Jump to content

PSN Account with 2FA Hacked - Make sure you switch from SMS to Authenticator App


Recommended Posts

I'm sorry you had to fall victim in this way, gooner, for the issue to come to light - I mean, I'm sorry you've fallen victim full stop, of course - but it's prompted me to enable 2FA on my Playstation and Nintendo accounts, both of which automatically opened the MS authenticator app and are able to use it for the purpose, which is quite neat.

 

Cue someone posting about how the MS authenticator app is also absolutely riddled with security holes and only a complete moron would use it. :D

Link to post
Share on other sites
47 minutes ago, Popo said:

I'm sorry you had to fall victim in this way, gooner, for the issue to come to light - I mean, I'm sorry you've fallen victim full stop, of course - but it's prompted me to enable 2FA on my Playstation and Nintendo accounts, both of which automatically opened the MS authenticator app and are able to use it for the purpose, which is quite neat.

 

Cue someone posting about how the MS authenticator app is also absolutely riddled with security holes and only a complete moron would use it. :D

 

MS Authenticator is good as has backup/recovery using your O365 account (unlike the Google Authenticator app which has no backup).

Link to post
Share on other sites
9 minutes ago, BongoInferno said:

 

MS Authenticator is good as has backup/recovery using your O365 account (unlike the Google Authenticator app which has no backup).

gah, been using Google Authenticator... hopefully they will provide a backup for it soon.

 

Out of curiosity are these linked directly to the hardware ID of the device and thus upgrading your phone etc would render it useless?

Link to post
Share on other sites
1 hour ago, BongoInferno said:

 

MS Authenticator is good as has backup/recovery using your O365 account (unlike the Google Authenticator app which has no backup).

Google Authenticator has it too but it's manual. Need to export and then import into new phone. So export ahead of time.

Link to post
Share on other sites

The fuck on my account has managed to sign into my epic games account and tried to de-link from my twitch, xbox, psn, etc, they can sign in without a 2 factor code because they're not signing directly into the epic account.

 

This is stress man.

Link to post
Share on other sites
8 minutes ago, gooner4life said:

The fuck on my account has managed to sign into my epic games account and tried to de-link from my twitch, xbox, psn, etc, they can sign in without a 2 factor code because they're not signing directly into the epic account.

 

This is stress man.

 

Fuck, do you know they did this with Epic?

Link to post
Share on other sites
16 minutes ago, Minion said:

 

Fuck, do you know they did this with Epic?

 

Yeah i got all the emails saying they had de-linked my twitch, nintendo, and tried to delink xbox but that wouldnt remove as it was a merged account.

 

I'm in contact with Epic's support who are great compared to Sony, I'll hopefully even get the IP address of the idiot who logged into the Epic Games account.

Link to post
Share on other sites
2 hours ago, gooner4life said:

The fuck on my account has managed to sign into my epic games account and tried to de-link from my twitch, xbox, psn, etc, they can sign in without a 2 factor code because they're not signing directly into the epic account.

 

This is stress man.

Sorry miss read the post

Link to post
Share on other sites
2 hours ago, Minion said:

 

Fuck, do you know they did this with Epic?

I'd guess they went into fortnite, accounts, unlink accounts... Which is not really a security hole. However the fact that Epic can provide an IP address will help, hopefully.

Link to post
Share on other sites
3 minutes ago, Quexex said:

I'd guess they went into fortnite, accounts, unlink accounts... Which is not really a security hole. However the fact that Epic can provide an IP address will help, hopefully.

 

Yeah but I have 2 step activated on my Fortnite account via MS Authenticator and they turned that off and activated a new authenticator all via a playstation sign on that doesnt require Epic's 2 step.

Link to post
Share on other sites

Obviously not much help to you now, but you can disable Single Sign-On for an Epic account. It's not really something you'd think about until there's an issue, but I'd recommend steering well clear of SSO whenever possible, at least for any account you've the least bit of investment in.

 

Another easy security step I recommend is using semi-custom email addresses for logins, at least if you use Gmail or a service with a similar feature. If you owned yourname@gmail.com, for example, you could have your PSN account use yourname+playstation@gmail.com; everything from the plus onward is parsed out, so all mail will arrive in your regular inbox.

 

The main benefit to this obfuscation is tripping up automated processes running down a list of hacked account details, as your logins for different services are 'unique', but it might also help slow down someone trying to social engineer their way into your accounts.

Link to post
Share on other sites
36 minutes ago, Ferine said:

Obviously not much help to you now, but you can disable Single Sign-On for an Epic account. It's not really something you'd think about until there's an issue, but I'd recommend steering well clear of SSO whenever possible, at least for any account you've the least bit of investment in.

 

Another easy security step I recommend is using semi-custom email addresses for logins, at least if you use Gmail or a service with a similar feature. If you owned yourname@gmail.com, for example, you could have your PSN account use yourname+playstation@gmail.com; everything from the plus onward is parsed out, so all mail will arrive in your regular inbox.

 

The main benefit to this obfuscation is tripping up automated processes running down a list of hacked account details, as your logins for different services are 'unique', but it might also help slow down someone trying to social engineer their way into your accounts.

 

Thank's I've just disabled single sign on.

Link to post
Share on other sites
1 minute ago, gooner4life said:

Still not even an email, they’ve asked for no ID or anything.

 

Have you tweeted them and/or tried to contact an exec team like you mentioned the other day?

 

This is really shit :(

Link to post
Share on other sites
37 minutes ago, Kryptonian said:

 

Have you tweeted them and/or tried to contact an exec team like you mentioned the other day?

 

This is really shit :(

 

I've contacted Jon Budden the UK CEO of Sony computer entertainment, I've now also copied in Jim Ryan, they simply don't care, to them it's just somebody losing access to a few games for a period of time

Link to post
Share on other sites
8 minutes ago, gooner4life said:

 

I've contacted Jon Budden the UK CEO of Sony computer entertainment, I've now also copied in Jim Ryan, they simply don't care, to them it's just somebody losing access to a few games for a period of time

Unfortunately they will be slow at responding, if they respond at all. I take it when you call you ask to have your issue escalated to a manager rather than a call handler?

Link to post
Share on other sites
3 minutes ago, Quexex said:

Unfortunately they will be slow at responding, if they respond at all. I take it when you call you ask to have your issue escalated to a manager rather than a call handler?

 

Yeah they said they need to remove my case from the queue it's in and place it in another queue to do that :lol:

Link to post
Share on other sites

Curiously, I also had my PSN account hacked recently. I didn't have two step at the time, though I activated immediately afterward. I got my account back immediately upon calling Playstation support, it was the email change notification that tipped me off.

 

Interestingly, they must have been in my account for a while before they sold it to some poor schmuck as there were some leftover messages in there. I'd been mainly playing on Steam for a few months beforehand since it was the end of gen, so they probably sent some spam bullshit out as well. One of the messages was this:

 

'Hello As you may already know Our former -REDACTED- Telegram channel was taken down by Sony and this shows how much they feared us and that we actually were making a change in selling cheap game accounts. But we won't be stopped neither we won't be defeated Join our new Telegram Channel: REDACTED'

 

I don't think Sony's scared of you, you bunch of thieving bastards, I'm pretty sure they just view you in the way I do - something to be squashed underfoot and forgotten about as soon as humanly possible.

Link to post
Share on other sites
6 minutes ago, Kayin Amoh said:

Curiously, I also had my PSN account hacked recently. I didn't have two step at the time, though I activated immediately afterward. I got my account back immediately upon calling Playstation support, it was the email change notification that tipped me off.

 

Interestingly, they must have been in my account for a while before they sold it to some poor schmuck as there were some leftover messages in there. I'd been mainly playing on Steam for a few months beforehand since it was the end of gen, so they probably sent some spam bullshit out as well. One of the messages was this:

 

'Hello As you may already know Our former -REDACTED- Telegram channel was taken down by Sony and this shows how much they feared us and that we actually were making a change in selling cheap game accounts. But we won't be stopped neither we won't be defeated Join our new Telegram Channel: REDACTED'

 

I don't think Sony's scared of you, you bunch of thieving bastards, I'm pretty sure they just view you in the way I do - something to be squashed underfoot and forgotten about as soon as humanly possible.

That's good to hear, I wonder why it's taking them so long to sort @gooner4life issue

Link to post
Share on other sites

 

5 minutes ago, gooner4life said:

Just got off the phone to Sony support, he verified my identification and then confirmed to me that my account has now been suspended so the little scrote has no access to it anymore.

 

It's now with the level 3 team who will investigate how they turned off 2FA and secure the account to return it to me.

Finally progress :) 

4 minutes ago, gooner4life said:

 

I suspect it's the fact they turned off 2FA on my account, the last guy i just spoke to said they need to investigate how that happened.

Yeah, that's probably setting off some alarm bells! Hopefully they wont keep you waiting too long.

Link to post
Share on other sites

So turning off SFA (not advisable) but means you get your account back quickly if it gets hacked. However if you have it turned on and get hacked it can take days to get your account back.... hmmmm

Link to post
Share on other sites
18 minutes ago, Quexex said:

So turning off SFA (not advisable) but means you get your account back quickly if it gets hacked. However if you have it turned on and get hacked it can take days to get your account back.... hmmmm


Probably more to do with them jumping into troubleshooting mode without thinking to contact @gooner4lifefirst.
 

Genuinely pleased to hear the account’s been suspended and they’re working on getting to the bottom of it. 
 

I’d also be fascinated to hear how 2FA was circumvented. 

Link to post
Share on other sites
27 minutes ago, Popo said:


Probably more to do with them jumping into troubleshooting mode without thinking to contact @gooner4lifefirst.
 

Genuinely pleased to hear the account’s been suspended and they’re working on getting to the bottom of it. 
 

I’d also be fascinated to hear how 2FA was circumvented. 

 

I won't ever get told how the hack happened.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Use of this website is subject to our Privacy Policy, Terms of Use, and Guidelines.