Support NeoGAF

HT UK · Apr 9, 2015

Hey everyone,

I'm just looking for some advice.

My brothers PSN account has been hacked recently, and they've spent £304.25 ($447.26) on PSN using his debit card. This was done across 15 different transactions. They also have added various PS+ freebies to the account.

Sony have been useless so far, claiming that this was all done using my brother's own console. This is incorrect. Whoever hacked the account has used the PSN website to deactivate all PlayStation devices (this can only be done once every 6 months). This deactivated my brothers console as the primary, allowing the thief to activate their own console as the primary one for the account. This allowed them to play all these purchased games using their own profile.

We've removed the debit card from the account, and changed both the password and security question. We've also enabled the option that forces the password to be required at checkout. Why PSN doesn't have 2-step verification yet is beyond me. However, we cannot actually deactivate the hackers console, as this must be done from the console itself and we can't use the website to deactivate as it's already been used by the hacker.

Not only have Sony claimed this was all purchased using my brother's console, but they've stated that if my brother does get a refund, it'd only be in PSN credit. Which is such bullshit.

Has anyone else experienced this before? And perhaps have any advice on what we could do next?

This has made me remove my card from my own profile, until they add extra security to PSN profiles.

Relix · Apr 9, 2015

I've gone mostly digital these days but stuff like this scares me a bit. My PSN password is unique and secure but there's something seriously wrong if accounts are hacked left and right.

Furthermore... 2 Step Verification isn't hard to implement. They are just lazy at this point.

BibiMaghoo · Apr 9, 2015

If the money is more important than the account, do a chargeback,

The account will be banned, brother gets his money back, hacker has no games.

Zomba13 · Apr 9, 2015

Don't bother with Sony Customer Support. File a charge back with the bank and kiss the PSN account good bye.

Guymelef · Apr 9, 2015

Recurrent post:

-FIFA?
-Sony should active two step verification!!!
-etc...

Stevey · Apr 9, 2015

I know this is too late, but you should never save payment details online

Meus Renaissance · Apr 9, 2015

BibiMaghoo said:
If the money is more important than the account, do a chargeback,

The account will be banned, brother gets his money back, hacker has no games.

I'm assuming this was done with a debit card. Credit Cards are not as common for regular transactions in the UK as they are in the US

bananafactory · Apr 9, 2015

BibiMaghoo said:
If the money is more important than the account, do a chargeback,

The account will be banned, brother gets his money back, hacker has no games.

Depends how many digitally purchased games are tied to the account....

liquidtmd · Apr 9, 2015

Meus Renaissance said:
I'm assuming this was done with a debit card

It says in the OP it was done with a debit card

Zomba13 · Apr 9, 2015

Meus Renaissance said:
I'm assuming this was done with a debit card. Credit Cards are not as common for regular transactions in the UK as they are in the US

Can still file charge backs with debit cards. I don't have a credit card, only a debit, called the bank up and explained and they sorted it for me quickly.

HT UK · Apr 9, 2015

Thanks guys. I'll suggest he call the bank and do a charge back.

He hasn't made many PSN purchases himself, so I think he'd rather lose those and get his cash back.

yatesl · Apr 9, 2015

We seem to get this topic every fortnight.

It's a disgrace, really.

Avatar1 · Apr 9, 2015

How in the world does someone get their account hacked? Can someone explain this to me?

Mauricio_Magus · Apr 9, 2015

HT UK said:
Thanks guys. I'll suggest he call the bank and do a charge back.

He hasn't made many PSN purchases himself, so I think he'd rather lose those and get his cash back.

Well, he did the right choice.

If your bro ever buys shit from PSN again, just buy digital cards from amazon, I trust amazon 100000 times more.

BlackLagoon · Apr 9, 2015

There have been plenty of topics like these before, and sadly, without media attention you'll be lucky to just to get any refunds.

One thing you might be able to do is prove your brother's ownership of the account and get the hacker's console deactivated using the serial number of the console the account was created on (which hopefully will be the one he has currently). IIRC, that has been something they've asked about in past cases, and has helped establish you as the original creator of the account.

YianGaruga · Apr 9, 2015

Avatar1 said:
How in the world does someone get their account hacked? Can someone explain this to me?

Getting an account "hacked" usually means the attackers figured out the password somehow (malware, phishing, leak of other site with the same PW).

Shining Sunshine · Apr 9, 2015

Avatar1 said:
How in the world does someone get their account hacked? Can someone explain this to me?

PlayStation has a web store.

Instant hackable, unfortunately, for the sake of convenience.

And I don't mean they hack the PlayStation Store, they put malware in your PC and log your keystrokes when you log into the web store.

Fisty · Apr 9, 2015

Mauricio_Magus said:
Well, he did the right choice.

If your bro ever buys shit from PSN again, just buy digital cards from amazon, I trust amazon 100000 times more.

Lol you would be surprised who owns the servers Sony uses

BibiMaghoo · Apr 9, 2015

Meus Renaissance said:
I'm assuming this was done with a debit card. Credit Cards are not as common for regular transactions in the UK as they are in the US

It doesn't matter what type of card it is, only that it wasn't actually his fault, that he acted with reasonable care. They should certainly sort it out.

pastrami · Apr 9, 2015

Avatar1 said:
How in the world does someone get their account hacked? Can someone explain this to me?

Plenty of ways. Social engineering, hacked websites and people sharing passwords across different sites, viruses/keyloggers, phishing schemes, etc.

Mauricio_Magus · Apr 9, 2015

Fisty said:
Lol you would be surprised who owns the servers Sony uses

The point is, in the past I've had problems with amazon, and they ALWAYS help me out, almost no questions asked I just get what I want.

Everytime a Sony thread comes out it sounds like a nightmare.

Bsigg12 · Apr 9, 2015

Is it possible to connect to a PS4 with remote play on a Vita/phone with just the PSN account? I don't know how the Remote Play works so I'm wondering if that's how all the purchases are from the system.

xenorevlis · Apr 9, 2015

Avatar1 said:
How in the world does someone get their account hacked? Can someone explain this to me?

It's not. It's what people these days call a hack, be it someone having their info or leaving your Facebook logged in and someone posting a derogatory or silly comment without it actually being you. Basically, the brother either gave away the information to someone or entered it into a website thinking it was legitimate and someone then used those credentials to do this.

However, if Sony claims it was the brother doing it, you need to verify that no system deactivation and primary activation took place. If it didn't, then the brother could be behind this "accident", but more than likely it was what the OP mentioned and Sony's support was too lazy to look at the activity log further than just the transactions.

Bsigg12 said:
Is it possible to connect to a PS4 with remote play on a Vita/phone with just the PSN account? I don't know how the Remote Play works so I'm wondering if that's how all the purchases are from the system.

With the exception of Spotify over wi-fi, any phone or Vita that you plan to do remote play with needs to be registered with the console itself (by adding it via a unique number that shows up when you manage devices on the PS4).

Visualante2 · Apr 9, 2015

First thing is to not panic about the PSN credit, that is a case of them reading from a script. I would suggest you consult the Citizens Advice page for consumer protection. Put it in writing and send it recorded to Sony UK. Key thing is to explain what went wrong, why you are unhappy with their response and how they can rectify it.

HT UK said:
Thanks guys. I'll suggest he call the bank and do a charge back.

He hasn't made many PSN purchases himself, so I think he'd rather lose those and get his cash back.

Don't jump to conclusions. It is possible the bank can investigate where the purchase was made from and then you have some ammunition against Sony to say, I was not there at this time.

Gemüsepizza · Apr 9, 2015

Avatar1 said:
How in the world does someone get their account hacked? Can someone explain this to me?

The account was not "hacked". This guy either used a weak password or did not secure his computer sufficiently. Of course he wants to deflect from this by babbling something about two-factor-authentication or about anti-consumer blah, but the reality is, someone who is using a weak password or is not capable of securing his computer, would probably also not activate two-factor-authentication. It's his fault. And smh at the usual "omg I immediately deleted my cc info from my account". Don't use shitty passwords, and you won't get "hacked".

Coolbgdog12 · Apr 9, 2015

I saw a random $50 transaction on my debit card linked to my account On PSN. Sony didn't do anything But tell me It's nothing purchased on my account. I called my bank and they will investigate. They credited me the money back.

Zomba13 · Apr 9, 2015

Gemüsepizza;159504436 said:
The account was not "hacked". This guy either used a weak password or did not secure his computer sufficiently. Of course he wants to deflect from this by babbling something about two-factor-authentication or about anti-consumer blah, but the reality is, someone who is using a weak password or is not capable of securing his computer, would probably also not activate two-factor-authentication. It's his fault. And smh at the usual "omg I immediately deleted my cc info from my account". Don't use shitty passwords, and you won't get "hacked".

No. It's the fault of whoever gained unauthorised access to the account and bought a bunch of shit. Stop with the victim blaming bullshit.

Terbinator · Apr 9, 2015

Gemüsepizza;159504436 said:
The account was not "hacked". This guy either used a weak password or did not secure his computer sufficiently. Of course he wants to deflect from this by babbling something about two-factor-authentication or about anti-consumer blah, but the reality is, someone who is using a weak password or is not capable of securing his computer, would probably also not activate two-factor-authentication. It's his fault. And smh at the usual "omg I immediately deleted my cc info from my account". Don't use shitty passwords, and you won't get "hacked".

Stop talking utter bollocks. He could have the most serial of passwords in the world and it wouldn't change a thinf if it had been obtained by a malicious wat.

It doesn't help with Sony's spotty security history and refusal to add or force something as simple as 2-step and to top it off they have this arse wipe chargeback policy.

Gemüsepizza · Apr 9, 2015

Zomba13 said:
No. It's the fault of whoever gained unauthorised access to the account and bought a bunch of shit. Stop with the victim blaming bullshit.

It is his responsibility to secure his account. Obviously he did not do that. So Sony is completely right when they deny him any extra compensation. The way the OP is worded, it sounds like he blames Sony. But it's pretty clear that they are *not* at fault, because otherwise we would have countless more reports about lost accounts. So who is the one who is blaming shit on others?

LonelyGreyWolf · Apr 9, 2015

"Hacked".

Definitely the wrong word, but in either case, this kind of theft sucks. Depending on what country you live in, you can take legal action. If you're in northern Europe, getting your money back should be easy. There are laws that protect you against this kind of thing, so long as you report it within ~10 days.

Stevey said:
I know this is too late, but you should never save payment details online

I disagree. Saving your payment details online shouldn't be an issue, so long as it is behind a password or some kind of authentication (a PSN debit card is behind a password). Not having to enter your info every time you make a purchase is one of the conveniences of modern internet.

Gemüsepizza;159506443 said:
It is his responsibility to secure his account. Obviously he did not do that. So Sony is completely right when they deny him any extra compensation. The way the OP is worded, it sounds like he blames Sony. But it's pretty clear that they are *not* at fault, because otherwise we would have countless more reports about lost accounts. So who is the one who is blaming shit on others?

Harsh, but there's definitely truth behind this.

mackattk · Apr 9, 2015

Gemüsepizza;159506443 said:
It is his responsibility to secure his account. Obviously he did not do that. So Sony is completely right when they deny him any extra compensation. The way the OP is worded, it sounds like he blames Sony. But it's pretty clear that they are *not* at fault, because otherwise we would have countless more reports about lost accounts. So who is the one who is blaming shit on others?

He blames Sony for not helping out, not for the hack, or exploit, or whatever method the attacker used to get the password.

KennyLinder · Apr 9, 2015

PSN is so fucking dodgy, my friend went to remote-play his PS4 from Vita the other day and it connected to some random Russian player who was playing BloodBorne. My friend doesn't even own the game! He's checked his credit card and nothing has happened, but how the fuck would that even happen!!?

Anyway, contact your credit card company and they'll refund you the money.

Gemüsepizza · Apr 9, 2015

Terbinator said:
Stop talking utter bollocks. He could have the most serial of passwords in the world and it wouldn't change a thinf if it had been obtained by a malicious wat.

It doesn't help with Sony's spotty security history and refusal to add or force something as simple as 2-step and to top it off they have this arse wipe chargeback policy.

If you secure your computer correctly and don't click on "scarlettjohanssonnude.jpg.exe", your password will not get stolen. And like I said, two-factor-authentication is useless, when he does not activate it. And usually, people who get their passwords stolen, would not activate it. I don't get how Sony is to be blamed here.

mackattk said:
He blames Sony for not helping out, not for the hack, or exploit, or whatever method the attacker used to get the password.

But the phrase "PSN account hacked" implies exactly that.

herod · Apr 9, 2015

Gemüsepizza;159506443 said:
It is his responsibility to secure his account. Obviously he did not do that. So Sony is completely right when they deny him any extra compensation. The way the OP is worded, it sounds like he blames Sony. But it's pretty clear that they are *not* at fault, because otherwise we would have countless more reports about lost accounts. So who is the one who is blaming shit on others?

sycophancy at its most sickening

Terbinator · Apr 9, 2015

Gemüsepizza;159507028 said:
If you secure your computer correctly and don't click on "scarlettjohanssonnude.jpg.exe", your password will not get stolen.

This is a company who had a months long security breach. They aren't to be blindly trusted and are out of the control of the user.

Gemüsepizza;159507028 said:
And like I said, two-factor-authentication is useless, when he does not activate it.

And like I said: force it - like MS does on the 360.

Gemüsepizza;159507028 said:
I don't get how you Sony is here to be blamed.

No one is blaming Sony for it (although seen as you're so caught up on password strength maybe they are to blame somewhat). What people are moaning about is their unecessarily shit security and refund policies.

JaseC · Apr 9, 2015

Gemüsepizza;159507028 said:
If you secure your computer correctly and don't click on "scarlettjohanssonnude.jpg.exe", your password will not get stolen. And like I said, two-factor-authentication is useless, when he does not activate it. And usually, people who get their passwords stolen, would not activate it. I don't get how you Sony is here to be blamed.

Even assuming the OP's password was "password123" there is no excuse for Sony not having implemented two-factor authentication, especially after the 2011 security breach. Waving it away with "Oh, but the OP wouldn't have activated it, anyway!" is patently ridiculous. It is a very serious flaw that needs to be resolved sooner rather than later.

That you're seeing this situation in black and white and unwaveringly siding with Sony suggests an emotional attachment that's interfering with common sense -- Sony is at fault for not offering TFA, but if a weak password or compromised computer lead to this situation then the OP also has himself to blame.

petran79 · Apr 9, 2015

at least Blizzard cancels all debit card transactions if your password is hacked.
though I am surprised they didnt use separate or even fake credit cards for better security on their part

MMaRsu · Apr 9, 2015

Thank god I dont have any cards whatsoever associated with my account, only buy using point cards from shops.

Big_Al · Apr 9, 2015

Ah I see the Sony defenders have already jumped onboard victim blaming already, never fails to amuse me considering how fucking shit Sonys account security and customer service is.

Gemüsepizza · Apr 9, 2015

Terbinator said:
This is a company who had a months long security breach. They aren't to be blindly trusted and are out of the control of the user.

A single report is not enough to make me not trust them suddenly.

And like I said: force it - like MS does on the 360.

Forcing it is usually a bad decision, because you would exclude people from your services. That's why basically all big companies won't do it.

No one is blaming Sony for it (although seen as you're so caught up on password strength maybe they are to blame somewhat). What people are moaning about is their shit security and refund policies.

He does in a way. And security is a bit more complex, like I pointed out.

JaseC said:
Even assuming the OP's password was "password123" there is no excuse for Sony not having implemented two-factor authentication, especially after the 2011 security breach. Waving it away with "Oh, but the OP wouldn't have activated it, anyway!" is patently ridiculous. It is a very serious flaw that needs to be resolved sooner rather than later.

it is not "patently ridiculous". It is just the truth.

Big_Al said:
Ah I see the Sony defenders have already jumped onboard victim blaming already, never fails to amuse me considering how fucking shit Sonys account security and customer service is.

Sony's account security is sufficient. OP's security isn't. I am not a "Sony defender". I am just applying common sense here.

JaseC · Apr 9, 2015

Gemüsepizza;159508741 said:
it is not "patently ridiculous". It is just the truth.

No, it's a baseless assumption. And since you missed my edit:

JaseC said:
That you're seeing this situation in black and white and unwaveringly siding with Sony suggests an emotional attachment that's interfering with common sense -- Sony is at fault for not offering TFA, but if a weak password or compromised computer lead to this situation then the OP also has himself to blame.

You've yet to present a convincing case as to why Sony not offering two-factor authentication is acceptable when Microsoft, Valve, Blizzard, EA and god-knows-who-else do.

Bsigg12 · Apr 9, 2015

xenorevlis said:
With the exception of Spotify over wi-fi, any phone or Vita that you plan to do remote play with needs to be registered with the console itself (by adding it via a unique number that shows up when you manage devices on the PS4).

Oh OK. I don't have a Vita so I've never tried. Thanks for clearing that up.

I think it comes down to 2 things, social engineering to get the password from Sony or he had an extremely basic password. Either way Sony is lacking security measures which seems insane after everything they've been through.

Almighty · Apr 9, 2015

While I am confident that my long randomly generated password is secure stuff like this is why I don't keep my credit/debit card info stored at most places anymore. Sony definitely needs to get off their ass and add 2FA already.

JP · Apr 9, 2015

It's a shame that this has happened to someone and I'm sure that we're going to get the same posts as we always do whenever people on here are "hacked" and we'll still get posts like this every few weeks.

Sony should definitely have two-factor authentication BUT irrelevant of that, nobody should be saving their card details with an online retailer. Even when a company does more than what is required of them legally, it means your information is safer but not safe and the onus on security always must always lie with the owner of the sensitive information.

You decide how much security you want on your information and to be as safe as possible you should avoid saving payment details on a retailers site, have unique and randomly generated passwords and responsibly use any additional security facilities that are available to you such as two-factor authentication and Trusteer.

I;m sure it's horrible when it happens but people need to ensure they are doing their utmost to secure their information irrelevant of how good or bad a particular retailer is.

rpmurphy · Apr 9, 2015

Even without 2FA, does PSN at least allow setting a PIN to use the stored credit card?

Malice215 · Apr 9, 2015

Should have called the bank and got a new debit after the first unauthorized transaction. Why did it take 15?

The best thing to do is to not save your card information to begin with on any of these online services. Use a PSN card for purchasing stuff.

Sony should use 2-step authentication, but if the OP's brother was able to get hacked so that a hacker knew their email address and password to takeover their account and was crazy enough in this day and age to save their debit card information onto their account, then I highly doubt that he would have even utilized a 2-step authentication to begin with.

Memory · Apr 9, 2015

Anyone on PSN needs to remove their card details and get use to using top up cards or Paypal. Sony have been hack central for years now so don't trust your details with them.

Breakfast at Noon · Apr 9, 2015

I buy cards off ebay, usually get 50 note ones for about 42-45 pound

Human 2.0 · Apr 9, 2015

Report it to the police and get a crime number, inform your bank and they will try to recover the funds and may even refund regardless if the terms of your account include protection for online fraud.

Big_Al · Apr 9, 2015

Gemüsepizza;159508741 said:
Sony's account security is sufficient. OP's security isn't. I am not a "Sony defender". I am just applying common sense here.

Don't talk shite, you don't know the first thing about Sony's 'security' or how peoples accounts are being accessed. Sony have shown time and again how 'good' their security is and for all you know people could be accessing others accounts via social engineering/persuading customer service to give them someone elses passwords amongst other methods. Yes this actually can happen. Could the OP be to blame ? Of course, some people do have weak passwords, get malware etc. But that's not the ONLY thing that can happen. You are baselessly speculating and victim blaming when you know about as much as I do about how his account was hacked, and that's fuck all.

Support NeoGAF

PSN account hacked (£300+ stolen) - Any help?

Member

he's Virgin Tight

Member

Member

Member

Member

Member

Banned

Banned

Member

Member

Member

Member

Banned

Member

Banned

Banned

Member

Member

Member

Banned

Member

Member

Member

Member

Member

Member

Member

Member

Banned

Member

Member

Member

Member

Member

gave away the keys to the kingdom.

Banned

Banned

Unconfirmed Member

Member

gave away the keys to the kingdom.

Member

Member

Member

Member

Member

Member

Member

Neo Member

Unconfirmed Member

Similar threads

he's Virgin Tight