This post contains affiliate links.
My immediate actions were to remove the offending email, change password and remove all payment methods from my Xbox Live account. I then called Microsoft support who opened a ticket and said it will take up to 16 days to resolve the issue and refund the money.
Meanwhile, my account is frozen until this is resolved which I don’t mind I just want my money back. It is ironic that Microsoft has no 2-factor authentication or additional level of security, I would prefer to be paged if a purchase is made requiring confirmation or to allow a 2nd email to be added to an account.
This was the 2nd time I had one of my accounts (Facebook in early December and Xbox Live) now in 30 days. It just turns out that I was using the same password for Facebook and Windows Live which is something I rarely do but didn’t even remember because I hadn’t actually logged into my Xbox Live account in about 6 months.
I didn’t follow my own advice which is to never use the same password on multiple services and you can bet I got bit for it.
The only good news is that the account that was charged is my blogging account and not my personal checking accounts, so it doesn’t affect my day to day but the money I have to purchase the Kindle Fire for the Kindle Fire Giveaway was what was stolen so I have to have this case resolved before I pick a winner in early February or else I will have to come out of pocket for the Kindle Fire Giveaway.
Microsoft was quick and responsive on the phone and I think they provided good support, collected the information they needed and helped assist with any questions and answers. I think it should be a little faster to refund money than 16 days though.