-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
My fucking Sony account got hacked.
- Thread starter Ultima_5
- Start date
Sephiroth_VII
Member
Just use a good, unique password. Two-factor authentication is not an excuse for having a bad password! Often, all they need to get around it is access to your email account anyway, and if you use the same password there, it becomes pointless.
Yes, Sony should offer it, but it's not necessary if you just have a strong, unique password for each of your important accounts.
I have had three different PSN accounts since the service launched, all with payment details attached for each of the different PSN regions. They also all have unique, 32-character passwords and strangely, I've never been "hacked".
This is all well and good, but still all it takes is a keylogger and you logging into your Sony account on a PC.
The only correct answer here is that 2FA is needed. Having a secure password is just something to do to get around the fact it's missing.
Sephiroth_VII
Member
Well, that's only if your home system isn't secure, and in that case, all it takes is for you to enter your cc info on some random site while that same keylogger is running.
If your system isn't secure, you're fucked either way. A good start is to stop using Windows for entering sensitive information at all, but even just having a decent anti-virus setup and applying updates as they come in should keep you safe from keyloggers in most situations.
Oh, and not downloading random closed-source crapware from the Internet.
CircleOfFire
Member
Two-factor auth is going to help with this, which Sony should definitely do.
But if it's people using the same (possibly easy to crack) password and e-mail account across a bunch of services then it's their fault. There's been a bunch of companies in the last few weeks that have seen huge amounts of data lifted from their services, including massive firms like LinkedIn. It's worth putting your e-mail address into here to see if it's included in any of the breach data: https://haveibeenpwned.com/
This is basic information to me, but there are so many out there with zero insight into how this works.
That's why 2FA coupled with your phone is the right way to go.
CircleOfFire
Member
Having done things like SMS integrations in the past the thing that takes forever is getting contracts lined up unless you use some service like Twilio. Remember that if they want to introduce it everywhere they need a decent partner in all the countries they serve and all the mobile providers. The last time I did this it was a nightmare to get it working reliably with one company for like 2 countries, 50+ countries is FML territory.
Sephiroth_VII
Member
Definitely, but if people don't do basic security right, they're still going to get "hacked". They just won't be able to blame Sony for it.
2 factor auth should been implemented a long time ago. Also that all of you creditcard information is saved annoys me. Could easily not store the security code on the card and prompt the user to reenter it when buying stuff.
Just look at Nintendo. They give you the option to store your card info behind a seperate pin code.
Just look at Nintendo. They give you the option to store your card info behind a seperate pin code.
Melchiah
Member
So, now we're blaming those, who say everyone should have a good and unique password for every website and service, for the lack of 2FA?
Paypal also doesn't have 2FA yet.
At least not here in Belgium. You can actually enable it via a specific link (not through your account settings) but I'm afraid to do it since it isn't explicitly supported.
I went on as much 2FA as I can about 2 weeks ago. Authy is really a great app for that.
At least not here in Belgium. You can actually enable it via a specific link (not through your account settings) but I'm afraid to do it since it isn't explicitly supported.
I went on as much 2FA as I can about 2 weeks ago. Authy is really a great app for that.
The Incarnation
Member
Your name here on this forum is the same as your PSN name. If your password is the same here, then you are asking for trouble really.
Also seems to happen to members of this forum a lot.
Meus Renaissance
Member
This reminded me to remove all my payment information from my account. Thanks.
SicSemperTyrannis
Member
July 4th is likely to be a holiday for them I would assume.
What I don't understand is why Sony ban your account if you did a chargeback.
I mean, it's ok doing so, but if the purchase was fraudolent (and there are plenty of ways to check that out, the easiest one is check the ip region of that purchase: if the account owner is from Italy and the purchase was done in Russia, of course something fishy happened if there's a claim going on) they NEED to unban the account.
Because they are taking stolen money and plus they are banning the wrong person, so he gets twice scammed, by Sony and by the thief.
I mean, it's ok doing so, but if the purchase was fraudolent (and there are plenty of ways to check that out, the easiest one is check the ip region of that purchase: if the account owner is from Italy and the purchase was done in Russia, of course something fishy happened if there's a claim going on) they NEED to unban the account.
Because they are taking stolen money and plus they are banning the wrong person, so he gets twice scammed, by Sony and by the thief.
No, the only ones who are to blame for the lack of 2FA is Sony. Not sure what you're trying to twist here.
It's 2016, basic security should be a given. You also seemingly have to go through hell to get your funds back if you do get hacked, so the sooner they get this out, the better.
In short, Sony needs to get more flack for this, if only to make them hurry up or at least give a timeframe.
DISSESHOWEDO
Banned
I always do that, add card purchase and then delete the info! The best way to shop from SEN! Or ofcourse use pre paid cards.
As for Sony's cistomer care suppurt, it is even worse in EU!
DISSESHOWEDO
Banned
This is a standard practice for many companies, some will even make sure that you can not use the sam card or PP account again for their services!
It does it's called security key and uses SMS although it seems you can use an app but haven't tried that before.
Edit - App works also
TLZ
Banned
Never thought I'd be taking orders from Megatron, but.... done!
There does appear to be a lot of what requesting a chargeback actually is.
A chargeback is the end of the line, you're telling them that you're not going to deal with them anymore. It really is the end of the line and nobody should be doing it without exhausting all other avenues first. Chargeback better suited for something along the lines of a company going out of business and you've not received your goods from them.
It should never be done lightly.
If people are are requesting chargebacks for a transaction via PayPal, it changes again. The transaction that can be covered by chargeback is between your card company and the money going into your PayPal account. The transactions between your PayPal account and which ever company you're spending that money on is not classed as a card transaction, because it isn't one.
Because of these, requesting a chargeback from something like PSN if you have paid for it via PayPal will make things even worse for you as you're now telling PayPal that you don't want to deal with them so that can mess up other payments that you've made via them.
Chargeback requests are a massive source of fraud for companies and their are other companies out there who have been set up to deal specifically with chargebacks, to protect the companies that allow card transactions.
Nobody should be requesting a chargeback without investigating what it actually is and how it will effect if they do request one. It's not an easy fix for speed up a refund and unless it's an absolute last resort, it's probably not going to make things better for any of the involved parties.
Yeah, but this option is only presented in a select few countries. Wouldn't surprise me if it's US only.
I don't see this step:
(My mobile number has been added)
The person in question said nothing about that just making you just seem like an offended Sony apologist in return. I truly hope that isn't your intention since the point you made in this thread about not reusing passwords is perfectly valid.
Nobody is debating here that you should absolutely avoid reusing passwords just for how many database breaches there were at this point, but you have to be blind to not see the people that are actively bothered by the topic at hand and are quick to point fingers at just about everything else.
We get people here mysteriously accusing people of being Microsoft fanboys out of nowhere, just for saying Xbox and Steam do not have the same issues (due to having 2 factor authorization), straight up making fun of the OP telling them shit like "dog2005 isn't a good password" or pulling every other explanation out of their sleeve to push the blame off Sony's piss poor support when it comes to securing/protecting your account even though even in this thread alone there are people who have been breached using a completely unique password for PSN.
And you know what that all accomplishes? Absolutely nothing except making OP feel bad for trusting Sony, which is bullshit since it is completely inexcusable to still not have stuff like 2 factor authorization in 2016, and they definitely deserve all the flak they can get for the lack thereof.
peanutbutterlatte
Member
Yep, their security and methods for dealing with breaches are absolutely laughable. Phonecalls that lead nowhere, departments not being able to go above/contact other departments, and at the end of the day hundreds of your currency in purchases being inaccessible. I change my PS password every few months now.
Sony is pathetic. My account got hacked as well with purchases made out of nowhere. All they could say is that the purchase was made from my registered PS4 which I know is impossible since no-one was at home at that time. Either they're lying or their system has a serious problems of security or bugs. Either way I don't trust them.
Like they give you a choice.. you buy their console and get this wall of text. We as consumers expect to be treated fairly. We don't expect a videogame company to have bad policies in place that screw is when things go wrong.
Melchiah
Member
Your claim was, that those people were defending the company, and partly reason for why 2FA hasn't been implemented. I dunno how I'm twisting anything. True, it should have been there ages ago, and problems should be easier to solve for the customers, but it doesn't mean people should still use the same password on multiple services. When it comes to the latter, the customer should have known better.
The problem is we all should be putting more pressure on Sony to put in better systems for security.. not saying it's OK good guy Sony these smucks just don't know how to password.
Spiritwalker
Member
Sad to see people defending Sony here
Melchiah
Member
Hopefully 2FA comes rather sooner than later. I'm not seeing the good-guy posts though, just people wondering what compromised password has to do with hacking. It's not like the service itself has been compromised. I have a personal experience on the latter, when our old website's forum was targeted and breached many years ago.
TheOmegaSpartan
Member
I got my PSN and Origin hacked a few months ago. No credit cards stored on either account, thank goodness, but they had the same passwords and that was my downfall. I went to town and changed all the passwords from my other accounts as a precaution and added multi-layered authentication if available. Retrieved my hacked accounts, of course, and lesson learned.
Also, they seem to strike in the middle of the night when customer service is unavailable and it could take hours before you could actually do anything about it.
Also, they seem to strike in the middle of the night when customer service is unavailable and it could take hours before you could actually do anything about it.
My credit card that was attached to the PSN, was charged couple weeks ago. Was only for 24 dollars. Called chase and they took care of it. IDK if it was PSN related or just someone got hold of my card info? That card I haven't used in a year, its been put away...oh well, shit happens. we out here lol
The issue with that a chargeback wouldn't actually involve Sony (or any other company), it would be you and your card company that have control over it. By requesting a chargeback from your card company you're informing them that Sony has done something so bad that you're cutting ties with them.
A refund would be between you and Sony but because you've involved a third party and removed Sony from the transaction, you've made them powerless in assisting you.
In all but a tiny minority of cases requesting a chargeback is just going to make things worse for everybody who is involved in it. Clearly, if you've bought something for a company and they ceased trading, it would then be appropriate to request a chargeback.
I think there's often confusion on here that a chargeback is like a refund but it really isn't.
Gravy Boat
Member
I'm currently going through my own refund battle with Sony, so I feel your pain. Saying that, I really can't put the blame on Sony for something like this. I 100% agree that 2 factor should be available and it's embarassing that they don't have it, but since everyone is aware from it's absence you should really make more of an effort to protect your money. I'm not blaming you either here, OP. You're clearly a victim and I hope you get it sorted out, but I can't understand blaming Sony for someone getting your email and password from somewhere else and just logging into your account with it. A unique password or taking your card off your account after a purchase is all you need to do to prevent something like this until 2 factor eventually gets here.
You can however absolutely blame Sony for their shitty customer service and inability to deal with things like this after the fact.
You can however absolutely blame Sony for their shitty customer service and inability to deal with things like this after the fact.
SkylineRKR
Member
Sony is dog shit with CS and with security. I mean, my PS4 isn't primary for whatever reason anymore. I don't see a second PS4 on my account, and they won't tell anything and shrug me off with 'all you can do is waith 6 months'. They have this brilliant once per 6 months deactivation that can backfire greatly.
Stuff like that, and the previous PSN hack made stop using CC or PP with PSN. I never store payment info on PSN, the slight convenience you get from it versus manually adding funds or getting prepaid vouchers its not worth it. Also, they're way behind the likes of Steam with their protection and also refund policy.
Stuff like that, and the previous PSN hack made stop using CC or PP with PSN. I never store payment info on PSN, the slight convenience you get from it versus manually adding funds or getting prepaid vouchers its not worth it. Also, they're way behind the likes of Steam with their protection and also refund policy.
Despite your efforts I stand resolute on my claim that you should not keep payment info on your PSN account.
Yeah, but this option is only presented in a select few countries. Wouldn't surprise me if it's US only.
I don't see this step:
(My mobile number has been added)
If I remember correctly PayPal 2FA is only available for users with US, CA, UK, DE, AT and AU PayPal accounts.
Melchiah
Member
I couldn't agree more. People tend to see things in black and white, you're either for or against the company, nothing inbetween.
I'd imagine similar cases of phishing or getting email/password from somewhere else happens on those networks as well. The difference is they have 2FA which helps massively. Sony really need to add that ASAP. It's a severe omission on their security practices. I use 2 factor on everything I can, and it really annoys me I can't on PSN.
I'm happy that Sony has acknowledged the request for additional security measures. But I also agree with those who point out, correctly, that two-factor authentication won't help a large demographic who are lax with their personal security.
To help illustrate this point, Microsoft added two-factor verification 3 years ago, yet here is a sample of Xbox Live users (since Xmas) who have had their accounts compromised:
Even today, too many people prefer convenience over security. Coupled with major breaches this year (e.g. LinkedIn, Tumblr, Mail.ru, Yahoo, Google, Microsoft) we will continue to witness blackhat groups sharing e-mail dumps and running automated log-in software. Users who use rickety passwords or employ the same credentials across multiple websites will fall victim... sooner or later.
To help illustrate this point, Microsoft added two-factor verification 3 years ago, yet here is a sample of Xbox Live users (since Xmas) who have had their accounts compromised:
Code:
25 Dec https://www.reddit.com/r/xboxone/comments/3y7p64/so_someone_just_spent_hundreds_of_dollars_on/
29 Dec https://www.reddit.com/r/xboxone/comments/3ynjbg/my_xbox_live_profile_was_hacked_but_i_got_it_back/
07 Jan https://www.reddit.com/r/xboxone/comments/3zxynj/somebody_logged_into_my_password_protected_profile/
11 Jan https://www.reddit.com/r/xboxone/comments/40i8rd/my_microsoft_account_was_hacked_and_i_cant_get_it/
13 Jan https://www.reddit.com/r/xboxone/comments/40qldf/wtf_i_think_i_just_got_hacked200_never_winter_zen/
15 Jan https://www.reddit.com/r/xboxone/comments/410omj/problem_with_xbox_account/
20 Jan https://www.reddit.com/r/xboxone/comments/41v8vm/escalating_account_issue_with_microsoft/
23 Jan https://www.reddit.com/r/xboxone/comments/42ape2/tech_account_hacked_xbox_live_no_longer/
28 Jan https://www.reddit.com/r/xbox/comments/431sbn/help_somebody_hacked_my_account_and_is_making/
02 Feb https://www.reddit.com/r/xboxone/comments/43rxhi/techsupport_question_from_a_new_user/
04 Feb https://www.reddit.com/r/xboxone/comments/4440mg/did_my_email_get_compromised_or_my_xbl/
13 Feb https://www.reddit.com/r/xbox/comments/45kk4m/account_was_hacked_last_night/
22 Feb https://www.reddit.com/r/xboxone/comments/473smj/xbox_live_account_compromised_support_being/
15 Mar https://www.reddit.com/r/xboxone/comments/4akkz4/psa_turn_on_2_step_verification_or_lose_your/
21 Mar https://www.reddit.com/r/xboxone/comments/4bd1x5/has_anyone_ever_had_trouble_recovering_a_hacked/
09 May https://www.reddit.com/r/xboxone/comments/4ihdy5/am_i_fucked_my_account_was_hacked_and_i_have/
24 May https://www.reddit.com/r/xboxone/comments/4ktuyb/microsoft_saved_my_bank_account/
26 Apr https://www.reddit.com/r/xboxone/comments/4ggh2i/someone_hacked_my_microsoft_account/
15 Jun https://www.reddit.com/r/xboxone/comments/4o5rz8/just_a_reminder_to_get_twostep_verification_on/
19 Jun https://www.reddit.com/r/xboxone/comments/4ovcqu/just_got_an_email_saying_that_my_account_had_been/
22 Jun https://www.reddit.com/r/xboxone/comments/4p9z20/someone_hacked_and_stole_my_xbox_handle_how_do_i/
25 Jun https://www.reddit.com/r/xbox/comments/4pr08x/did_i_just_lose_my_account_for_good/
26 Jun https://www.reddit.com/r/xboxone/comments/4pv7ev/another_reminder_to_enable_two_factor_verification/
02 Jul https://www.reddit.com/r/xbox/comments/4qykar/got_my_account_back_then_i_found_out_im/
31 Jul https://www.reddit.com/r/xboxone/comments/4vi80c/microsoft_temporarily_disabled_my_account_because/
04 Aug https://www.reddit.com/r/xboxone/comments/4w44mk/tech_cant_login_to_my_account_after_activating/
25 Aug https://www.reddit.com/r/xbox/comments/4zhdke/my_friends_xbox_may_have_been_hacked_please_help/
03 Sep https://www.reddit.com/r/xboxone/comments/50whrq/i_keep_getting_signed_out_from_another_xbox_and/
15 Sep https://www.reddit.com/r/xboxone/comments/52xgcv/success_rate_with_getting_hacked_accounts_back/
19 Sep https://www.reddit.com/r/xboxone/comments/53h0l0/account_hacked_again/
21 Sep https://www.reddit.com/r/xboxone/comments/53t0vm/id_like_to_start_a_slow_clap_for_microsoft/
22 Sep https://www.reddit.com/r/xboxone/comments/540kw9/locked_out_of_my_own_account/
25 Sep https://www.reddit.com/r/xboxone/comments/54e0bw/tech_plz_help_ive_lost_access_to_my_account/
25 Sep https://www.reddit.com/r/xboxone/comments/54gebb/everything_is_gone_but_looking_for/
28 Sep https://www.reddit.com/r/xboxone/comments/54xr1d/hacked_account/
07 Oct https://www.reddit.com/r/xboxone/comments/56d9t4/unauthorized_chargesdisappearing_account/
14 Oct https://www.reddit.com/r/xboxone/comments/57hwry/tech_multiple_xbox_one_gamertags_with_one_game/
20 Oct https://www.reddit.com/r/xbox/comments/58j7yv/xbox_enforcement_team_is_useless_and_corrupt/
23 Oct https://www.reddit.com/r/xboxone/comments/58yqoy/should_i_worry_about_my_account_being_hacked/
26 Oct https://www.reddit.com/r/xboxone/comments/59gbzn/someone_got_into_my_account_despite_two_step_auth/
28 Oct https://www.reddit.com/r/xboxone/comments/59tw62/psa_to_use_two_step_verification/
04 Nov https://www.reddit.com/r/xbox/comments/5b4g94/question_have_i_been_hacked_something_weird/
04 Nov https://www.reddit.com/r/xboxone/comments/5b4o6m/psa_new_login_method_bypassing_two_step/
19 Nov https://www.reddit.com/r/xboxone/comments/5dtkyw/my_account_just_got_hacked/
19 Nov https://www.reddit.com/r/xboxone/comments/5ixgqz/just_spent_3_hours_talking_to_xbox_chat_and_they/
20 Nov https://www.reddit.com/r/xboxone/comments/5duvu1/has_my_account_been_compromised/
22 Nov https://www.reddit.com/r/xbox/comments/5e9pvl/not_sure_what_to_do/
03 Dec https://www.reddit.com/r/xboxone/comments/5gapgi/do_yourself_a_favor_and_change_the_password_on/
18 Dec https://www.reddit.com/r/xboxone/comments/5ixgqz/just_spent_3_hours_talking_to_xbox_chat_and_they/
22 Dec https://www.reddit.com/r/xboxlive/comments/5jsgef/was_recently_hacked_and_they_changed_the_email_on/
26 Dec https://www.reddit.com/r/xboxone/comments/5kb2ss/just_got_a_refurbished_xbox_one_for_my_friend_for/
10 Jan https://www.reddit.com/r/xbox/comments/5n57kq/my_microsoft_account_was_hacked_what_can_i_do/
12 Jan https://www.reddit.com/r/xboxone/comments/5nkiiy/old_xbox_account_compromised_help/
12 Jan https://www.reddit.com/r/xboxone/comments/5nhvhv/friendly_reminder_to_enable_two_factor/
17 Jan https://www.reddit.com/r/xboxone/comments/5ol08s/tech_account_compromisedany_help_or_advice_please/
19 Jan https://www.reddit.com/r/xboxone/comments/5ou1b4/so_i_had_my_xbox_live_account_stolen/
24 Jan https://www.reddit.com/r/xboxone/comments/5ptkww/if_youre_thinking_about_two_step_verification/
25 Jan https://www.reddit.com/r/xboxone/comments/5q3q6s/account_hacked_by_chinese_email_163com/
05 Feb https://www.reddit.com/r/xboxone/comments/5saotj/please_make_sure_to_double_check_the_safety_of/
08 Feb https://www.reddit.com/r/xboxone/comments/5sqenx/lost_100_in_games_and_dlc_what_to_do/
22 Feb https://www.reddit.com/r/xboxone/comments/5vj7z8/get_hacked_then_get_banned/
05 Mar https://www.reddit.com/r/xboxone/comments/5xn7c6/gamertag_hacked/
06 Mar https://www.reddit.com/r/xboxone/comments/5xtqci/my_account_was_hacked_and_now_im_getting_the/
06 Mar https://www.reddit.com/r/xboxone/comments/5xq4qy/my_xbox_account/Even today, too many people prefer convenience over security. Coupled with major breaches this year (e.g. LinkedIn, Tumblr, Mail.ru, Yahoo, Google, Microsoft) we will continue to witness blackhat groups sharing e-mail dumps and running automated log-in software. Users who use rickety passwords or employ the same credentials across multiple websites will fall victim... sooner or later.
It's the same company who can't figure out how to let your change your PSN name, without destroying the service.
It's incredible really.
Yes, Sony didn't directly "hack" his account. However:
1) Sony was "in charge" of the security of his information and they failed miserably. If I had a security guard watching my house and he set up the security system, he sure as hell would share a large part of the blame if it got broken into. I don't care if I use the same pin for my bank and security system, it should have a redundancy.
2) Sony has the power to rectify this ordeal by having a swift and easy refund system. In the above example, it's as if the security guard is watching his own store that just happens to have my money on site. They break in, use my money in the store, and the next morning when I ask where my money is the security guard just shrugs.
This seems to happen often enough that a refund system should atleast be in place. I'm sure OP has never randomly added $200 to his account in the past and just spent it on FIFA or whatever. And if he calls within a few hours of purchase it should be an easy refund.
Sure, use a different password everywhere. Cover your ass. However, this is Sony's storefront so they need to provide the safety. And if their security system is dated without 2 step verification, then at the very least implement a refund system. The fact that after all these years I see the same posts yet don't see either of these changes feels like they just don't give a fuck.
And what the fuck is wrong with people blaming the victims and acting like the corporation bares no responsibility?
1) Sony was "in charge" of the security of his information and they failed miserably. If I had a security guard watching my house and he set up the security system, he sure as hell would share a large part of the blame if it got broken into. I don't care if I use the same pin for my bank and security system, it should have a redundancy.
2) Sony has the power to rectify this ordeal by having a swift and easy refund system. In the above example, it's as if the security guard is watching his own store that just happens to have my money on site. They break in, use my money in the store, and the next morning when I ask where my money is the security guard just shrugs.
This seems to happen often enough that a refund system should atleast be in place. I'm sure OP has never randomly added $200 to his account in the past and just spent it on FIFA or whatever. And if he calls within a few hours of purchase it should be an easy refund.
Sure, use a different password everywhere. Cover your ass. However, this is Sony's storefront so they need to provide the safety. And if their security system is dated without 2 step verification, then at the very least implement a refund system. The fact that after all these years I see the same posts yet don't see either of these changes feels like they just don't give a fuck.
And what the fuck is wrong with people blaming the victims and acting like the corporation bares no responsibility?
