The experiences of a young woman in Texas have highlighted security issues for Microsoft's Xbox Live service, after her account was hacked and points purchased on it sold to the highest bidder.
Susan T shared her story on a blog which documented her correspondence with both Microsoft and someone who had bought the points fraudulently purchased with her account.
She became aware of the problem on January 2 when she received purchase confirmations from Microsoft for 10,000 points and the Family Gold Pack, as well as an email to say the points had been successfully transferred. She had been charged $214.97, and immediately contacted Microsoft's Xbox Phone Support Team, who blocked her account.
On January 4, despite being told her account was blocked, she was charged another $124.98 for another 10,000 points, which were transferred to the user RipplyCorgi16. She contacted Microsoft again, who told her they had been unable to block her account.
72 hours after her initial contact with Microsoft, the account was still not blocked and she was able to contact RipplyCorgi16, the user who had received the latest batch of stolen points.
He told her he was based in Poland and he had purchased the Xbox Live account from a site called TradeTang, a Chinese wholesale site where 10,000 Microsoft Points are currently available for around $30.
He had been directed there by the seller via a Polish trading site called Allegro, and handed over the seller's Allegro username and email address. She has also been in touch with Microsoft again.
"I have spoken to Microsoft again and the rep I chatted to was appalled that no one else had actually managed to get my account blocked since the moment I first reported the issue on Monday."
"He said he is going to pass my case onto the Tier 3 team who will phone me once my account has been blocked and the investigation began." has contacted Susan T for an update on the situation.
Late last year Microsoft denied that Xbox Live had been hacked blaming phishing scams.
"Xbox Live has not been hacked. Microsoft can confirm that there has been no breach to the security of our Xbox Live service."