This is the reponse from XBL I received: <<<<sensitive info has been deleted>>>
Dear Xbox LIVE Customer,
Your report of unauthorized access to your Xbox LIVE account has been received by our fraud investigations team. To protect your privacy and account information, your Xbox LIVE account is temporarily locked and sign-in is disabled. If you use this Windows Live ID for any other Microsoft services, they will also be locked during our investigation. Your account cannot be accessed by anyone outside of our fraud investigations team and no charges can be made to your account during the investigation.
Because we place great importance on the privacy of our customers’ information and the safety of their experience online we thoroughly investigate each and every reported case. We have highly skilled agents working on your case; however the investigation and resolution process takes two weeks on average depending on the nature of the case. During this time we appreciate your continued patience.
To ensure you can continue to enjoy the services offered with Xbox LIVE we are providing you a free, 30-day Xbox LIVE membership code that you can use to create a new, temporary account or save and add to your own account once it becomes available again.
If we verify that fraudulent purchases were made on your Xbox LIVE account while your account was not under your control, the purchase amounts or Microsoft Points will be refunded. Refunds will be processed within 10 business days after the conclusion of the investigation though it may take 1 to 2 billing cycles for them to appear on your credit card statement. If multiple purchases were made, each purchase may appear separately on your statement.
Please continue to check your email for status updates regarding this case. Additionally, we may email you with additional questions to help complete our investigation. If you have any concerns please contact us and be sure to include service request number XXXXXXXXXXXXXXXX.
Sincerely,
The Xbox LIVE Investigations Team
*********************************************************************************************************************************
Thankfully, I do not have any monthly subcriptions to online gaming sites like so many others so the 30 day wait will not affect me much but I feel sorry for all the gamers who are getting ripped off this way and cannot play on their accounts.
My question is this: since Microsoft security is paper thin, what will prevent a new acct. from being hacked again? Of course I will not link any payment methods to it and use only scratch cards for points and leave no point balance in this account. However, I find it very disturbing that this account is vulnerable and may be used by hackers for social engineering and phishing and who knows what else. I really believe that a key generator should be used by MS like World of Warcraft or SWOTL which could prevent this kind of thing. MS seems to be very much behind the curve here perhaps because they have been very arrogant in thinking their web security is the absolute best. They still are suggesting that we, the users, are at fault in some way. I find this continued attitude on their part to be not only self-serving but puts all their users at contiinued risk.
