PSN account compromised question

flyinj · Jan 7, 2018

So, I woke up to someone having changed my password, PIN, and added 2 step verification to my PSN account.

I got Sony on chat, they sent me a password reset email, and I was able to get into my account and change my password and PIN.

Now, the weird thing is they added a phone number to two step verification, enabled it, then disabled it a few minutes later last night. Why would the hackers do this? I of course removed their phone number for 2 step, added my own and enabled it.

Also, why didn't they change the email associated with the account either? It seems like that would be the first thing they would do.

The Sony chat rep said "ok everything is fine your account is safe now". I'm still pretty nervous about the weird behavior they did with the 2 step verification.

Jurec84 · Jan 7, 2018

I can't think of any reason they'd do that. Important thing is that your account is now safe and you have added 2-step so this should not happen anymore. You were lucky.

low-G · Jan 7, 2018

Probably thinking: oh shit I shouldn't have put my phone number on that account I just stole.

Admiral Woofington · Jan 7, 2018

I can only assume they added 2 step verification because they thought that way you couldn't take it back, and then immediately regretted it because if sony did a bit of research on who owns that phone number they'd be able to find who owns it. He got paranoid and removed it.

flyinj · Jan 7, 2018

I figured out what they did.

When I loaded up my PS4, there were a lot of random games downloading from my library. I was thinking wtf is that all about... then realized:

They activated family sharing then made their console the primary console so they could use my library. They were hoping I'd just reset everything but not realize that they were using my library.

Unfortunately I now need to wait 24-48 hours for Sony to "escalate" my ticket to disable their PS4 as the Primary and give me back the ability to make my console primary again.

Still a bit disturbed, thinking I might have missed some other trojan horse they put on my system. If I go to "Parental Controls/Family Management" there is only an entry for "user1". Is that normal? Wouldn't it have my actual account name listed in there?

Redneckerz · Jan 7, 2018

So reading your OP, you didnt had 2FA on in the first place?

Do you also have your credit card info on your profile? If so, that might also be a reason on how they got in.
Unfortunately, ''The other site'' has been giving themselves a new paintjob, meaning that the link i was trying to find for you from Sony where you could enable/disable/remove these things now just redirects to the FrontPage.

But i do have some leads: And one of them leads to https://account.sonyentertainmentnetwork.com which is i believe the link i was going to share. Anyways, some more details:
https://www.playstation.com/en-nz/g...on-app-or-web-browser-to-delete-card-details/
https://dev-scea.cs67.force.com/ame...t-card-and-PayPal-information-on-a-PS4-system
https://dev-scea.cs67.force.com/ame...d-PayPal-information-from-a-PC-or-web-browser

EDIT: Also, i have to say that you got ''lucky'' that they sent a password reset to you - Usually this is done only once, if i remember correctly, and it depends from which country you are contacting support from. There have been tons of threads where users effectively were locked out of their system.

Faintcolt388301 · Jan 7, 2018

I just realized how rare these threads are. 2FA doing its job. Before 2FA was a thing I had my stuff stolen too but luckily I didn't have my credit card details on my account. Ended up getting the good ol there is nothing we can do and had to wait the 6 months to deactivate all systems. Luckily for me they didn't change my email either and I got to get everything back.

captainraincoat · Jan 7, 2018

Has sony confirmed they will de-activate the console as the primary?? My experience is it's their policy that you must wait 6 months .....as shitty as that policy sounds

Animal Liberation Ⓥ · Jan 7, 2018

If one had their phone number, it sure would be a shame to have it listed on every site one can think of that would love nothing more than to call them at available times of say, 2am-4am for 'marketing research' and 'prize winning'. Hypothetically speaking, of course.

flyinj · Jan 8, 2018

Redneckerz said:
So reading your OP, you didnt had 2FA on in the first place?

Do you also have your credit card info on your profile? If so, that might also be a reason on how they got in.
Unfortunately, ''The other site'' has been giving themselves a new paintjob, meaning that the link i was trying to find for you from Sony where you could enable/disable/remove these things now just redirects to the FrontPage.

But i do have some leads: And one of them leads to https://account.sonyentertainmentnetwork.com which is i believe the link i was going to share. Anyways, some more details:
https://www.playstation.com/en-nz/g...on-app-or-web-browser-to-delete-card-details/
https://dev-scea.cs67.force.com/ame...t-card-and-PayPal-information-on-a-PS4-system
https://dev-scea.cs67.force.com/ame...d-PayPal-information-from-a-PC-or-web-browser

EDIT: Also, i have to say that you got ''lucky'' that they sent a password reset to you - Usually this is done only once, if i remember correctly, and it depends from which country you are contacting support from. There have been tons of threads where users effectively were locked out of their system.

I didn't have 2FA enabled in the first place. They put their number in, enabled it, then 5 minutes later disabled it (this is according to the timestamps on the emails I received from the activity). It's so bizarre they didn't change the account's email... I would think that's the first thing they would do.

They left their number in the 2FA section of my account, but it blanks out all the numbers of it except the last 4. I deleted it.

Luckily, Sony disabled the remote console about 6 hours after I put the request in, and now my console is primary again.

Another weird thing is they removed my Vita and PS3 as devices on my account. Is there some nefarious shit they could accomplish by doing this?

Also, I have 2FA enabled on my account now. This is the first time I've used it on my PS4. I rebooted my system then it made me log in and get a code from my phone. However, I've since rebooted my system twice, and it just auto-logs in to my account without asking for a 2FA verification code. Is this normal? How often should it be asking me to verify with a phone code. I just checked my account, and 2FA is still enabled on the PS4.

Redneckerz · Jan 8, 2018

flyinj said:
I didn't have 2FA enabled in the first place. They put their number in, enabled it, then 5 minutes later disabled it (this is according to the timestamps on the emails I received from the activity). It's so bizarre they didn't change the account's email... I would think that's the first thing they would do.

The bolded part is what made this so lucky. Over at GAF, you had almost a weekly thread with people's consoles getting jacked.. all because they didnt have 2FA enabled and they kept their CC info in their profile.
However, i thought that after years of hassle, Sony recently made it mandatory? Because honestly, it amazes me that this is still a thing.

Again, consider yourself really lucky that Sony disabled it for you - The majority of these threads usually ended up having going through a lot of trouble with Sony in the first place.

flyinj said:
Another weird thing is they removed my Vita and PS3 as devices on my account. Is there some nefarious shit they could accomplish by doing this?

No, they likely just did that to get the account back to a ''standard'' state where your PS4 is the primary and nothing else. Should be easy to link those systems up again.
Don't forget to enable 2FA/and remove any CC info on those profiles aswell when its still there. Especially when it comes to Sony systems, they are prone to hacking attempts because hackers know people leave either that info in or not enable 2FA. 2FA isnt a catch-all solution, but it goes some ways.

flyinj said:
However, I've since rebooted my system twice, and it just auto-logs in to my account without asking for a 2FA verification code. Is this normal? How often should it be asking me to verify with a phone code. I just checked my account, and 2FA is still enabled on the PS4.

I think that's normal. 2FA should only come into action when the system registers a login from a place it does not know. So if you take your PS3 and place it at a wholly different place in town, then it will throw this up.*

*I mean, that's what i find logical. Im not sure if this is what the system actually does.

score01 · Jan 8, 2018

Redneckerz said:
*I mean, that's what i find logical. Im not sure if this is what the system actually does.

I think it's just the first time you setup your psn login and sign into a PS4 console. It makes sense as you wouldn't want to be 2FA'ing every time you started up your ps4.

Deleted member 27211 · Jan 8, 2018

If you don't have 2FA do it now. I was nearly a catastrophe thread on GAF I was thanking my lucky stars I took the few mins to set it up when I got a couple dozen sms one morning about attempted pw changes on my PSN. I only set it up bc another poster whined at everyone to do it in the thread describing how they got scammed, saved my butt bigtime. Set it up now if you don't have it, OP is one lucky OP to have swerved this, buy a few scratchcards while your lucks in :)

Redneckerz · Jan 8, 2018

score01 said:
I think it's just the first time you setup your psn login and sign into a PS4 console. It makes sense as you wouldn't want to be 2FA'ing every time you started up your ps4.

Yeah, i figured as much. Still amazed that Sony gave him a free-out-of-jail and that despite all the threads, we still have people not having it enabled.
No fault on the OP though. The fact this shit still happens to regular users also means we still have to warn against these practices, and thats me not even having a PlayStation Vita/3/4 haha. Too bad this thread isnt more popular.

To anyone with a Sony device, enable 2FA and remove your CC info from your profile. Link is in my first post. It just saves you so much trouble if you ever get caught by a hacker.

adj_noun · Jan 8, 2018

Good on you for adding 2 step, OP. I'm glad it worked out.

In case other folks were wondering how to do it:

https://www.playstation.com/en-gb/g...ls-and-verification/ps4--2-step-verification/

How to activate 2SV with your PS4

You need:

Your PSN account sign-in ID (email address) and password.
A mobile phone on which you can receive text messages and access the internet.
A PS4!

Go to [Settings] > [Account Management] > [Account Information] > [Security] > [2-Step Verification] > [Set Up Now].
Carefully enter your mobile number and select [Add].
You will receive a verification code by text - enter this to authorise your mobile number to receive 2SV texts.
Select [Activate] to switch on 2SV.
We advise you to make a note of your 10 backup codes now in case of sign-in issues. Go to [Settings] > [PlayStation Network/Account Management] > [Account Information] > [Security] > [Two-Step Verification] > [Backup Codes] to find them.

flyinj · Jan 8, 2018

Redneckerz said:
The bolded part is what made this so lucky. Over at GAF, you had almost a weekly thread with people's consoles getting jacked.. all because they didnt have 2FA enabled and they kept their CC info in their profile.
However, i thought that after years of hassle, Sony recently made it mandatory? Because honestly, it amazes me that this is still a thing.

Again, consider yourself really lucky that Sony disabled it for you - The majority of these threads usually ended up having going through a lot of trouble with Sony in the first place.

No, this is the weird part- Sony didn't disable it. Whoever hacked my account enabled it, put their phone number in, apparently logged in using it, then disabled it themselves. Really weird behavior.

I think maybe the whole thing was done to allow them to use my library by making their PS4 the primary console on my account, hoping I wouldn't notice. I didn't actually try to log in with my original password, they may have left that as well.

Maybe they enabled and disabled 2FA to have their phone number in there to be able to enable it and lock me out if I tried to remove their console as primary? Who knows.

Possum Armada · Jan 8, 2018

The fact that people still are not using 2FA on their PlayStation accounts is just baffling to me....

OrdinaryPrime · Jan 8, 2018

Blue said:
The fact that people still are not using 2FA on their PlayStation accounts is just baffling to me....

Or that they reuse passwords. Why do people do this?

I have 2FA on, but do wish I could use the Google Authenticator app instead of a text.

BigLongJohnson · Jan 8, 2018

Redneckerz said:
To anyone with a Sony device, enable 2FA and remove your CC info from your profile. Link is in my first post. It just saves you so much trouble if you ever get caught by a hacker.

I would enable 2FA if it was properly implemented for PS3/PSP. Ever since they took down the PSP store and quit supporting the PSP Media Go software, the only way for me to get my purchased content on a PSP is through a PS3. Except it errors out if I have 2FA enabled.

Redneckerz · Jan 9, 2018

flyinj said:
No, this is the weird part- Sony didn't disable it. Whoever hacked my account enabled it, put their phone number in, apparently logged in using it, then disabled it themselves. Really weird behavior.

I think maybe the whole thing was done to allow them to use my library by making their PS4 the primary console on my account, hoping I wouldn't notice. I didn't actually try to log in with my original password, they may have left that as well.

Maybe they enabled and disabled 2FA to have their phone number in there to be able to enable it and lock me out if I tried to remove their console as primary? Who knows.

You only need to enable it once and then the PS4 will ''remember''. So that's not weird behavior, just typical hacker behavior.
If there is still a password being registered that caused the hacker to potentially get in, get that removed aswell. Just start with a clean slate.

BigLongJohnson said:
I would enable 2FA if it was properly implemented for PS3/PSP. Ever since they took down the PSP store and quit supporting the PSP Media Go software, the only way for me to get my purchased content on a PSP is through a PS3. Except it errors out if I have 2FA enabled.

This link suggests that you need to do it through Account management and a PS4?

danowat · Jan 9, 2018

Blue said:
The fact that people still are not using 2FA on their PlayStation accounts is just baffling to me....

The old "this only happens to other people" thing is still a strong factor in human thinking.

flyinj · Jan 9, 2018

The reason I didn't do it at first is because I thought I would have to enter my password and phone code every time I used my ps4.

I didn't realize it only triggered when you tried to log in from another ip.

Hammee · Jan 9, 2018

Nah. You only need a code if you log out of your PSN account or it's a fresh log in on another device.

Source: My kids constantly log my account out.

BladeoftheImmortal · Jan 9, 2018

I had a weird thing recently where I woke up and had a chat conversation in my messages that I had never had with anyone. Changed my.password and haven't had it again.

Cokie Bear · Jan 9, 2018

Redneckerz said:
Yeah, i figured as much. Still amazed that Sony gave him a free-out-of-jail and that despite all the threads, we still have people not having it enabled.
No fault on the OP though. The fact this shit still happens to regular users also means we still have to warn against these practices, and thats me not even having a PlayStation Vita/3/4 haha. Too bad this thread isnt more popular.

To anyone with a Sony device, enable 2FA and remove your CC info from your profile. Link is in my first post. It just saves you so much trouble if you ever get caught by a hacker.

Anyone with any device that supports 2FA should enable it. This isn't a Sony specific issue.

Minilla · Jan 9, 2018

BladeoftheImmortal said:
I had a weird thing recently where I woke up and had a chat conversation in my messages that I had never had with anyone. Changed my.password and haven't had it again.

Sure that wasn't just spam? Lots of websites use bots to send fake chat to PSN users trying to get you to use their 'services'. Had a couple of initial contact requests myself from these places. Just deleted it straight away.

Redneckerz · Jan 9, 2018

Gravy Boat said:
Anyone with any device that supports 2FA should enable it. This isn't a Sony specific issue.

Ironically i do not have 2FA enabled, but then again i dont game online so i save myself half the troubles XD
I am looking into Authy, if i can just have a catch-all app that enables 2FA for everything i use then its easily worth it.

Problem is that most government stuff here is quite out of date. We have 2FA now, but the whole system will be replaced in a few years.

BladeoftheImmortal · Jan 9, 2018

Japanonaut said:
Sure that wasn't just spam? Lots of websites use bots to send fake chat to PSN users trying to get you to use their 'services'. Had a couple of initial contact requests myself from these places. Just deleted it straight away.

No. It was weird because it showed me talking back to him somehow.

ArmsofSleep · Jan 9, 2018

2-step verification is vital for PSN. My account was compromised even though I hardly ever played online, never really bought anything through the PSN store, etc etc.

The person on my account bought a couple hundred dollars worth of NBA 2K VC things, and then called their bank to contest the charges. Basically got the account insta-banned, so I'm not sure why they did that unless they were reselling the VC somehow.

All worked out for me though. After a few calls Sony got me back into my account, and they decided to credit my account (for some reason) with the money contested by this other person's bank. It was enough for a year of PS Plus (which I didn't have at the time) and a ton of other games. It was like 3 months after I got my PS4 so it really bolstered my library.

ffvorax · Jan 9, 2018

low-G said:
Probably thinking: oh shit I shouldn't have put my phone number on that account I just stole.

lol, maybe?
All remember to put 2 step auth! It's a life saver (mostly should at least... I don't know how can it be exploited... )
Happy you solved the issue!

Zing · Jan 9, 2018

All this talk about two factor, maybe someone here has experience with being able to recover the account if you change phone numbers?

Long story short, my girlfriend who rarely logs into PSN got a new phone number last month. She tried to login to PSN recently and two factor is preventing her, since she doesn't have access to that phone number. She didn't generate any one time codes. She called Sony, and they asked her what credit card she used on the account. She only purchased one thing ever, back in 2015 and provided them with every credit card number she's had, but none of them match what is on file. Sony won't offer to do anything else.

Has anyone been able to recover an account in this state? She would gladly email/fax any documents proving her identity. We were just aren't sure what the other options are.

flyinj · Jan 9, 2018

How do one time codes work? How do you generate them, and how long are they good for?

A1an · Jan 9, 2018

flyinj said:
How do one time codes work? How do you generate them, and how long are they good for?

Go into the 'security' tab on your account on a computer then click on the 2Factor link/tab which will take you to another page, there are a few things to click on but one says 'back-up codes' click this and it will give you the option to print them out, do this.

The codes last forever (I think) but when you print out a new set of codes the previous ones you printed out are gone (so you cannot use them) I usually print them off every six months or so, you also need to check and get codes for everything else you have 2Factor set-up for like google, twitter, outlook etc, do the code all at the same time so you don't forget, them store them in a safe place, like a safe.

What would be useful is if Sony emailed everyone to let them know about 2Factor, also it would be good to know what information somebody would need to get their account back if there was/is an issue, do you need the serial number for example, the same for Microsoft and Nintendo would be helpful for people to know.

ShadowkillXNA · Mar 16, 2018

Sorry for the bump, I can't make threads yet.
So I got an email from sony tonight:
Your Password Has Been Updated

This e-mail confirms that the password has been changed for your account used to access PlayStation®Network.
If you did not intend to change your password, please contact Customer Service using the link provided below.

So I haven't changed my password, and I verified the password has not been changed at all by attempting to login to psn via web browser sucessfully with the existing password.
Also no problems logging into my ps4 either.
No one else has access to my ps4 or psn account.
I have two-step authentication turned on and did not receive any verification codes until I attempted to login.
I'm thinking that this email was fired off in error considering no verification codes were sent and the password was in fact not changed.

DrDamn · Mar 16, 2018

ShadowkillXNA said:
Sorry for the bump, I can't make threads yet.
So I got an email from sony tonight:
Your Password Has Been Updated

Couple of things to check. 1) That the email was definitely from last night and not an email client issue where you were notified about an old email. 2) Someone hasn't done as the OP suspected a couple of posts in and set-up their PS4 as your primary then changed everything back. The fact you already have two-step enabled means something like 1) is more likely but worth checking 2). This can be done quite easily if you have another user account on your PS4 - log in as them and check you can launch any of your digital games. Oh and 3) the email is not a fishing scam.

ShadowkillXNA · Mar 16, 2018

DrDamn said:
Couple of things to check. 1) That the email was definitely from last night and not an email client issue where you were notified about an old email. 2) Someone hasn't done as the OP suspected a couple of posts in and set-up their PS4 as your primary then changed everything back. The fact you already have two-step enabled means something like 1) is more likely but worth checking 2). This can be done quite easily if you have another user account on your PS4 - log in as them and check you can launch any of your digital games. Oh and 3) the email is not a fishing scam.

I didnt check as another user on my ps4 to start any digital games yet, but I did check the number of playstation systems activated on my account and it only shows my ps4. It was already activated as primary,

DrDamn · Mar 16, 2018

ShadowkillXNA said:
I didnt check as another user on my ps4 to start any digital games yet, but I did check the number of playstation systems activated on my account and it only shows my ps4. It was already activated as primary,

If the email is recent then could well be phishing. Are the links in the email a bit dodgy looking? (Don't actually click on them).

How do you know it is your PS4 that is listed btw? (Never worked out how to confirm which is which in the list).

ShadowkillXNA · Mar 16, 2018

DrDamn said:
If the email is recent then could well be phishing. Are the links in the email a bit dodgy looking? (Don't actually click on them).

How do you know it is your PS4 that is listed btw? (Never worked out how to confirm which is which in the list).

I'm not following you, there is only one ps4 on the devices page on sonys psn account management page and my ps4 pro is sitting about 6 feet away in my entertainment center. If someone logged into my account from another ps4 there would be more than one ps4 listed on that page.

DrDamn · Mar 16, 2018

ShadowkillXNA said:
I'm not following you, there is only one ps4 on the devices page on sonys psn account management page and my ps4 pro is sitting about 6 feet away in my entertainment center. If someone logged into my account from another ps4 there would be more than one ps4 listed on that page.

Just logging in to another PS4 won't add it to that page. That's a list of PS4's registered to your account. You can go round a friend's place, log into their PS4 and play some of your digital titles (even sync your saves with a bit of effort) and it won't add your friend's PS4 to the devices page on Sony's PSN Account Management page. I think this is barking up the wrong tree though as you would have had more notifications if someone had really been in your account and changed things.

ShadowkillXNA · Mar 16, 2018

DrDamn said:
Just logging in to another PS4 won't add it to that page. That's a list of PS4's registered to your account. You can go round a friend's place, log into their PS4 and play some of your digital titles (even sync your saves with a bit of effort) and it won't add your friend's PS4 to the devices page on Sony's PSN Account Management page. I think this is barking up the wrong tree though as you would have had more notifications if someone had really been in your account and changed things.

Right, and the only ps4 that was on there was already activated as the primary ps4. I checked while I was in there, if another ps4 had been activated as my primary it would have been added there. Add that to the fact I didn't get any verification codes until I actually logged in myself, and it looks like it's a glitch.

extremepabs · Jun 20, 2018

I am having psn issues my account is currently banned andi think its because i was hacked and my credit card company charged back some incorrect payments. Any ideas what to do?

poklane · Jun 20, 2018

extremepabs said:
I am having psn issues my account is currently banned andi think its because i was hacked and my credit card company charged back some incorrect payments. Any ideas what to do?

Pay the money back to Sony.

extremepabs · Jun 20, 2018

yes but how do i go about doing that?

A1an · Jun 24, 2018

extremepabs said:
yes but how do i go about doing that?

Have you contacted Sony and explained this? If so what did they say?

PSN account compromised question

user requested account closure

Self-requested ban

Attempted to circumvent ban with alt account