Support NeoGAF

[sensui-tomo]

That's not right in my books.

Of course its not right... I'd wish someone would have a class action lawsuit making sony get rid of that mentality that its alright to do it or the "We'll do a 1-time refund to your bank" bs.... its the only reason i worry about going all digital.
Sony should always refund to the bank... not some stupid back to your SONY WALLET HEHEHE horseshit i never wanted.

 

[poodpick]

Not sure if you're serious, but I'll assume you are. In the likely scenario that OP had his information phished and someone used it to access his PSN account, how is that Sony's fault?



Sony will essentially lock them out of the account if they try to chargeback.

Sony should have 2 factor authentication it's fucking ridiculous that they don't.

They should have known how shitty Sony's security practices are because of that massive PSN hack. It's their fault that they kept using PSN.

 

[ScaryShark]

Of course its not right... I'd wish someone would have a class action lawsuit making sony get rid of that mentality that its alright to do it or the "We'll do a 1-time refund to your bank" bs.... its the only reason i worry about going all digital.

Or if you take some simple steps to secure your account you wouldn't have anything to worry about unless they literally hack Sony again.

I've been all digital with Sony for 4 or 5 years now and have a very active account. I've never had an issue and won't because I don't use the same email/password combo anywhere and I don't store payment info.

 

[jackdoe]

Of course its not right... I'd wish someone would have a class action lawsuit making sony get rid of that mentality that its alright to do it or the "We'll do a 1-time refund to your bank" bs.... its the only reason i worry about going all digital.

The problem is the whole refunding of digital purchases. In their eyes, what's to stop people who regret making a digital game purchase from calling up and saying that it was fraudulently purchased and ask for a refund? It's an issue at other digital storefronts as well.

Sony should have 2 factor authentication it's fucking ridiculous that they don't.

They should have known how shitty Sony's security practices are because of that massive PSN hack. It's their fault that they kept using PSN.

2 factor does protect you from being an idiot and sharing passwords and usernames across multiple accounts and it's definitely something they should offer you.

 

[HykCraft]

Sure, it sucks.

Sure, Sony DOES need to improve security on how accounts are accessed.

Doesn't make it Sony's fault because SOMEONE ELSE had OP's PERSONAL INFO including PASSWORD -- unless SONY gave it out to them.

That's reality. Stop sugar coating it.

 

[sensui-tomo]

Or if you take some simple steps to secure your account you wouldn't have anything to worry about unless they literally hack Sony again.

I've been all digital with Sony for 4 or 5 years now and have a very active account. I've never had an issue and won't because I don't use the same email/password combo anywhere and I don't store payment info.

So you're saying its alright for sony to keep unauthorized money? ( i'm not going to victim blame here about how accounts get hijacked, I'm complaining about how they deal with returning the damn stolen money that was given to them that they refuse to give back to the true owner without penalties)

 

[SURGEdude]

Yeah, damn serious.

Having 2FA still has it's flaws as well and isn't 100% secure.

Most security experts will tell you that majority of these "hacked accounts" are not "hacked at all." It's because their information is hanging out online somewhere.. people using the same e-mail address and passwords, and people use that to get into accounts -- there is no brute force tactics here.

Stop being ignorant to the fact that "oh, it can't happen to me because there's no such way someone can get into get into my account."

The effectiveness of 2 factor is highly dependent on the implementation. Stuff like mobile voice confirmation is pretty fucking hard to crack. At that point the gains simple aren't worth it for the thief.

Shitty 2 factor like alternate email on the other hand is largely useless.

 

[Shpeshal Nick]

These threads feel like they pop up here every week or so. Fucking hell Sony.

 

[ymgve]

Pretty sure that if OP googled his password (Shouldn't be harmful because you changed it everywhere you used it, right?) he would find it in one or more public password lists.

 

[Somnia]

Don't worry you'll get your $200 back... in your sony wallet

 

[AmuroChan]

It's called a generalization. Compared to their counterparts Sony has a deplorable history when it comes to issues like this.

Like you I've been lucky, but let's not pretend the issues aren't widespread.

It's not luck. It's being responsible. I always use unique pw with every site. There's literally no way for my PSN account to be compromised unless Sony is hacked, in which case it would be 100% their fault. If for some reason I used the same pw with everything and it got phished from another site, then it's totally on me for being dumb/lazy.

 

[Simply Sami]

Please don't speak for me. They've treated me just fine.

So it's not their fault because it hasn't happened to you?

Some of the posts in this thread. Rarely see this with MS, Steam or even Nintendo. It's always Sony accounts getting hacked and it is a regular occurence.

Where the fuck is two step?

 

[JP]

Two-step verification should be available on everything but that still doesn't make things secure. People have to take care of their own security because there is no such such as absolute security, if you can get into your account then other people can and it's up to you to make it as difficult as you possibly can.

Make sure passwords are unique, as complex as they possibly can be and change them at set periods. Never leave payment details on an online account, whatever that account is for. The simpler it is for you to get into your own account, the simpler it is for other people to get into it too.

I use an offline password manager and below is typical of the randomly generated passwords that I use. It would be stored offline and I simply copy it in when I need to use it.

2XHGrJs98t#c+P9QWM{6wck}RiBW]x

I always ensure that my passwords are as long and as complex will allow them to be, that still does't mean that any account is absolutely secure but greatly reduces the change of somebody brute forcing their way into accounts.

The only password that I have to remember is the password for the password manager, which is kept separate to anything online.

I really do hope that you manage to sort this out but people really do need to do as much they possibly can to make it as difficult as possible for people trying to get into your account.

 

[Undead Fantasy]

Sony really needs to fix this.

 

[JMY86]

I have NO IDEA what is going on with Sony account security lately. I received an email a couple weeks ago that my PSN password had been changed (not by me). I was lucky enough to change my password and remove my saved CC and paypal accounts before any damage had been done. I hope they finally add another step to account authentication (I know it is coming but come on Sony please join 2012 already) soon as there seems to be a rash of account hacks lately. Get your shit right Sony!

 

[KevinCow]

People should also stop using the same email/password combos on multiple sites. I'm gonna go out on a limb and say OP probably used the same combo elsewhere.

Maybe stop using the same password for all your accounts -- user definitely at fault.

Sorry, but that's the reality of it -- unless you can prove otherwise.

It is entirely unreasonable to expect everyone to come up with and remember a unique password for every single service they use. In this digital age where everyone and their mother has some sort of service you have to sign up for to access some piece of content, you're going to be signing up for dozens of services, many of which you won't log into again for months or even years.

We just need to come up with a better system. Every electronic device should come with a built in fingerprint scanner.

 

[OrbitalBeard]

Two-step verification should be available on everything but that still doesn't make things secure. People have to take care of their own security because there is no such such as absolute security, if you can get into your account then other people can and it's up to you to make it as difficult as you possibly can.

Make sure passwords are unique, as complex as they possibly can be and change them at set periods. Never leave payment details on an online account, whatever that account is for. The simpler it is for you to get into your own account, the simpler it is for other people to get into it too.

I use an offline password manager and below is typical of the randomly generated passwords that I use. It would be stored offline and I simply copy it in when I need to use it.

2XHGrJs98t#c+P9QWM{6wck}RiBW]x

I always ensure that my passwords are as long and as complex will allow them to be, that still does't mean that any account is absolutely secure but greatly reduces the change of somebody brute forcing their way into accounts.

The only password that I have to remember is the password for the password manager, which is kept separate to anything online.

I really do hope that you manage to sort this out but people really do need to do as much they possibly can to make it as difficult as possible for people trying to get into your account.

This is actually great advice and I'm going to start doing it.

So, thank you!

 

[Pop]

These threads feel like they pop up here every week or so. Fucking hell Sony.

Sounds more like the account owners problem.

 

[Kolx]

4.0 will most likely bring both name changes and 2-step authentication, but we'll have to wait until VR for it to be released probably.

 

[Vol5]

Same. No fucking way am I trusting Sony's lame ass security with my card.

Plus you can add a code to any purchases you make. Not strictly two factor but still good from a security perspective.

I use the code, have no stored cc info and use a very strong password. That goes for pretty much all sites I use that I've ordered stuff from if the option is available.

 

[BumblebeeCody]

If they spent $200 at least you know they weren't buying the Street Fighter DLC because that's barely enough.

Why doesn't PSN have 2 step though?

 

[Doctor_Thomas]

People claiming "victim blaming":

Here's the big issue - if Sony wasn't hacked but someone got access to your account, how did they get access?

If they have access to your Sony account, how many other accounts do they now have access to? Where did the breach start? What other account are at a risk or do you have payment details attached to?

That's what you should be concerned about, for any fraud, on any site.

 

[etta]

Why doesn't PSN have 2 step though?

It truly boggles the mind. It is beyond comprehension.

 

[Capella]

It is entirely unreasonable to expect everyone to come up with and remember a unique password for every single service they use. In this digital age where everyone and their mother has some sort of service you have to sign up for to access some piece of content, you're going to be signing up for dozens of services, many of which you won't log into again for months or even years.

We just need to come up with a better system. Every electronic device should come with a built in fingerprint scanner.

? That's why password managers exist. You only have to remember one unique password and the rest are stored in the manager where you can just copy and paste them.

1password, lastpass, keepass, etc.

 

[ymgve]

It is entirely unreasonable to expect everyone to come up with and remember a unique password for every single service they use. In this digital age where everyone and their mother has some sort of service you have to sign up for to access some piece of content, you're going to be signing up for dozens of services, many of which you won't log into again for months or even years.

We just need to come up with a better system. Every electronic device should come with a built in fingerprint scanner.

You don't need to remember anything - use a password manager, or if you're even more paranoid, a notebook where you physically write down your passwords.

The probability of your computer getting hacked and someone keylogging your passwords is a few magnitudes below the probability that one or more of the services you're using online has been hacked, which is rapidly approaching 100%

 

[ScaryShark]

It is entirely unreasonable to expect everyone to come up with and remember a unique password for every single service they use. In this digital age where everyone and their mother has some sort of service you have to sign up for to access some piece of content, you're going to be signing up for dozens of services, many of which you won't log into again for months or even years.

We just need to come up with a better system. Every electronic device should come with a built in fingerprint scanner.

It's not unreasonable. Password managers exist for a reason. A pen and notebook exist. Removing your payment information and sacrificing a tiny bit of convenience exists.

'It's entirely unreasonable' to just expect every service you use to have airtight security and not take personal responsibility for protecting your identity online. Or, you know, saying biometrics on every device being a reasonable alternative to simple practices one can already do to stay safe.

I'm literally the victim of a email/password combo being on a list and getting two unauthorized and significant charges to a debit card I had stored on a different site. I owned it and changed my habits online. It wasn't hard and it's better than shouting at the sky/internet with the expectation massive corporations are going to get better security over night or are going to bend to my needs at every turn.

 

[JP]

This is actually great advice and I'm going to start doing it.

So, thank you!

There are a few out there but I've only used one, 1Password. I can't really comment on any of the other but I assume they do the same stuff.

 

[KevinCow]

? That's why password managers exist. You only have to remember one unique password and the rest are stored in the manager where you can just copy and paste them.

And if I want to log in on a computer that doesn't have the password manager installed? Or on a device that can't install the password manager, like a PS4?

Password managers are only a reasonable solution in certain situations.

 

[BabyFaceKillah]

"Guys please stop blaming Sony it's OPs fault"


I'm bout to go change all my shit now
I've been meaning too but all these threads makes it too hard to ignore now

 

[Strider]

People claiming "victim blaming":

Here's the big issue - if Sony wasn't hacked but someone got access to your account, how did they get access?

If they have access to your Sony account, how many other accounts do they now have access to? Where did the breach start? What other account are at a risk or do you have payment details attached to?

That's what you should be concerned about, for any fraud, on any site.

I had my psn account stolen a few months ago. I used an unique password for psn, have 2FA everywhere that allows it incluidng the e-mail associated with my psn, checked my pcs for keylogs after, etc. Everything I could think of...

Nothing else was accessed or used for the 2 months they had my account as far as I could tell and nothing else suspicious turned up. I didn't even know they had my psn until I was setting up remote play so in my account settings I noticed everything besides 1 ps4 was deactivated. They had just deactivated my account on the web and were using it as the primary on their ps4.

So "how they got access" ...? no fucking idea. But let's not pretend like it's some coincidence it's always sony accounts that are the ones people are making threads about around here. Sony's security and customer support are garbage.

2FA can't come quick enough.

 

[funkystudent]

2 factor still isnt on PSN yet?

Didnt they announce it months ago?


ffs Sony.

 

[Zomba13]

Yeah probably but it's in storage. Do i seriously fucking need that information

When I had a similar thing happen to me no amount of information I threw at them helped, they refused to do anything.

 

[rpg_fan]

It is entirely unreasonable to expect everyone to come up with and remember a unique password for every single service they use.

This is exactly why so many people get 'hacked'. If you won't be responsible for your financial security, who will?

As a side note, I always hate when people cry 'hacked', since usually nothing of the sort happened. The people who got into your account knew your password in advance.

Sony really needs to get that 2 step authentication put in place, it would surely help.

 

[RPGamer92]

Sony really needs to step the fuck up with account protection.

 

[wesleyshark]

It truly boggles the mind. It is beyond comprehension.

There is literally no excuse... especially when other companies have offered to help out with them getting it implemented.

 

[RichiRamjag]

It's deserved. They sold me a product in a closed Eco system. I shouldn't have my information and financials at risk

I hear you, but if your email was released or leaked elsewhere, there isn't shit Sony can do about it atm. Your situation blows, Sony needs to hurry up and add two-factor, but don't get ridiculous. I changed all my shit after LinkedIn got compromised.

Until two-factor is added, keep your card off of psn and buy prepaid on Amazon.

 

[Kremzeek]

DON'T STORE PAYMENT INFO ON PSN
DON'T STORE PAYMENT INFO ON PSN
DON'T STORE PAYMENT INFO ON PSN

I'm sorry but until Sony gets into the 21st century, nobody should be storing payment info on their network. PSN cards only.

Ok I've seen too many of these threads here- going to remove my cc info now.

 

[OmegaDL50]

Two-step verification should be available on everything but that still doesn't make things secure. People have to take care of their own security because there is no such such as absolute security, if you can get into your account then other people can and it's up to you to make it as difficult as you possibly can.

Make sure passwords are unique, as complex as they possibly can be and change them at set periods. Never leave payment details on an online account, whatever that account is for. The simpler it is for you to get into your own account, the simpler it is for other people to get into it too.

I use an offline password manager and below is typical of the randomly generated passwords that I use. It would be stored offline and I simply copy it in when I need to use it.

2XHGrJs98t#c+P9QWM{6wck}RiBW]x

I always ensure that my passwords are as long and as complex will allow them to be, that still does't mean that any account is absolutely secure but greatly reduces the change of somebody brute forcing their way into accounts.

The only password that I have to remember is the password for the password manager, which is kept separate to anything online.

I really do hope that you manage to sort this out but people really do need to do as much they possibly can to make it as difficult as possible for people trying to get into your account.

You're talking about LastPass right?

I use it as well. All of my financial accounts such as my Online Banking, Credit Card, Amazon, and Sony accounts, basically any account linked to my payment or credit card details is locked down with a very long and complex password.

I assure myself my accounts won't be compromised because every single password is unique.

While 2 Step verification would be nice, having a extremely complex and impossible to memorize password using a Password manager such as LastPass significantly helps your account being accessed by an unscrupulous source.

Personal account security starts with the user themselves and how much extent they are willing to go to ascertain their privacy and access to payment options are locked down tight.

 

[watdaeff4]

Prepaid cards

Yep.

I only use prepaid cards for any of them. (Though fucking MS still makes you put in CC/PayPal info)

 

[WickedLaharl]

Sure, it sucks.

Sure, Sony DOES need to improve security on how accounts are accessed.

Doesn't make it Sony's fault because SOMEONE ELSE had OP's PERSONAL INFO including PASSWORD -- unless SONY gave it out to them.

That's reality. Stop sugar coating it.

Thanks for the real talk bro your check is in the mail

 

[Hagi]

Thanks OP just reminded me to remove my payment details.

 

[killer rin]

Why the fuck doesn't Sony use 2Factor yet? Its insane that they don't, it should literally be a requirement if you take money from people.

Just changed my password. They added about 200 bucks and bought some shit. Can't get to a computer for a few day or two.

What else am I supposed to do

Ouch, sucks to hear. Just remember to not charge back or else your account will get pema'd. Call Sony and see if they can do anything. Good Luck.

 

[Kolx]

Making the password into 2 parts, each part contains two possible choices that you can easily recall like the names of two of your friends and the same goes for the other part and when you use them interchangeably you can have 4 different password that you can easily remember. Is this hard to break through if a hacker gets one of the 4? he will just have half of two other passwords and nothing out of the fourth right?

 

[adj_noun]

2XHGrJs98t#c+P9QWM{6wck}RiBW]x

That's amazing. I've got the same combination on my luggage!

 

[shandy706]

Haven't stored a CC with Sony for like 5 years now.

No way I would. I use prepaid cards for all my purchases.

LOL @ the people trying to blame all these people when they bring up Sony or the lack of 2 step.

In today's world, lack of a 2 step process on accounts that involve thousands of dollars, plus digital content, is absolutely IDIOTIC and excuse-less. Period

 

[Pop]

Thanks for the real talk bro your check is in the mail

Yes, this problem and every other problem like this is Sony's fault. Right...

 

[shandy706]

Yes, this problem and every other problem like this is Sony's fault. Right...

The fact that I can't set it up to make me verify every transaction with my phone, like every other major account I have, yes...yes it's absolutely their problem. 100%

If PSN or Sony's website transactions and sign-ins sent a phone notification to me and required a code entry. This would NEVER happen this way.

 

[Surface of Me]

What have they done?

No need for that, Sony wasn't the one that hacked you. I hope you get a refund from them.

You signed the eula/ w/e with them. There are responsibilities you have yourself in the situation here and Sony has made it clear time and time again that beyond giving you credit to your account they will not help you get what you want - a refund.

Please don't speak for me. They've treated me just fine.

Why would Sony acknowledge something that isn't their fault?

At the end of the day, there's definitely more Sony could do, but users have a responsibility for their own security and, generally, people who get "hacked" are using their username/password combo on unsecure sites or on other sites that have been hacked. There's no "hack" on Sony's side or the person's account, rather someone has got the information or brute forced it.

People need to be more responsible.

Sure, it sucks.

Sure, Sony DOES need to improve security on how accounts are accessed.

Doesn't make it Sony's fault because SOMEONE ELSE had OP's PERSONAL INFO including PASSWORD -- unless SONY gave it out to them.

That's reality. Stop sugar coating it.

Yes, this problem and every other problem like this is Sony's fault. Right...

Just pointing out to all of you that we havent had 3 or 4 threads the past week about Xbox or Steam accounts being hacked. It is clearly Sony's fault and the amount of corporate apologists in this thread is sickening.

 

[petran79]

10-15 years ago the phrase "my PS got hacked" meant you were the hacker....

 

[marlowesghost]

Yes, this problem and every other problem like this is Sony's fault. Right...

Not having 2 factor authentication is laughable. They just seem so clueless after suffering such a damaging original hack. Steam has it. Uplay has it. Microsoft has it. Even Origin, which everyone loves to shit on, has 2 factor authentication. Yeah. Sony does a worse job than EA.