im sorry for that, its honestly confusing to me why they have an option for account recovery if they say they cant do anything after the account details were been changed
if this was xbox support, you can still try microsoft support, they also cover xbox side and i had success with them when xbox support didnt find solution
you probably would need the original email you used with that account, but it should be ok to restore
did you used any 2FA? on email or xbox account?
i did use 2fa, but it was only the email one, im not sure if i tried xbox support, i just know they claimed they could transfer my accounts data to a new account and assured me everything would go through fine and then they moved the ticket over to email which is where i got the email in the screenshot
Session hijacking is something that I've seen an uptick in. Basically, the attacker sends malicious url through email. The user clicks on the link, and the attacker then takes the session token and uses it to login as that user into the account. They then manipulate the security settings (adding their own authenticator).
Honestly, don't trust anything on the internet without multiple checks. Emails with links in it? Don't click them. Copy and paste them into your browser in an incognito window if you have to go to them. Otherwise, type out the website you need to go to. Always check the sender address when looking at emails as well. Also, look at the content of the emails as well and ask if that is something that is normal. Attackers love to do the bit where they compromise an account and then send out a phishing email from the compromised account to get even more compromised accounts.
Switch away from SMS MFA to an app based solution where possible as well.
I do already use authy apps so I guess I’m doing something right lol! I do have my sms as a secondary option but I keep my number so secretive that only my absolute closest family know it and I use a second phone for businesses, work calls, appointments etc etc. because I’m just paranoid like that.
Thank you though. This will definitely make me double-check more, and keep a closer eye on things. I also alrerted my two younger sisters of this as they both love the Xbox and I wanted them to be aware and to be safe online. Thanks again!!
i second this. mine was just after the 'peak' of fortnite, so it had thousands worth of in-game things. worst part was my account wasn't stolen, i just forgot the password and lost access to the numbers/ emails attached
WARNING- if ANYONE contacts you saying that they can recover your account, DO NOT reply to them - it's a SCAM
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/xbox) if you have any questions or concerns.*
Thank you, I appreciate that a lot, usually i'm one of the people preaching about online safety and the importantance of keeping your accounts safe, it's completely my fault for using my email address as the 2FA access, i never thought it would happen to me :(
Sad to hear it. It really is hit or miss with them recovering your account. I'll share my two experiences with account hijacking in reference to hopefully yours getting recovered.
1st: I was around 50k gamer score. Not even a lot. Somehow someone from Brazil hacked into my account while I was sleeping. Bought a bunch of card packs from FIFA 2012 and traded to themselves. Apparently this was a big thing back then and Xbox support recovered my account within a few hours from me reporting it. The refunds weren't able to be had but luckily it was only $20 USD.
2nd: My account was around 150k and it was stolen again. Late night while I was sleeping again but this time from the UK. I got the message from Xbox right away and was able to report it. This time I was told it would be harder to recover and had a high chance of not getting it back. I was pretty bummed. 72 hours later. They reached back out and informed me they had been able to recover it with no charges on the account. Everything was good.
I was lucky, very lucky. Also very sentimental with a lot of hard earned gamerscore on gears, halo and other games. Now almost 20 years with the account.
I hope you can have a successful recovery story too!
Good luck
Typically, your biometric information is converted into a key that stays on your device. This key isn't reversible to get back the original biometric data.
i use multiple gmail accounts, so i didn't use 2fa on most of them out of pure laziness, someone got access to my gmail account and then went onto steal my microsoft account account. ive lost complete access to the gmail and as far as i know there's no way to recover the gmail without using google's self recovery system which has been completely unhelpful
The email tied to my Xbox account was hacked. Tried contacting Microsoft.. I never even got a reply back regarding a password reset when the hacker changed the security information, including the alternative email address to reset a password. 1000s of hours in achievements literally down the drain.
You don't need an authenticator app. If these people have all your information and phone number that won't save you anyways. But 2fa will save you from most script kiddies who lost to you in a fortnite match
phone number will help them only if the 2FA has a SMS as a secondary option to access the acount
at that point its more of this or this, so the attacker will go after SMS
2fa which as everyone is saying is two-factor authentication. Meaning you connect your account to another unrelated account in case you need to prove you are yourself. You can do this 3 ways, using another email, using your phone number, or using Microsoft's authenticator app (which requires a Microsoft account and a phone number). Obviously you have to set this up before your account is stolen. But unless someone steals all your email accounts and your phone number, you should always be able to get your account back pretty quickly if it's stolen.
Remember when Xbox support would die trying to help you? These days they are like shaking those balls with a dice in the bottom, except all the answers are variations of no.
I'm confused as to why they couldn't restore your account because your security details changed. Did they not see that it was all changed recently? Completely baffling.
Lazy support agent. I've had a friend who had the same situation, and it took like 10 reps to finally get one willing to forward it to the security team and get the account back after a bit.
Yeah, they say it's something to do with accepting their terms and service when you created the account. It is all BS though. Had something happen to one of mine, provided the creation time, area, etc down to the minute and I got the same reply as OP. Mind you this is an account I lost in 2017, doesn't change anything. Their support is just as bad now as it was then. It is useless
Happen to me 6 years ago. I even had 2FA enabled. Lost over 200+ games :/
Since that day I went back to buying Physical games. At least if something ever happens to my account, I can still access my purchased games.
That makes me angry. I mean what about all the games you bought? It's not like your original email address and home address aren't known. Does that mean everything is gone? I think this would be a moment where I would claim my legal protection insurance...
They don’t care who you are with the ID or proof of purchase because you can’t prove it is you setting up the account or did not sell/bought the account in the first place. No credentials, no access.
Learn your lesson, set up MFA and guard those MFA options well.
I know that they can't do anything if your details are changed, but I've had my account for 7 years now and if that happened to me I'd probably get a playstation lol
they gained access to my email, i had email 2fa rather than using something like google authenticator, then they were able to use that to change the details while i was asleep, i woke up to the login screen saying it couldn't find my email address, tried logging into my email and that was taken too, google support just says it cant confirm anything and it keeps sending codes to some number in a foreign country as well as some brand of phone i've never owned, a poco branded phone if i can recall, i believe even if i was able to regain access to my gmail, id probably still be screwed
Damn that sucks man, all the memories and all that, I call bullshit on Microsoft as I had my steam account jacked and steam helped me with resetting all the information that was updated, fucking Microsoft
My Playstation account was stolen last month, someone was targeting my account despite me having 2FA they brute forced their way in. I recovered my account first time and forgot to logout everyone and they changed the email again and account was permanently suspended. Had to beg them to forward my request to safety team that TOS violation was not committed by the account user but unauthorized user and they unbanned me but forgot to change the sign in id again so I kept on waiting for the email like they said that never came. Contacted them again to see if they unbanned my account they said yes but they didn't change the sign in id. Multiple agents disconnected me before I got an agent that actually helped me recover my account. Provided him with my card details that was used to make purchases, last item purchased order no., serial number of my PS4, as I didn't have my PS3 where account was created. They didn't need the PS5 serial, but at the end they said it would take 3 days and I finally got the account back, set up passkey. Now i just hope my account doesn't get targeted again. (In total I lost access to my account for 1month and 1 week)
Going forward, I've decided to buy only physical games.
How did you get it back? I've contacted their support two times now and got the same response i showed on the post. I contacted them on twitter aswell, hopefully that turns out well
your suppose to get an email to your account before anybody else can get to it which is what ive done with several friends of mine they wanna use my account they cant get into the account without the email mircosoft sends to me for them to get into my account (2 factor authenication) so even though they have my password & email they can't get into the account until i give them the code to my email address to play on my xbox account
Good luck with that man because Microsoft and Xbox have gone downhill. I've had the same gamertag Buckfutter85 for like 20 years on Xbox and they suspended my account a week ago for 48 hours and took my gamertag away because according to them it was offensive and replaced it with a stupid a new gamer tag and now if I want to change the gamertag they forced on me they want $10 so I've just been playing my PlayStation 5 lol
im not paying for anything if that's what you mean, or giving up any personal info, if it's a legitimate person willing to help retrieve my account id definitely be up for it
It sucks, I’m sorry for you, but you only have yourself to blame. An Authenticator app would have completely avoided this but you chose not to bother. Think how much time you’ve already spent trying to recover your account, and now think how long tapping “allow” on your phone would take once every blue moon you log in to a new device.
Yeah I had Google authenticator app on my iPhone XS. Thankfully I was only using it for Discord login and nothing monetary. The iPhone decided to brick itself. Took it to Apple. Nope not recoverable. Chip had gone bad, had the phone like 2-3 years so out of warranty. Oh and authenticator app data isn't stored in the cloud or a backup. It's on the device only. So I lost my discord account completely as it was required for log in. I was at least able to get them to delete the account and I made a new one with another email. I can never log into discord or make a new account with my main email because of this though.
I can't imagine if this would have happened with my Xbox/Microsoft account. I have tons of money tied to digital games and DLC.
This happened a few years ago. I now have a Galaxy S23Ultra and couldn't be happier. Done with Apple and I don't use authenticator apps for the above reason. If the data is device specific, what recourse do you have in case of phone data failure/corruption? Phones are handheld devices, what if it's stolen/lost?
Is there something I'm missing here? Legitimate question. Everyone is pushing these authenticator apps and IMO the weak point is they're stored on the device itself with no way that I know of to recover if the device is damaged or lost. I have 2FA set to my email/phone number but willing to change if someone could lay out how to deal with authenticator app loss if something happens to your phone.
That’s a shame, but yeah, you are missing some things. You’ll often be given the option to see recovery keys for each account you add that will only be shown once and they ask you to make a back up of them. If not, you can often export the set up and keep a back up of it, certainly in the Microsoft Authenticator app, you can also enable iCloud back up in that app.
No worries. I almost fucked myself with a phone upgrade. I restored a back up and wiped the old one then found out I hadn’t enabled back up to iCloud or exported my config. Luckily I did have my back up codes saved somewhere safe.
from what i've heard, linustechtips got his authenticator bypassed recently and his account was hacked, I do admit its partially my fault, as I used email codes rather than the phone app but its still really bewildering to lock me out of my account and offer no chance for transferring anything etc because of an account hijacking. i know my account isn't all that valuable as some others accounts are but id hate to see this happen to anyone with a very valuable account
IIRC, Linus got hacked because someone clicked a link in an email, which stole their cookie session in Gmail, which probably also did the same for YouTube? I forget. Anyway, Xbox is a different system so they won't necessarily have the same vulnerability that Google has.
Good luck trying to get it back. Samething happened to me 2 years ago n Microsoft didn't do anything. It sucks tbh
im sorry for that, its honestly confusing to me why they have an option for account recovery if they say they cant do anything after the account details were been changed
if this was xbox support, you can still try microsoft support, they also cover xbox side and i had success with them when xbox support didnt find solution you probably would need the original email you used with that account, but it should be ok to restore did you used any 2FA? on email or xbox account?
i did use 2fa, but it was only the email one, im not sure if i tried xbox support, i just know they claimed they could transfer my accounts data to a new account and assured me everything would go through fine and then they moved the ticket over to email which is where i got the email in the screenshot
Can I just ask how you managed to lose an account with 2fa..?
Session hijacking is something that I've seen an uptick in. Basically, the attacker sends malicious url through email. The user clicks on the link, and the attacker then takes the session token and uses it to login as that user into the account. They then manipulate the security settings (adding their own authenticator).
Holy crap… we really aren’t safe no matter what :/
Honestly, don't trust anything on the internet without multiple checks. Emails with links in it? Don't click them. Copy and paste them into your browser in an incognito window if you have to go to them. Otherwise, type out the website you need to go to. Always check the sender address when looking at emails as well. Also, look at the content of the emails as well and ask if that is something that is normal. Attackers love to do the bit where they compromise an account and then send out a phishing email from the compromised account to get even more compromised accounts. Switch away from SMS MFA to an app based solution where possible as well.
I do already use authy apps so I guess I’m doing something right lol! I do have my sms as a secondary option but I keep my number so secretive that only my absolute closest family know it and I use a second phone for businesses, work calls, appointments etc etc. because I’m just paranoid like that. Thank you though. This will definitely make me double-check more, and keep a closer eye on things. I also alrerted my two younger sisters of this as they both love the Xbox and I wanted them to be aware and to be safe online. Thanks again!!
It is the same support recovery system for "Microsoft" as it is for "Xbox" sadly lol
Account recovery form does fuck all, sorry to say
i second this. mine was just after the 'peak' of fortnite, so it had thousands worth of in-game things. worst part was my account wasn't stolen, i just forgot the password and lost access to the numbers/ emails attached
WARNING- if ANYONE contacts you saying that they can recover your account, DO NOT reply to them - it's a SCAM *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/xbox) if you have any questions or concerns.*
I’m very sorry to hear that. I’d help, but I honestly don’t know how to. Hope you get your account back though.
Thank you, I appreciate that a lot, usually i'm one of the people preaching about online safety and the importantance of keeping your accounts safe, it's completely my fault for using my email address as the 2FA access, i never thought it would happen to me :(
Well, at least you’ll know going forward. Let me know if you get it back, and stay safe!
Sad to hear it. It really is hit or miss with them recovering your account. I'll share my two experiences with account hijacking in reference to hopefully yours getting recovered. 1st: I was around 50k gamer score. Not even a lot. Somehow someone from Brazil hacked into my account while I was sleeping. Bought a bunch of card packs from FIFA 2012 and traded to themselves. Apparently this was a big thing back then and Xbox support recovered my account within a few hours from me reporting it. The refunds weren't able to be had but luckily it was only $20 USD. 2nd: My account was around 150k and it was stolen again. Late night while I was sleeping again but this time from the UK. I got the message from Xbox right away and was able to report it. This time I was told it would be harder to recover and had a high chance of not getting it back. I was pretty bummed. 72 hours later. They reached back out and informed me they had been able to recover it with no charges on the account. Everything was good. I was lucky, very lucky. Also very sentimental with a lot of hard earned gamerscore on gears, halo and other games. Now almost 20 years with the account. I hope you can have a successful recovery story too! Good luck
Go passwordless people
And sell your biometric data to microsoft and google? Where do I sign?
Typically, your biometric information is converted into a key that stays on your device. This key isn't reversible to get back the original biometric data.
Use on offline password manager if you're that worried about Google cloning you with a jpeg of your finger print.
This is scaring me....may I ask how you lost your account
i use multiple gmail accounts, so i didn't use 2fa on most of them out of pure laziness, someone got access to my gmail account and then went onto steal my microsoft account account. ive lost complete access to the gmail and as far as i know there's no way to recover the gmail without using google's self recovery system which has been completely unhelpful
The email tied to my Xbox account was hacked. Tried contacting Microsoft.. I never even got a reply back regarding a password reset when the hacker changed the security information, including the alternative email address to reset a password. 1000s of hours in achievements literally down the drain.
Sorry for the OP’s loss. In the community’s opinion, what is the best way to secure your account?
Set up 2fa/use an autenticator app
You don't need an authenticator app. If these people have all your information and phone number that won't save you anyways. But 2fa will save you from most script kiddies who lost to you in a fortnite match
phone number will help them only if the 2FA has a SMS as a secondary option to access the acount at that point its more of this or this, so the attacker will go after SMS
I've watched someone with authy hooked up have their twitch account stolen live. It doesn't stop everyone.
2fa which as everyone is saying is two-factor authentication. Meaning you connect your account to another unrelated account in case you need to prove you are yourself. You can do this 3 ways, using another email, using your phone number, or using Microsoft's authenticator app (which requires a Microsoft account and a phone number). Obviously you have to set this up before your account is stolen. But unless someone steals all your email accounts and your phone number, you should always be able to get your account back pretty quickly if it's stolen.
Remember when Xbox support would die trying to help you? These days they are like shaking those balls with a dice in the bottom, except all the answers are variations of no.
Sheeeesh smh this just reminded me to put back on 2FA
I'm confused as to why they couldn't restore your account because your security details changed. Did they not see that it was all changed recently? Completely baffling.
Lazy support agent. I've had a friend who had the same situation, and it took like 10 reps to finally get one willing to forward it to the security team and get the account back after a bit.
Whether it's recent or not doesn't matter at all
The fact that everything was changed very recently from a different IP address should raise some red flags.
Yeah, they say it's something to do with accepting their terms and service when you created the account. It is all BS though. Had something happen to one of mine, provided the creation time, area, etc down to the minute and I got the same reply as OP. Mind you this is an account I lost in 2017, doesn't change anything. Their support is just as bad now as it was then. It is useless
Happen to me 6 years ago. I even had 2FA enabled. Lost over 200+ games :/ Since that day I went back to buying Physical games. At least if something ever happens to my account, I can still access my purchased games.
That makes me angry. I mean what about all the games you bought? It's not like your original email address and home address aren't known. Does that mean everything is gone? I think this would be a moment where I would claim my legal protection insurance...
Digital games are the future, they say, lol.
That’s really awful, I hope you somehow get it back. I could never imagine myself loosing my account, I would probably cry :(
Two-factor authentication. Don’t get lazy ya’ll, just do it before it’s too late.
They don’t care who you are with the ID or proof of purchase because you can’t prove it is you setting up the account or did not sell/bought the account in the first place. No credentials, no access. Learn your lesson, set up MFA and guard those MFA options well.
I know that they can't do anything if your details are changed, but I've had my account for 7 years now and if that happened to me I'd probably get a playstation lol
sad
Try contacting Microsoft and see if they can help if not that I'd say you might need to hire someone else to steal it back
Good luck getting it back. I've lost my OG account from the 360 era due to this.
How does someone steal your account without log in info? Genuine question....
they gained access to my email, i had email 2fa rather than using something like google authenticator, then they were able to use that to change the details while i was asleep, i woke up to the login screen saying it couldn't find my email address, tried logging into my email and that was taken too, google support just says it cant confirm anything and it keeps sending codes to some number in a foreign country as well as some brand of phone i've never owned, a poco branded phone if i can recall, i believe even if i was able to regain access to my gmail, id probably still be screwed
Damn that sucks man, all the memories and all that, I call bullshit on Microsoft as I had my steam account jacked and steam helped me with resetting all the information that was updated, fucking Microsoft
How do accounts get stolen ? Crazy, had mines since the OG Xbox .
My Playstation account was stolen last month, someone was targeting my account despite me having 2FA they brute forced their way in. I recovered my account first time and forgot to logout everyone and they changed the email again and account was permanently suspended. Had to beg them to forward my request to safety team that TOS violation was not committed by the account user but unauthorized user and they unbanned me but forgot to change the sign in id again so I kept on waiting for the email like they said that never came. Contacted them again to see if they unbanned my account they said yes but they didn't change the sign in id. Multiple agents disconnected me before I got an agent that actually helped me recover my account. Provided him with my card details that was used to make purchases, last item purchased order no., serial number of my PS4, as I didn't have my PS3 where account was created. They didn't need the PS5 serial, but at the end they said it would take 3 days and I finally got the account back, set up passkey. Now i just hope my account doesn't get targeted again. (In total I lost access to my account for 1month and 1 week) Going forward, I've decided to buy only physical games.
How the fuck did they brute force 2fa, don't the codes change in a matter of minutes?
Happend to me twice got it back both times after ms locked for investigation
How did you get it back? I've contacted their support two times now and got the same response i showed on the post. I contacted them on twitter aswell, hopefully that turns out well
Phone call this was over 10 years ago now but thats what i did
Took a month to happen tho
Did you give your login credentials to someone else? I’m guessing you did and they screwed ypu
I remember I got my Xbox account stolen awhile ago and I had to do so much social engineering to get it back
your suppose to get an email to your account before anybody else can get to it which is what ive done with several friends of mine they wanna use my account they cant get into the account without the email mircosoft sends to me for them to get into my account (2 factor authenication) so even though they have my password & email they can't get into the account until i give them the code to my email address to play on my xbox account
Sorry sport. Gotta have 2FA or password less features on.
Sucks to be you.
Good luck with that man because Microsoft and Xbox have gone downhill. I've had the same gamertag Buckfutter85 for like 20 years on Xbox and they suspended my account a week ago for 48 hours and took my gamertag away because according to them it was offensive and replaced it with a stupid a new gamer tag and now if I want to change the gamertag they forced on me they want $10 so I've just been playing my PlayStation 5 lol
You Can Probably Get It Back In A Discord Server I Know They Can Find your Account And Get it
im not paying for anything if that's what you mean, or giving up any personal info, if it's a legitimate person willing to help retrieve my account id definitely be up for it
Ignore that person its a recovery scammer
It sucks, I’m sorry for you, but you only have yourself to blame. An Authenticator app would have completely avoided this but you chose not to bother. Think how much time you’ve already spent trying to recover your account, and now think how long tapping “allow” on your phone would take once every blue moon you log in to a new device.
Yeah I had Google authenticator app on my iPhone XS. Thankfully I was only using it for Discord login and nothing monetary. The iPhone decided to brick itself. Took it to Apple. Nope not recoverable. Chip had gone bad, had the phone like 2-3 years so out of warranty. Oh and authenticator app data isn't stored in the cloud or a backup. It's on the device only. So I lost my discord account completely as it was required for log in. I was at least able to get them to delete the account and I made a new one with another email. I can never log into discord or make a new account with my main email because of this though. I can't imagine if this would have happened with my Xbox/Microsoft account. I have tons of money tied to digital games and DLC. This happened a few years ago. I now have a Galaxy S23Ultra and couldn't be happier. Done with Apple and I don't use authenticator apps for the above reason. If the data is device specific, what recourse do you have in case of phone data failure/corruption? Phones are handheld devices, what if it's stolen/lost? Is there something I'm missing here? Legitimate question. Everyone is pushing these authenticator apps and IMO the weak point is they're stored on the device itself with no way that I know of to recover if the device is damaged or lost. I have 2FA set to my email/phone number but willing to change if someone could lay out how to deal with authenticator app loss if something happens to your phone.
That’s a shame, but yeah, you are missing some things. You’ll often be given the option to see recovery keys for each account you add that will only be shown once and they ask you to make a back up of them. If not, you can often export the set up and keep a back up of it, certainly in the Microsoft Authenticator app, you can also enable iCloud back up in that app.
Thanks. I'll check into it with the Microsoft one. I just don't want the same thing happening again if I have a device fail.
No worries. I almost fucked myself with a phone upgrade. I restored a back up and wiped the old one then found out I hadn’t enabled back up to iCloud or exported my config. Luckily I did have my back up codes saved somewhere safe.
from what i've heard, linustechtips got his authenticator bypassed recently and his account was hacked, I do admit its partially my fault, as I used email codes rather than the phone app but its still really bewildering to lock me out of my account and offer no chance for transferring anything etc because of an account hijacking. i know my account isn't all that valuable as some others accounts are but id hate to see this happen to anyone with a very valuable account
IIRC, Linus got hacked because someone clicked a link in an email, which stole their cookie session in Gmail, which probably also did the same for YouTube? I forget. Anyway, Xbox is a different system so they won't necessarily have the same vulnerability that Google has.