Microsoft: A Tale of Bad Customer Service

By
Susan Taylor
January 5, 2012Posted in: Featured, Resolved Cases

I am not the type of person who enjoys drawing attention to herself or making a fuss. I have never snapped at a customer service representative, I have never written a negative review and I have certainly never launched a one-woman attack on a company. The “customer service” I have been on the receiving end of over the last few days, however, has changed all of that. When I have a large quantity of money stolen from me, money that is meant to be paying for food for my 1yr old disabled son, I can’t just sit back and twiddle my thumbs in hopes that someone, somewhere, will eventually get off of their arse and help me; especially when that ‘someone’ is Microsoft.

So what exactly has happened to make the ‘momma bear’ in me rage?

On January 2nd 2012 I received a few emails in a quick succession that completely ruined my day. Someone had logged into my Xbox Live account, purchased 10,000 Microsoft Points and a “Gold Family Pack” for a grand total of $214.97 + Taxes. They had purchased the Family Gold Pack so they could then transfer the MS Points to a dummy account that they had created. I immediately attempted to log into my Xbox Live account and, when that proved unsuccessful, I got straight onto the phone with the ‘Phone Support Team’.

 

I was informed that my problem would be forwarded immediately to their ‘Fraud Department’ and that they will have to lock my Xbox Live account for 30 days pending the outcome of an investigation. I inquired as to how they would contact me if they needed further information and/or wished to let me know that their investigation was complete. They requested a contact number and a new email, which I happily supplied.

After getting off of the phone with Microsoft I contacted PayPal regarding the three unauthorized transactions and also my bank. While both were unable to do anything at the time they logged my complaint and also promised to investigate the fraudulent activity on their end. Not exactly the results I would have hoped for, but with a little tightening of purse strings I could just get through the month without that money.

On January 3rd I received a generic email from Xbox to reiterate that my account is blocked and that the Windows Live ID will also be unusable elsewhere online. In addition to this they gave me a 30-day gold key as compensation for the lengthy investigation time and suggested that I create a temporary account while my main one is blocked. Apparently someone forgot that when you create a new Xbox Live account you get 30 days gold for free anyway. Communication clearly isn’t Microsoft’s strong point and even then that’s a bit of an understatement.

I’d like to point out here that while I was given a 30 day ‘gold’ code this could take 42 days to rectify and even then there are 10 business days on top of that and it may take two billing cycles for it to appear back in my account. So that is near enough over two months away, if not three.

But wait, it gets worse.

I awoke this morning to find a further $124.98 + Tax stolen from me. I know what you’re thinking right now, “She should’ve unlinked her PayPal account from her Xbox account, the silly woman!” I completely agree with you; yes I should’ve done exactly that, but when Microsoft insisted twice that my account was completely blocked I naturally assumed that meant my account was completely blocked. Silly me! What they really meant was that they did not block the account whatsoever and the hacker/thief/opportunist decided to purchase yet another 10,000 Microsoft Points and transfer them to another dummy account. I was so surprised at receiving those emails that I burst out laughing just as soon as I had unlinked my PayPal account from my Xbox account.

Surely this couldn’t be happening again?

So back onto the phone with Microsoft I went. The person I spoke to certainly got a bit of an earful this time around. After explaining the complete story to the Phone Support Team Member, including the part where I was told twice that my account had been made inaccessible by all, they came out with a complete gem which just proved how full of bullshit they really are.

“The fraud department was unable to block your account.”

“So why did no one contact me about this? You have my telephone number, you have my email address. You used my email address to tell me that you HAD blocked my account. Just what is going on?”

“They were unable to block your account, I don’t know. Have you tried changing the password online?”

“Yes, but whoever is doing this has changed my password and my security question. I am completely unable to access the account myself. That does not answer my question though. Why have I been told, twice, that my account was blocked, that an investigation had begun, when clearly none of that was true? Why is it you’re allowing someone to successfully steal money from me a second time when you were aware of the issue days ago? What the fuck is going on? I want my money, I need my money. Tell me what you are doing to help me.”

“You need to keep trying to log into your account.”

At this point I chose a few choice words that were only used out of pure frustration and hung up the phone. I came online, ranted on Twitter and received a response from the official @XboxSupport Twitter account.

I direct messaged them.

They were about as helpful as everyone else I have been in contact with regarding my stolen money. In total (including tax) I have had $366.06 stolen from me. At this point in time I just feel like I am being lead around in circles here. I have spoken to numerous people from Microsoft and the only information I am given is that they will pass it on to the next person.

From this, I have learnt that..

  • No one can tell me how this happened in the first place.
  • No one can tell me why my account was not blocked when I was told it had been.
  • No one can tell me why this was allowed to happen a second time.
  • No one can tell me this will not happen again in the future.
  • No one can tell me when I will get my money back.
  • No one can tell me exactly what is happening with my ‘investigation’.
  • No one can explain the inconsistencies between the amount of points purchased and the amount of points that were logged as being transferred.
  • Everyone seems to be completely dumbfounded by the whole situation despite knowing that this is not a new occurrence; that many gamers are waking up to these emails every day.
  • Everyone who is currently reading this should go and change their passwords right now.

Just how much louder do I need to shout before I can get some answers?

——————–

Update Jan 5th 2012 @ 5.11pm:

I just turned on my Xbox so I could create a temporary account and play some video games. What’s this? My account logs in straight away like normal? That means.. Oh no, surely they’ve still not blocked the account?!

Yeah, that’s right. It has been over 72hrs since I first reported this whole thing to Microsoft and my account is still active. I cannot log in via Xbox.com, which confuses me because surely if my password had been changed than I wouldn’t be able to log in via my console?

Oh, and who is this?

Wait a minute.. I recognise that name!

Oh shit.

I fire off a friendly message. (Sorry, I didn’t even think to photograph my messages to him!)

“Hi, who is this? When did you add me?”

“Oh right! What seller did you buy it from on there? :)

“Ahh, okay! What’s the name of the middleman? Does he have a website or is he on Xbox too?”

Alright, now we’re getting somewhere. I play it cool, keeping it friendly and upbeat.

“I just wanted to see if I knew him lol! What’s his username on there?”

Bingo!

I am about to see how far this lead gets me. I’ve decided not to reveal the email address just yet in case this person is an innocent party.

Wish me luck – I will update again as soon as I can!

Update Jan 5th 2012 11.50pm:

A few things to update on here. Firstly, I have spoken to Microsoft again and the rep I chatted to was appalled that no one else had actually managed to get my account blocked since the moment I first reported the issue on Monday. He said he is going to (wait for it) “pass my case onto the Tier 3 team” who will phone me once my account has been blocked and the investigation began. I don’t have much hope of it getting blocked. I’m beginning to get used to the idea of never being able to use my account again.

Secondly, I did some detective work and have figured out the hacker/thief’s game plan. It’s pretty simple really.

Step One: Obtain username/password of account currently in use (I cannot work out how he obtains this information)
Step Two: Purchase Family ‘Gold’ Pack for the hacked account (this means he can now transfer points between the accounts he lists on the family pack)
Step Three: Purchase 10,000 MS Points (4000/6000)
Step Four: Create multiple (number unknown) brand new Xbox accounts (typically American accounts)
Step Five: Transfer all purchased points to these accounts (divide among multiple accounts or send full amount straight to a single one)
Step Six: Sell the account that has these points on to people, charging a smaller amount than Microsoft would charge for the points alone
Step Seven: Rinse, repeat, profitprofitprofit!

He also does Step One-Four but instead of transferring out the points he’ll purchase games with them and sell accounts with these games on.

Finally, his listings all state that you must use the MS points “as quickly as possible” and that if they disappear, it’s not his fault as there was a stated ‘warranty’ in his auction site listing. If the points have gone you will have to purchase more from him, end of story. The same goes for the games; you must recover the purchased GamerTag, transfer the licenses for the games as quickly as possible or you may miss out.

I have so far gotten his online auction site account name, his ‘business’ email address and a contact number for a Polish chat-system called ‘Gadu-Gadu’, which looks quite similar to show Skype works. I have not reached out to contact him yet and I ask that people who are reading this do not attempt to do so either.

And finally, before I wrap it up for the night, a few people have criticized me for not making my account safe enough and basically lumping the blame solely on me. I believe this is a pretty unfair judgement to make. I want it to go on record that I have not become the victim of a phishing scam. I am extremely conscious of online identify theft and I know exactly what to look for when it comes to non-legitimate websites. On top of that I have never logged into Xbox.com or Paypal.com through any web address other than Xbox.com and Paypal.com. My Windows Live ID is a unique email address I used just for my Xbox, same goes for the password. The password and security question answers were also unique to the account only and a random assortment of 16 letters/numbers that have no relation to one another or even to myself. I do not have easy-to-guess passwords such as ‘password’ or an important date. I also have daily virus/malware/spyware scans run on both of my computers daily between middasy-1pm. I do not know how safer I could’ve made my account honestly. A unique email, a unique (and difficult to guess) password, unique security answers AND daily scans on my computer. Suggestions on how safer I could’ve made my account would be appreciated.

I realise now that I made a huge mistake in keeping my bank account linked to my Xbox account, but raise your hands if you too have done the same with some form of online account. World of Warcraft, GameFly, LoveFilm, Playstation – The list goes on. I think it’s fair to say that many people would look at Microsoft as a reliable company and absolutely trust them with their bank details. What makes them any different than Blizzard or Sony? If this level of trust makes me a fool, than so be it, brand me as one. Just know that you are branding a hell of a lot of people with that marker and we are not the ones to blame here.

——————–

Update Jan 6th 2012 @ 12.50pm:

My account has finally been blocked! I will do a more in-depth update soon.

——————–

Update Jan 6th 2012 @ 3.35pm:

Today has certainly been a busy one for me. I never thought my story would get so much attention online; and it is because of YOU GUYS that my issue has now been resolved.

So what exactly has happened today?

Aside from my story exploding at gaming websites across the net, I had a phone call from Jonathan Michael a few hours ago who is employed by Microsoft as part of the ‘Customer Advocacy & Exception Management Team’. He was extremely keen to reach a resolution today and it was clear that Microsoft were doing some serious damage control by bending over backwards to help me.

I was immediately told a refund would be issued to me (which I have now received and is sitting in my PayPal account). I then approached the topic of my Xbox Live account. All of my information on it had been changed by the hacker; the password, the security questions, anything that would relate this account to me had been changed. Jonathan informed me that to get around this he wants me to create a new Windows Live ID and that he is going to transfer my Xbox Live account from my compromised Windows Live ID to this brand new one.

Err, you guys can do that? (And by ‘that’ I mean transfer my account easily without verification, read on below..)

I have never heard of this happening before. Ever. If anyone who is reading this has had this done for them please get in touch with me. Is this something that they are pulling out because they want me out of their hair? I’m leaning towards ‘yes’ on that one.

Why?

Because I know that if you are unable to be verified as the account holder, you will no longer have access to that account. I have spoken to gamers today who told me that they could no longer user their accounts because of this verification process. So how the hell did I get by that one? Special treatment ahoy!

I do not want to sit here and say I am unhappy with the results. I’m not, I have access to my money again and I no longer have to worry about feeding my boy. What has frustrated me is how I have been treated throughout all of this.

At first I was given the run around, then I was lied to, then I was passed on from person to person and the ONLY reason why I am sitting here with a completed grocery list next to me is because I made a big ol’ fuss. I set out to get your attention, to get people talking, to force Microsoft to ignore me no more. I succeeded, but what about the numerous (read: 250+) people who have sent me emails telling me their stories?

What about Pete who had his account hacked in November?

Did you know that Todd has been waiting patiently since October?

Poor Scott has been fighting Microsoft since September?

I could go on, but I believe you’ve got the point.

I have spoken to so many people today, I have been interviewed, invited onto podcasts, read so many frustrating stories; and I have learned things about the internet, about big companies and about people that I will never forget.

So, what now? My story is over. I have no reason to update this blog anymore, right? Well, not exactly. I want to continue this fight. I want to hear from everyone who has ever encountered terrible customer service from Microsoft in regards to their hacked Xbox Live accounts.

Talk to me. Spread the word. I want to help you.

——————–

Update Jan 6th 2012 @ 5.29pm:

 I spotted this via Eurogamer.net.

While I find it amusing that I have created an out-of-the-ordinary case for Microsoft, I am quite peeved that they are still insisting the abuse of my account was my fault. Fuck you Microsoft. I love your gaming console, I love your game selection, I love being an Ambassador for you, but you really are infuriating.

——————–

Update Jan 7th 2012 @ 5.27pm:

Microsoft DID refund me 100% yesterday..  Until they took $81.08 from my bank account today. The weird part of this is the original description and the trans. type, they do not match the 5 other  transactions over the last few days. Also my PayPal account is not showing an deductions. However the ‘uncategorized’ labeling tells me it is a completed deduction from my account and not something that is pending. I am baffled at this because my PayPal account has been unlinked from my Xbox account, my PayPal email address and password have also been changed and I removed my bank from my PayPal account! My bank account log-in details too have been changed. This charge makes absolutely no sense to anyone, especially since PayPal has been mentioned but NO activity has happened on my PayPal account.

Just what the bloody hell is going on?!

@Stept has a theory which would (kinda) explain things..

So I am currently right back to where I start with this story; no account and out of some money.

I also wanted to mention that I still do not have access to my Xbox account. Apparently people are assuming that I do have it back, I do not.

Back to the phone I go..

Update Jan 7th 2012 @ 7.13pm:

I managed to get through to someone helpful at Microsoft (I’m as shocked as you are) after the point-of-contact CSR told me that they would have to pass me onto someone else (chuckle). He asked me a lot of security questions relating to my account which, when answered, where not do so correctly. We went around in circles for a while until he accepted that I could just not prove that the account was mine. We hmm-ed and ahh-ed for a while before I offered a possible solution; I had the unique case ID that was associated to my account on Monday.

I gave it to him and he started to help. (Hooray!)

The first thing he had me do was recover my Xbox Live account directly on my console, he sent a “reset your password to this account” link to an email address I gave him. I did briefly wonder just how unsafe this was in reality, he couldn’t actually PROVE this account was mine outside of a case ID number. I got the email and reset the password. After logging into my account I noticed all of the security questions were in the another language (I’m kicking myself for not taking a screenshot) and I changed everything to what it should be.

Back to the Xbox I went and recovered my account using my old Windows Live ID and the new password. I internally squee’d with delight when I saw the progress bar appear. Once completed I was guided to the section on the dashboard where I could transfer my account to the new Windows Live ID that I had created yesterday. This was when the CSR informed me that Jonathan, the gentleman who called me yesterday early afternoon, would’ve been unable to do this for me and he was confused as to why Jonathan had promised me that he would do it himself. He did ask me why Jonathan had contacted me because “he doesn’t usually get involved with stuff like this”. He laughed when I told him what had happened.

He told me to go back to my new Windows Live ID, update it with my information and to then call back so they could check out this new charge on my account. @Stepto has a theory:

I should just put 1800-4MY-XBOX on my speed dial. (I am also phoning PayPal and my bank regarding all of this, naturally, but this tale is about the bad customer service received from Microsoft.)

Update Jan 8th 2012 @ 10.72am:

I can happily say that my story has finally reached it’s happy ending and I cannot see a sequel on the horizon.

After my post last night I got straight on the phone with my bank, PayPal and Microsoft. PayPal immediately told me they were going to refund the costs, but couldn’t explain why the transaction was not appear in my PayPal account. I received an email from them this morning which brought me great joy:

The date was different to the ones shown on my bank statement, but as @Stepto said, it could’ve been a lag in a system somewhere.

I also received two emails from Microsoft this morning. One with a code for a 3 month Gold account, which, while not compensation, makes me happy enough. I also received a notification that the point balance on my account had be restored also. While a little compensation would’ve been appreciated (I’ve heard of people receiving 1 month of free gold for example), I am happy with the knowledge that I got such a quick response and that, because of my story, Microsoft will be looking into how they deal with fraudulent reports from gamers.

As I said above the other day, while my story is over, I still want to continue fighting for you guys. I also have a few other findings that I am going to post on a separate blog post, to keep this one focused solely to my tale. Keep sending me those stories, I am planning a lot of things for this website and I hope that over the next few weeks those plans will begin to take shape.

Spread the word and happy gaming to you all!

——————–

Have you been a victim of Xbox’s Security blunder? Drop me an email stories@hackedonxbox.com, I would love to hear from you and how Microsoft dealt with your case.