Jump to content

PSN Account with 2FA Hacked - Make sure you switch from SMS to Authenticator App


Recommended Posts

From when I first got a PS4 I’ve never had a payment method saved, and turned 2FA on as soon as it was available, all due to the advice from the forum and Pockets’ experience with Watchdog. I have only ever used credit bought elsewhere to buy stuff from the store and even then usually only when it was on sale. In fact I think  TLoU2 is the only game I’ve bought at full price digitally. Just through time I’ve built up a reasonable library of digital games. I now prefer to play downloaded games to minimise the faff of my 11 year old losing my disk when he wants to play something else (I didn’t foresee this being a problem as he was 4 when I got the PS4). 
 

I’ve changed to the Authenticator app now, but I really can’t imagine how much of a pain it is for you to lose access to all your stuff just because Sony’s security is awful. I’m glad it is slowly getting sorted. It really drives home that jumping to fully digital now is probably not a great idea (for PlayStation owners anyway). 
 

When I can finally get my hands on a PS5 (which I will still buy, because games), then I will probably go back to mainly buying games on disk again just to avoid losing complete access if and when this should happen to me. I know the saves might be gone but at least I could still play. 

Link to post
Share on other sites

Having a payment method stored isn't just a security issue, it's also going to cost you more. Cheap credit is literally always available, and typically for around 10% discount. Why would you ever pay full price?

Link to post
Share on other sites

Yeah, I don't believe that not using card payment is a massive inconvenience - cdkeys send codes moments after payment and the few minutes spent tabbing to your email and then back to the store aren't a big deal. If a new release is available or a sale is on, I budget in my head, buy the appropriate credit and make the purchase. Aside from spare change, the credit that hackers would steal from me would only be available for a minute or two before I spend it ;) 

Link to post
Share on other sites
19 minutes ago, Popo said:


Its the first 2FA bypass I’ve ever heard of. 

 

YAY me, first in the world!! :lol: but on a serious note, somebody on Reddit said that a kid hacked him while playing NBA 2K and got support to turn off 2FA just from his PSN name by saying they forgot the email and password.

Link to post
Share on other sites
13 minutes ago, gooner4life said:

 

... and got support to turn off 2FA just from his PSN name by saying they forgot the email and password.

 

"A Chain is As Strong As The Weakest Link outsourced Customer Service agent."  

Link to post
Share on other sites
7 minutes ago, deerokus said:

It's definitely not that. Social engineering and simjacking are two methods. 


No, and just to be clear I’m not saying this is the first ever case, that would be silly. I’ve just personally never come across any stories before. But I’m happy to concede I don’t exactly have my ear to the ground. 

Link to post
Share on other sites

I suspect buying credit from a third party site leaves you more open to fraud than storing you CC details on PSN these days, it’s all a matter of perception though. I do the same btw. People are the weakest link, it’s probably worse now with many working from home and under less oversight than if in a Contact Centre even.

Link to post
Share on other sites

But getting my Credit Card compromised on CDKeys isn’t going to make me lose access to everything I’ve ever bought. I’m happier with the protection from the credit card company than from Sony. 

Link to post
Share on other sites
10 minutes ago, Gigawatt said:

But getting my Credit Card compromised on CDKeys isn’t going to make me lose access to everything I’ve ever bought. I’m happier with the protection from the credit card company than from Sony. 


I don’t follow, placing a credit card on your account won’t affect whether your PSN account is hacked or not. 

Link to post
Share on other sites
2 hours ago, scoobysi said:

I suspect buying credit from a third party site leaves you more open to fraud than storing you CC details on PSN these days, it’s all a matter of perception though. I do the same btw. People are the weakest link, it’s probably worse now with many working from home and under less oversight than if in a Contact Centre even.


I dunno, I would have far more trust in the shadiest PSN credit site than having anything being secured by Sony and you have far more protection if buying the credit from a site than you do a reoccurring authorisation on PSN!

 

 

Link to post
Share on other sites
5 minutes ago, scoobysi said:


I don’t follow, placing a credit card on your account won’t affect whether your PSN account is hacked or not. 


The whole point of not having a payment method on PSN was that so when it does get hacked, whoever steals it can’t spend hundreds on V-bucks or FIFA cards or whatever. 

Link to post
Share on other sites

Also compare and contrast

 

- fraud and lost accounts caused by buying cheap credit on cdkeys et al

- lost accounts and games and fraudulent spending by having a c/card attached to PSN

 

We had a massive thread on sony PSN fraud. Loads of people doing "charge backs" because of fraudulent purchases after hacks and then having their accounts locked out because of the chargeback even though people tried to report the fraud with no luck.

 

I'd sooner post my card details on the town noticeboard than have them on psn :D

 

Link to post
Share on other sites
35 minutes ago, Shimmyhill said:

I dunno, I would have far more trust in the shadiest PSN credit site

 

24 minutes ago, Clipper said:

 

I'd sooner post my card details on the town noticeboard


I’m a bit concerned about your credit card use :D.

 

Anyway, I hope @gooner4life gets access back to his account soon.

Link to post
Share on other sites

That really, really sucks and terrible customer practice by Sony. I'd be on Twitter hashtagging Sony, gaming journos and anyone that will listen. Including no win no fee lawyers - just to get their attention.

 

Doesn't always work - but some companies really do start to pay attention when things get retweeted. And I'm sure many on here would help with that.

Link to post
Share on other sites
1 hour ago, gooner4life said:

It's now 5 days that I've had no access to my account or games for.

 

What is reasonable compensation to expect from Sony? 

Compensation :D - the best you can hope for it that they might give you back access to your games

 

and you should thank them for it!

Link to post
Share on other sites
2 hours ago, gooner4life said:

It's now 5 days that I've had no access to my account or games for.

 

What is reasonable compensation to expect from Sony? 


You could ask about them providing identity theft protection. 

Link to post
Share on other sites

:o

Do you think it happened because it was linked to other accounts?  Surely it has to be cos of this that they managed to get in without 2FA.

 

Also, yeah I remember a while back when Sony said they had added using an authenticator app as another method but myself and another forumer couldn't find any official instructions on switching to this, so thanks to the person in this thread for confirming that you have to turn off 2FA then attempting to turn it on will reveal the two methods.

Link to post
Share on other sites
22 minutes ago, gooner4life said:

Ok, finally had a chat with the Executive Escalations team, my accounts now back in my hands, the idiot using it left his address on it, so they've breached his Data protection and his security as I want to go for a drive, i got my PS+ Extended by 2 months, and £5 credit for the lost access to PS Now for a week.

 

The hack was done via their chatbot, they had got access to my old email address (ntl ISP one) and used a transaction ID from 3 years ago in the email to get 2 step turned off and the email changed back to that, they then changed the email a further 6 times and all details and none of that triggered a warning inside PlayStation HQ's monitoring, and I can't secure that old email, it doesn't exist according to Virgin Media so I'm at risk of them just doing it all over again.

So pleased you got it back, bit disappointed by the compensation tbh, given the distress it gave you (as it would anyone losing potentially thousands of pounds worth of games).

 

Also impressed they told you how it was done, surely they will put some systems in place to stop it happening again... chatbot, FFS! 

 

Enjoy your drive ;)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Use of this website is subject to our Privacy Policy, Terms of Use, and Guidelines.