Support NeoGAF

[Tragicomedy]

I fired up my Vita for the first time tonight in a few months and updated to firmware 3.0. I left the system plugged into my computer to charge while I proceeded to work on a few other things.

When I checked my email a couple of hours later, I had three separate notices from Sony that $50 transactions had been added to my wallet, for a total of $150. All three emails have the exact same time stamp, so the assumption is that they all happened at the same time. I immediately removed my credit card from the account, changed my password, and added a pin. I don't have any viruses or keyloggers on my PC, and use randomized passwords for every account I have.

I tried to call Sony's customer support, but they're not around at this hour of the night. Some amateur searching did turn up three separate threads on the Sony forums all detailing the exact same event.

Thread #1.
Thread #2.
Thread #3.

The commonality is all three had 3 x $50 transactions added to their wallet. If you read the threads, many of the replies complain of the same thing happening to them. There are some unconfirmed rumors that it may deal with FIFA, but I don't even have that game.

Has this happened to anyone else? Why haven't I heard or read anything about PSN being hacked? What the heck is going on here? I'm calling Sony first thing in the morning and if they don't fix this I'll have my bank cancel the charges for fraudulent activity.

 

[Dukey]

I'd guess phishing is more likely.

 

[Abounder]

For what it's worth PSN also reset some users passwords without warning about it earlier in the week after a security scare

http://www.videogamer.com/news/sony_resets_psn_passwords_following_security_scare.html

 

[panty]

Really doubt it's hacked

 

[Jamix012]

For what it's worth PSN also reset some users passwords without warning about it earlier in the week

http://www.videogamer.com/news/sony_resets_psn_passwords_following_security_scare.html

This makes me thing there's something going on...even if it's just a small-scale phishing "scandal"

 

[DonMigs85]

So was your card actually charged?

 

[Minions]

My first question would be if you have only logged on PSN through the PS3/4, or have you logged in to your account through the website.... greatness exchange or otherwise? Have you used your same email and/or password on other websites or is the password unique to only PSN?

In almost all cases I've seen;

1) a Keylogger was installed and the person logged into their email or Sony's website/store with their account information.
2) Someone had their forum account, website account etc. compromised and the people used the same information to log into the Playstation network.

 

[SRTtoZ]

Sounds more like someone got your info somehow. I don't think this has anything to do with PSN.

 

[Brad Grenz]

My first question would be if you have only logged on PSN through the PS3/4, or have you logged in to your account through the website.... greatness exchange or otherwise? Have you used your same email and/or password on other websites or is the password unique to only PSN?

In almost all cases I've seen;

1) a Keylogger was installed and the person logged into their email or Sony's website/store with their account information.
2) Someone had their forum account, website account etc. compromised and the people used the same information to log into the Playstation network.

Yeah, and with the Adobe hack recently there are a lot of passwords people can be checking against other services right now.

 

[Orca]

Happened to a bunch of people in that one thread. Might be some automated error. Doesn't seem like something a hacker would bother to do since it doesn't seem to be monetized from their end.

Edit - seems like I was wrong. People on page two saying the money was used for FIFA packs.

 

[bbtankc]

If it were a hack, it is a pretty weird one. Nothing was actually stolen, since the 150 just went to your psn account.

 

[ThoughtsOfSpeaking]

How anyone can make a EA account thats remotely related in any shape or form to their PSN account or Play FIFA on an PSN/XBL ID that has credit card details on it is truly beyond me.

This has been happening for years now. Sony and Microsoft are clearly at fault too, but something is unsavoury about EAs system that allows this to keep happening.

Never link an Origin id to your PSN name with the same name, email address or even address/DOB.

And dont play fifa on anything but a sub account with parental controls.

 

[dragonbane]

Wasn't there something with FIFA? I remember hearing about this.

 

[Dukey]

If it were a hack, it is a pretty weird one. Nothing was actually stolen, since the 150 just went to your psn account.

It's consistent with the FIFA hack if it's true. But he caught it before they could continue.

 

[PirateKing]

I thought I was the only one. I couldn't log into my account and had to immediately change my password from my email and PS3 account. I'm quite sure I was hacked. There was no way my password changed by itself.

 

[Ocelott]

I just deleted my Card off my Account...Since amazon is doing the digital store now i just will buy through them

 

[Terrordactyl]

I just deleted my Card off my Account...Since amazon is doing the digital store now i just will buy through them

Good plan, I'll do the same. I fell victim to the FIFA hack twice on 360, not gonna let it happen again.

 

[panty]

How anyone can make a EA account thats remotely related in any shape or form to their PSN account or Play FIFA on an PSN/XBL ID that has credit card details on it is truly beyond me.

This has been happening for years now. Sony and Microsoft are clearly at fault too, but something is unsavoury about EAs system that allows this to keep happening.

Never link an Origin id to your PSN name with the same name, email address or even address/DOB.

And dont play fifa on anything but a sub account with parental controls.

I have had my origin linked with my PSN account since the beginning and I've played Fifa since 2010.

Nothing has happened.

 

[Tragicomedy]

I'd guess phishing is more likely.

I run updated versions of the latest virus, trojan, and keylogger detection/removal programs. I've never once had an issue with this. I use randomized passwords on everything. Why has nothing else been compromised?

This makes me thing there's something going on...even if it's just a small-scale phishing "scandal"

By my count, somewhere between 12-15 people on the forums (spread out over those three threads) are complaining about it. Odd in light of the recent password reset requests...hmmmm.

So was your card actually charged?

Aye. I confirmed on my bank's website that I was charged 3 x $50. I use USAA and they're superb at dealing with garbage like this. If Sony won't fix this immediately tomorrow morning, I'll have the bank suspend the charges. If that results in my card or account being placed in Sony limbo, oh well.

My first question would be if you have only logged on PSN through the PS3/4, or have you logged in to your account through the website.... greatness exchange or otherwise? Have you used your same email and/or password on other websites or is the password unique to only PSN?

Every password is unique. I literally fired up my Vita for the first time in about three months tonight, maybe a bit longer. I updated the software to 3.00 firmware, and then logged into the store (on my PC) to see if anything caught my interest. I logged off and left the Vita charging via USB. It wasn't until about two hours later when I returned and checked my email that I noticed the charges.

Sounds more like someone got your info somehow. I don't think this has anything to do with PSN.

So since 19 November someone has gotten the information from a dozen+ people on PSN and done identical 3 x $50 charges to their accounts? Why has none of my other banking information or any other accounts been compromised. If someone wanted to take financial advantage of me with a keylogger (which I've confirmed I don't have), there are a lot more lucrative things out there than adding money to my PSN wallet.

For the record, the $150 is still sitting in my wallet. I added a pin requirement and changed my password to another completely randomized alphanumeric + symbols setup, so at least they didn't drain the cash they charged to my card. Yet.

 

[Orca]

If it were a hack, it is a pretty weird one. Nothing was actually stolen, since the 150 just went to your psn account.

They log in to your account on their PS3, buy FIFA packs with your money and then send them to their own account. They could have gotten the info from any of the recent forum hacks, that's why people should never use the same email and password combo for multiple sites or services.

 

[antonz]

The timing right after Sony reset some passwords because of a scare does seem to suggest that perhaps Sony was compromised again. Would think they would have learned after the first PSN hack not to play games with notifying people.

 

[panty]

I run updated versions of the latest virus, trojan, and keylogger detection/removal programs. I've never once had an issue with this. I use randomized passwords on everything. Why has nothing else been compromised?



By my count, somewhere between 12-15 people on the forums (spread out over those three threads) are complaining about it. Odd in light of the recent password reset requests...hmmmm.



Aye. I confirmed on my bank's website that I was charged 3 x $50. I use USAA and they're superb at dealing with garbage like this. If Sony won't fix this immediately tomorrow morning, I'll have the bank suspend the charges. If that results in my card or account being placed in Sony limbo, oh well.



Every password is unique. I literally fired up my Vita for the first time in about three months tonight, maybe a bit longer. I updated the software to 3.00 firmware, and then logged into the store (on my PC) to see if anything caught my interest. I logged off and left the Vita charging via USB. It wasn't until about two hours later when I returned and checked my email that I noticed the charges.



So since 19 November someone has gotten the information from a dozen+ people on PSN and done identical 3 x $50 charges to their accounts? Why has none of my other banking information or any other accounts been compromised. If someone wanted to take financial advantage of me with a keylogger (which I've confirmed I don't have), there are a lot more lucrative things out there than adding money to my PSN wallet.

For the record, the $150 is still sitting in my wallet. I added a pin requirement and changed my password to another completely randomized alphanumeric + symbols setup, so at least they didn't drain the cash they charged to my card. Yet.

Just try to figure things out before you issue a charge back or your account will be banned.

Reversal of Charges
A console or account may be banned due to having a credit card charge reversed or "charge back" resulting in debt. A charge back can include credit card theft, identity theft, or non-approved use.

 

[Mask]

Deleted my billing information and changed my password for good measure. Better safe than sorry, even if it was just an error. Nothing happened to my account though.

 

[Jedi2016]

Why is it always FIFA?

 

[Gusto]

I'm surprised OP doesn't read

Kotaku: Sony Playstation Network hacked!

 

[ThoughtsOfSpeaking]

I have had my origin linked with my PSN account since the beginning and I've played Fifa since 2010.

Nothing has happened.

Well, clearly there are other compromises along the line, but with these stories the consisitant thing always seems to involve origin accounts and Fifa.

But I could be wrong. In anycase 0P, thanks for the heads up. Im changing my account details again.

 

[Orca]

Why is it always FIFA?

Easiest way to monetize it. They get the cards or coins or whatever the hell it is, transfer it to their account, then they can sell them to other people.

 

[Yagharek]

Just try to figure things out before you issue a charge back or your account will be banned.

Reversal of Charges
A console or account may be banned due to having a credit card charge reversed or "charge back" resulting in debt. A charge back can include credit card theft, identity theft, or non-approved use.

This is so scummy if people get banned for protecting themselves from fraud.

 

[StoopKid]

Talk about jumping to conclusion.

 

[panty]

This is so scummy if people get banned for protecting themselves from fraud.

Why not just let the bank do their job and return the money to you rather you go and issue a charge back.

 

[Rootbeer]

I just changed my Sony PW the day of the PS4 launch. It's a unique PW I don't use anywhere else. If I start getting weird charges, the only explanation is a hack against them. While I'd never totally rule out a virus on my PC, it's probably the least likely thing to ever happen. I'm very informed about system security and haven't had one since I was a little kid.

All my accounts have protection against fraud so I'm not worried about losing money. Just losing my sanity and trust in Sony... again.

 

[Tragicomedy]

It's consistent with the FIFA hack if it's true. But he caught it before they could continue.

I take it I don't have to own or play FIFA for this to matter? Last FIFA I played was '13 on the PC. Never played on a console or handheld, haven't linked anything between Origin and PSN. Is that relevant?

I just deleted my Card off my Account...Since amazon is doing the digital store now i just will buy through them

Good plan, I'll do the same. I fell victim to the FIFA hack twice on 360, not gonna let it happen again.

Smart plan. I'd honestly forgotten I even had that card linked to the account. As I said, I haven't touched the Vita much at all, and my PS3 is sitting in storage in a closet. I think tonight was my first interaction with the PSN in a quarter.

They log in to your account on their PS3, buy FIFA packs with your money and then send them to their own account. They could have gotten the info from any of the recent forum hacks, that's why people should never use the same email and password combo for multiple sites or services.

Agree, which is why all my passwords are unique. I have 78 unique, randomized passwords that have zero in common with one another. Nothing else has been touched.

The timing right after Sony reset some passwords because of a scare does seem to suggest that perhaps Sony was compromised again. Would think they would have learned after the first PSN hack not to play games with notifying people.

It sounds incredibly shady to me, which is why I started this thread. Is this something minor-scale or the tip of an iceberg with a lot of other people's accounts soon to be compromised? Sony doesn't seem to have addressed this much. The one rep on the threads I posted was quite flippant about it.

 

[Yagharek]

Why not just let the bank do their job and return the money to you rather you go and issue a charge back.

The fraudulent activities took place on psn. The money doesn't belong there if Sony and EA cant secure it.

 

[KissVibes]

Sony didn't get hacked again. The people who've had issues are probably either jumping on the bandwagon to get negative PR for Sony again or have let their accounts get compromised from their own idiocy such as reusing passwords.

Sony wouldn't get hacked again after the last time and they wont ever be. This isn't Microsoft or EA we're talking about here.

 

[MrBambinoDent]

Talk about jumping to conclusion.

This!!!!

 

[panty]

I agree, this is jumping to conclusion.

The fraudulent activities took place on psn. The money doesn't belong there if Sony and EA cant secure it.

So when the harm is already done you'd still issue a charge back and would be okay to get your account banned rather than wait for the bank to fix the situation?

 

[Derrick01]

The other day I tried to sign on to the website and was prompted with a warning that it was redirecting to some server and it could be malicious. My friend was getting it too so it wasn't just me. Something weird's going on over there. This was in the US by the way.

 

[bbtankc]

It seems to me the weak link in the chain of events was the logging in to psn from the pc.

 

[panty]

The other day I tried to sign on to the website and was prompted with a warning that it was redirecting to some server and it could be malicious. My friend was getting it too so it wasn't just me. Something weird's going on over there. This was in the US by the way.

Sounds like phishing websites.

 

[Tragicomedy]

I'm surprised OP doesn't read

Kotaku: Sony Playstation Network hacked!

Talk about jumping to conclusion.

Asking a question on a forum of fellow gamers with a large sample size of PSN users != jumping to conclusions. Thanks for playing!

This is so scummy if people get banned for protecting themselves from fraud.

I'll definitely give them the opportunity to make things right first. Fortunately, I caught this "in progress" and the full $150 is showing up on my account still. That's the silver lining here. I'd be ecstatic to "give" them this money back. Why the hell would I want $150 sitting on the Sony store?

One surprise is my bank didn't immediately flag this as suspicious. In the past, when transactions of this size happened back to back in quick succession, they usually called me to verify I had authorized the charges.

Sony didn't get hacked again. The people who've had issues are probably either jumping on the bandwagon to get negative PR for Sony again or have let their accounts get compromised from their own idiocy such as reusing passwords.

Sony wouldn't get hacked again after the last time and they wont ever be. This isn't Microsoft or EA we're talking about here.

Negative PR for Sony? WTF are you talking about? I don't give a damn about any of the console manufacturers. Bandwagon? Implying I'm an idiot? Class act, bud.

I'm fairly certain ANYONE who has $150 in unauthorized charges added to their account has the right to be peeved about it. Take your console war mindset to another thread, if you please.

 

[Yagharek]

I agree, this is jumping to conclusion.



So when the harm is already done you'd still issue a charge back and would be okay to get your account banned rather than wait for the bank to fix the situation?

I'm saying you shouldn't be banned for doing chargeback especially when Sony has form for not refunding people who are victims of psn account hacks. Why should Sony profit from fraudulent activities on their network?

 

[Tragicomedy]

The other day I tried to sign on to the website and was prompted with a warning that it was redirecting to some server and it could be malicious. My friend was getting it too so it wasn't just me. Something weird's going on over there. This was in the US by the way.

Didn't pop up for me, and everything about the URL and website was the usual. I'm US, too.

It seems to me the weak link in the chain of events was the logging in to psn from the pc.

Potentially. Don't people log into that site all the time? This wasn't my first time on Sony's site. It's the easiest way to add the free monthly games to your PS+ account.

 

[SPACECADET]

hacked or not, i'm not putting my credit card on a console ever again as long as i can just buy points codes.

 

[statham]

hacked or not, i'm not putting my credit card on a console ever again as long as i can just buy points codes.

same, I went through the first psn hack thing and other Xbox related things, Its paypal or prebought cards for me.

 

[Tragicomedy]

I'm saying you shouldn't be banned for doing chargeback especially when Sony has form for not refunding people who are victims of psn account hacks. Why should Sony profit from fraudulent activities on their network?

From one of the threads I posted, a guy wrote:

"I called Sony and they told me " alright something strange happend in your account, and I'm sorry to outright tell you this but we won't reimburse it" and that the transactions were done from the internet ( kinda obvious since nobody broke into my house). Then he hilariously adviced me to keep the money anyways since maybe I'm going to spend it. Sorry to say this, but I'm already suspecting something fishy here from our beloved company. I told them I wanted to contest and they warned me they will close my PS3 account, losing all my previous purchases and progress since I'm doing a payback."

So basically, they told him to take a hike and leave the money on his account since he could spend it in the future. LOL, take a hike. I can be very persuasive on the phone, so tomorrow morning should prove interesting. If they refuse the refund, they don't deserve my future business anyway. I'll file a complaint with the BBB and see if that changes their tune (usually does). If not, bye bye PSN account with Plus subscription.

hacked or not, i'm not putting my credit card on a console ever again as long as i can just buy points codes.

That's a wise decision. My foolishness was having a credit card linked to my PSN account in the first place. Bah.

 

[immortal-joe]

Yeah this smells a phishing attempt to buy those UT packs on Fifa.

OP, did you access the online store via PC recently? That may be where your info was stolen.

 

[IdreamofHIME]

They made me change my PSN/SEN passworkd last week, support on their forums said it was due to a detected breach in security.

Never actually told me they reset my password though, I just went to log in and was told that my password was wrong. I actually thought I had been hacked.

 

[DeaconKnowledge]

Really doubt it's hacked

....again.

 

[boohowc]

surprised there are still people who have their credit cards saved. the security far outweighs the minor inconvenience of having to enter that information when i want to purchase something.

 

[rrs]

Smells like the usual FIFA pack buy then run group that terrorized PSN and XBL for the last few years.

Both services can't seem to do a damn thing to stop it either.