Gamers have been suffering from hacked Xbox Live accounts with lost points and activity focused around EA's series of FIFA games for months now, but the issue has only recently gathered attention from the press. Since we ran our story, the number of comments we've received from people who have suffered from hacked accounts has multiplied, but the underlying story is always the same: someone gains unauthorized access to an Xbox Live account, Microsoft points are used or bought to purchase in-game items for a FIFA title, and it ends with MIcrosoft shutting down the account for up to 25 days to investigate the attack.

Stories of hacked accounts are flooding the Internet, but both EA and Microsoft are denying that there is a problem with security.

The statements: nothing to see here, move along

Microsoft contacted us with a statement, and requested that we add it to our original story. "We do not have any evidence the Xbox LIVE service has been compromised. We take the security of our service seriously and work on an ongoing basis to improve it against evolving threats," the company stated. "However, a limited number of members have contacted us regarding unauthorized access to their accounts by outside individuals. We are working with our impacted members directly to resolve any unauthorized changes to their accounts. As always, we highly recommend our members follow the Xbox LIVE Account Security guidance provided at www.xbox.com/security to protect your account."

EA's response is just as bland and noncommittal. "We haven’t seen a spike or increase in reports of FIFA 12 players having their accounts hacked," a company representative told GiantBomb. “With the launch of FIFA 12 it likely has just shifted renewed focus onto this particular game."

The official line seems to be that FIFA is so popular around the world that it's not surprising there is a series of attacks on Xbox Live accounts connected to the game. EA does seem to understand that there is something going on, as the company has a detailed and lengthy blog post that explains how to keep your account safe.

Social engineering is still a hack

Microsoft and EA may not have been the victims of the kind of direct attack that caused Sony to shut down the PlayStation Network earlier this year, but there have been rumblings about social engineering being used to gain access to Xbox Live accounts. The weak spot in security may be with Microsoft, it may be with EA, or it could be someplace else, but what's clear is that large numbers of people are able to gain access to Xbox Live accounts, and they're using that access to buy items for games in the FIFA series. Those who are being victimized by Xbox Live fraud may wish to argue with Microsoft's claim that security has not been compromised.

The quantity of specific complaints and lost money is troubling, but what's worse is that it's causing Microsoft to lock down Xbox Live accounts for weeks at a time while the issue is resolved; the official line from customer service is that it can take up to 25 days to investigate the fraud and refund the money. Removing your credit card from your Xbox Live account for any reason requires a lengthy phone call, but users are reportedly being told that Microsoft needs the card info left in the account in order to conduct the investigation.

Microsoft is reiterating that there is nothing wrong with Xbox Live security, but the fact remains large numbers of gamers are losing access to their accounts while they wait for a refund for the points that have been spent by those who have gained access to the accounts. It's possible other databases have been compromised and hackers are simply taking advantage of users who use the same password for multiple services online—that would be another way neither Microsoft or EA would be at fault—but one would hope there is some way for Microsoft to help customers remove their credit cards in a timely manner. Lax personal security may be dumb, but a process that requires weeks of investigation before customers can access their accounts is excessive when the breaches seem to be part of a concentrated series of attacks by the community around a single sports franchise.

It's not just random gamers who are suffering from hacked accounts, we're seeing community managers get hit and discussing it on podcasts, those in the PR business, and many others in the industry who don't feel comfortable talking about the issue publicly. Even more disturbing is the fact that many people report that they follow best practices for online security.

There is a problem here, and it's hurting gamers in large numbers. Microsoft and EA may wish they could ignore it, but that's not fair to those who pay for the impacted games and services. When attacks become this widespread and Microsoft's official response is to lock down accounts for up to 25 days and then claim nothing is wrong on their end, the problem ceases to be an issue of hacking and becomes a issue of customer support.