The PSN debacle earlier this year got more than a few people worried about storing their credit card information online and how easy it would be for hackers to break in and spend all their money. As blogger and motion picture restoration artist Greg Knight discovered, however, it's not just Sony's systems that are open to such abuse.
Knight doesn't own an Xbox 360, and his Live account activity shows a grand total of two games: the PC versions of both Batman: Arkham Asylum (which requires Games for Windows Live to play) and Viva Piñata (which he purchased from Microsoft when it was on sale for just $0.99 a while back). This Tuesday, he found two Microsoft Points purchase confirmation emails in his inbox amounting to a grand total of 10,000 Microsoft Points -- or $125. Upon logging into his Xbox.com account, he discovered that his "alternate email address" had been changed by an unknown intruder to an account from guerrillamail.com -- a service which provides temporary email addresses ostensibly for avoiding spam, but sometimes used for less salubrious purposes.
Knight managed to get in and return his email address to normal before the intruder was able to send a password reset request to the new, temporary and theoretically untrackable email address. He also had the good sense to remove his credit card from the account as well as change his password and security question. He then decided to get on the phone to Microsoft in an attempt to get his $125 back.
His first call saw him confronted with a member of the Live support team who was seemingly ignorant to the fact that Games for Windows Live even existed, but the operator in question was familiar with the GuerrillaMail tactic and assured Knight that his account would be locked down for a few weeks while an investigation took place.
A month later, Knight received an email informing him that the Live support team had found no evidence of unauthorized access to his account and as such would not be receiving a refund of the $125. Understandably, he then called them back and started the whole process again.
He was shocked to be told, after being on hold for about 30 minutes, that nothing could be done because he didn't own an Xbox. Instead, he was informed that he would have to convince his bank that the $125 transaction was fraudulent, and then get them to do a chargeback. But, understandably, he's concerned:
"If that's the next step, so be it," writes Knight. "But now I'm worried as to what sort of standing that will leave my Live account in. Will I someday buy an Xbox to then find out that my account was banned? They assured me that a bank chargeback would have no negative impact on my account, but my confidence in their word is understandably shaky."
We've contacted representatives of Microsoft for their comments on this situation, and will publish them when we hear back from them.
This article originally appeared on GamePro.com as Games for Windows Live Fraud Victim Told He Can't Be Helped Because He Doesn't Own an Xbox