-
Ever wanted an RSS feed of all your favorite gaming news sites? Go check out our new Gaming Headlines feed! Read more about it here.
-
We have made minor adjustments to how the search bar works on ResetEra. You can read about the changes here.
Waypoint: "The Long, Weird Story Explaining Why I Bid $700 for a Stolen PSN Account"
- Thread starter Orb
- Start date
Maybe it was a short name or word...
There's been a reset of inactive Gamertags on Xbox a few years ago. I had luck and grabbed a four letter one, a name of game character.
Since then people send me messages offering to buy it from me or they threaten me to boot me offline, to get my account banned etc, because I never respond to these messages. Yesterday I got a message of a burner account saying that he's going to report me. I don't know for what because I never played with this person according to the recent players list. I know it's a burner account because it only has around 1000 Gamerscore and a few f2p games on it. People also try to get my personal information by asking specific questions.
I get a lot of random party invites, probably because they want my IP.
It's annoying as hell but it goes further.
There are clubs on Xbox, they can be compared to the communities on PSN. People openly trade accounts in these clubs for money. Some of them probably stolen because the offers include comments like "has 100.000 gamerscore, has x amount of games, has x amount of followers etc."
Microsoft don't care. It's against the terms of service to trade/sell Xbox accounts but Microsoft never do anything about it.
I imagine it's the same for PSN.
Last edited:
The weird thing is. I can't enable TFA on my PSN account somehow. I put my phone number in correctly and then it says they sent me a code, but it never arrives on my end..
This happened to me similarly, but before two factor was a thing. My account was stolen, used to buy fifa points (on my card). Took forever just to get Sony to give my account back and when they did they wanted me to eat the charges. When I said I wouldn't, they said fine but since charge backs were against the TOS, they would ban my account and I'd lose access to my purchased games ect. So I had to eat the $300 in points. I hate their customer service, and obviously I don't keep a card linked on any account now.
This is why my PSN has an email that is unique to the service and my profile is set to private. I just have no faith in Sony when it comes to digital or online anymore.
It sucks because I do prefer the PS4, but I cant see myself continuing to use Sony for the bulk of my gaming anymore.
edit: Can you make sub accounts to go online with on PSN?. I think that im just not going to play online with my PSN id anymore. Ill just have a seperate account for online games.
It sucks because I do prefer the PS4, but I cant see myself continuing to use Sony for the bulk of my gaming anymore.
edit: Can you make sub accounts to go online with on PSN?. I think that im just not going to play online with my PSN id anymore. Ill just have a seperate account for online games.
Last edited:
Heh, yeah, my brother upgraded his phone and ruined his software token. SE made him send in notarized proof of his identity.
In the scenario in Patrick's article it would be incredibly easy for Sony to identify who the hacker is, and who the actual account owner is.
The hacker is the person who is asking to deactivate the 2FA over the phone. If Justin put it in place as soon as it was offered in 2016, and it was only deactivated for the first time in 2018, whoever did that at Sony displayed a staggering lack of common sense.
This is 100% on Sony.
This is next on the list Sony. You guys gave me faith things can change if we're vocal about it like with fortnite.
Sony if you like $$$ and you want to maintain your position in the market for PS4 as well as the PS5, then you need to make improvements to existing issues as opposed to sitting on a throne like the status quo is alright and no further effort needs to be made.
There have been security concerns before as well as criticisms of the customer service for ages. These are important things to focus on in order to secure your customers loyalty as well as put them at ease.
Do. The. Right. Thing
We're going to a more digital heavy era and the fact accounts can be stolen in this fashion is a huge risk factor.
Sony if you like $$$ and you want to maintain your position in the market for PS4 as well as the PS5, then you need to make improvements to existing issues as opposed to sitting on a throne like the status quo is alright and no further effort needs to be made.
There have been security concerns before as well as criticisms of the customer service for ages. These are important things to focus on in order to secure your customers loyalty as well as put them at ease.
Do. The. Right. Thing
We're going to a more digital heavy era and the fact accounts can be stolen in this fashion is a huge risk factor.
Where i live this is pretty normal. Even some retailers sell hacked accounts which is horrible but cant really do anything about it. Ive had chats with people that actually used these accounts. Some of them got banned but ive seen people that have been using them and getting away with it way more often.
They definitely have to do something about this.
They definitely have to do something about this.
That is the important question, isn't it?
The most technically advanced security in the world doesn't matter if there is a way around it. Ultimately, your security is only as strong as the weakest link. In this case, the weakest link is calling a customer service rep and using smooth words to convince them you are the owner of the account.
The whole article is a good point on why Sony needs to allow us to use Authy and other forms of digital authenticators. I am legit shocked at how Sony handled the issue and constantly surrendered the account to a stranger.
I am still baffled how the poor guy was constantly targeted. I had a similar incident happen with me on Origin before 2 factor was even a thing outside of Google. Origin had just launched, and it was me and a Russian playing tug of war with my account. The difference? it only had Battlefield 3 on it. I just said duck it, contacted origin and told them to destroy the account.
I swore off Origin for life after that incident and every single account of mine is protected with Authy. I also keep my private information private and make sure I never say either parents name in their full form, also helps that both parents are super old school and don't have any form of social media. I also make up small lies about stuff that could be my secret question answer like favorite author and stuff like that so much so that i've lost track of the lies.
Recently, someone also hacked my Uber account to the point where I said duck it for life too. I kept resetting the password. Used Lastpass to make a 30 character password that is still copy/pasted to my keep, but the guy was hell-bent on taking it. Uber refreshed my account. no rides or anything on it anymore. the last state of my Uber account was me getting an email saying a suspicious login happened somewhere in Malaysia and I said I don't have the time for this. I can't even use my phone number on the account anymore, use promos, so I just use a local ride-hailing app over Uber.
My Uber account had no credits. No attached credit card. It was practically useless, but this guy was bent on taking it. The last state of the account is me getting an email telling me to reset my password. Now I could give a rats ass since my name, number, address and all are wiped from the app anyway.
All my account data is literally hand-written in a diary in my room. secret questions. answers. passwords. of all my digital accounts. I still trust paper over digital when it comes to digital.
I am still baffled how the poor guy was constantly targeted. I had a similar incident happen with me on Origin before 2 factor was even a thing outside of Google. Origin had just launched, and it was me and a Russian playing tug of war with my account. The difference? it only had Battlefield 3 on it. I just said duck it, contacted origin and told them to destroy the account.
I swore off Origin for life after that incident and every single account of mine is protected with Authy. I also keep my private information private and make sure I never say either parents name in their full form, also helps that both parents are super old school and don't have any form of social media. I also make up small lies about stuff that could be my secret question answer like favorite author and stuff like that so much so that i've lost track of the lies.
Recently, someone also hacked my Uber account to the point where I said duck it for life too. I kept resetting the password. Used Lastpass to make a 30 character password that is still copy/pasted to my keep, but the guy was hell-bent on taking it. Uber refreshed my account. no rides or anything on it anymore. the last state of my Uber account was me getting an email saying a suspicious login happened somewhere in Malaysia and I said I don't have the time for this. I can't even use my phone number on the account anymore, use promos, so I just use a local ride-hailing app over Uber.
My Uber account had no credits. No attached credit card. It was practically useless, but this guy was bent on taking it. The last state of the account is me getting an email telling me to reset my password. Now I could give a rats ass since my name, number, address and all are wiped from the app anyway.
All my account data is literally hand-written in a diary in my room. secret questions. answers. passwords. of all my digital accounts. I still trust paper over digital when it comes to digital.
Last edited:
Considering I need to be only digital, and I already am, this is so bad to hear...
Sony, and every other company, needs to improve security on their side. If I own an account, make it my personal one with not changeable information like ID (Name, Surname, asking for an original document also) and make possible to change phone number or email just with a stritch procedure that ask for a copy of the document itself, or a webcall to recognize... etc... like some services that involves money actually do, because now the Account are actually worth so much money that should be mandatory to have more stritch rules, at least if you want to buy from the store. So you keep it simple for people to have an account, and ask for some more info for people that want to buy... I know they want to keep it the simplier they can to let people spend their money, but I care more about security of all my purchases than some lazy guy that want to keep things easy.
They didn't lear much about the disaster of some years ago on PS3, didn't they?
Hope they plan something for the near future, maybe with PS5...
Sony, and every other company, needs to improve security on their side. If I own an account, make it my personal one with not changeable information like ID (Name, Surname, asking for an original document also) and make possible to change phone number or email just with a stritch procedure that ask for a copy of the document itself, or a webcall to recognize... etc... like some services that involves money actually do, because now the Account are actually worth so much money that should be mandatory to have more stritch rules, at least if you want to buy from the store. So you keep it simple for people to have an account, and ask for some more info for people that want to buy... I know they want to keep it the simplier they can to let people spend their money, but I care more about security of all my purchases than some lazy guy that want to keep things easy.
They didn't lear much about the disaster of some years ago on PS3, didn't they?
Hope they plan something for the near future, maybe with PS5...
This scares the shit out of me, I always think of 2FA and great unique passwords as keeping me safe.
I lost my Spotify account at the end of September, they got it back for me quickly though. No 2FA so it will likely happen again.
I lost my Spotify account at the end of September, they got it back for me quickly though. No 2FA so it will likely happen again.
My understanding is Sony made some internal changes the last time I ran a story about PSN security, so I hope that happens here, too. My one request is to remove the ability to disable two-factor over customer service.
I just want to offer an anecdotal counter to the 'Sony customer service sucks' thing. Years ago I purchased an already-redeemed PSN card from a vendor who refused to believe me and of course denied a refund. Sony were only too pleased to help and were able to prove on my behalf that the card had already been redeemed before I bought it, forcing the vendor to cough up.
I've had my share of negative things to say about Sony in the past, but there are positives too.
I've had my share of negative things to say about Sony in the past, but there are positives too.
PSN is fucking terrible.
They don't accept refunds. which is baffling in 2018. And I hate their auto renewal shit. I've deselected it numerous times, and it seems to click back on whenever you buy Plus via the console (it was cheaper via a promotion, so I caved). When that ran out I saw they took 25 from me for a quarterly sub, lol. I would never pay such a stupid amount for 3 months of Plus.
My account is also been compromized once, or at least my console was disabled as primary and I couldn't activate downloads from a distance. Basically, their customer support couldn't do anything but say you have to wait half a year and disable all devices, change your pw and activate. You get punished, basically. I had proof it was me, more than any stupid fuck who compromized my account would have. I've enabled 2FA since, its also weird that Sony doesn't really push this feature up front. Now we see 2FA isn't all that hot with Sony either.
The bottom line is, don't link anything with them. Just buy vouchers if you want to buy something or log in to paypal or something but don't keep it linked. Remove any sort of personal information.
They don't accept refunds. which is baffling in 2018. And I hate their auto renewal shit. I've deselected it numerous times, and it seems to click back on whenever you buy Plus via the console (it was cheaper via a promotion, so I caved). When that ran out I saw they took 25 from me for a quarterly sub, lol. I would never pay such a stupid amount for 3 months of Plus.
My account is also been compromized once, or at least my console was disabled as primary and I couldn't activate downloads from a distance. Basically, their customer support couldn't do anything but say you have to wait half a year and disable all devices, change your pw and activate. You get punished, basically. I had proof it was me, more than any stupid fuck who compromized my account would have. I've enabled 2FA since, its also weird that Sony doesn't really push this feature up front. Now we see 2FA isn't all that hot with Sony either.
The bottom line is, don't link anything with them. Just buy vouchers if you want to buy something or log in to paypal or something but don't keep it linked. Remove any sort of personal information.
I had my PSN account stolen once, but it was an, in the end, very positive experience.
So basically, I do everything right. Complicated password that's unique to PSN, two-factor, all that stuff. Somehow, I log in once and my account is banned.
I call Sony, and they say someone has bought a bunch of shit on my account (NBA 2K VC, despite the game not ever having been played on my account), and then charged the money back via their bank. This resulted in an insta-ban. They said that the only way to get my account unbanned was to buy PSN cards to make up the money, or it was lost to me forever.
Of course this was complete bullshit, and I wasn't going to deal with it. I just called over and over, a day here and day there, and of course eventually someone was nice enough to simply unban my account, deactivate the other PS4 that had recently been added to it, and give me access to it via a unique password. All it took was once customer service rep who actually did their job instead of defaulting to corporate speak.
In the end, my account was somehow credited with over 200 dollars (basically what had been spent on VC) for some reason so I got a bunch of free games out of it too. But I would not have been able to get my account back (or would have to pay that amount to get it back) if I didn't have the persistence to push through Sony's utterly abhorrent customer service.
So basically, I do everything right. Complicated password that's unique to PSN, two-factor, all that stuff. Somehow, I log in once and my account is banned.
I call Sony, and they say someone has bought a bunch of shit on my account (NBA 2K VC, despite the game not ever having been played on my account), and then charged the money back via their bank. This resulted in an insta-ban. They said that the only way to get my account unbanned was to buy PSN cards to make up the money, or it was lost to me forever.
Of course this was complete bullshit, and I wasn't going to deal with it. I just called over and over, a day here and day there, and of course eventually someone was nice enough to simply unban my account, deactivate the other PS4 that had recently been added to it, and give me access to it via a unique password. All it took was once customer service rep who actually did their job instead of defaulting to corporate speak.
In the end, my account was somehow credited with over 200 dollars (basically what had been spent on VC) for some reason so I got a bunch of free games out of it too. But I would not have been able to get my account back (or would have to pay that amount to get it back) if I didn't have the persistence to push through Sony's utterly abhorrent customer service.
If this is possible, they definitelly need stricter rules. Human errors like turning off 2FA over the phone shouldnt be possible at all.
Maybe you cant link due to forum rules, but where is that information available? I see that haveibeenpwned.com has Sony listed, but my email isnt listed as a part of that hack. EDIT: Ah, they "only" have 37,103 accounts under that, and that includes the SonyPictures.com hack as well.
Last edited:
Or do what eBay do. Text the number that is registered for 2 step verification a code and then ask the person over the phone for the code if they want to turn 2 step verification off.
What happened if you tried to set the system as primary from the console itself? What would have happened if someone else had enough information about you, couldnt they also be able to do this over the phone? Thats kinda the problem with social engineering, it can be hard to know if its the actual person owning the account or not, and what proof should be enough and what should the customer support be able to do. In 99.99% percent of the cases, its likely legit cases, so they try to be helpful towards the consumer, but it sucks when its someone trying to hack the account.
This, I have a 3 letter gamertag on Xbox and get questions about it pretty frequently. Along with random invites.
Luckily my PSN is pretty worthless since I avoid buying on it because of Sony's past security issues
Twice within 24 hours is the most infuriating part. It wasn't just deactivated the first time, but was deactivated again within 24 hours.
Does it help at all if you don't ever play shit like FIFA and Fortnite? How do they choose your account name, or do they just try random account names?