Re: [Full-disclosure] Xbox live accounts are being stolen (is the training working?)

Hi Kevin,

For Hardware calls, we don't verify the same information as we do on Live calls. The reason for this is because some people (in fact many people) who call into the hardware queue are not even Xbox Live customers. Therefore, they don't have the same data to verify against and as a result, our agents don't have visibility into it and our entitlement process is different for each line of business.


-----Original Message-----
From: Kevin Finisterre (lists) [mailto:kf_lists@xxxxxxxxxxxxxxxxxxx]
Sent: Thursday, August 09, 2007 8:21 AM
To: full-disclosure@xxxxxxxxxxxxxxxxx
Cc: Ashley Wilson
Subject: Re: [Full-disclosure] Xbox live accounts are being stolen (is the training working?)

I find it kind of ironic that my Xbox broke last night after an
update and I am now on the phone with a Xbox live representative.
After the whole stolen accounts fiasco I remember calling in an
having techs flat out refuse to work with you until you verified your
full name, address, phone number, gamer tag, xbox console serial
number and email address used on the account.

I just finished talking to a tech about my xbox after only giving her
my First name, Address and Phone number (I couldn't give my serial
because my xbox is not near me). After asking to speak with her
supervisor about some other issues I asked him to remind me of what
information should be verified prior to speaking with someone. He
told me that "First and Last name, Address, Phone Number, Email and
Serial Number had to be verified and if any one item was missing or
not available to be verified via other means" then they have been
instructed to not speak with you. I asked him what happened with
Gamertag verification and he stated that only applied to Xbox live
issues and it was not verified for Xbox console issue. I didn't
bother telling him the tech that passed me on to him didn't quite
verify all the data, I simply said thanks and hung up.

At the very least this may help illustrate that no amount of training
can fully curb human behavior. The tech I talked to had no problem
ignoring the lack of serial number and email address on my account.
So Ashley... yeah I guess it is entirely possible that accounts *can*
still be stolen. Hell for all I know it could be the same kids since
no one was ever produced as the culprit of the previous caper.

Good luck!

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Relevant Pages