BBC's Watchdog - rllmuk vs Sony

[Robbo]

Also known as: useless encryption. As far as this is concerned.

Agreed but I thought it worth making the distinction.

[OlsBean]

Update on my case: My boys sub-account is back and so are his games for his PS-Vita finally. I'm pleased that Sony finally did the right thing, though why we had go through all this is totally beyond me and probably everyone else because all they have done in the long run is alienate me, my family and close friends as future customers.

[Harsin]

I'm reminded of that bit in Steve Jobs biography where it talks about how he was terrified of Sony as a competitor that would steamroll them when they released the iPod and then watched in bemusement as they seemed to do everything in their power to actively sabotage themselves and put customers off their digital music devices.

[stefcha]

Update on my case: My boys sub-account is back and so are his games for his PS-Vita finally. I'm pleased that Sony finally did the right thing, though why we had go through all this is totally beyond me and probably everyone else because all they have done in the long run is alienate me, my family and close friends as future customers.

Yeah but Sony's loss is rllmuk's gain

And lets be honest, we need the numbers.

[OlsBean]

Yeah but Sony's loss is rllmuk's gain

And lets be honest, we need the numbers.

I have felt the Love ever since I arrived

Still searching for a World of Tanks thread though!

[Graham S]

I have felt the Love ever since I arrived

Still searching for a World of Tanks thread though!

Start one!

*edit*

Or use this old one:

http://www.rllmukforum.com/index.php?/topic/271665-world-of-tanks/

[stefcha]

http://www.rllmukforum.com/index.php?/topic/271665-world-of-tanks

edit: If only the search defaulted to "title search" then this wouldn't be a problem

[Xevious]

Just a quick question for people who have had their accounts stolen - if you put your email address into https://haveibeenpwned.com/ does it say that it's been compromised at all?

[Boozy The Clown]

Has the Sony share price collapsed yet ?

Why the negs ?

[Dudley]

It says no. I've got no idea what that really means though.

Well let me put it this way, one of my email addresses came up positive with a link to it and a password I used to use on some sites where I didn't need a lot of security.

[TehStu]

IncredibleSatan, many, many moons ago I worked L2 for BT, and that all sounds depressingly familiar.

Really appreciate you coming here and posting that, and for offering to answer questions. Somewhat reassuring that you can't see passwords or security challenge questions, Sony doesn't exactly inspire confidence when it comes to security.

[Bacon Horsemeat]

What's this L stuff mean, tiers of responsibility?

[TehStu]

Level 1, level 2, etc. Front line staff are level 1. Level 2 have a bit more access, level 3 do specialist stuff. Each of us L2s took turns to be the L3.

[Guest]

IncredibleSatan, in light of this thread, I suppose the most pertinent question is whether Sony have acknowledged there is a backlash starting, whether they're going to do anything about it, and whether any changes in policy have filtered down to you guys?

[OlsBean]

Hi rllmuk, I'm a CS agent at PlayStation Support. I wish to remain annoymus for obvious reasons.

I'd like to address a few concerns within this thread. I've been closely watching Pockets and Olsbean's cases. Firstly, I'd like to say congrats to both of you for getting a refund from SCEE. Working for PlayStation is absolutely horrific and it's definitely not what was advertised on our job descriptions. We were falsely marketed a job as a CSA, and that then turned out to be a tech support agent / customer service agent handling complaints. Our training was 4 weeks of pain, and our job involves telling people they can't get a refund, or going through standard troubleshooting which you can find on the website anyway!!

I hate my job. I will be absolutely honest with you guys. They treat us like children, and we have no freedom of speech in our workplace. PlayStation outsource their customer service to a company called Sykes Enterprises. They're an American company. They have call centres in Berlin and in Edinburgh, as was dually noted by the outbound call to Olsbean. Our workplace is a health & safety disaster and I'm honestly flabbergasted at the fact they've not been shut down.

We don't have a script to read from, aside from the "intro" which is drummed into our heads. "Hi, thanks for contacting PlayStation Support"... FUCK OFF!! I'm surprised you guys put up with it!!!! We have targets to work to which include having calls last no longer than 9 minutes. So if we're rushing, it's because we want to keep our job, not because we can't be bothered to help you.

I've been at PlayStation for a long time now, and in that time I've seen families come to tears because their account have had £1000s worth of debt on it. I understand exactly what you guys are going through, and when someone on the phone says "I understand" believe us, we truely do understand the absolute ball ache SCEE cause.

We are given a limited amount of actions we can carry out. We are able to see players wallet balance, first & last 4 digits of their card / other billing info, every single transaction, every event that has been recorded about the account as well as your consoles you've activated/deactivated, Sign in ID, Online ID, DOB, and other general account details. The only things we aren't able to see is the account password or security question you've picked.

Everything we do as L1 agents has to be escalate to an L2 agent, and from there will be either be escalated directly to SNEE/SCEE in London, or to the only L3 agent in our centre.

It's boggles the mind the shit Sony gets away with, and genuinely surprised that they've not had any legal proceedings regarding their policies.

I can answer any questions you have, but please be advised, I'm not here to take any stig. I'm here to vent my frustration at SCEE just like you guys. I come from the same background of being a gamer all my life, and my perception about a company has never been more quickly turned than working at PlayStation. As I said, I'll answer any questions you, obviously I won't be breaking any DPA or anything of that sort. I'll answer questions you may have about processes or what you can do, etc.

I'd also like to note that I've had 10 good friends leave the company in the past month. Purely because of how bad this job really is. SCEE really doesn't communicate internally never mind to the consumer. Try getting SCEA and SCEE to talk is like asking to be given a lucky lottery ticket!

An enlightening post thank you for taking the time to speak out, it's good to get the perspective from the other end of the line, just out of interest how did you come across the threads here on rllmuk?

As well as the recorded events are there notes about customers, a sort of intel, like "this customer can be a real pain in the arse, give no quarter!" for example, I only ask because when I rang up recently after my Son was suddenly suspended when the CS agent started reading my Notes I could swear she started giggling I remember when we lived in Somerset the local hospital got exposed for putting "NFB" on patient's notes, which stood for "Normal for Bridgwater".

Do you have a protocol for terminating a call? I had a guy hang up on me for refusing to end the call until I was given a satisfactory answer to my query.

Jon's question is a good one, it would be interesting to see if any feedback has filtered down to your level since recent events, namely Watchdog.

[choddo]

What is depressing about this is that Sony were doing a great job of turning things around with the PS4 and getting a great rep again. Then they shoot themselves in the foot by clearly not trusting their customers and taking the default position that everyone is out to defraud them. It's an insane way to treat the people that give you your revenue.

[Harsin]

It seems to be a thing in consoles, they get a whiff of power and suddenly think they can get away with anything. PS2 does great and Sony goes all "Next generation begins when we say so", "Five Hundred and Ninety Nine U.S. Dollars" and advises customers to get a second job. When customers rightly said 'Nope' to all that, you suddenly had Jack Tretton on stage at E3 acting like a Victorian street seller nervously kneading his hat as he tries to get some well-to-do gent to buy his wares and mumbling about how humble customers made them feel. Same with Microsoft who are currently going through the same contrite phase, it was all TEE VEE TEE VEE TEE VEE and DRM out the wazoo when they thought customers would swallow whatever they put out.

[JPickford]

Are Watchdog aware of this thread? This inside info might trigger a follow-up.

[Spacehost]

I think IncredibleSatan needs a knighthood, or at least some form of high-level squireing position.

[angel]

of course they aren't gona change. its like a recall of a product vs paying compensation. its cheaper to patch the odd thing than fix.

[Kryptonian]

IncredibleSatan, you mentioned fraud and refunds by the customers bank - are those psn accounts still to be banned or not?

[bradigor]

Fantastic response from Incredible Satan and having also worked in a call center for M&S, as well as Scottish Power, I can only back up what he says. The treatment you get in those places you wouldn't wish on your worst enemy.

[TehStu]

Yes, it could be fake. If it's CGMF, he's gone to unusual lengths to cover his tracks, this time.

I don't really care either way. It's not unusual for a call centre environment, but if true makes me wish I wasn't so invested in my PS4.

[angel]

It sounds reasonably accurate, but there's nothing I couldn't either say or easily fake being said here. And the standard reply to me from him is 'believe me if you like'. And yet everyone instantly believes.

[angel]

ive no idea, im just remaining open minded either way. ive had some horrendous support from psn, before one person finally gave in and helped me, hinting strongly at a typo in my registered email address until i got it.

[angel]

i was verified and yet they still coudlnt confirm the email address on my account, eventually one guy said maybe sir, maybe you have an extra character in it, and i went through the alphabet until they said MAY BE its that one sir

[Bazjam]

Sadly this seems to be the case with most call centers these days. I just simply don't bother phoning companies any more, and use online communication where possible. Had some horrendous experiences in recent years with EE, BT & Microsoft (touch wood not had to contact Sony recently).

[DocG]

Thanks for your contributions, IncredibleSatan. Great to have you here. Just a little note:

Can I also just note a little thing about the authentication on PSN. As you have seen from a post earlier in the thread Sony's encryption may be slightly out-dated, however Steam uses AES_128_CBC rather than AES_256_CBC encryption protocol. Not that I'm defending them, but just something I thought I'd point out it's somewhat comparable to Microsoft's XBL service too.

That's not worrisome. A nice quote I found: "An exhaustive attack on AES-128 will almost certainly be infeasible for several decades. The usual computation is, if you did a 128-bit exhaustive attack on modern hardware and used the world's oceans as a heat sink, you would boil them dry. (Compare to a 256-bit exhaustive attack, which if run on an ideal computer at the temperature of the cosmic microwave background, would take all the energy in the galaxy; from Bruce Schneier's Applied Cryptography)." In any event, I don't think there's ever been a practical case of anyone attacking something like PSN or Steam via MitM techniques; it's a challenging approach. Much easier to phish people's account details, use dictionary attacks, reuse credentials from other security breaches, or (historically, at least) attack Sony's servers directly.

On the other hand, Steam does have an (admittedly weakish) 2FA; when you sign in on new hardware it requires you to click a link in an email for the sign in to proceed. Provided the user hasn't done anything stupid like used the same password for their email and their Steam account this is a useful extra layer of security, and is far, far stronger than Sony's reliance on username + password alone. It's not as good as a proper OTP token though, like Google's Authenticator, Apple's 2FA, Facebook's in-app code generator, or any other implementation of RFC 6238.

[Alex W.]

Hail IncredibleSatan.

[Istanbul]

Thanks IncredibleSatan, your info and input is much appreciated on here.