update: it appears someone (Wendy?) has redeemed one of the digital gift cards
update 7: #microsoft DGAF if people are using stolen credit cards to make purchases using other people's accounts without actually signing into those accounts.
@madopal I have 2FA and changed my password first thing. I also checked my login history, and there was nothing suspicious.
@DrTCombs @madopal I've seen 2FA bypassed via Phishing and a tool like https://help.evilginx.com/ . Not sure whether you see that in your login history as it rides along on an existing session. Is there an option to terminate all currently logged in sessions?
@Cycling_Liz microsoft was...less than helpful...
@DrTCombs I hope this all works out okay. Very weird and now I'm going to check my MS account, which I never really look at.
Yuck, but sounds so typical of every large corporation ever.
I've got an old Gmail account that a number of folks have mistakenly or lazily used for signing up for things. I'm often on alert for someone to try to scam me that way.
Online scams
@DrTCombs
Not saying that's what you're seeing.
I've also heard of the scam where someone sends you money (via PayPal/venmo, etc.) on a stolen card, and then sends a message saying it was their mistake, and asking to have the same amount sent back in a new transaction.
The stolen card transactions get cancelled, the mistaken money disappears. If the (second) victim sent a new transaction, then the payment service won't cancel the second transaction as it wasn't "fraudulent".
@DrTCombs did you record the address so you still have it? Keep notes. Did you have your own address on the account or other info that's been compromised? Watch for suspicious activity outside of this account involving any info that was breached, and don't try any transaction with your money through that channel. It doesn't sound like they're here for your money (yet?), could be your account is just a tool for some laundering/ arbitrage activity but maybe Wendy is too.
@DrTCombs there might also be a chargeback scam coming where those cards were fraudulent but it looks like you are liable for the purchases.
@enobacon I screenshotted everything. Been waiting to live chat with microsoft for 45 minutes...
@DrTCombs
I have no idea how this stuff works, but I think the first step should be changing your password.
@tanquist yep, that was my first move. No suspicious logins in my login history though!
@DrTCombs @tanquist I am fairly sure I don’t need to login to credit a gift - I can do that for my nephew. You just need the email the XBox account is registered to. It’s possibly a way to get a stolen/hacked credit card working without it being traceable or I think the blackmail/getting access ideas are the most likely.
update 2: Wendy's mailing address is now my default billing/shipping address in my microsoft account