Xbox Players Urged To Use '2FA' Security After Account Gets Hacked

What happens to all the games you own...do Microsoft let you make a new account and give you all the games you own on the hacked account ?

Absolutely have 2FA enabled for Xbox. Especially if you have an old account, a lot of followers, or high gamerscore.

I normally have 50-100 log in attempts in a given 24 hour period.

They're all over the world. China, Brazil, and Russia are the most common locations. In that order.

Had my Steam account compromised ages ago. Took about 3 months to get it back. And I was lucky to have been able to. I use 2FA for everything now.

For something like that to occur he/she must of had the Xbox account linked to the pc side of things and was using non official, non trust worthy parts of the internet, I can imagine it could be either bitcoin related, looking at pirating a game or a even crazy loophole in the Xbox 360 hacking/modding ecosystem, I would love to know but it is pointless.

@StylesT No, you have to start from scratch. All your games are gone forever.

Had my original Xbox Live account “FIFA’d” back in 2007-8. Someone had linked my account to another EA account just so they could get some FUT packs or something. EA could do nothing to recover it.

When I came back to Xbox I made a new account and added MFA right away. There’s just no excuse these days.

I saw this post earlier and immediately set it up. However logging into the actual xbox with it is a pain? I hope it keeps me logged in and it was just because I changed the password at the same time. Also i checked my login history and between the US and Germany it seems everyone wants to have a go at my password every 15 minutes or so. Quite scary actually.

My account is about to be 18 years old 😮

@InterceptorAlpha How do you check log in attempts?

Absolute scum bags, should be strung up and left to hang until they ☠️

I just know he was playing Naraka Blade Point 😭🤣 This really sucks for him check out the reviews for the game I mentioned

I already had Microsoft Authenticator on the phone, which is really handy and easy to use, it pops up when necessary. I didn't have 2-factor authentication for my Microsoft account, so I just set it up. I don't know if I should go password-less now, which uses Microsoft Authenticator with your fingerprint or a matching code that you must choose, like Bluetooth pairing. They can also resort to SMS and instant emails if necessary.

@InterceptorAlpha How do you check your log-in attempts?

@K1LLEGAL Same here. I restarted the console and the second time it didn't ask me to use my fingerprint on the phone, the first time it did. No problem, then. I guess that the second time it already knows that the location and IP are approved by the owner.

Just thought I would check to see if I had 2fa enabled and I was 100 percent certain I did

And even tho I have the authentication app it turned out I never had 2fa enabled

My advice to anyone reading this is to double check that it is on and that you do have it enabled

And you may sit there thinking it probably won't happen to you BUT IT CAN HAPPEN TO ANYONE FOR NO REASON so always be safe out there

@Banjo- @JON22

Easiest way to check log in attempts to is you have the Microsoft Authenticator app installed.

When you open it, there is a button near the middle of the screen that says "View Recent Activity".

If you don't have the app, I suggest installing it. Great to keep track of things and you can even use biometrics for 2FA.

The other option is logging into account.microsoft.com and going to the Security Dashboard. You can view them there.

@InterceptorAlpha Yep, I checked that but only found the seven last attempts and all were successful because it was me. I thought that there was something more somewhere.

@Banjo- Nah, if you're not seeing anything else there, then looks like you're in the clear and nobody's been trying to get access.

@InterceptorAlpha Great. Bank accounts are already protected but we all should do the same with our Microsoft accounts because they have all our digital purchases attached to them and we don't want someone in China to steal them and Microsoft to send us that depressing letter.

I logged into a friend’s Xbox years ago and had to put in a code that was texted to me (before the Authenticator app) and he gave me crap about it. I’ve never been hacked, but I like to think it’s because I use the app which lets me know someone is trying to get in.

@InterceptorAlpha I've got 2FA enabled on my account too and like you I see various attempts on my account every 15 mins, most recently it's a lot of people in Brazil trying it seems.

Yeah I do the authentication for just about any account I deem important or valuable by now. Had too many close calls with hack attempts on my email in the past.

I've gotten notifications of someone trying to log into my Microsoft account a few times. I can only imagine what would have happened if i hadn't had 2FA on.

now this is a reason to go back to game disks.

i just looked at my owned games on xbox. its a bunch of old games i bought in a deep sales. the last one is the old dead island was like $5 lol. the last day one game i bought at full price is ac valhalla.

@InterceptorAlpha yo that's wild I thought mine would be glitched or sth. I have like one per hour tryna get in 😂

How do you enable 2FA on your account I don't know if I have it enabled if I lost my account I would snap how long I have it now Microsoft should be getting better security I'm not losing years of purchases and gamerscore

@Kaloudz How would that happen then I'm not on PC at all are u just talking about PC or any other devices just Paro don't want to lose my profile after seeing this

2fa and random passwords for everything

I'm actually an Xbox Customer Service Representative, sadly all the games you bought are for ever bounded to the account where you bought them, I'm afraid is not possible to transfer all the game from a hacked or disable account to your new Microsoft Account, only when the internal team is able to recover the account what actually happen is that all the information you had on the hacked account (games, achievements, rewards points, etc) it's transferred to the new account with a different alias or email that you need to create on your own, however to get to that point and to assure we are recovering the account for the actual owner there’s a lot of very specific information you need to provide, making this process to take up to 7 days if your information is good enough to recover your account on the first attempt.

So guys, bottom line, it's not going to take you more than 5 min to change you security information and security settings, so it's up to you, wait for up to 7 days (if you're lucky enough) or take 5 min to change your Security information and settings on account.microsoft.com/security

Good evening people!

@Kaloudz that's partially true, there's is a way that only higher agents can access to your account only for verification purposes, however, base on the security protocol anything but like ANYTHING AT ALL of your information can be disclosed nor changed, even worse if these are family safety settings, privacy settings and actually any kind of settings

Reading this article and seeing that you can lose all your games has convinced me to enable 2FA and remove my password from my Microsoft account. The Authenticator app is great to use and just now I had to use facial recognition on my iPhone to sign me in on my Xbox. It’s definitely worth adding that extra layer of security for peace of mind, better safe than sorry.

I've had MFA enabled on my Microsoft account for a long time now. I've also gone passwordless and created a passkey for the account and while it might seem like a lot of work I use the account for more than just my Xbox.

How do you activate this on Xbox anyone? If I gotta get a code sent to my mobile to sign into Microsoft does that mean IV already got it on?

@GunValkyria I offer a service of running over it with my car.

@StylesT they won’t give you all the games on a new account. If they were confident that what you are telling support is the truth and they wanted to help, they can reinstate the access to the original account to the rightful owner. MS still has control over the account. The fact they haven’t done so means they aren’t looking to assist or perhaps the original owner was unable to provide sufficient evidence.

If they were to clone content an account has then there’d be a new type of scam where people would fake such an incident while still having the original account, and then sell the login to a new account that comes preloaded with a stack of digital content they didn’t have to pay for.