• Light/Dark
  • Ever wanted an RSS feed of all your favorite gaming news sites? Go check out our new Gaming Headlines feed! Read more about it here.

My psn account was stolen with 2 factor turned on; how?

carlos

carlos

Member
Oct 25, 2017
429
Happened 15minutes ago, they just changed my log in info. Anyone know who I have to contact now?

Am desperate, will update

EDIT: Managed to get the account back after talking to customer service via phone. All that they asked for was the original email that was used to create the account, so there is a chance I might lose the account again if they buy his sob story and turn off 2FA again.

The guy got the account banned for racist content for a week. (I dont have ps+, so he messaged people, I guess?) I am unsure whether to contact sony regarding this.
 
Last edited:
Sho_Nuff82

Sho_Nuff82

Member
Nov 14, 2017
18,412
Does 2-factor go to your email or phone number? Hard to think they could've changed it without triggering a reply that would be visible to at least one.
 
OP
OP
carlos

carlos

Member
Oct 25, 2017
429
Just got a text message saying 2 factor was turned off, and while I qas trying to turn it back on, they changed the login info

Cant find sony support chat
 
oni-link

oni-link

tag reference no one gets
Member
Oct 25, 2017
16,015
UK
Could someone have reset the 2FA with Sony by having other personal info to hand?
 
Mesoian

Mesoian

▲ Legend ▲
Member
Oct 28, 2017
26,431
2FA through SNS isn't really that secure as an attack on your mobile account can still get your info. People should be using a decent 3rd party, like Authy, for 2FA needs.

OP, the first thing I'd look at is whether or not your phone's mobile account has been breached while you're waiting for Sony to get back to you.
 
Expy

Expy

Member
Oct 26, 2017
9,861
carlos said:
Happened 15minutes ago, they just changed my log in info. Anyone know who I have to contact now?

Am desperate, will update
Click to expand...
Click to shrink...
carlos said:
Just got a text message saying 2 factor was turned off, and while I qas trying to turn it back on, they changed the login info

Cant find sony support chat
Click to expand...
Click to shrink...
Timeline doesn't add up. You said it happened 15 minutes ago, but then you say you got a text later and that they change the info after?
 
Disco Infernal

Disco Infernal

Banned
May 14, 2021
16,731
If you get it back, switch to the method where you enter a code to access the account. If you're an Apple user, there's an Authenticator built right into the OS.
 
OP
OP
carlos

carlos

Member
Oct 25, 2017
429
I was chatting with someone from sony, chat got disconnected , now it says sorry we couldnt help, try later
 
Gnorman

Gnorman

Banned
Jan 14, 2018
2,945
Mesoian said:
2FA through SNS isn't really that secure as an attack on your mobile account can still get your info. People should be using a decent 3rd party, like Authy, for 2FA needs.

OP, the first thing I'd look at is whether or not your phone's mobile account has been breached while you're waiting for Sony to get back to you.
Click to expand...
Click to shrink...
Spoofing phone numbers seems like a lot of effort for a random person's psn account. Much more likely it's social engineering. Might even be someone the OP knows.
 
Spacejaws

Spacejaws

One Winged Slayer
Member
Oct 27, 2017
7,795
Scotland
The one thing I miss using the authenticators is that I don't get a prompt if someone tries to login to the account but fails the mfa like you do with sms.

I have had the issue on the OP before with UPlay account. SMS 2FA and I did get an email just to say someone from India had succesfully logged in and if it was me and I'm like where the fuck was my text asking for a login code? Changed it to authenticator as soon as I could after.
 
Haloid1177

Haloid1177

Member
Oct 25, 2017
4,533
Spacejaws said:
The one thing I miss using the authenticators is that I don't get a prompt if someone tries to login to the account but fails the mfa like you do with sms.

I have had the issue on the OP before with UPlay account. SMS 2FA and I did get an email just to say someone from India had succesfully logged in and if it was me and I'm like where the fuck was my text asking for a login code? Changed it to authenticator as soon as I could after.
Click to expand...
Click to shrink...

Depends on the authenticator you're using and who you're authenticating from. I use LastPass cause it offers a good backup but no notification, but Microsoft Authenticator when signing into 365 accounts will always send a push notification. Same for something like Duo, which is how I was made aware of an attack at work one time.
 
Tendo

Tendo

Member
Oct 26, 2017
10,387
Most likely they convinced sony they were you and you no longer had the phone linked to 2fa and asked to have it removed. Sorry. That really sucks :( hopefully they get it sorted soon. For sure call any credit card or account linked to that account and let them know so they can either disable charges to that account or get you a new card.
 
Dante316

Dante316

Member
Oct 25, 2017
947
I changed my number to Google authy, since it works alot easier for me, sucks OP.. hopefully you get your account back.
 
Norris1020

Norris1020

Prophet of Regret
Member
Oct 27, 2017
1,460
Does PSN support app verification for 2FA? As far as I knew it was only text or email but I admit I haven't messed with it since it set it up the day it became available.
 
Filth_Flannigan

Filth_Flannigan

Member
Oct 28, 2017
1,025
NewDust said:
People calling Sony, pretending to be you, with enough information (or a +5 in Charisma) to get past the phone verification process.
Click to expand...
Click to shrink...


Yep, I have never done this for nefarious means, but I am that +5 Charisma Cat that can get about anyone on the phone or in person to give me what I want or need lol. I just look them in the eye (if they are in person) and treat them with kindness and respect. Its amazing what people will do when you are kind and respectful, sometimes they may do things they shouldn't.
 
Swiggins

Swiggins

was promised a tag
Member
Apr 10, 2018
11,446
Filth_Flannigan said:
Yep, I have never done this for nefarious means, but I am that +5 Charisma Cat that can get about anyone on the phone or in person to give me what I want or need lol. I just look them in the eye (if they are in person) and treat them with kindness and respect. Its amazing what people will do when you are kind and respectful, sometimes they may do things they shouldn't.
Click to expand...
Click to shrink...
I work in the legal system and it's amazing what you can accomplish by treating court clerks like they're your grandmother.
 
TheLastOne

TheLastOne

Member
Oct 25, 2017
455
Someone had enough details about you, or access to your email, etc. to convince Sony support that they were you, and they were locked out of their account as they lost their token. Sony support then likely kindly disabled the 2FA to help get them logged back in.

This sort of social engineering attack is rampant.
 
Jawmuncher

Jawmuncher

Crisis Dino
Moderator
Oct 25, 2017
38,397
Ibis Island
Dante316 said:
I changed my number to Google authy, since it works alot easier for me, sucks OP.. hopefully you get your account back.
Click to expand...
Click to shrink...

Unless they updated the App (Been awhile since I used it) you should really change from Google Auth to something like Authy.
I recall Google Auth was really bad about having any sort of backup plan if something happens to your phone and you can't turn it off via the device itself.
 
TechnicPuppet

TechnicPuppet

Member
Oct 28, 2017
10,809
These threads scare me to death I love 2FA and have everyone I know using it with a different password for each site.
 
Spacejaws

Spacejaws

One Winged Slayer
Member
Oct 27, 2017
7,795
Scotland
Haloid1177 said:
Depends on the authenticator you're using and who you're authenticating from. I use LastPass cause it offers a good backup but no notification, but Microsoft Authenticator when signing into 365 accounts will always send a push notification. Same for something like Duo, which is how I was made aware of an attack at work one time.
Click to expand...
Click to shrink...
Yea I use Microsoft Authenticator for 365 and wish more authenticators operated like that. I like Authy otherwise however.

Norris1020 said:
Does PSN support app verification for 2FA? As far as I knew it was only text or email but I admit I haven't messed with it since it set it up the day it became available.
Click to expand...
Click to shrink...

It was added awhile back. I've been using an authenticator app for some time now.
 
Precious Tritium

Precious Tritium

Member
Oct 25, 2017
9,398
Hey OP same thing happened to me, a couple times actually.

I'm 95% sure they have some of your info and were able to get Playstation Support to turn off 2 Factor Authentication.

You need to contact PS support to have them reverse the User ID change. As long as your email is secure they can't actually confirm that change. So you can actually still request a password reset to your email address which would at least lock them out while you are dealing with support. If your on PS4 you're going to want to make sure your PS4 is the primary Playstation if they changed that you have to get Support to switch it back but it takes a day and you need to confirm your serial number.

The annoying part is the info they need to confirm who you are when talking to support doesn't change. It's something like your full name, the PSN ID, original email used to create the account, maybe last 4 digits on your CC etc. I've never changed my PSN ID which may be something that could prevent them doing it in the future, but changing the User ID to another one of my other emails didn't help. Since support always asks for the original email, it's a blessing and a curse I guess. Keeps them able to do it, and make it possible for you to keep being able to undo it.
 
Last edited:
0ptimusPayne

0ptimusPayne

Member
Oct 27, 2017
5,747
How am I supposed to change it to an authentication app? When I log in it just allows me to change to a different phone number
 
OP
OP
carlos

carlos

Member
Oct 25, 2017
429
I had someone who tried to ask sony about my account years ago, since then I changed the password and turned on 2fa
 
CatAssTrophy

CatAssTrophy

Member
Dec 4, 2017
7,611
Texas
If we're currently using a phone number for 2FA, how do we go about switching over to using an app?

I can't seem to find the option in my account/security settings on the website. Only lets me change my number, add a number, or deactivate 2FA altogether.
 

slothrop

▲ Legend ▲
Member
Aug 28, 2019
3,876
USA
nsilvias said:
2fa has been compromised for a while
Click to expand...
Click to shrink...
2FA is not "compromised". This is not even a meaningful statement because there are many different possible second factors each of which operate differently. This statement implies that 2FA is not any additional benefit which is categorically false.

It is possible to compromise an account behind 2FA though yes. SMS is the least secure method by far, and any method that customer support can override is subject to an attacker just tricking support if the company does not have adequate process controls. Any non-hardware-key method is subject to a user being live-phished by an attacker and pasting the 2FA code into a fake site.

But you should always enable 2FA, ideally TOTP (i.e., Google Auth or Authy, etc) or a hardware key like a Yubikey where possible. It makes attacks much more complex.
 
Confusatron

Confusatron

Member
Oct 27, 2017
307
Seattle, WA
Perfect example of social engineering, a year ago I legitimately had to reset my 2FA on my Nintendo account, due to a screw up on my part and having had to factory reset my phone. I was able to call Nintendo and get it done, no sweat. It only took a couple of minutes. 🤦‍♂️
 
You must log in or register to reply here.