Waypoint: "The Long, Weird Story Explaining Why I Bid $700 for a Stolen PSN Account"

Orb · Oct 9, 2018

$1,200. That's how much someone is asking for a PlayStation Network account I've been investigating for the past few weeks. "Secure," the person calls it, claiming the account will "never be touched" by the original owner again. "He won't be getting it back," they claim. More than a thousand dollars? That's a little rich for my blood, and so I counteroffer: $700.

"Btc?" they respond, accepting my bid. (BTC refers to bitcoin. The majority of transactions like this take place using cryptocurrency; it's generally harder, but not impossible, to trace.)

I didn't purchase the account, of course. But I could—anyone could, if they only knew where to look. This account wasn't on a shady market because someone was clumsy with their digital security. They had a strong password and two-factor authentication. When they were notified about problems with their account, they called Sony and asked for help.

Despite all this, despite proving their identity over and over, they lost access to their PSN account, including any trophies earned or any games purchased. It was gone...well, sort of. The original owner no longer had access, but this person—the individual asking for $1,200 but who quickly and without hesitation dropped to $700—did.

Lots more at the full article: https://waypoint.vice.com/en_us/art...-why-i-bid-dollar700-for-a-stolen-psn-account

Interestingly, this sounds almost exactly like a scenario that we had a thread about a while back: https://www.resetera.com/threads/banned-from-psn-on-my-birthday.68193/

Seems like Sony customer service is pretty much incompetent and hasn't kept up with modern security practices. These kinds of social engineering attacks are well known at this point, and companies like Amazon and Apple have updated their policies to fight them. But it seems like all you need to do to get Sony to turn over a PSN account is call enough times until you get a rep lazy enough to let you in.

Kinda scary, considering I'm in the same boat as the subject of the article. Strong, unique passwords, two-factor authentication, the works. And yet it seems like nothing would really stop someone who wanted to steal my account because Sony isn't doing the right thing.

dex3108 · Oct 9, 2018

$1,200. That's how much someone is asking for a PlayStation Network account I've been investigating for the past few weeks. "Secure," the person calls it, claiming the account will "never be touched" by the original owner again. "He won't be getting it back," they claim. More than a thousand dollars? That's a little rich for my blood, and so I counteroffer: $700.

"Btc?" they respond, accepting my bid. (BTC refers to bitcoin. The majority of transactions like this take place using cryptocurrency; it's generally harder, but not impossible, to trace.)

I didn't purchase the account, of course. But I could—anyone could, if they only knew where to look. This account wasn't on a shady market because someone was clumsy with their digital security. They had a strong password and two-factor authentication. When they were notified about problems with their account, they called Sony and asked for help.

Despite all this, despite proving their identity over and over, they lost access to their PSN account, including any trophies earned or any games purchased. It was gone...well, sort of. The original owner no longer had access, but this person—the individual asking for $1,200 but who quickly and without hesitation dropped to $700—did.

https://waypoint.vice.com/en_us/art...r-a-stolen-psn-account?utm_source=wptwitterus

This and many other horror stories about PSN really makes them the worst digital service provider on PC and console market (well maybe Nintendo is worse but i am not sure). With lack of refund policy (i am not calling their good will to refund you one purchase and ban you from chat support after that refund policy), store features, account security, bad customer support... they really need good wake up call.

Deleted member 4044 · Oct 9, 2018

Yeah, Sony's customer support is actually pretty bad for anything, whether it's cancelling a preorder of a game to dealing with account lockout issues to potential account theft. Microsoft's has been a lot better for when I have to contact them (and they have self service refunds too).

Sou Da · Oct 9, 2018

Patrick really wanted a new PSN name huh.

Patrick Klepek · Oct 9, 2018

Wow, it *does* sound like that thread, doesn't it? :)

Shelbyville Milhouse · Oct 9, 2018

I just got my account "back" (I don't think it was actually hacked, no idea what happened)
For some reason the primary phone number on my account was not my phone but a number I did not recognize. So I could not log into my account. I only recently noticed this (haven't really played much PS4 in the last couple of months). No idea how that happened. There were no purchases made on my account, as far as I can tell no games where played, nothing - which is why I don't think it was hacked.
No idea where that phone number came from and how it got there.

Anyway, getting my account "back" took like 4 days.

Sou Da · Oct 9, 2018

Patrick really wanted a new PSN name huh.

R dott B · Oct 9, 2018

They had a strong password and two-factor authentication. When they were notified about problems with their account, they called Sony and asked for help.

Despite all this, despite proving their identity over and over, they lost access to their PSN account,

What the...

asynchrny · Oct 9, 2018

As someone who had to deal with customer support to get my account back when they decided to reset passwords a few years ago, I kind of got scared at how amateurish they are at dealing with this stuff.

Not that I was worried someone might steal my account through their support, more that they aren't helpful at all when you're locked out of it.

They just go through their script and don't really care about you losing access to everything you own.

But hey, Google is pretty shit too. Probably way worse since they just give you online forms that don't even work as intended.

This is a big deal when we have so much value attached to these digital accounts and most companies aren't actively trying to make it better.

The 2-factor SMS authentication is such a lousy half step that it hurts me to even think about it.

Orb · Oct 9, 2018

Sou Da said:
Patrick really wanted a new PSN name huh.

If my username was "MechaMothra," I'd pay $700 to get a new one too. :P

stumblebee · Oct 9, 2018

Sony's customer support for this kind of thing absolutely blows. I've had to jump through similar hoops. Fortunately, I got my issue fixed in a few months and I didn't need to get a journalist involved.

DarkLordMalik · Oct 9, 2018

Why was it worth so much? Did it had hundreds of games?

Taker34 · Oct 9, 2018

This must be a bad joke, what's the point of 2FA if people can take over an account like that. Under no circumstances whatsoever should the customer support act so carelessly.

Kongroo · Oct 9, 2018

Terrifying.

JustJavi · Oct 9, 2018

Why was it so expensive? How many games did it have?

Deleted member 135 · Oct 9, 2018

Did the thief only need the PSN name or also the associated email to socially engineer the account away?

Neo0mj · Oct 9, 2018

DarkLordMalik said:
Why was it worth so much? Did it had hundreds of games?

If you buy one full price game monthly That's already $720 a year. Stack on top of it all the monthly PS+ games and it adds up to the value of the account.

Of course, most of these games will be old and if someone's patient can just get them on sale for less.

DannyGlover · Oct 9, 2018

The article was such a good read.

Even though it's proven not effective in this case, I definitely need to enable two factor authentication on all my accounts

Deleted member 274 · Oct 9, 2018

Wasn't there another thread of a person who kept losing access to their PSN account again and again to some motherfucker who was calling Sony support pretending to be them? Even got a threat via text iirc

jamsy · Oct 9, 2018

Yikes, this definitely shows the very scary side of going digital.

Kind of insane how the account thief kept getting it back over and over.

DarkLordMalik · Oct 9, 2018

Great article by Patrick. Good read but absolutely terrifying. I was getting chills.

Windrunner · Oct 9, 2018

Thank you Patrick Klepek please keep plugging away at this. Fantastic read too!

LuckyLinus · Oct 9, 2018

What are the requirements to get your account back/get someone elses account? Id like to believe that they atleast ask for a picture of your ID.

I used to play wow for the longest time and blizzard did a great job of returning accounts to the original owners, not sure what Sony are doing so wrong.

OldMuffin · Oct 9, 2018

Bloody hell. Sony should really be pressured more on this. This is unacceptable, I mean what's even the point of 2FA then? They need to improve their customer support! Good job on covering this, and hope other outlets decide to follow suit as well...

Edit - kind of reminds of that time a few years ago, before they introduced 2FA where I noticed trophies for games I DID NOT OWN in my trophies list. Got in contact with customer support and all they could tell me was my account wasn't compromised which was clearly not the case. Anyway changed my password and haven't had issues... touch wood that remains the same.

Lashley · Oct 9, 2018

Complete incompetence by Sony.

Tebunker · Oct 9, 2018

Patrick Klepek said:
Wow, it *does* sound like that thread, doesn't it? :)

Great work on this Patrick ! Great read. Glad folks like you are writing for this industry

Theswweet · Oct 9, 2018

Interesting that setting your lamguage to Japanese seems to have an impact. Hmm.

NCR Ranger · Oct 9, 2018

Pikma said:
Wasn't there another thread of a person who kept losing access to their PSN account again and again to some motherfucker who was calling Sony support pretending to be them? Even got a threat via text iirc

That was me and I was one of the people Patrick contacted for this story. Things eventually got shorted out and I assume it was in no small part to Patrick Klepek writing about this, so I just want to publicly thank him.

As for Sony though well they have some work to do. My experience with them was downright awful and my take away is that the only protection an account truly has right now is an unappealing username or nothing on the account worth having. When one of those is no longer true you best watch out.

TJ_Electronica · Oct 9, 2018

Holy shit that article is terrifying. I like my PS4 but holy shit get your security together.

EDIT: I should add I'm glad the OG user got their account back.

JustAnotherOne · Oct 9, 2018

Excellent writing,almost felt like I was reading a thriller,no joke.
Joking aside,this is really disturbing that no matter what you do your account can still be hacked.

Deleted member 25606 · Oct 9, 2018

Great work Patrick, you really are one of the few in games media with any idea of what journalism is. As someone heavily invested in Sony's ecosystem I applaud any and all pressure they receive on this and am hopeful that at some point it will actually move them to fix this and their customer support.

Deleted member 2625 · Oct 9, 2018

Well that's ominous.

Fix yer shit, Sony, or a juicy class action will be deployed no doubt

MBS · Oct 9, 2018

Almighty said:
That was me and I was one of the people Patrick contacted for this story. Things eventually got shorted out and I assume it was in no small part to Patrick Klepek writing about this, so I just want to publicly thank him.

As for Sony though well they have some work to do. My experience with them was downright awful and my take away is that the only protection an account truly has right now is an unappealing username or nothing on the account worth having. When one of those is no longer true you best watch out.

Wow, glad to hear you got things sorted out. Yeah, Sony has to step up their game when it comes to their security and customer support. At times they look as if they're completely out of touch with what the actual consumer needs.

RexNovis · Oct 9, 2018

There is absolutely no excuse for allowing people to just disable two factor authentication over the phone without concrete proof of identity. That's unacceptable and needs to change asap

ApeEscaper · Oct 9, 2018

Perhaps a bunch of social engineering to get people's accounts and prevent the original owners from accessing it again, Sony should investigate and address this to prevent anything like this happening anymore. Also perhaps there's some crooks working within Sony support who helps with these scams. All assumptions

Hackers probably prioritise for accounts with more value with more digital game purchases and dlcs etc and maybe more valuable info saved like credit cards etc

Kaako · Oct 9, 2018

RexNovis said:
There is absolutely no excuse for allowing people to just disable two factor authentication over the phone without concrete proof of identity. That's unacceptable and needs to change asap

Seriously. That's completely unacceptable and needs to be dealt with company-wide asap.

Hitokiri03 · Oct 9, 2018

Protect PSN accounts seems to be very low priority for Sony.

brambles13 · Oct 9, 2018

This makes me want to completely disengage from Sony systems (I only use Vita anyway now from them). What a disgrace on their part.

hydrophilic attack · Oct 9, 2018

how can this even happen

wtf

low-G · Oct 9, 2018

Not only does Sony really need to stop fucking around, it'd be great if we could get laws that give consumers a right to their digital purchases. As more things go digital, I doubt Sony will be the last company to bungle accounts.

Ploid 6.0 · Oct 9, 2018

$700, my goodness.

I'm lucky I got my account back. At one point I was willing to let it go since I sort of moved to PC at the time and PSN MP was moving to pay wall. I also don't value games I'm tired of very much, so I didn't mind the possibility of not playing the old PSN games (haven't even played them since).

jett · Oct 9, 2018

Sony really needs to get their shit together. Too many horror stories about dealing with PSN's customer service.

RedOnePunch · Oct 9, 2018

It's why I buy physical as often as I can.

timmbp · Oct 9, 2018

Congratulations Almighty on getting your account back.

https://www.resetera.com/threads/my...eeps-getting-stolen-and-i-need-to-vent.69558/

JuicyPlayer · Oct 9, 2018

Someone needs to get on Sony's ass about this. I would be livid if I lost my account like that with all of my games and trophies. This is why I hesitate to go all in on digital.

ghibli99 · Oct 9, 2018

Crazy stuff. :( As an aside, that stray period in the opening line of the article was so distracting. LOL

Deleted member 48201 · Oct 9, 2018

Well this instills confidence in an all digital future.

I'd also like the option to lock out Sony customer service from accessing my account.

André · Oct 9, 2018

JuicyPlayer said:
Someone needs to get on Sony's ass about this. I would be livid if I lost my account like that with all of my games and trophies. This is why I hesitate to go all in on digital.

Yeah. This article is ominous.

RedOnePunch · Oct 9, 2018

What a terrifying read. I'm glad the guy got his account back in the end though.

Again, this is exactly the reason for why I buy physical as often as I can.

Psychonaut · Oct 9, 2018

Scary stuff... I just went ahead and stripped my PSN of as much sensitive information as I could. No sense waiting until the hammer eventually comes down on me.

Thanks to Patrick for fighting the good fight with this coverage.

Waypoint: "The Long, Weird Story Explaining Why I Bid $700 for a Stolen PSN Account"

User requested account closure

Editor at Remap, Crossplay

QA Tester

User requested account closure

User requested account closure

Sly

<<Tag Here>>

RPG Site

User requested account closure

User requested account closure

Community Resettler

User requested account closure