A report from website SaveandQuit claims that Microsoft’s Xbox Live points system was recently scammed to the tune of $1.2 million up to $ 150 000 (according to estimates) thanks to a code exploit. Users were apparently using this exploit to generate multiple instances of 160 Microsoft Points credits, 48 hour Xbox Live trials and a Halo Reach avatar item
Update: Microsoft has since stated that the losses incurred by this glitch have not reached the high numbers ($1.2 million) reported previously. The company has decided not to share the actual loss value but the number of possible codes generated based on the glitch method seems to back them up. The only way that Microsoft would be able to lose the amount of money first reported would be if the hack was able to use hexadecimal values. We have been unable to confirm if this is the case thus far.
"May the forces of evil become confused on the way to your house." My opinion, not the mag's
Debit those xbox live accounts for the amount due or close those accounts (also leads to dlc blocking). But they wil need to do this very very carefully. Block someones legally bought dlc/points and they can face a lawsuit that costs them more than the cancellation.
Alternatively check for the codes linked to accounts and verify payments made.