I took my CC off my account and use points to buy anything after I got hacked. I also don't link my account on any websites and it has helped so far. Also, change passwords every 6 months to a year.

I got my account back after calling them everyday for a month, thankfully they gave me 3 free months of xbox to make up for it lol.

Just from some random questioning I've found this out.

I waited 3.5 months and received my points refunded to me and only one month of Xbox Live as compensation.
The girl who bitched and moaned every day to support and made a website about it, got her issue resolved in SIX DAYS and was given THREE MONTHS of Live.
One person waited 109 days and was finally granted access to his account restored and (IIRC) three months of Live.
One person made a claim on December 30th and had their account restored today and was given TWO MONTHS of Live.
One person made a claim on 10-29 and was given resolution on 12-9 and was given TWO MONTHS of Live as compensation.

I would love to know why Microsoft decided to F me in the A and not even give me the courtesy of a reach around for how much crap I had to go through. I would love to know how Microsoft felt fit to give that girl THREE MONTHS of Live and the shortest turn around time I've ever seen on one of these claims.

I am so beyond pissed off right now.

Keep in mind Microsoft can't explain in too much detail that it reveals the fix, because that would give those crackers the information they need to circumvent it again. That said, two-step confirmation is a rather common and somewhat popular way to protect accounts, so I'm not too sure what the hold up is. Steam didn't take long to add it to their service and it didn't seem to have compatibility issues with their core database infrastructure.

As for your compensation, I recall one month was reset (because they compensated you while forgetting that your account was STILL under someone else's control which is incredibly useless) and one month was added on top, so technically you have two months. That said, three and a half months of a turnaround time can be a reasonable enough argument to request one more month of Gold Live subscription (giving you three total though I imagine one is used up already), provided you give examples of other cases like you did here. Just make your demand because the compensation isn't even scaled to the customer's severity of the case or length of turnaround time. Worth a try at least.

It's too bad Mr. Keighley was distracted from the incident with Mr. Christoforo and CES, because it looks like there won't be any coverage anytime soon regarding Microsoft's customer service response to their lack of security for Xbox Live. (On a side note, while Sony dropped the ball in a far more severe manner with barely any security, at least their response is immediate and urgent in an attempt to regain their customer's faith in Sony's integrity. In my eyes, Microsoft gives off the impression that they're brushing this off.)

Re: Microsoft Responds to Xbox Live Security Issues but Says Very Little

The problem is, Microsoft isn't even saying that they are aware of any security issue nor have they said that they're working on any fix. They don't have to give details about anything but they're just flat out not even saying there's any issue.

The only thing they have ever said about this is the fact that "support times should be as short as possible! HERPADERPHERP!" Well, no shit. But that still doesn't address why people need to be contacting their support system in the first place.

I know. That's why I said that in my eyes, Microsoft is giving off the impression that they're brushing this off. I'm just saying with the cases you learned about regarding inconsistent compensation, you could try to demand one more month (I can't see you getting two more, because that would be four in total despite your insanely brutal wait time, but I can see you deserve more than two). I was also saying that if Microsoft were to acknowledge this issue, they have to be vague so they won't feed the crackers with new information (though not through whistling and stating what their standards are, like what is happening here).