Jump to content

The PSN hacking saga - part 3


Recommended Posts

So I know this has been an ongoing topic - I've been hacked twice before even with 2 factor authentication which seems to do fuck all. I changed the email address and that kept me safe for a while until I got this email to the new email address - which means the individual knew my email before having access to the account:

 

Quote

Would you sell psn Uzi for a good price? 

 

Then this morning got a text saying 2 factor had been disabled and got these emails

Quote

 

subject: I'll let you keep games

 

leave the acc i unlinked your paypal etc, you wont keep it.

 

subject: 

all friends etc deleted

 

DDDDDDDDD

 

 

My paypal was not linked on there (I don't keep payment methods on file for this obvious reason)

 

Anyway contacted Sony support to get it back to me which is happening now but the fucked up thing is this guy knew the current email used on the account before getting it and also the PREVIOUS email (he sent the above emails to both) 

 

Is there a sure fire way to protect these fucking PSN accounts?

Link to post
Share on other sites
2 minutes ago, Uzi said:

 

Is there a sure fire way to protect these fucking PSN accounts?

Sadly, I don't think there is. Even changing your email regularly doesn't help as recently our Gooner got hacked via one of his old ones. 2FA is fucked because they let automated bots turn off 2FA without human intervention. At the very least use the app 2FA instead of SMS, but beyond that you can't do anything besides not linking any other accounts to it or leave payment info. 

 

Might be worth changing your username to something less desirable. 

Link to post
Share on other sites

Ultimately the problem is Sony’s organisational lack of competence in online security. Nothing you do, and nothing they add to the system, will make a difference until that changes.

Link to post
Share on other sites
Just now, AI said:

Don't have a cool username? Mine is shite and haven't had any problems for 15 years on PSN.

The last two times it happened it didn't allow you to change online ID's 

 

I will definitely do it now. Shame - I had that ID since Japan launch of the PS3

Link to post
Share on other sites

God, Sony really need to sort this nonsense out. What is the point of 2FA if you can switch it off using a far less secure authentication?

 

I don't really buy digital games, anyway, but this would make me anxious if I had an account with loads of digital purchases attached to it. 

Link to post
Share on other sites
Just now, HarryBizzle said:

God, Sony really need to sort this nonsense out. What is the point of 2FA if you can switch it off using a far less secure authentication?

 

I don't really buy digital games, anyway, but this would make me anxious if I had an account with loads of digital purchases attached to it. 

I try and only go physical mostly but I have years of PS plus content. 

 

So irritating - my MS account has never been in question and I've had that since the hotmail days

Link to post
Share on other sites

If you're a fancy multiplatform owner like me, consider buying every multiplatform on Xbox. That way, you only put your collection of 1st party games at risk. I do this anyway because admittedly this generation I prefer the usability of the Series X over the PS5, but in the back of my mind the lack of security on PSN is also something I keep thinking about with every purchase on there.

 

In your case Uzi, with that username, I'd consider doing it just because of the security risk even if you prefer the PS5 yourself.

Link to post
Share on other sites
4 minutes ago, Mr. Gerbik said:

If you're a fancy multiplatform owner like me, consider buying every multiplatform on Xbox. That way, you only put your collection of 1st party games at risk. I do this anyway because admittedly this generation I prefer the usability of the Series X over the PS5, but in the back of my mind the lack of security on PSN is also something I keep thinking about with every purchase on there.

 

In your case Uzi, with that username, I'd consider doing it just because of the security risk even if you prefer the PS5 yourself.

The vast majority of my games are on Steam/PC so all good there. I still have a huge collection of PSN content (having the account for over 13 years helps with that) so definitely going to change the ID as I can't give that up

Link to post
Share on other sites
1 minute ago, gooner4life said:

 

Don't do that, Sony have put a block on my account which means I wont be able to use automated bots for help changing password or if i lose access to email etc, i'd need to prove my identity via the console serial number.

 

email the CEO's office jon dot budden at sony dot com explain this is the 3rd time this has happened, raise it as a breach of your data protection etc.

 

make them protect your account, you shouldn't have to jump through hoops, if i can help in any other way let me know.

Thank you - I will do that. 

 

But isn't what you said a good thing? If it is that hard for you to change password it would a lot harder for a hacker then?

Link to post
Share on other sites
14 minutes ago, Uzi said:

Thank you - I will do that. 

 

But isn't what you said a good thing? If it is that hard for you to change password it would a lot harder for a hacker then?

 

It is a good thing yeah, but you cant just ask them to do that, i had to keep contacting the CEO's office telling them i wasnt pleased with the outcome and then eventually they flagged my account with that so any account changes would need to have identity verified.

 

You shouldn't have to lose the ID you've had for 16 odd years because of their incompetence.

Link to post
Share on other sites
22 minutes ago, Alex W. said:

Wait, by default you can just open up the support bot and get it to turn all your security off? :lol: They don’t even get you to confirm any personal info?

I believe you'd need at least one of:

  • The credit card used to make purchases on the account
  • The serial number of the first console used to create or log into your account
  • Details of recent transactions made on the account
  • PayPal details (If applicable)

Transaction details seem like the weakest link, as those would be very easy to gather if someone has access to your current or former e-mail account; not sure how recent the purchases need to be.

 

When Sony added the name change option I'm surprised they didn't switch to a system where handles didn't need to be unique but had an identifier appended, like Discord or Xbox Live now has. Outside of reducing targeted attacks, such as Uzi is now facing, it also tackles the problem of names running out; the one I'd like to use is tied to someone that hasn't played a game since FIFA 2013.

Link to post
Share on other sites
55 minutes ago, Alex W. said:

Couldn’t you guess someone’s recent PSN purchases by looking at their PSN public profile? Or better yet, just ring up on the day after the new PS+ titles and rattle off those.

I assume you'd have to supply the specific order/transaction numbers, not just the date. Haven't been through the process myself.

Link to post
Share on other sites
19 minutes ago, Uzi said:

I did that with the second email I used.

So, and sorry if you've already mentioned, what knowledge of you are they using to change it? Presumably not email, if you had a unique one.

Link to post
Share on other sites
1 minute ago, TehStu said:

So, and sorry if you've already mentioned, what knowledge of you are they using to change it? Presumably not email, if you had a unique one.

 

They can use the original email you signed up for the account with, which i assume got compromised so they have transaction ID's etc, that's how they got into mine.

Link to post
Share on other sites
26 minutes ago, Uzi said:

I did that with the second email I used.

 

That suggests the hacker is getting your second email address from social engineering of Sony via knowledge of your first, very dodgy.

Link to post
Share on other sites
2 minutes ago, TehStu said:

So, and sorry if you've already mentioned, what knowledge of you are they using to change it? Presumably not email, if you had a unique one.

Well when you go to forget password there are options other than 2FA - maybe some security questions?

 

5 minutes ago, gooner4life said:

 

They can use the original email you signed up for the account with, which i assume got compromised so they have transaction ID's etc, that's how they got into mine.

My original email is intact - both are in fact. Odd

Link to post
Share on other sites
6 minutes ago, gooner4life said:

 

They can use the original email you signed up for the account with, which i assume got compromised so they have transaction ID's etc, that's how they got into mine.

That's horrendous security. 

Link to post
Share on other sites
2 minutes ago, Uzi said:

Well when you go to forget password there are options other than 2FA - maybe some security questions?

 

My original email is intact - both are in fact. Odd

 

I'd definitely flag all of this information to Sony via the CEO, they will get it escalated to PSN security rather than call centre guys and you will get an actual answer as to how it was all compromised.

Link to post
Share on other sites
23 minutes ago, gooner4life said:

 

I'd definitely flag all of this information to Sony via the CEO, they will get it escalated to PSN security rather than call centre guys and you will get an actual answer as to how it was all compromised.

I will defo write to them tonight thanks

Link to post
Share on other sites

UPDATE

 

I emailed Mr Jon Budden's office yesterday and got a call about an hour ago from the executive team. 

 

Stayed on the phone with me for about 40 mins getting everything sorted and now my account has the protected status to prevent any bot or automated changes. I'm still stumped to how they got in but as well as deleting all of my friends to play with his buddies to play Fortnight/Rogue Company/Warzone (obviously) he has also changed the primary account to Finnish and in the address field he wrote this:

 

I suspect it is a message from the hacker to the kid he sold the account to:

 

32464b5f-ae9e-4303-8251-c19fcd006873.thumb.jpeg.b30cebd095ed0448adac359814319c40.jpeg

 

WTF - I own my current PS3 and the original PS3 I must have sold in 06/07 to some nerd on ebay (it was a japanese import) - that surely can't be it?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Use of this website is subject to our Privacy Policy, Terms of Use, and Guidelines.