If his password is as he says, he either got phished or he got keylogged.
-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
So I've been (possibly) hacked on PSN.
- Thread starter Spaced Harrier
- Start date
If his password is as he says, he either got phished or he got keylogged.
sensui-tomo
Member
No, but it's very likely your account info was shared with another site with the same password and that site was hacked and the person just tried to see if it'd work on PSN. Hell that's why my Xbox and Rockstar account were hacked ages ago. I don't use the email or password anymore.
Sony should be more sympathetic towards people who get hacked though. None of that 1 time reverse the payment bullshit, they should be able to see where the purchase was originated from and realize that it was a malicious purchase.
Edit: just saw joke line. The above still matters to other people reading though.
Well that is ridiculous. Every single service is vulnerable. If 2 step is offered, you better use it imo. I have 2step enabled for Sony, MS, Google, Blizzard, Steam, EA/Origin, Paypal. And whatever else I can't think of. It is just being smart and understanding that NO ONE is safe from a hack.
Air Zombie Meat
Member
I'm a bit confused. So you didn't lose access to your account, it was just the game purchase?
MAX PAYMENT
Member
I was just making a joke. Lol
Well crap haha. I'm sorry! What I said still applies though lol.
I see the myth of the hacker who would infiltrate Sony databases to steal a handful of logins and password is well alive... /smh
99% it's the user who shared info, clicked on something he shouldn't have and filled information on a fake website or more probably got a Trojan/ keylogger, nothing about which Sony can do anyhing.
They took way too long to implement 2FA, but now it's here.
Use it.
Spaced Harrier
Member
For anyone on the eu psn store via the ps4 is Skyrim easy to navigate to? Like as a first deal or offer?
TechnicPuppet
Nothing! I said nothing!
Everyone is an idiot for not turning on something that wasn't an option until quite recently.
What's the region? They vary slightly.
Spaced Harrier
Member
Ireland
Well technically any password can be hacked with enough time, but 25 characters mixed with case/numbers/symbols.. as close to impossible as you'll get. So if your password got out, it was found in some way, not decrypted/guessed. You need to look at any device that used that password to access something and/or stores it as a remembered password. Key logger, malware, compromised website etc.
Air Zombie Meat
Member
Just checked it (uk). It's not the first pick but it's up on the storefront. Would need to scroll a few spaces across to it.
Depending on your email client you can check he header information. Most clients have a way to view message source (which is a good idea), it can be used to figure out where an email actually originates from.
Emails could be phishing emails with spoofed send/return emails. You would have to view detailed headers to see if they were sent/originate from Sony or if someone copied the emails and spoofed the send/receive.
Fredrik
Member
Sorry, you probably still understood me so try to answer my question if you can instead of pointing out grammatic errors
I just want to understand how all these hacks, or whatever they're called, can happen so often.But I replied?Sorry, you probably still understood me so try to answer my question if you can instead of pointing out grammatic errors
Sorry, you probably still understood me so try to answer my question if you can instead of pointing out grammatic errors
90% of the time they are not hacks, just someone acquiring/cracking someone's password for reasons like:
- too simple of a password
- use the same password on several services
PSN especially is a big target for people wanting access to peoples accounts so when a big site (linkedin, yahoo, etc) actually does get hacked and has user info breached, lots of people might use those same passwords for PSN and voila someone can get into their account and fuck shit up
Shpeshal Nick
aka Collingwood
How do we know the nephew didn't buy it?
Are billing details console dependent or account dependent?
Are billing details console dependent or account dependent?
Account.
As is the setting to require a password on checkout, which can be enabled on the website.
(Which may not yield very much additional security but may help very lazy people to reconsider if they really need some random game they aren't going to play just because it's on sale.)
Obligatory: https://haveibeenpwned.com/
If a game is not in the drive and you press down on the game profile. Doesn't it go to the button to buy it on the store.
StrongBlackVine
Banned
It has been around long enough for people to be using it. Most people that have posted this topic in recent memory know it exists and still didn't use it,
huh... yes?
Shpeshal Nick
aka Collingwood
So this just looks like the new phew probably did it? Or one of the computers he "think" he logged out of probably wasn't logged out of.
I doubt this was any kind of legitimate compromise in this case.
tearsintherain
Member
Also after you enable 2FA remove your credit / debit card details from your PSN (Amazon, Nintendo, etc) accounts. Its a really bad idea to have direct money tied to those gaming accounts, its much better instead to buy PSN wallet cards from a store or even amazon / etc and use those to fund digital purchases.
That way, even if your account is hacked there is a small cap on what can be bought.
At this point Sony (Microsoft, etc) needs to make 2FA required and force you to opt out with giant warnings of YOU WILL PROBABLY GET HACKED WITHOUT 2FA etc etc
That way, even if your account is hacked there is a small cap on what can be bought.
At this point Sony (Microsoft, etc) needs to make 2FA required and force you to opt out with giant warnings of YOU WILL PROBABLY GET HACKED WITHOUT 2FA etc etc
katsubento
Member
More like everyone's passwords are used elsewhere or very simple.
Fredrik
Member
Is it really that easy though? OP said he had a long password and never used it elsewhere.
Op, if you have your billing details entered into your profile then your nephew will have access to this from his own console under your login?
Could be a potential avenue to pursue...
JP
Member
I'm going from memory but this sounds about right.
They wouldn't have any obligation to do it but it may be worth contact customer support to see if they could refund it. That may be more of an issue if the game was actually launched though.
I thought you asked in general.
And in general with the millions upon millions of leaked data we have to analyze what I've said is pretty much true.
That doesn't mean this was the case in this specific instance.
Funny enough I made a PSN account in preparation for eventually getting a PS4 over Black Friday, ended up not buying it but that's a different story. Anyways a few days ago I got a random email saying I changed the email address to that account. Tried to contact customer support but no luck. I've never bought anything on it or even log into it on an actual system so no sweat off my balls but I'm going to miss SuperDaxer64
Nitty_Grimes
Made a crappy phPBB forum once ... once.
So, with 2FA, is it every time I turn my PS4 on I have to do this 2FA step or every time I sign onto the store?
I have my PS4 auto log me in, enabling this does it mean I put the PIN in each and every time or?
I have my PS4 auto log me in, enabling this does it mean I put the PIN in each and every time or?
no you only do it once on your PS4. if you log into the store from a web browser you'll have to do it anytime it asks for your password
Nitty_Grimes
Made a crappy phPBB forum once ... once.
Awesome, thank you.
2 step now enabled.
It's still possible it was accidental, if someone like a cleaner etc in my house hit my joypad, or my dad accidentally controlled the ps4 with the remote control but that seems unlikely. Will see when I get them the serial numbers.
Are we sure that when you enter your payment detail it doesn't stay with your account rather than the system. That would make it entirely possible that it was bought on your other PS4 by the family member.
Sassafras1594
Banned
You guys should probably download malwarebytes in case theres a keylogger on your computers, doesnt hurt to check
It's also that Sony is notoriously unhelpful to people who have their accounts stolen and have a history of refusing to reverse damage caused by people who steal it.
Gai Murakumo
Member
A good tip for people, if they have decent memory, is to have different passwords (strong ones at that) for every new thing they register for. I know it can be annoying, but it will help prevent multiple accounts on different services from getting accessed as well.
tearsintherain
Member
don't depend on memory, use a program like KeePass, 1Pass, LastPass, etc. I have a different password for every single site I visit, with unique security Q/A's (usually nonsense like "knock knock" "frog") stored as unique entries, the file backed up onto my dropbox and google drive, which is accessible on my phone and also an emergency copy stored on a thumbdrive in my brothers house across the country and in my bank safety deposit box.
The actual password file, which is literally my entire digital life, is password protected as well so even if someone got it they'd need the password to access each item. WHich if they did, i'll be honest, I'm ultra screwed.
Dude said he had a unique 25 random character password.
Similar threads
- Poll