Rellik
Member
A lot of these PSN accounts are being hijacked through the emails. Options are always great, but maybe Sony feel it would be pointless if the person has your email account.
-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
My PSN was hacked 3 weeks ago, so Sony disabled access to every game I own on PS4.
- Thread starter dock
- Start date
A lot of these PSN accounts are being hijacked through the emails. Options are always great, but maybe Sony feel it would be pointless if the person has your email account.
Shao Kahn Brewing a Stew
Banned
Please do this! When you're locked out of your account and try to reset the password, the first thing it asks you is Date of Birth. I've lost some international accounts due to incorrect Date of Birth.
For those wondering how to activate 2FA:
https://www.playstation.com/en-au/g.../access-and-details/ps4--2-step-verification/
test_account
XP-39C²
I might remember wrong, but i think they sent out an email about it.
Rellik
Member
I got a notification on my PS4 as well.
If you own a ps4 and not a mobile phone, then your doing it backwards.
Just checked my PSN and Steam ones, no pwnage. Then thought "let's check the email I use to sign up for all the random bullshit I find, gotta be a few there" (1.2k in it's inbox), no pwnage.
Every time I see one of these I double check if my 2FA is still on as well as linked devices.
Yup, explicitly got asked to set it up when I logged in.
Where do you check the dob? Can't see it in the website ha
Baldwin_the_First
Member
Are there really no possible alternatives that could be added by Sony then? So as of now on PS4, a person can't have a fully secured account unless he owns a smartphone. Ain't that a bitch.
But so what? Why should one absolutely need a smartphone in the first place to be fully secured of his purchases and from his account being terminated by Sony if anything happens. Just shows you how flimsy af that security really is and how a alternative should have also been thought of.
Does it need to be a smartphone? Wouldn't any phone that receives texts work?
Same! Just went to check but can't see it in any of the options on the website.
by sending the code to a separate email (one that you think is safe and is not attached to your account).
I know a lot of people who have one password and then append xbox, paypal, steam, amazon etc. to it and think they're being clever with "unique" passwords.
AyraSutoraifu
Member
Just text message suffice.
Shao Kahn Brewing a Stew
Banned
After Googling, I'm about to blow your mind with Sony's incompetence...
You cannot change the following once you create a PSN account.
Date of Birth
Language
Country/Region of Residence.
I used Google Voice to enable 2FA on PSN.
Baldwin_the_First
Member
Replace smartphone by mobile phone and the matter remains the same.
What? Wouldn't there need to be a option for the two-factor-authentication code to be sent to a e-mail in the first place, then? AFAIK it ain't possible and the only way is for it to be sent by text on a mobile phone.
Typical Sony. Just have to make sure I don't lose the password then.
FataIChoice
Member
I don't know if it is listed anywhere accessible. I have an older PSN account that I was getting emails about someone trying to reset the password. I remember having to reset the password on this account though and having to jump through some odd hoops where there was a specific way you could have the password email sent to you without having to give your DoB. They never changed it and I could enable 2FA, haven't had any emails or even a text since then.
My (now) main PSN account, I do not have 2FA because I have a older firmware Vita which would not be able to receive games from my PS3 if I do enable it. I am not concerned for this account as it has a unique email address and unique password.
I mean, who doesn't own a mobile phone ?
This. Allegedly the date of birth is wrong on my account, but I have never been in the habit of using a false date of birth on accounts, even in 2006 when I made the account. I was one of the people that signed up for PSN several months before the PS3 was released.
This is where your story starts to puzzle me.
No online service will ever ask for your passport photo. Ever. Moreover, your Twitter information is concealed and not displayed openly on PSN, so if the hacker also also stole your Twitter account, as you claim, and you had to send your passport to Twitter to reclaim the account, then you must have re-used the same password on both online services.
No online service will ever ask for your passport photo. Ever. Moreover, your Twitter information is concealed and not displayed openly on PSN, so if the hacker also also stole your Twitter account, as you claim, and you had to send your passport to Twitter to reclaim the account, then you must have re-used the same password on both online services.
Rellik
Member
Can you view your DOB? If so, I'd note it down somewhere safe. But knowing Sony, you probably can't.
PlayStation Support UK specifically asked me for Photo ID when I was locked out my account. I used my drivers license, but they did also mention passport.
Baldwin_the_First
Member
I don't know man, one who works from home and prefers a landline? Or someone who doesn't feel the need to own one? Shit if I know, but I just find it absurd that one should need a mobile phone to be fully secured.
FataIChoice
Member
Why would they allow you to change your DoB?
The others should be alterable yes, but that shouldn't change. Of course idiots like myself who put in something else when we were younger are up shit creek, but you cannot change it because it is supposed to be a 'reliable' security question and as the OP has shown (albeit to no avail), should be something you could prove with documentation.
I don't know that you can and you absolutely should be able to. I know I couldn't find it when I was searching.
Not that I could see, I'll have a look on my PS4 when I get back and see if its there but as its part of the security for resetting your password its unlikely they would have it displayed.
Is this the same reasoning Nintendo users give for supporting managing parties with their phone?
There should really be another way to use 2FA. My phone can't access the internet, so when Sony tells me to click a link to go to their site for a passcode, i can't do it
Thats another possibility for sure.
If thats the case, "unique" isn't the word to use, since it isn't actually unique if you're using it across 2 or website/accounts...
Even if you forget your birthday and you've also forgotten your password,
I think you're still able to change your password using the secret question method.
Maybe Sony could make a security dongle/token like Blizzard and Square-Enix do for people like you.
Theres no reason why Blizzard and Square-Enix could do it and Sony could not.
I have involved myself in a lot of these cases and this is the first time I have heard of Sony asking to see photograph evidence. The first call of recovery is to ask for serial numbers, transaction history (the last few digits of a prior credit card). Photo ID would be meaningless.
Nevertheless, if you are correct, it still does not explain how they managed also to hack the Twitter account when that information is nowhere displayed on PSN.
Shao Kahn Brewing a Stew
Banned
2FA doesn't require internet access. How it works is that you will get an SMS message on your phone stating "XXXYYY is your verification code for your Playstation Network account", and you enter XXXYYY on your console or browser where you were trying to login.
Hence the use of quotation marks...
Yeah, I hear you.
The response was towards people who use the "unique" in a wrong way, and to agree with you. Sorry if I confused you. ESL here =P
Most of the time it will do that. Other times, when i'm trying to log in from my Vita TV and can't for example, it will say, and i'm quoting directly from my phone here "2step verification is active on your Sony Entertainment Network Acccount. Please visit http://idp.sn/device-password to generate a passcode"
tenderbrew
Member
Holy shit.I'm really sorry to hear this. I've been told that my case has been escalated twice, whatever this means.
Even my shitty hack is making me want to abandon my PS4 entirely, which was until one month ago my favourite platform. I've even provided lots of details about the hacker in question, as I got a lot of name and IP info about him, and even the names of some of the other accounts he was using, but they just don't want to help.
Yah I wish you good luck. I remember my 360 got FIFA'd and MS fixed it within 24 hours.
Best part was catching Sony in a lie. One rep tried to tell me that illicit purchases happened from ... dun duh duh! ... inside my house. Then the other rep admitted the purchases were made from the middle of the country and thousands of miles away.
You only need to generate a passcode once for legacy devices.
Conkerkid11
Member
How does an account for anything nowadays get stolen like that so long as you have control over the email address associated with that account?
Only problem I ever ran into was with Uplay, because for one reason or another, they allow you to do a whole lot without needing email confirmation.
Only problem I ever ran into was with Uplay, because for one reason or another, they allow you to do a whole lot without needing email confirmation.
Zeouterlimits
Member
What percentage of PSN users do you think have that turned on?
If it's so vital Sony should make it mandatory.
huh?
tenderbrew
Member
I would bet it's lower than 10%... to my knowledge they never prompt you to turn it on, you need to go find it.
You only need to generate a passcode once for legacy devices.
You need to generate a unique password for your PSTV. Same with the Vita, PS3 and 360 for that matter. It's just like application specific passwords for Google.
Yes.
Yep, and they don't even send a confirmation to the email address you're changing from...
old manatee
Banned
lol @ the victim blaming in this thread. My Blizzard account was hacked even though I had enabled authentication, and I was never able to get Blizzard to reinstate it.
Some of these companies are easy to hack and have bad customer support on top of it.
Some of these companies are easy to hack and have bad customer support on top of it.
tenderbrew
Member
The only real question is who has worse security? Yahoo or Sony?
Same as 99% of online accounts. It's standard procedure.
Shao Kahn Brewing a Stew
Banned
Not trying to victim blame, more like creating awareness of creating an additional barrier between the hacker and your account. When was your Blizzard account hacked? They went through various 2FA. I actually deactivated it on my Blizzard account cause they're straight up garbage.
That said, most companies have bad customer service so its best to have a barrier than to let these companies victim blame you.
MilkyJoe
Member
To be fair he didn't do it from Ops living room.
That's good I can change it to a more secure email address but not cool for the lack of confirmation...
Would I need to reactivate two step verification again or would it carry over?