Microsoft has always listed the security and customer friendliness of its Xbox LIVE service as one of the key strengths of its Xbox system, but it seems that this is not the whole truth.
Reports of hacked XBL accounts being sold online have been surfacing for a while now, and it seems that Microsoft has chosen to deny them instead of investigating and aiding the victims.
The most prominent case is Sasan T's who documented her story on her own blog. Susan became aware of the problem for the first time on January 2nd, 2012 when she received an email from Microsoft confirming her purchase of 10,000 Microsoft points as well as the Family Gold Pack for $214.97. Needless to say, this purchase was not made by Susan.
Susan responded sensibly by contacting Microsoft's Phone Support who blocked her account promptly - or so she thought. No more than two days later Susan received another 10,000 Microsoft Points purchase confirmation for $124.98 from Microsoft. Contacting Microsoft's Phone Support again, Susan was told that they "couldn't block her account!"
With no help from Microsoft, Susan did some investigation on her own. The second confirmation email stated that the points where transferred to an XBL user called RipplyCorgi16, so she contacted him.
RipplyCorgi16 was honest with Susan, informing her that he is from Poland and that he purchased the points from a site called TradeTang, a Chinese wholesale site where 10,000 Microsoft Points are currently available for around $30.
RipplyCorgi16 also revealed that he was directed to TradeTang through a Polish trading site called Allegro, giving the seller's Allegro username and email to Susan.
Susan then contacted Microsoft for the third time, to be answered by a representative who was "appalled that no one else had actually managed to get my account blocked since the moment I first reported the issue on Monday. He said he is going to pass my case onto the Tier 3 team who will phone me once my account has been blocked and the investigation began."
Until this story was published Microsoft didn't contact Susan yet. The company did however release the following helpful statement: "Xbox Live has not been hacked. Microsoft can confirm that there has been no breach to the security of our Xbox Live service."
Microsoft believes that the stolen accounts were stolen through phishing scams. This is quite reasonable indeed, but it is not an excuse for company's inability to act on reported cases.