Support NeoGAF

[Spaced Harrier]

Edit: Nope apparently not. See post in page 3 for details.


So in work, and I checked my personal email, as you do.
To be honest I often ignore it as its mainly Spammy even with gmail filtering.

I notice a mail from PlayStation. "Thanks for your purchase"
Then another "funds have been allocated to your account."

About a half hour previous to my checking, Skyrim special edition was purchased for €39.99.

I was is work delivering training sessions all afternoon.

I can't think of a game I'd be less likely to buy than skyrim, I had it on 360, sunk a hundred hours into its terrible combat, and generous side quests, I did love to wander, then as my over powered dragon armoured warrior began to focus on the main questline, I lost the savefile during a hdd upgrade. Never again would I play the game I said.

Until somehow today my account purchased it.

I've contacted support, logged my ticket, the game removed, and it will be refunded I'm told, and the account is being investigated. I have changed my password.

What I'm trying to understand is how.

I have 2 PS4s in my home and I am also signed in on my nephews.

Only my PS4s have billing details
The only person in my house today was my elderly dad. The ps4 he could access has no controller associated to it. (Through it can be controlled via TV remote )
My other PS4 is in accessible to him.

My PSN account had (had) a massive 25+ character pass ohrase completely unique to it never used on any other website.

I am signed into PlayStation store only on my phone browser, the Android app and my work laptop. Though all were signed out AFAIK.

So trying to figure out how that happened.
Perhaps I got hacked or the app leaked data somehow.
Perhaps someone touched my ps4 pad and bought by mistake.

Will provide serial number details to them when home to see if bought from a console or online account.

TL;DR Somehow my PSN account bought Skyrim. Next time Dark souls 3 please.

 

[LowParry]

2 Step. Done.

 

[Septic360]

More and more PSN accounts are getting hacked.

The 2 step verification seems to be a must.

Hmmmm worrying. Sort it out Sony!

 

[JayEH]

another reminder to everyone else to enable 2FA

 

[Kyne]

So in work, and I checked my personal email, as you do.
To be honest I often ignore it as its mainly Spammy even with gmail filtering.

I notice a mail from PlayStation. "Thanks for your purchase"
Then another "funds have been allocated to your account."

About a half hour previous to my checking, Skyrim special edition was purchased for €39.99.

I was is work delivering training sessions all afternoon.

I can't think of a game I'd be less likely to buy than skyrim, I had it on 360, sunk a hundred hours into its terrible combat, and generous side quests, I did love to wander, then as my over powered dragon armoured warrior began to focus on the main questline, I lost the savefile during a hdd upgrade. Never again would I play the game I said.

Until somehow today my account purchased it.

I've contacted support, logged my ticket, the game removed, and it will be refunded I'm told, and the account is being investigated. I have changed my password.

What I'm trying to understand is how.

I have 2 PS4s in my home and I am also signed in on my nephews.

Only my PS4s have billing details
The only person in my house today was my elderly dad. The ps4 he could access has no controller associated to it. (Through it can be controlled via TV remote )
My other PS4 is in accessible to him.

My PSN account had (had) a massive 25+ character pass ohrase completely unique to it never used on any other website.

I am signed into PlayStation store only on my phone browser, the Android app and my work laptop. Though all were signed out AFAIK.

So trying to figure out how that happened.
Perhaps I got hacked or the app leaked data somehow.
Perhaps someone touched my ps4 pad and bought by mistake.

Will provide serial number details to them when home to see if bought from a console or online account.

TL;DR Somehow my PSN account bought Skyrim. Next time Dark souls 3 please.

hello OP.

do you have 2 step authentication active?

if your answer is no, that's how.

 

[Cmagus]

Go into your account system and enable 2 step verification so this doesn't happen. All you can do is wait to see what Sony can do.

 

[Chesskid1]

i like how you added a tiny review of skyrim instead of freakin out like most people

 

[vaporeon]

Please enable two-factor authentication on your account. Now.
And everyone lurking, you do it too. Now.

 

[Vashetti]

Two-Step Verification

 

[reson8or]

Next time make sure to enable 2-Step verification. Also, if I were you, I'd be on the phone with Sony and not on a message board to clear this up.

 

[Littlefang]

Enable 2FA and contact Sony customer service.

 

[Savantcore]

Did your nephew buy it?

 

[Valkyr Junkie]

Even if he doesn't have 2FA enabled, the fact he has a complex and unique password for PSN is troubling if he was in-fact hacked and it wasn't somehow accidental.

 

[Septic360]

Please enable two-factor authentication on your account. Now.
And everyone lurking, you do it too. Now.

Is Sony's security THAT dire?

 

[Lima]

This wall of text but CTRL+F and no two step verification found.

You done goofed OP.

 

[sephi22]

Would a sticky PSA about PS4's and 2FA be against the TOS on the gaming side? This situation is kind of becoming the PS4's RROD. Not as common (yet) but these almost weekly threads are scaring me now.

 

[Rival]

Almost seems like Sony needs to force 2fa on psn accounts.

 

[Nheco]

If don't have 2 step aut, I can't fell sorry for you, OP. In fact, I think it's kinda your fault. Sorry, but EVERYDAY there a new "psn hax" and I never saw it from anyone who has 2 step aut.

 

[Ogawa-san]

Sort it out Sony!

I can't tell anymore if this is serious or another of gaf's dead horses.

 

[Altered Juice]

No one knows exactly how it is done, but this thread will probably be filled with people saying "2FA! Phished!"

Dark Souls 3

he or she probably already has it or not interested. The purpose of people targeting psn is to copy the victim's digital library into their main account.

 

[Hjod]

Maybe your dad was in the mood for some Skyrim?

Other than that enable two step, and everyone reading this, enable two step.

 

[m@cross]

malware on your phone

 

[icespide]

Almost seems like Sony needs to force 2fa on psn accounts.

they definitely shouldn't force it, but they should absolutely advertise it and make people more aware of it

 

[100%TrophyMaster]

It was the Greybeards. They are summoning you to play Skyrim again. You are the chosen one

 

[Strangelove77]

Get your shit together, Sony!


No, but serious 2FA. Also ask your nephew if he bought it.

 

[ukas]

Is Sony's security THAT dire?

No, people's passwords are.

 

[Stumpokapow]

Is Sony's security THAT dire?

All security is by definition dire.

 

[benny_a]

Is Sony's security THAT dire?

No, you should enable 2-Factor on every service that allows it. It's good security hygiene.

 

[bidguy]

psn is shit tier service

always activate as many security options as you can with them

 

[Spaced Harrier]

2 step now enabled.

It's still possible it was accidental, if someone like a cleaner etc in my house hit my joypad, or my dad accidentally controlled the ps4 with the remote control but that seems unlikely. Will see when I get them the serial numbers.

 

[Septic360]

No, you should enable 2-Factor on every service that allows it. It's good security hygiene.

I'm just weary of giving out my mobile number all the time to these companies.

- trying to do it now btw and it wont send me the verification code -_-'

 

[Pennywise]

2 step now enabled.

It's still possible it was accidental, if someone like a cleaner etc in my house hit my joypad, or my dad accidentally controlled the ps4 with the remote control but that seems unlikely. Will see when I get them the serial numbers.

The easiest choice, remove the billing details from your account.

 

[Gai Murakumo]

I just barely got a PS4 recently and I knew to use 2FA as soon as I connected to the internet the first time booting it up. It is a life saver especially with PSN accounts constantly getting hacked all of the time.

 

[OneUh8]

The daily thread

 

[sensui-tomo]

The easiest choice, remove the billing details from your account.

Doesn't stop someone from entering a stolen cc and doing a charge back on the account, thus having Sony ban it.

 

[benny_a]

I'm just weary of giving out my mobile number all the time to these companies.

Yeah, it's unfortunate that they aren't offering the option of TOTP (Those authenticator apps.)

I just barely got a PS4 recently and I knew to use 2FA as soon as I connected to the internet the first time booting it up. It is a life saver especially with PSN accounts constantly getting hacked all of the time.

New accounts get informed upon account creation in a Yes/No prompt about 2FA. They should push this to all devices that are already set up that don't use it.

 

[Spaced Harrier]

malware on your phone

That's the scenario that worries me tbh. I do fuck all apps, so it would have to be through the browser. Dunno, if that's possible.

But even still isn't a password that long unique and alpha numeric too difficult to crack?

 

[tsab]

Maybe your nephew used your account by mistake, added funds and bought the game.
Also add 2FA

 

[icespide]

It is a life saver especially with PSN account constantly getting hacked all of the time.

they really aren't. someone getting into your account by somehow figuring out your password is not hacking

 

[Gai Murakumo]

they really aren't. someone getting into your account by somehow figuring out your password is not hacking

I am saying it in the general term. I know figuring out a password is technically not hacking.

 

[Krooner]

More and more PSN accounts are getting hacked.

The 2 step verification seems to be a must.

Hmmmm worrying. Sort it out Sony!

There's nothing to sort out. We as a community need to stop referring to what amounts to teenagers guessing your password as "hacking"

We're all password lazy. And it's not a surprise; PSN log in, Squareenix account, Uplay account, EA access, XBL the temptation to have them all the same is undeniable, but the bottom line is we need to be using stronger passwords.

 

[EmiPrime]

More and more PSN accounts are getting hacked.

The 2 step verification seems to be a must.

Hmmmm worrying. Sort it out Sony!

There's nothing to sort out.

Educate yourself please.

 

[jackal27]

Yeesh. Setting up 2 step right now.

 

[Spaced Harrier]

Maybe your nephew used your account by mistake, added funds and bought the game.
Also add 2FA

He owns the game physically.
Plus he wouldn't have my billing details. Though I did ring him as I'd forgotten both if those details.

I should say he is an adult, 20 in case you all picture an 8 year old or something.

 

[brawly]

How many threads do we need until everyone enables 2FA, I wonder.

 

[MAX PAYMENT]

Sony apologist: it's YOUR fault you got hacked.

 

[Altered Juice]

^^

Oh shit! lol

 

[Fredrik]

Someone seriously need to investigate out how all these hacks happen. Doesn't someone on this board have hacking knowledge or maybe know some hacking boards and can do a quick scan if the whole PSN login server has been hacked/leaked recently or something? Forcing 2FA activation is one solution but I want to know what the problem is, there must be some serious security issues on Sonys end, new threads like this seems to pop up every week here.

 

[benny_a]

That's the scenario that worries me tbh. I do fuck all apps, so it would have to be through the browser. Dunno, if that's possible.

But even still isn't a password that long unique and alpha numeric too difficult to crack?

Yes it would be more difficult to crack.

Attackers use the method of least resistance and there are probably millions of PSN accounts (based on leaked databases of other services) that use passwords like 123456 to 123456789 and "password" that you wouldn't be the top target.

However any leak of any other service that contains your password and mail account will be tried against other popular services.

So basically: Use unique passwords for every service (for example created and managed with a password manager if possible) and enable Two-Factor everywhere it's accepted.

Someone seriously need to investigate out how all these hacks happen. Doesn't someone on this board have hacking knowledge or maybe know some hacking boards and can do a quick scan if the whole PSN login server has been hacked/leaked recently or something? Forcing 2FA activation is one solution but I want to know what the problem is, there must be some serious security issues on Sonys end, new threads like this seems to pop up every week here.

Millions of people have shit passwords. And/or account share and/or re-use passwords.

 

[icespide]

Someone seriously need to investigate out how all these hacks happen. Doesn't someone on this board have hacking knowledge or maybe know some hacking boards and can do a quick scan if the whole PSN login server has been hacked/leaked recently or something? Forcing 2FA activation is one solution but I want to know what the problem is, there must be some serious security issues on Sonys end, new threads like this seems to pop up every week here.

oh my god so many mis-uses of the word hacking. I am triggered