Good luck and thanks for keeping us updated on your findings. This entire thread was very informative and contains great info.
Cheers!
Having thought through the problems, I would never buy the next sim through the MS Store - everything is setup to protect Microsoft and encourage income.
Via Steam the sim ownership is decoupled from an MS account, and all future addons and purchases can be blocked. Simply delete the virtual card.
That means don’t use PayPal, who allowed the hacker to steal an Xbox pass via the “Microsoft Unlimited Payments Company”.
Yes Steam is vulnerable, but they have a far easier method to prove ownership and I expect you can assign the Steam sim to any Xbox account, something that MS does not allow with Store games.
Compartmentalisation is what the security services call it.
As the guy who mentioned virtual cards on this topic inferred, we can stay in control with the tools the banks give us.
And Authenticators, hardware keys.
However we should all be vigilant of our phone being stolen. All those Authenticators could be quickly comprised.
Maybe have a 2nd cheap phone kept at home always, without a mobile sim, for authentication?
Thanks for all of the helpful info on this thread. I managed to get my old Microsoft account recovered that I lost 2 years ago! I filled in the Xbox recovery form, rather than the generic one, and once I had confirmed my IP addresses and Xbox serial number amongst other things, the agent sent me a password reset email and confirmation that I am the rightful owner of the account. It’s a shame that this couldn’t have happened back when I lost the account, as I don’t think the Xbox recovery form existed then, but I guess it was my own fault for not updating my security information. Glad to have it back though. When you actually have a human look through your information rather than a computer program, your chances are much higher.
2 Likes
Actually, this isn’t a secure alternative either: you still need an MS account for the Steam version of MSFS.
The only advantage is, that the purchase itself is decoupled from the MS account. If your MS account is hacked, you will retain control over the software in principle, as you purchased it via Steam, but since MSFS requires an MS account login to start at all, you won’t be able to use a hacked account, as the hackers will certainly have changed the password and MSFS will require re-authorisation with the changed account.
Unfortunately, the result is the same: you will be locked out of MSFS and will only regain access to MSFS once you have regained access to the hacked account.
One further comment: in the case of purchasing MSFS via Steam, it may even be more difficult, as MS may have to completely recreate your account in order to regain control. And to reconnect this new account to a Steam version, Valve would also have to play along. That is guaranteed to be complicated.
Don’t get me wrong: for many reasons, I am in favour of only buying MSFS via Steam (I myself also have a Steam version), as the Steam version simply does not have many of the problems of the MS Store version. And above all, you don’t have to deal with the unspeakable MS Store.
Of course, you need to have a secure password (not a 4-digit PIN or simple swipe gesture on Android) on your phone, including a biometric factor (fingerprint or secure facial recognition such as FaceID by Apple), so that a thief cannot use it.
And if your phone is snatched while unlocked, authenticator apps usually can only be unlocked with the password or biometric factor (note that this may need to be activated first for some authenticator apps).
All good points, thanks.
In London it appears that thieves on electric bikes target users distracted by looking at their phone. They grab the phone, speed away and install virus software before the screen times out. There’s a huge black market in China for western phones because they can’t be blocked by gov.
Slightly off track, but its a real risk.
I’ve struggled to get the Fenix EFB working, tried everything. Then decided to reinstall MSFS2024.
I uninstalled MSFS2024, but now it is missing from the Store. What can I do?
You probably want to open a separate ticket about any further issues as they are not directly related to an account hack.
The email from MS case management is below. Reading it again, I have no clue if I should have MSFS2024 in the store, despite buying it in Nov 2024.
Greetings,
My name is xxxxxx with Microsoft Customer Support. I appreciate your patience while I have performed an investigation of your account.
Account security is a top priority at Microsoft, and we have a team dedicated to investigating and validating fraudulent activity. The account and billing activity associated with your Microsoft account was thoroughly reviewed by our fraud team, and I can confirm there was unauthorized access to your account. Unfortunately, during the investigation process, we found that your security information has been changed.
Unfortunately, when security features are updated on an account, we are unable to assist with an account recovery as these types of updates and/or removal are completely out of control of customer service. We are unable to make any changes to the security information on the account due to security protocols set up and the acceptance of the Microsoft Services Agreement when the account was created.
The only option we have is to permanently suspend this account to prevent any further use. At this time, I have successfully suspended this account, and this will remain on indefinitely.
If you use this account for Minecraft, we regret to inform you that the Minecraft portion of the account is also unable to be recovered and the game will need to be re-purchased on a new account. We understand that this is not the news that you wanted to hear and apologize for any inconvenience that this may cause.
In the event that you have files stored in OneDrive, unfortunately those files are no longer accessible after account suspension and are subsequently unable to be recovered due to encryption; even our engineers do not have standing access to the files. We know that this is not the ideal outcome in terms of your stored files, but please be assured that this is necessary for the privacy of your data and to ensure that it does not end up in the wrong hands permanently.
Thank you for your understanding and patience during the investigation of your account.
Sincerely,**
xxxxxx**
Microsoft Customer Support
Another excellent chat with support. The two accounts, old and new are a bit confusing
The chat person patiently analysed the problem in detail. There is something strange about my two accounts in their records, he said.
He suggested I reply to the CDOC Case Management email asking whether the game license can be transferred to a different account, since the original account could not be recovered.
I have done that and have a transcript of the chat, all 80 minutes!
Looking at Microsoft terms for services section 10 (UK residence)
https://www.microsoft.com/en-gb/servicesagreement#6_serviceAvailability
“The laws of Ireland govern all claims related to cost-free and paid Services, but this shall not deprive you of the mandatory consumer protections under the law of the country to which we direct your Services where you have your habitual residence”
Under the UK Consumer Rights Act 2015, digital content should be of a satisfactory quality, fit for purpose and as described.
So my assertion is the right to reinstall the sim on my PC is covered by that UK act.
I’m confident the support teams can resolve the Store glitch. They are very helpful and track down details quickly, in return I give them the information they need in sufficient detail.
EDIT:
It’s over 72 hours since emailing MS Support asking for MSFS2024 to be back in my store, with no reply.
I’ve replied to their email again, highlighting the UK Consumer Rights Act 2015
Tempted to buy sim again, except I should not need to and there is legal case to make. I want to prevent other people losing access.
1 Like