If you needed another reason why going fully digitally is a bad idea, here it is.
X-user Squirrel Mort posted a plea for help a few days ago on the site, stating that their Xbox account got hacked, the email address replaced, and that Microsoft Security stated that they could not restore account access.
The gamer claims that games equaling thousands were added to the account since the Xbox 360 days.
Note that the information comes from a report on X. Microsoft has not posted an official response yet, which makes it possible that the story could be fake. However, something like this has happened in the past and can surely happen today.
The hacker, reportedly, managed to gain access to the Xbox account and changed personal information, including the main email address used for the account. While the user does not provide any more details, it is likely that the password has been changed in the process as well.
The X-user claims that the new email address points to a service in Russia.
Can Microsoft reinstate the account? It surely has the means to do so. It could ask for verification, e.g., payment information or usage information, which the owner of the account may be able to provide, but the hacker can’t likely.
The incident highlights a major issue in today’s digital world. Since digital goods are linked to an account, losing access to that account means that you will lose access to all the content. It does not need to be a hack either for that scenario to happen.
The service itself could ban the account. This happened in the past numerous times, sometimes when a forbidden word was written in chat, at other times, because of a false positive.
While the comfort of using digital goods is understandable, users need to be aware of the implications. Most only realize these when they run into issues like the one described by the user on X.
While there is no definitive protection against losing access, users can, at the very least, protect their accounts with the strongest supported security protections.
This includes picking a secure password and enabling two-factor authentication. There is no definition of strong when it comes to passwords, but make it very long, avoid single dictionary words or phrases, and include upper- and lower-case characters, numbers and special characters.
For two-factor authentication, I recommend using a local solution using an app like Aegis, which is open source and available for Android. Windows, Mac, and iOS users may check out Proton Authenticator, which is also free to use.
This puts a second layer of defense around the account. Even if a criminal manages to gain access to the username and password, they would still also need access to the two-factor authentication code, that gets generated by the app. Unless they also happen to have access to the mobile device or app, or manage to obtain the code through social engineering, they won’t be able to access the account.
Now You: How do you protect your online accounts? Do you use two-factor authentication or even security keys? Feel free to leave a comment down below.