You would think that sony would up their security after the 2011 incident where they got hacked. Just because they have 2-factor authentication does not guarantee that you are safe. Don't ever assume that you are safe and that is the be all, end all. Sony also does a poor job handling customer complaints, and they don't entertain everyone.
-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
My PSN was hacked 3 weeks ago, so Sony disabled access to every game I own on PS4.
- Thread starter dock
- Start date
th4tguy
Member
It had a unique password but they hacked your twitter too?
Either your unique password isn't so unique or you have a key logged on your computer.
AbandonedTrolley
Member
Fortunately in relation to the first one, your DoB never changes after you've been born.
You can set up Google Voice to receive texts and Sony's TFA is applicable.
Shao Kahn Brewing a Stew
Banned
LOL! While this is theoretically true, a lot of folks created their PSN account when they were teenagers, with Sony forcing sub-accounts or restricted access if you weren't old enough, so folks lied and said they were 18+.
Ah but kids lie (or really stupid people make mistakes).
Luckily enough for me turns out I used my actual DoB when signing up ha
PodcastFips
Member
How is it Sony's fault?
SlickShoes
Member
Is there any way to use 2FA if I don't get a mobile signal where I live?
Coverage in my area is dire and if I wanted a text every time I wanted to sign in to PSN I'd have to walk about half a mile from my house.
Coverage in my area is dire and if I wanted a text every time I wanted to sign in to PSN I'd have to walk about half a mile from my house.
SeeNoWeevil
Member
My sympathy for Gaf members without 2FA is dropping by the day. Honestly, there are "I got hacked and I don't use 2FA" threads almost bi-weekly now.
Shao Kahn Brewing a Stew
Banned
Not Sony's fault in picking the wrong Date of Birth, but there's no way to see what you entered as your Date of Birth in case you entered it wrong.
th4tguy
Member
You can't get text messages via wifi?
SlickShoes
Member
How would that work? using a separate app? I used to have an app from my mobile provider but it barely worked and was never reliable, messages would come in days late.
People passing the buck on to the OP for not signing up to 2 step verification....
I mean, shouldn't we be gunning Sony for their shitty security?
You now HAVE to give your mobile number to them?
And people downplaying that his password was unique- oh no he must have made it easy somehow.
Now its almost a MUST to have 2 step verification. That alone is a semi-admission by Sony that their security is utterly wank.
I have signed up reluctantly.
I mean, shouldn't we be gunning Sony for their shitty security?
You now HAVE to give your mobile number to them?
And people downplaying that his password was unique- oh no he must have made it easy somehow.
Now its almost a MUST to have 2 step verification. That alone is a semi-admission by Sony that their security is utterly wank.
I have signed up reluctantly.
With this in mind, do you think that Sony/Microsoft should force 2FA onto accounts, by requiring typing en emailed code every time you login? I'm sure 99% of PSN users do not not use this, and I'm sure many don't know it exists.
You're absolutely right.
Its complete bullshit that people are passing the buck on to you and others for not sighing up to the verification.
While companies should try and aid their customers to make their accounts as secure as possible, it's also down to yourself as well. You need to be educated on your own accounts that you sign up to, and make them as locked down as possible. This is especially important when it comes to purchasing things through the service itself. We sadly live in a world where hacking is more and more prevalent. It's in the news, it's on tv it's online; what I'm trying to say is it's hard to avoid the realities of security online. This is not directed at you specially but "you" as a collective.
Neverwinter27
Member
How do I set up for 3 step authentication for my Account?
AyraSutoraifu
Member
It's only on machine's and services where you haven't logged in yet. In practice, retyping the 2FA code doesn't happen a lot.
What did he mean by this?
Member
Paying $60 or so for "licenses" to games that can that easily be stripped away
the alldigital future
hope it works out for u op
the alldigital future
hope it works out for u op
1. Sign Up to 2 Step
2. Wait for fellow Gaffers to post thread about account being hacked
3. Lament them for not getting 2 Step
4. Your 3 step is now authorised.
There's also a 6 step verification. You have to follow 2 additional steps:
5. Get rid of the vaseline
6. Subscribe to PS Now
NoblesseOblige
Banned
"Good news no pwnage found!
No breached accounts and no pastes (subscribe to search sensitive breaches)"
I only use 1 email.
I only use 3 passwards.
I don't use 2FA.
I'm running an experiment to see how long I can continue until an account is compromised.
test_account
XP-39C²
How many times were your account compromised before this?
Your understanding of computer security is "utterly wank", to use your own words.
A password being unique is not enough, it needs to be long and random too. As already touched on by somebody else, I could have the password pa55wo#D and not use it anywhere else and it would still be a bad password.
Even without 2FA it was possible to lock down a PSN account; nobody was cracking accounts with 30 character unique, randomly generated passwords.
Not once.
But I signed up as soon as a couple of my mates had their accounts hacked recently
test_account
XP-39C²
drotahorror
Member
How would one go about using 2FA if -
#1 - Cellphone doesn't work in immediate area (have to drive 10 miles out)
#2 - Google Voice errors out every time I try to create a number?
#1 - Cellphone doesn't work in immediate area (have to drive 10 miles out)
#2 - Google Voice errors out every time I try to create a number?
SmokedMeat
Gamer™
Losing access to your videogame collection to someone living thousands of miles away wasn't a thing before. So yeah, digital games have brought about a theft that never existed a couple generations ago.
I'm skeptical of the OPs story, with good reason.
OP had two accounts hacked in a short space of time. OP assumes the intruder was able to seize control of their Twitter account because it was linked to PSN. OP was forced to send photo evidence to both PSN and Twitter to recover their account. But here is the sticking point: The hacker could not have taken control of OPs Twitter account via PSN because your Twitter information is concealed and not displayed openly on PSN. Therefore OP easily could have logged-in to Twitter and updated their password and the hacker would be powerless.
Seizing control of two seperate accounts in a short space of time is indicative of credential re-use.
Indeed. And until the OP expalins this glaring discrepancy I will remain skeptical.
Where on earth do you live?
Seriously though, some two factors can go through a house phone can they not?
Does that mean that their security were great before recently?
Well apparently if you dont sign up to 2 step, you get what's coming to you. Regardless of the strength of your password.
drotahorror
Member
Some place you're not obviously.
I get this when I try to create a google voice number - https://productforums.google.com/forum/#!topic/voice/DxpzSdlTPXQ (It's not an isolated incident)
Cell reception is super spotty here.
DrDamn
Member
It's an additional security option people have been screaming out for Sony to implement (like most other places do) for years. Is it a semi-admission by Microsoft, Google and Blizzard too?
Look at the bigger picture, not only do a lot of people not use non-unique passwords but there also needs to be a mechanism by which you can reset your password if you legitimately forget it. How should that be done? Lots of places will send you a reset link to your email - but that assumes the email is secure. How would you manage that? Your security is only as strong as the weakest link and if a users email becomes compromised (*ahem* Yahoo *ahem*) then the PSN account can become compromised too.
Edit: Key point is that 2FA is a good defence against a lot of things that are out of the provider and end user's control.
Rellik
Member
They did. It was a notification on the PS4.
You can set up a Device Password for them on Sony's site. Set up the device to auto login.
Dark_3nergy
Member
Holy shit.
My account is also sitting in a escalated state as well. Not for the same reasons you have.
I spent an hour over the phone trouble shooting why a CC I use to make purchases was not having a conversation with PS4s digital services.
Turns out the type of security used on the back end is confused and botched any would be attempt I make to try to buy items digitally. That is if you get an updated card from your bank and it doesn't update properly on their end.
Funny thing is, the account behaves normally, and it has not been locked out yet despite the failed charges showing on the account page.
Sony really needs to get better engineers to look at their infrastructures, and look at how they train CS agents for cases like the OP. Cause I Am with you on this OP. The chases of getting my account functioning properly are sim.
How come we see far less of my Xbox Live account got hacked- cant get access to my games?
The point is, this whole attitude of placing the blame squarely on the user is ridiculous.
That sucks man, I hope someone can think of a solid alternative that would help you.
If this tells me my email is fine, does that mean my PSN and any other accounts tied to the email are also fine?
I only have a PS3 and Vita atm, how do I set up the two step protection?
ManUnkindH
Member
I have 2 accounts, UK and US. On my US account, there have been A LOT of spam messages for the last 2 weeks, messages like: "Quick, free PSN codes inside", "One time only offer for free PSN codes" and so on.
I had maybe 100 or so messages like this. I have the 2 step verification activated and was wondering if this has something to do with hackers trying to steal my account.
Anyone noticed something like this in the past 2 weeks or so?
I had maybe 100 or so messages like this. I have the 2 step verification activated and was wondering if this has something to do with hackers trying to steal my account.
Anyone noticed something like this in the past 2 weeks or so?
Dargor
Member
Nop, thats just spam msgs
Yep, ever since then some on here act like everyone obviously knows about it.
DrDamn
Member
I think MS tend to be better and quicker at dealing with the issue when it does occur, but I know of friends who have had Live account problems. People tend to complain about the impact to them (i.e. 3 weeks in this case but that's seems to be exacerbated by a DoB discrepancy) - so the longer it takes to resolve the more you will here about. I.e. The problem is how Sony's deals with the issue not their security.
I also had an alert of suspicious activity on my Live account and MS locked until I updated things. It was a good pro-active response from them but the root cause was MS themselves and a loophole associated with Skype link-up which was being exploited.
test_account
XP-39C²
I'm just thinking if the security is so incredible bad as you first mentioned, then this should have been a long standing problem happening a lot more, not just a couple of threads a month on NeoGAF in more recent time. No one here knows what causes this.
DrDamn
Member
Change your message settings to only accept messages from people on your friends list. You can do this directly on the PS4.
drotahorror
Member
del superstitious ha
test_account
XP-39C²
Yeah, or it means that no known hack that are added to that database has your email in it.