-
Hey Guest. Check out your NeoGAF Wrapped 2025 results here!
GameSpot: "Sony won't refund user who lost $600 From hack"
- Thread starter axisofweevils
- Start date
aaronwt
Member
No one says you need to use a credit card. I stopped using a credit card with Sony after a breach several years ago. Now I just buy the Play Station cards to fund my account.
Finally arrived at the last stop on the journey. Victim blaming.
Yep it's a Sony thread alright.
staticneuron
Member
Almost every internet based service doesn't "GIVE" out your password. if you forgot your password they allow you to reset it. But to do so you normally need to provide information. This is where the social engineering comes in. That means somebody has to know enough about you to defeat whatever security questions you set up or have access to your email address if you are using email authentication.
Since for most companies this is automated there is no way to tell if some stranger managed to get access to your personal email or simply have enough knowledge about you to defeat the security questions.
lol yeah. i give my password to my friend. he buy things with credit card than i go complain to get my money back.
profit
Ganzlinger
Member
The banning thing is fucked up. The client would probably win in a court decision.
PROh1bited
Banned
And that's why I don't keep my cc info on my PSN account. Especially after that debacle back in 2011.
Live Free or Die
Banned
Sony or any company for that matter isn't responsible. People need to have more secure passwords.
offering 150 of 600 just shows they know somethings wrong but arent really willing to admit it.
Otherwise they would just say f u.
If i were him , i would reverse all the charges @ the bank.
He would lose some games , sure , but its better than losing 600$ (Assuming he doesnt have that many digital titles of course)
Id rather have my account banned than lose 600$ , but i dont have that many digital titles
Otherwise they would just say f u.
If i were him , i would reverse all the charges @ the bank.
He would lose some games , sure , but its better than losing 600$ (Assuming he doesnt have that many digital titles of course)
Id rather have my account banned than lose 600$ , but i dont have that many digital titles
OuterLimits
Member
So when he asked about getting his games restored ,the customer support rep told him it wasn't possible but he only had The Last of US and some free games so it "wasn't a big deal. " WTF.
Very friendly customer support there Sony. They definitely deserve the negative PR.
Very friendly customer support there Sony. They definitely deserve the negative PR.
Mac the KNife
Member
Removing CC info from PSN now.
As it has already been addressed to death there are ways around passwords through social engineering.
Quoting in agreement. The one thing that always scares me is the way Sony has never addressed any of these. Even if they just publicly make a statement about account security and offer some tips I would be happy. Even happier if they would announce a two-step authentication system so that we can protect our accounts but that might take some major public mud slinging happening (you would've thought the hack a few years ago would've done that).
And again I'm going to say that I will remove my info from my account when I get home. I've said it before and I believe the only thing I did last time was enable the password prompt.
And when Sony gets hacked again? Where's your strong password now?
2-step authentication when they are holding onto your credit card info should be a no brainer.
GalacticMouse
Member
This is how I'd like to see it treated as well.
Oh, I 100% agree. My post was more to illustrate why they have an incredibly antiquated policy surrounding this issue. I don't mean to excuse their shortcomings so much as explain the perspective that might've led to them.
A huge step forward would just be getting 2-Step Verification enabled on the PSN. Until that happens, my credit card info remains deleted from the network and I'll buy PSN cards at retail to purchase digital games.
autoduelist
Member
Hackers didn't get access to anyone's account during the big hack that everyone freaked out about. Very little was accessed, and most of that was encrypted.
This article shouldn't even be using the word 'hacked'. PSN was not hacked. His account was compromised in some other way -- using the same password in multiple places, keylogger on his pc, etc.
Starwolf_UK
Member
Question. Do Microsoft and Valve have daily spend limits on their systems? I know Nintendo does (they don't tell you anywhere and I think they still issue the pending charge when you hit the limit) and I believe it isn't enough to even fill their wallet so it could do with some work and transparency.
I can understand the drawbacks of having a limit being that you annoy someone when they want to go on a $500 shopping spree and just have to spread it out over a few days.
I can understand the drawbacks of having a limit being that you annoy someone when they want to go on a $500 shopping spree and just have to spread it out over a few days.
Or social engineering as you hear happen so often like @N twitter account and info to do swatting comes out of that too. But yeah let's blame the victim.
God, I seeing these posts.... I've had my cc info on my PSN account since the PS3 came out and I've had no issues. same with my XBO. Make sure your password is not 1234 or something silly like that and don't tell anyone what your password is and you'll be fine... Changing your password periodically also helps. People are acting like someone gained access to sonys servers to swipe this guys password info and did this.
Customer service should wipe out all of the purchases that were fraudulent though and fix the issue though....
3rdamention
Member
Ok, has it ever been fully explained HOW someone got this person's password? I know when the PSN was hacked, there were names, addresses and some credit card information that was stolen. I get that. But I dont remember anything about passwords being stolen. Maybe I am simply wrong. So, did this person share their password with someone? Did someone get it in the big PSN hack? I mean, the quote above from the story talks about people saying that you need to protect your account with strong passwords, but if this was a true "hack" then no matter how strong the password is, it wouldn't matter.
If someone just gets your password and starts buying stuff from your account, and they DIDN"T get the password due to Sony's negligence, why exactly should Sony have to refund everything? If that were the case, people would be pulling this stunt all the time. I am just confused as to how someone got this user's password in the first place.
cyberheater
PS4 PS4 PS4 PS4 PS4 PS4 PS4 PS4 PS4 PS4 PS4 PS4 PS4 PS4 PS4 PS4 PS4 Xbone PS4 PS4
It's real simple folks. Never buy digital.
(Although stupidly I have).
(Although stupidly I have).
PSN security is fine, this dude has been phished or trying to scam.
autoduelist
Member
Yup. PSN is secure if you have a good password (ie, don't use it everywhere) and keep your pc clean of spyware.
There is not some hacker god able to break into your PSN account by looking at it crosseyed.
However, if your password is low strength and you use it everywhere, then yes, you are at risk.
Also, if you have spyware on your PC, then log into -anything- (including PSN) you will be at risk. The very fact that this is called money 'lost from a hack' is annoying to me -- this is the user's terrible security, not sonys.
You're more at risk using your credit card at a gas station or anywhere they take a carbon copy of it.
GoldenEye 007
Member
I was receiving almost daily emails over the past few weeks to change my password from an account I guess I created a few years ago.
Did this person change their password at all? Or was the hack the result of something else?
Did this person change their password at all? Or was the hack the result of something else?
Alex
Member
Do you work for Sony? I could see this logic running their security department.
There's a lot of ways to get your account stolen or caught up in a hack. Yes, even if you stay off shitty sites and even if you're careful. Just having a password that isn't "guest" isn't good enough and saying people will be fine is very demonstrably false. Even if you're the safest driver on the planet you still want a seat belt.
Sony, who after as many times as they've had their ass torn apart now, should really know better. There's a lot of cheap and simple ways for them to protect their users against simple happenings like this and they're not making the effort.
//ARCANUM
Member
I think an even bigger issue than the $600 is the fact that he can't use his PSN account on his PS4 for SIX MONTHS. Which means that whatever digital library he owns through them is USELESS. We all rip on Nintendo for their account systems, but good god, 6 MONTHS?? That's insane? He had his account stolen from him and they're telling him tough shit, you can get it in half a year. His PS4 is basically useless unless he makes a brand new account now. If he was all digital, then he'll have nothing at all to play on it unless he gives Sony more money.
Did you see the sentence right after that, that said changing your password periodically helps as well. What would you want them to do to beef it up? Ask for fingerprints to verify it is truely you? It is up to you to ensure your password is secure, but they should definitely fix the issue though. Btw, I'm glad you only took one sentence from the post I made...
silvermember
Banned
Being a victim doesn't shield you for criticism, especially where it could be prevented by being proactive and using a good password aka being negligent which is why ppl get arrested for negligence sometimes.
I do not think you realise who much the CSRs messed up in the @N hack. You can read the details here but the summary is the hacker phoned up PayPal and was able to get them to release the last 4 digits of the CC number, he then phoned up Go Daddy and was able to convince the CSR that he had lost the CC but had the last 4 digits so they allowed him to guess the other 2 required digits. After that the hacker had access to the Go Daddy account and was able to blackmail for the @N handle.
When that sort of engineering is possible it is hard to pin the blame on the user. Sure I doubt it was as elaborate as that and it probably was caused by the users poor security but the point stands that it is possible to gain access to an account with a few bits of information if you happen to get put through to an idiot CSR.
This sounds awful. If this ever happened to me I'd sell the console and never buy a product from that company again.
AyaisMUsikWhore
Member
I keep hearing this two step authentication but does anyone have any receipts as to if that "protection" is 100% fool proof because 2 step does not cure this situation at all. I don't understand the end all be all people chalk it up to be.
Head.spawn
Junior Member
It's their problem for not allowing double authentication. That stuff is so basic these days, it should be illegal to not have it.
I wouldn't put anything of value on an account without it and I've never had half the problems of people here.
Alex
Member
I want them to have a simple two-step verification and I want them to have reasonable policies for recovery like every single other digital marketplace has.
I saw the rest of your post and while I'm glad you're not defending their practices just having an above average password is not enough to protect you. Yeah, it's a good idea to not use a lot of duplicates or simple strings but when you're playing with account standings and money you want more than caution.
They would just revoke those licenses either way, takes no effort.
These scenarios are just silly and people are still so confident in them, reminds of those clip shows with really goofy thieves.
Man Called Aerodynamics
Member
Great idea, I just did the same.
This
I purchase everything via Paypal on my PS4 because of this
I can't even do that with the XB1, when I link my paypal account to it any purchase I make bypasses the double authentication. I unlinked it and am back to prepaid cards like in my 360 days ; (
Because those transactions are fraudulent. If someone gets access to your CC and spends money online you put in a fraud claim and get your money back, it is not the fault of the CC company that it got into the wrong hands but they still refund it.
Just curious, what two step verifications are there to ensure this doesn't happen? As far as I can tell they have you verify your email address and give you the option to verify your password for each purpose. Of course if they have your password then I guess that option will be rendered moot.
I just did the same.
Wolfgunblood Garopa
Member
Sony scares me with this shit. I woke up once to a bunch of alert emails that I've made transactions on PSN and I hadn't bought anything. Turns out it was because I renewed my licenses to fix a problem with a download the day before, and it sent a ton of emails as if I had bought everything again. I immediately changed my pw and took the CC off of PSN, just in case.
Something like Google where you need a password and a special key that is texted to your phone to log in. Or the Blizzard Authenticator where you need a code + password combination to log on and having just one of those is not enough.
is not PSN hack, someone hacked the user and hot their password.
Companies should be nice and refund stolen cc for instance. But the main problem is that a lot of users misuse that and hence you get this problem where people report chargebacks for things they purchased.
I dont really see the point of PSN "hacking" though, since their console gets banned quickly after the report, so whats the point?
joecanada
Member
why wouldn't they just refute the licenses on the games that you obviously don't want and didn't buy then?
dont see the profit portion unless you are talking about renting games for a week.
My rule: Never ever save your CC on ANY site.
Never save it, never use it on sites that seems like they may not update their backend in case there's an exploit in the wild. If there's Paypal, Bank transfer etc, use them instead and change password often. For security questions, never use anything people can get from Facebook, Google+, Google etc.
Also, never login on any computer that you think is unsafe. I have a LiveCD just for that. And the most important, the more you feel secure, the more careful you must be.
A bit of a hassle, but a lot less headache in case something goes wrong.
A good hacker targets the weakest link in a security system. It's sad, but the user IS the weakest link in most systems
And Sony, we are in 2015 and still no 2-way authentication?
Never save it, never use it on sites that seems like they may not update their backend in case there's an exploit in the wild. If there's Paypal, Bank transfer etc, use them instead and change password often. For security questions, never use anything people can get from Facebook, Google+, Google etc.
Also, never login on any computer that you think is unsafe. I have a LiveCD just for that. And the most important, the more you feel secure, the more careful you must be.
A bit of a hassle, but a lot less headache in case something goes wrong.
A good hacker targets the weakest link in a security system. It's sad, but the user IS the weakest link in most systems
And Sony, we are in 2015 and still no 2-way authentication?
Knowing they have the capability to de-authorize the other console and refund the user is what makes this disgusting. No doubt as the card holder, able to point to his correct card details, billing address, purchase history and being able to provide his old serial number - they have no reason not to believe him. Worse still, they KNOW he's the card holder and they are threatening him with consequences should he seek protection and redress from his bank.
Nobody would accept this from other kinds of companies, people expect buyer protection in this day and age.
He did exactly the right thing making a big story of this. If this happened to me, and I was treated this way, I'd never buy anything with the Sony name on it ever again. I'd actively encourage the opposite!
Nobody would accept this from other kinds of companies, people expect buyer protection in this day and age.
He did exactly the right thing making a big story of this. If this happened to me, and I was treated this way, I'd never buy anything with the Sony name on it ever again. I'd actively encourage the opposite!