What to do if you believe your account has been compromised
If your account has been compromised, you may experience any of the following scenarios:
- You notice unauthorized charges
- You receive a pop up message, like an achievement, that says you signed into another console:
[Gamertag] was last signed in on another console
- You receive one of these error messages:
Sorry, this profile can't sign in right now. Try again later.
Some Xbox Live profiles can't be downloaded now. Try again later.
Note: You may not see any error with your ZUNE software. But if you think that your account has been compromised, follow the steps provided below.
For any of the above scenarios, follow all of the steps below:
1. Change Xbox Live or Zune Password
When you suspect something suspicious has happened with your account, you should change your password immediately. Go to https://account.live.com/ and see if you can still log into your Microsoft account (formerly Windows Live ID).
If you can, change your password immediately and setup strong proofs (if none exist). We highly recommend setting up an SMS and Trusted PC under the Account Information section, then go to step 2.
If you cannot sign in to your Microsoft account to change your password, or if you notice unrecognized strong proofs, skip to Step 4.
2. Change your Secret Question and Secret Answer
If you had a Secret Question and a Secret Answer set on your account change it immediately to something completely different. Use an irrelevant answer to the question that only you would know. Click here to change your details.
3. Require a password to sign in from all devices where your profile exists
A: On the Xbox console
If the person who compromised your account downloaded your profile to a console, they may have elected to not require a password to sign in. In this case, even after changing your password, they will still be able to sign in. To solve this, you will need to remove access to your profile from all consoles. To do this:
- Visit xbox.com/profile/protection
- Sign in with your Microsoft account
- Select Protect profile
All consoles across Xbox Live will now require your freshly changed password to sign in.
Now that your account is secure, you need to download your profile. Downloading the account invalidates any other copies of your Xbox Live profile that may be on someone else’s console. To learn how to do this click here.
B: In the Zune software
If you have Sign me in automatically enabled in your Zune software, you will need to disable this option to prevent unauthorized usage of your Zune account.
- Open the Zune software on your PC and go to Settings and then Account
- On the Summary page, click the Sign out button (next to your Zune Tag)
- Disable the Sign me in automatically checkbox before signing in again
4. Check your bill
Go to http://billing.microsoft.com and check for any suspicious purchases. As with any billing statements, you should check this regularly.
5. Call Xbox Live Support if needed
Only call Xbox support if:
- There are unauthorized charges on your account
- You can't change your password
- Your gamertag has changed
- You can't download your profile
We can guide you through the next steps. To help us make sure you have the following information ready:
- Your Microsoft account associated with your gamertag or Zune Tag
- An alternate email that needs to be different than the one associated with your Microsoft account
- Your Xbox Console ID and serial number
Do not report the issue via email or chat support as we will need you to answer security questions over the phone.
6. Change Passwords to other web sites
If your account was stolen, and you use the same Microsoft account username and password combination on other websites, then change the password immediately. It is a good practice to use different username and passwords for each site.
7. Review the Xbox Live Account Security Checklist
Become familiar with the account security checklist so you know how to protect yourself in the future.