Support NeoGAF

[theangrypirate]

2 factor needs to happen asap and it is but the only people that are getting hacked are using their same same email and password on another site that was compromised. And I really doubt the type of people that use the same user pass combos everywhere will opt in to two factor authentication. Good luck OP but don't blame Sony for your own poor security decisions.

 

[diablos991]

It was mainly out of convenience. Plus I am not responsible for fraudulent charges. I will be calling the card company to get more detail about what happened.

Some credit card companies require charge-back before a fraud reimbursement can happen. That's just asking to have your account banned.

Not worth the risk. Buying an Amazon PSN card only adds 1 1 minute to the process of buying a game.

 

[Ricky 7]

With the amount of times this kind of stuff happens everyone should not keep their card details stored on PSN until the safer authentication process has been implemented.

 

[7DollarHagane]

I said two factor. I didn't specify SMS. Both Steam and Origin have the capacity to implement app authentication- Sony not doing so in inexcusable.

Well Microsoft and Nintendo don't do it. So that's an excuse.

Steam only does it because of marketplace fraud and the value in their marketplace items.

We obviously don't have the whole picture and maybe these types of "hacks" are a very small percent of a percent of users and they have found that the incidents that do happen are majority the fault of the user having bad security practices. In that case would they even activate their two factor anyway, if it's someone whose password is "playstation123"?

Obviously these are specilative but there are lots of business reasons why they wouldn't jump to integrate two factor or app verification.

 

[Surface of Me]

Well Microsoft and Nintendo don't do it. So that's an excuse.

Steam only does it because of marketplace fraud and the value in their marketplace items.

We obviously don't have the whole picture and maybe these types of "hacks" are a very small percent of a percent of users and they have found that the incidents that do happen are majority the fault of the user having bad security practices. In that case would they even activate their two factor anyway, if it's someone whose password is "playstation123"?

Obviously these are specilative but there are lots of business reasons why they wouldn't jump to integrate two factor or app verification.

Microsoft does do it.

The "business reasons" they dont do it are:

1. It would cost money.

2. They already have fans so loyal they jump at the opportunity to defend Lord Sony, as seen in this thread.

 

[Apollo]

I lol at ppl who say don't risk your account by doing a charge back. Screw my account if I got hundreds of dollars stolen from me. I'd just make another account. After reading this thread I went back to remove my credit card on two of my accounts and for some dumb reason Sony wants the password when you enter "Payment Methods" section. All you do is add and remove cards. They sure don't ask for password when I want to add funds to wallet or buy games from their store. Backwards ass thinking if you ask me.

 

[Persona7]

With the amount of times this kind of stuff happens everyone should not keep their card details stored on PSN until the safer authentication process has been implemented.

Or better yet, use a unique secure password.

 

[Iorv3th]

I lol at ppl who say don't risk your account by doing a charge back. Screw my account if I got hundreds of dollars stolen from me. I'd just make another account. After reading this thread I went back to remove my credit card on two of my accounts and for some dumb reason Sony wants the password when you enter "Payment Methods" section. All you do is add and remove cards. They sure don't ask for password when I want to add funds to wallet or buy games from their store. Backwards ass thinking if you ask me.

Because you don't have it enabled..It's a security option on that same screen you are at trying to add/remove cards.

 

[shanafan]

I have Paypal as my payment method on PSN, why is that not a good idea? Isn't Paypal a two-step method?

It sounds like until two-step authentication happens, prepaid cards are the only way to go.

 

[LastOne2100]

Until Sony introduces two-factor authentication, I refuse to keep any payment information on my PSN account.

When I want something, I add it, then I immediately delete it. Annoying, but worth it for the security.

 

[yyr]

I lol at ppl who say don't risk your account by doing a charge back. Screw my account if I got hundreds of dollars stolen from me. I'd just make another account.

Um, what if you're like a lot of people and have over a thousand bucks worth of games and DLC on your account, including PS3, PSP, and Vita stuff as well as PS4? Folks should just forget all of that and start over?

btw, password confirmation when editing payment details is standard practice. You'll be asked for that on Xbox, Amazon, and probably most shopping Web sites with good security.

 

[Outtrigger888]

I'm gonna give some advice to you guys, don't put your credit card info on any consoles and just buy codes. Sorry your account got hacked.

 

[Breads]

Just pointing out to all of you that we havent had 3 or 4 threads the past week about Xbox or Steam accounts being hacked. It is clearly Sony's fault and the amount of corporate apologists in this thread is sickening.

Apologist? Who are you trying to impress. Other Xbox fanboys? I've called Sony out for this plenty of times and the fact that they ban you if you dare to charge back on them is absolutely disgusting. Hell I've even called them out for forcing you to save your information every time you use it forcing you to go back into your account settings to delete it after every use.

Doesn't make it any less your fault if you keep your account info in an unsecure system that doesn't even have 2-step verification after all this time of being shit.

 

[OmegaFax]

I have Paypal as my payment method on PSN, why is that not a good idea? Isn't Paypal a two-step method?

It sounds like until two-step authentication happens, prepaid cards are the only way to go.

You authorize Sony to dip into your PayPal account (per whatever transaction agreement you agree to when you link your PayPal with your PSN account).

It isn't any safer because PayPal's two-step is useless after the initial authorization.

 

[Apollo]

Um, what if you're like a lot of people and have over a thousand bucks worth of games and DLC on your account, including PS3, PSP, and Vita stuff as well as PS4? Folks should just forget all of that and start over?

btw, password confirmation when editing payment details is standard practice. You'll be asked for that on Xbox, Amazon, and probably most shopping Web sites with good security.

Well if you have over a thousand bucks worth of games and DLC on account and it's recent stuff you better find better use of your money and time. All my DLC and games are old and I could care less about it. I want my money if some hacker steals it.

I've never been asked to enter password when changing my payment info when doing so on Amazon or any site. Amazon ask for password just to log in and that's it. This is coming from a guy that changes his payment method every 3 months on accounts so certain credit cards get used and not sit idle.

 

[chronic_archaic]

Apologist? Who are you trying to impress. Other Xbox fanboys? I've called Sony out for this plenty of times and the fact that they ban you if you dare to charge back on them is absolutely disgusting. Hell I've even called them out for forcing you to save your information every time you use it forcing you to go back into your account settings to delete it after every use.

Doesn't make it any less your fault if you keep your account info in an unsecure system that doesn't even have 2-step verification after all this time of being shit.

So you're defending Sony yet criticizing them at the same time?

 

[StrongBlackVine]

I lol at ppl who say don't risk your account by doing a charge back. Screw my account if I got hundreds of dollars stolen from me. I'd just make another account. After reading this thread I went back to remove my credit card on two of my accounts and for some dumb reason Sony wants the password when you enter "Payment Methods" section. All you do is add and remove cards. They sure don't ask for password when I want to add funds to wallet or buy games from their store. Backwards ass thinking if you ask me.

If your account has a lot of expensive digital purchases(games, movies, possibly multiple years of PS Plus) tied to it then you are fucked if they ban you..not as easy to laugh off as you seem to think.

 

[MaulerX]

Well if you have over a thousand bucks worth of games and DLC on account and it's recent stuff you better find better use of your money and time. All my DLC and games are old and I could care less about it. I want my money if some hacker steals it

.

If your account has a lot of expensive digital purchases(games, movies, possibly multiple years of PS Plus) tied to it then you are fucked if they ban you..not as easy to laugh off as you seem to think.

That's the classic definition of 'having you by the balls'.

 

[i-Jest]

We need an official thread with a FAQ section. This is becoming way to common.

Sony, please disable game share so you can get a proper handle on this shit.

 

[hemo memo]

I would rather input my credit card information everytime I want to buy something and not risk dealing with something like this. Specially Sony customer service and policies.

 

[Aters]

I have my card info saved on PSN....
I need to fix it asap.

 

[Melchiah]

It is entirely unreasonable to expect everyone to come up with and remember a unique password for every single service they use. In this digital age where everyone and their mother has some sort of service you have to sign up for to access some piece of content, you're going to be signing up for dozens of services, many of which you won't log into again for months or even years.

Like you I've been lucky, but let's not pretend the issues aren't widespread.

I don't consider it luck. None of my accounts have ever been "hacked", because I don't use the same password for multiple places. And I've had my card details on PSN since September 2008, and during the 2011 outage.

 

[RichiRamjag]

Well if you have over a thousand bucks worth of games and DLC on account and it's recent stuff you better find better use of your money and time. All my DLC and games are old and I could care less about it. I want my money if some hacker steals it.

I've never been asked to enter password when changing my payment info when doing so on Amazon or any site. Amazon ask for password just to log in and that's it. This is coming from a guy that changes his payment method every 3 months on accounts so certain credit cards get used and not sit idle.

Fuck outta here with that judgemental bullshit.

You're on a forum dedicated to gaming, of course people may have hundreds of dollars worth of digital purchases.

 

[psynergylover]

How about we just say this is neither Sony's or the OP's fault; the OP fell victim to some shitty hacker out in the web.

Sony had nothing to do with the hack as it seems the OP information was obtained through other means in which then the hacker/phisher used it to gain access to his account. Should Sony implement a two-factor verification? It wouldn't hurt,(probably should) will it be the all-end of these kinds of hacks? No, maybe I might sound more like an "apologists" but these "Sony's security is shit" is pretty damn hyperbolic, Sony didn't just download some AVG and Malware-bytes off the internet, I highly doubt anyone on GAF could do any damage to Sony's security, then again the PSN wasn't breached in this event.

I think people should focus more on the aspect of Sony implementing a 2-step verification and their procedures on how to handle a person that has been legitimately wronged by an event of hacking/phishing cause from anecdotal threads on gaf their customer service/certain policies seems kinda "shitty"

Hope everything works out for you OP, keep us posted.

 

[Neff]

Even though I had an issue with a prepaid PSN card recently (it had already been redeemed when I bought it, supplier said it had been redeemed on the day of purchase, Sony said it had been redeemed before then, I send the lying supplier the Sony email and demand a fucking refund which I get), and even though none of my passwords are the same for anything, and even though they're batshit random, I still feel way safer not leaving my card details with Sony. Unfortunately though they're a big target for shady opportunists because a) their security is relatively lax and b) it seems a lot of their customers are lazy with passwords.

 

[epmode]

Should Sony implement a two-factor verification? It wouldn't hurt,(probably should) will it be the all-end of these kinds of hacks? No,

I can give you my PSN password and a reasonable two-factor authentication system would still keep you out of my account. TFA would be the end of virtually all threads like this.

 

[Brad Grenz]

I can give you my PSN password and a reasonable two-factor authentication system would still keep you out of my account. TFA would be the end of virtually all threads like this.

No, we'd just get new threads where everyone tells the OP they should have been using 2FA.

 

[foolishoptimist]

Another victim blamer. Pathetic.

Well, he's blaming Sony. But Sony didn't hack his account and spend his money.

Everyone keeps bringing up how many threads there have been recently. How many threads do we need before account holders are responsible for leaving their CC details on their account?

 

[Methamatics101]

Thanks for reminding to remove my CC details. No idea why I still had it. Only been using pre-paid PSN cards.

 

[Haroon]

Cancel credits cards, contact lawyer, and hit the gym.

 

[Occam]

Aside from the incident in 2011 where PSN itself was hacked, has there ever been an actual case of a PSN account hack?

 

[JaseC]

Steam only does it because of marketplace fraud and the value in their marketplace items.

2FA on Steam came well before the Community Market, actually: March 2011 (Exhibit A, Exhibit B) versus December 2012.

Aside from the incident in 2011 where PSN itself was hacked, has there ever been an actual case of a PSN account hack?

You're probably just curious, but to use your post as a springboard nonetheless, I think the distinction is missing the forest for the trees. Unauthorised account access may generally not arise from actual hacking, but even so, as a broad concept, it's still something that 2FA will help prevent.

 

[Hesemonni]

Sooo, should I remove Paypal from my PSN account?

 

[Kuraudo]

Well, he's blaming Sony. But Sony didn't hack his account and spend his money.

Everyone keeps bringing up how many threads there have been recently. How many threads do we need before account holders are responsible for leaving their CC details on their account?

Sony automatically retain your card details everytime you use it. Basically you're recommending manually deleting them each and every time you purchase something, which is the exact opposite of what Sony's infrastructure wants you to do. So if, in order to be secure, I need to go out of my way to avoid Sony's system, then that absolutely shows that the flaw is on Sony's end.

If on the otherhand Sony offered me the option for them to not retain my details and gave a warning about the repercussions if they do keep them and explicitly recommended against it, then yeah the user would be responsible.

 

[diablogod]

I was playing Divinity Original Sin last night at like 2am and it booted me from me and my buddies game and said someone logged into my account from a different system. I rushed to the web changed my password and deactivated all the systems from my account.

Could have been a glitch but these recent threads are making me think maybe not...

As far as I know the password used was a unique password, I don't think my email is compromised. I run virus and malware scans regularly so I don't think it was a keylogger or anything.

Just was very weird, I hope this isn't another breach.

 

[Surface of Me]

Well, he's blaming Sony. But Sony didn't hack his account and spend his money.

Everyone keeps bringing up how many threads there have been recently. How many threads do we need before account holders are responsible for leaving their CC details on their account?

People shouldn't have to worry about using their credit card with an international corporation the size of Sony. It is deplorable how inept they are with their own security and their customer's security. I trust a local convenience store with my info more than Sony.

 

[T.O.P]

Well, he's blaming Sony. But Sony didn't hack his account and spend his money.

Everyone keeps bringing up how many threads there have been recently. How many threads do we need before account holders are responsible for leaving their CC details on their account?

Is it bad expecting to have my info/passwords safe when using a service i'm paying for? or is it asking it too much?

 

[Joco]

These threads are so frequent at this point I just roll my eyes. Don't put your credit card info on PSN.

 

[andshrew]

Even without 2FA they could significantly cut down on this type of fraud by just performing some basic security checks when the account is being accessed from a new computer/console ie. validate some detail of the credit card before work allowing you to use the stored card.

 

[lifa-cobex]

Sooo, should I remove Paypal from my PSN account?

Yea.
I also had my paypal linked to it.

Got breached

 

[foolishoptimist]

Is it bad expecting to have my info/passwords safe when using a service i'm paying for? or is it asking it too much?

After the number of these threads that we've had?...

 

[Hesemonni]

Yea.
I also had my paypal linked to it.

Got breached

Okies.

 

[Sithlord77]

Can you actually set up two factor auth. On the PS3 yet? I know you can't on ps4 yet but j remember seeing it was introduced on PS3 in April. But I can't find it anywhere in its settings for my account.

 

[Atomski]

It's crazy people are still on Sony's side with this thread.

If they know their shit isnt air tight then they should have options not to save ur billing info..

 

[lifa-cobex]

They'll ban me

Sony refused to give me a refund so I did a charge back through my Paypal.
Paypal said Sony never give refunds but not to worry.

I got my cash back and didn't get banned.

Edit: BTW OP, What was purchased through your account?
Can I assume it was Fiffa add-ons?

 

[Totbjorn]

Sony definitely needs to implement 2FA but they also need to realize that for a consumer facing system like this people will not protect themselves.
Many will use the same passwords, simple passwords, store their credit card info and not turn on 2FA. Most people dont think about these things until they get hurt.

The only way to solve this is to not be such a tempting target.
If Sony had a robust way to revoke rights to digital goods it would not be a such a big deal to just give the money back and the hackers would not gain anything by hacking.

You dont see threads like this about other platforms and I don't think it is because they have 2FA.

 

[Melchiah]

Is it bad expecting to have my info/passwords safe when using a service i'm paying for? or is it asking it too much?

It's not asking too much, if you don't use the same password elsewhere.

 

[kraspkibble]

i don't even know my Sony password. i generate unique passwords for everything i join and store them in keepass. i used to use the same password for everything like most people still do but after that sony hack in 2011 i took my online security more seriously.

i understand that for people it's easier to just use the same password but that's essentially what i'm doing right now too. the only password i know is my master password for keepass. the only difference is i need to take a few seconds to open keepass and copy whatever pass i need. also, for some 2FA is too much hassle as well but i feel it's got a lot better. i use it for Steam + Battle.net + Origin. what happens is i stick in my password as normal and then it asks for a code which is sent to my phone through text or by notification from a dedicated application. the best one i've used is Battle.net by far. This is how it goes:

1. click Battle.net shortcut
2. click keepass shortcut
3. type keepass master pass then copy paste Battle.net pass
4. paste pass into Battle.net and instantly get a notification on my phone and i press "Approve".

again this might sound like too much bother but i'll happily do it every time especially when it's to protect an account that i have spend so much in. I don't have many games in Origin/Battle.net but for Steam + Playstation I have hundreds of pounds worth of games and I really don't want to lose them.

 

[Cromwell]

Never ever ever save credit card or paypal info on Sony accounts. Their security is terrible and they don't have 2 factor, my account got hacked a few months back too.

 

[Possumowner]

And that's why I don't keep any payment details on PSN,this type of thing worries me