• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

So I just remote played into some random person's PS4 using my PSN account.

G

GifGafIsTheBestGaf

Member
DoctorWho said:
Thanks for this BTW. It at least gives me ease of mind that it wasn't a key logger.
Click to expand...

you are welcome, actually it was another gaffer that showed this page in another security issue thread but cant remember who though.

some years ago i had some problems myself with my email accounts and this site made sense of it.
 
S

spannicus

Member
i-Jest said:
Sony needs better security, policy, and procedure around cases of compromised accounts......And dare I say patching out gameshare, until they have a better handle on whatever exploit allowed for this to happen in the first place.
Click to expand...
Yeah, my teenage son uses my systems all the time, everytime i get on, there's 50 friend requests. There aint no telling what kind of shit their up to.
 
Consumer

Consumer

Member
Once these types of issues get resolved, Sony should ban the PSN account attached to the foreign PS4 that was leeching your games. Currently, it seems there's virtually no risk to 'stealing' someone's PSN account.

TheChewyWaffles said:
Odd. When I called them up once because my primary (and only) PS4 couldn't be activated they reset it right away.
Click to expand...

Was your 'Deactivate All' still on a 6-month cooldown though? Because that's where all the trouble comes from. Sony rarely bypass the cooldown from what I hear.
 
Tainted

Tainted

Member
Alebrije said:
Yep, how can you trust your credit card info to a weak security system. No way , pre pay cards are the safe route.
Click to expand...

I don't trust anything with PSN with the security they (don't) have. I'm not even going to link my Paypal account to it, even though Paypal has its own security measures in place.

Even MS implemented 2 factor authentication for XBL 3 years ago.....get your act together Sony !
 
D

djcatskratch

Member
This also happened to me a few months ago but I fixed it quickly enough.

I was at work and wanted to buy something from the webstore, and when I went to check out, it said my primary CC was gone. So I tried to add it back and got some error. This was before the official Remote Play app was out, so I used my BlueStacks android emulator and tried to remote play to my PS4 from work and when I did, there was someone playing Star Wars Battlefront!

I was freaking out, so I quickly went to his friends list, wrote down the PSN name, shut off their PS4, and looked up their PSN name and saw it was someone in Russia.

Changed all my passwords and added as much security as possible, reported their PSN name (nothing came of that of course), and no problems since.

Good luck with your endeavors and I hope you get it resolved soon.
 
I

i-Jest

Member
Again, I'm sorry this happened to you Doc, I wish there was something I could do to help the process along.
 
Clockwork5

Clockwork5

Member
Tenrius said:
You could use Google Translate or show one of those emails to me via PM and I'll translate it for you.

Sounds strange that you're getting those emails in Russian. I have several PSN accounts and they typically get region specific emails, i.e. I thought only a Russian account was supposed to receive emails in Russian. Did they make a Russian account with your email or something?
Click to expand...

Im going to PM you so you are in my history. I'll send it to you the next time I get one.

I never set my PS as the primary for the account so when my account was compromised they set their PS as the primary console for my account. I changed my password and resolved everything with customer service but still get those emails, which is a nuisance and somewhat concerning.
 
T

Tenrius

Member
Clockwork5 said:
Im going to PM you so you are in my history. I'll send it to you the next time I get one.

I never set my PS as the primary for the account so when my account was compromised they set their PS as the primary console for my account. I changed my password and resolved everything with customer service but still get those emails, which is a nuisance and somewhat concerning.
Click to expand...

Sure, I'll be glad to help. You could also dig up one of the previous emails, I guess.
 
D

Deraj

Member
If you're on Windows, it's a good idea to use something like KeyScrambler which encrypts your keystrokes so that key loggers receive garbage data. There's a free version and a paid version which vary in which applications get protected.
https://www.qfxsoftware.com/
 
HF2014

HF2014

Member
Ok, im uninstalling Remote play from my PC right now. Was happy to see it work. Now it just scare me.
 
T

Turbo91GT

Member
A similar thing happened to me. I was playing my PS4 when I got kicked off and a message came up saying another PS4 logged on with my account. I immediately logged back in and changed my password. Later on I also found out that another PS4 system was registered as the primary for my account.
 
M

MassiveNights

Banned
Someone just posted something similar happening to them in the Giant Bomb thread.

TurboButts said:
So... this was weird.

9RIIEDD.png


Uhm... I don't speak that language, and I don't own any of those games??? (except MKX)

Its actually letting me play Need for Speed? I haven't even downloaded that game, much less own it.

Whats happening
Click to expand...
 
J

JaseC

gave away the keys to the kingdom.
Admiral Woofington said:
the 2 step authorization is locked behind changing your username lol
Click to expand...

At least the inability to change one's name makes sense if the root cause for the lack of flexibility is some sort of utterly stupid database oversight (like, say, your chosen display name acting as the unique identifier or whatever), which is the most likely explanation at this point given people have been asking for the feature since the PS3 launched a little over nine years ago. The million dollar question is whether Sony made the same mistake with the Vita/PS4 or the option is simply being sat on until the PS3 network is shut down so the change can be global.
 
Fnord

Fnord

Member
DoctorWho said:
Thanks for the info. Really frustrated about the PS Plus saves. I tend to play always connected and don't use other accounts so I can live without those.

Ultimately though, this shit needs to be fixed. Waiting for a response from Sony now but I don't I won't just be ok with "We can't do anything." They are allowing someone to use content purchased on my account. That's not ok. That's criminal.
Click to expand...

I would add that you should immediately change the password of the email account you use for password recovery/changes on PSN. If someone has grabbed the credentials for that email account, when you change your PSN password, they'll know and can just go change it themselves and other similar shenanigans.
 
R

RhyDin

Member
Here's what I do not understand, though.

Sony only allows you to be logged into PSN from the same account in one location. How did the OP not notice his account was hijacked sooner? Surely, this would have thrown up some kind of notification or booted him from PSN.

iMAGINATION said:
Do key loggers still work if I use lastpass to enter all my passwords?
Click to expand...
No. Unless you have to re-enter your master password, which would then be incredibly bad because they would have access to everything.

Best practices are to use a real-time AV with really good definitions (MBAM) and rootkit scanners like TDSS Killer and MalwareBytes Anti-Rootkit, even on Windows 10 and UEFI system, as these scanners will still find other things. Be aware that there are undetectable trojans out there, though.
 
The Elite

The Elite

BOSS
Fnord said:
I would add that you should immediately change the password of the email account you use for password recovery/changes on PSN. If someone has grabbed the credentials for that email account, when you change your PSN password, they'll know and can just go change it themselves and other similar shenanigans.
Click to expand...

Did that. My email has two step authorization anyway but better safe than sorry.

Dre_G_Writer said:
3052e1852be57da388b0649a81a6fcd2.jpg
Click to expand...

Yup.

RhyDin said:
Here's what I do not understand, though.

Sony only allows you to be logged into PSN from the same account in one location. How did the OP not notice his account was hijacked sooner? Surely, this would have thrown up some kind of notification or booted him from PSN.


.
Click to expand...

I think this happened in the last 24/48 hours. Like I said, I did remote play on Wednesday evening using the PC app for the first time and had no issues.
 
T

ThoughtsOfSpeaking

Banned
People I cannot keep stressing this enough. Use different email addresses and passwords for every site you can.

Chose a main account that all you emails get forwarded to (and never give that address to anyone) and everytime you sign up to anything, make up a new addy and password.

It takes 5 minutes and its the best protection you can have. Even if your password is compromised, it can only be used on that website. Likewise, if hackers have your email and try to hack your shit via social enginnering they wont get far because that email is only used in one place.

You dont even need to open new accounts. Most webmail providers have some form of alias function.
 
T

TurboButts

Member
MassiveNights said:
Someone just posted something similar happening to them in the Giant Bomb thread.
Click to expand...

Thanks for posting this for me.

Anyways, yeah I went and checked and indeed another PS4 has been activated as the primary. And I have used the deactivate tool within the past 6 months so I can't use that... what the hell. Does sony have 24 hour support via phone? Currently waiting for their chat.

Odd though, I went to the store to see if I actually owned Need for Speed, sure enough I don't. And I've NEVER gotten a "thanks for your purchase" email that I wasn't expecting. How could some Russian guy buy a game on my account without me getting a notification?
 
HF2014

HF2014

Member
Program un-installed. I tried for fun to re-install it again, it keep my email account ( no password ) , is there a way to clear the cache in the reg files to remove all the entry? Even if uninstalled, it keep your email accout after your install it back.

And for safety, i disabled remote play on my ps4. And was able to see im the only one who logged in, thankfuly.

Id just liked to know how i can clear the reg file from the application, if anyone know how to do that it would be really helpful!
 
The Elite

The Elite

BOSS
HF2014 said:
Program un-installed. I tried for fun to re-install it again, it keep my email account ( no password ) , is there a way to clear the cache in the reg files to remove all the entry? Even if uninstalled, it keep your email accout after your install it back.

And for safety, i disabled remote play on my ps4. And was able to see im the only one who logged in, thankfuly.

Id just liked to know how i can clear the reg file from the application, if anyone know how to do that it would be really helpful!
Click to expand...

Remote Play isn't the problem though. It's the fact that my password was compromised.
 
R

RhyDin

Member
HF2014 said:
Program un-installed. I tried for fun to re-install it again, it keep my email account ( no password ) , is there a way to clear the cache in the reg files to remove all the entry? Even if uninstalled, it keep your email accout after your install it back.

And for safety, i disabled remote play on my ps4. And was able to see im the only one who logged in, thankfuly.

Id just liked to know how i can clear the reg file from the application, if anyone know how to do that it would be really helpful!
Click to expand...
Try deleting C:\Users\Username\AppData\Local\Sony Corporation\PS4 Remote Play\ files.
 
P

Persona7

Banned
ThoughtsOfSpeaking said:
People I cannot keep stressing this enough. Use different email addresses and passwords for every site you can.

Chose a main account that all you emails get forwarded to (and never give that address to anyone) and everytime you sign up to anything, make up a new addy and password.

It takes 5 minutes and its the best protection you can have. Even if your password is compromised, it can only be used on that website. Likewise, if hackers have your email and try to hack your shit via social enginnering they wont get far because that email is only used in one place.

You dont even need to open new accounts. Most webmail providers have some form of alias function.
Click to expand...

I do this. My login/main email is one thing that is never entered anywhere besides my email login page and then I use two alias emails for my accounts.
 
P

Ponn

Banned
DoctorWho said:
Just received a password change email from Sony.

I think it's legit.
Click to expand...

Could be whoever was using your account trying to get back in it and that would send an email to you automatically about it. You said you changed the password earlier right? Deactivating the systems doesn't reset passwords.
 
The Elite

The Elite

BOSS
Ponn01 said:
Could be whoever was using your account trying to get back in it. You said you changed the password earlier right? Deactivating the systems doesn't reset passwords.
Click to expand...

Verified that it was legit and it changed my password on the site.

Then I changed it again just to be safe.
 
HF2014

HF2014

Member
RhyDin said:
Try deleting C:\Users\Username\AppData\Local\Sony Corporation\PS4 Remote Play\ files.
Click to expand...
Just installed Windows 10, and dont find it...well, iv install back the program, wrote a random email and a random password, got an error, and now it seem the one that is saved.

This seem to work, but i really love to know how to clear everything.
 
P

Ponn

Banned
DoctorWho said:
Verified that it was legit and it changed my password on the site.
Click to expand...

Yea its ok for you to do it and as long at the person isn't ghosting your computer its fine. What I meant was if you didn't initiate the password reset email yourself it could be the other person trying to get back into your account after finding out you reset the password earlier.
 
The Elite

The Elite

BOSS
Ponn01 said:
Yea its ok for you to do it and as long at the person isn't ghosting your computer its fine. What I meant was if you didn't initiate the password reset email yourself it could be the other person trying to get back into your account after finding out you reset the password earlier.
Click to expand...

That was my theory. However, emails of that nature usually state that they have been generated or requested. This one did not.
 
R

RhyDin

Member
HF2014 said:
Just installed Windows 10, and dont find it...well, iv install back the program, wrote a random email and a random password, got an error, and now it seem the one that is saved.

This seem to work, but i really love to know how to clear everything.
Click to expand...

It's a hidden folder. Open a run prompt (hold Windows key and press R) and type %appdata% to get there easily. Then you can click the folders at the top to go up a directory, if needed.
 
HF2014

HF2014

Member
DoctorWho said:
Remote Play isn't the problem though. It's the fact that my password was compromised.
Click to expand...

Yeah, i understand. Im just not extremely familiar with this and just leaving my email from my account into my pc even if the program is uninstalled freak me out.

But i thiink remote play could be at fault. You log your information into the program. Anyway, i uninstalled it. I even think im going to change my password just to make sure.

I am no longer ever using remove play with my pc...no way.
 
O

Obliterator

Member
Hey quick question, I'm trying to activate my current PS4 as my primary system but when I go to the website and click to deactivate it just takes me to a page that says I have to do it from the system. Well I can't as I sold my old one.

I also have never deactivated a PS4 before. Does this mean I've been hacked like the OP?

Edit - never mind figured it out
 
R

RhyDin

Member
HF2014 said:
But i thiink remote play could be at fault. You log your information into the program.
Click to expand...

It isn't. It just sends the login information to Sony and finds what PS4 has your account tied to it, it's no different than logging into the Sony website.
 
HF2014

HF2014

Member
RhyDin said:
It isn't. It just sends the login information to Sony and finds what PS4 has your account tied to it, it's no different than logging into the Sony website.
Click to expand...

OP could have been hack from web site or maybe this program. Well im no professional in the topic to understand it all, but im not taking any chance with this program.
 
You must log in or register to reply here.

Similar threads

Sony Makes Changes To PSN Backend To Pave Way For Future PC/PS5 Cross-Platform Releases
News Business Platform 2
60
4K
DenchDeckard replied
Signing into PSN account on another console?
2
432
Northeastmonk replied
MY PS4 Pro died after a thunderstorm, so help me find a media center.
43
2K
Happosai replied
PSN has come a long way
Opinion 2
58
4K
SkylineRKR replied
  • Poll
18 months after launch, how many PSN Premium Classics have you actually played?
Opinion 2
67
3K
Bartski replied
Top Bottom