks in the hope of gathering information to reveal login details.

Microsoft has previously warned Xbox users to be on the look out for such cons.

However, Microsoft must do more to improve security, Jason Hart, MD of security firm Cryptocard, told Reg Hardware.

"Clearly too many weak links remain," he said. "At the moment gamers aren't being properly authenticated when they log on as gaming companies continue to use static passwords.

"You can't stop thieves sneaking up to the back door, but you can put in place measures to stop them breaking in."

Last month, a number of Xbox 360 owners revealed that their accounts and credit cards had been compromised, with stolen MS Points spent on Fifa 12 content packs. ®

When is a "Hack" not a "Hack"? Well, people disagree. It could be said that if someone looks over your shoulder when your enter a PIN, and they walk off with that number, that's a 'Social Hack'. However, The Sun, The Daily Telegraph and The Daily Mail (both re-reporting The Sun) seem to think that a 'Hack' is when someone responds to a Phishing Email.

Starting with The Sun, with its headline and strap:
"Gamers caught in Xbox cyber fraud - Web crooks raid accounts"

It then goes crazy:

"ONLINE crooks have hacked into thousands of Xbox Live accounts to steal millions of pounds.

"The average loss to gamers in the UK is around £100 — but many have had more than £200 stolen."

Not okay. Wrong. In fact, the paper even contradicts itself:

"In one 'phishing' con, crooks sent emails to players directing them to bogus websites offering free Microsoft points that can be used to buy games."

"Bogus websites" not Xbox Live at all.

This hasn't stopped The Mail, which starts with, "Thousands of players are believed to have been hit by the scam which gets con artists into Xbox Live accounts which contains details such as credit card numbers."

However, again in contradictory mode, "The scam works by sending players emails that direct them to bogus websites offering free Microsoft points that can be used to buy games.

Gamers were fooled into visiting pages that stole account details and then gradually 'leeched' money from their accounts. Online play on Xbox 360 requires an account with credit card details attached
Victims are then asked to enter personal details which let criminals access accounts and get hold of their credit card information.

"Crooks then take small amounts from credit cards over several weeks so it is hard to detect them."

So, that's bank accounts then?

The Mail does attempt a justification with, "Other victims have apparently lost money when their passwords were guessed by criminals who befriended them before coaxing personal information out of them." Yup, "guessing".

Never fear though, as respected broadsheet, The Daily Telegraph clears things up in its headline: "Xbox Live customers 'hacked' in fresh cyber fraud case". Oh, no it doesn't. Let's see about the detail:

"As part of their scam, the gangs sent emails to players directing them to fake websites offering free Microsoft points that can be used to buy games.

"Duped victims then entered their personal details, which allowed criminals access to their accounts and valuable credit card information.

"They also reportedly befriend players online and convince them into volunteering personal details."

Yup, not a hack of Xbox Live.

But remember, fear sells newspapers, especially around Xmas. And more especially if the newspaper's owner has committed large sums of money to a digital-only newspaper running on another platform.

We are of course requesting comment from Microsoft on the matter. It has yet to provide comment to any of the 'sources'.

I've just seen on Twitter that @Xboxsupport have just given Myp the instructions that Davpaz posted on sucking eggs.

Also gonna change my Live ID to a different email address and get shot of my old Hotmail for good.