-
Hey Guest. Check out your NeoGAF Wrapped 2025 results here!
[Insider Gaming]: Sony PlayStation Accounts Are Reportedly Being Hacked With Ease
- Thread starter adamsapple
- Start date
Bojji
Gold Member
Ass of Can Whooping
Member
Lol. Lmao, even
I remember ages ago when I was trying to recover an account I only needed to give CS the PSN account name to get back into it.
I remember ages ago when I was trying to recover an account I only needed to give CS the PSN account name to get back into it.
LordCBH
Member
That was the old Sony. Current Sony:
Things I wish I could say over work emails to unreasonable clients lol
adamsapple
Or is it just one of Phil's balls in my throat?
The fact that the method described above bypasses and even disables 2FA is the scariest thing.
dorkimoe
Member
Stability fix update coming soon
diffusionx
Gold Member
When I lost my information with my Blizzard account with 2FA turned on, I had to send them a picture of my ID to get it back. It's annoying and frustrating but if you loosen that, you undermine the whole point of 2FA.
The idea that Sony will disable 2FA based on four digits of a credit card number is crazy.
The idea that Sony will disable 2FA based on four digits of a credit card number is crazy.
Last edited:
LordCBH
Member
100%. Last time I had a problem with my blizzard account, they wanted the original product key I used to activate WoW like 20 years ago + a picture of the key itself. At the time I thought "bruh" but now I'm wholly on board with that.
At the very very least PlayStation should require the SN of an active PlayStation product (ideally with a picture of it too) on your account in order to start the account recovery process. If you don't have one then I'm sure other secure ways could be facilitated too.
LordCBH
Member
Depends. I can't remember if Nintendo supports passkeys or not. But if the issue with PlayStation is a bad actor internally…..or even a bad actor at some outsourced call center in India……
Topher
Identifies as young
News Community Clickbait Thread 'PlayStation Network Accounts Can Be "Hacked" Even If Protected by 2FA, Passkey'
LordCBH
Member
News Community Clickbait Thread 'PlayStation Network Accounts Can Be "Hacked" Even If Protected by 2FA, Passkey'
PlayStation why oh why wouldn't you ask for an active console SN that's tied to the account?! Why!
Umm so it's a case of social engineering made possible by sharing online transactions data showing last digits of your own cc?
How is this "easy" unless you get your mail hacked or are stupid enough to share these details by yourself?
They could instruct their employees to require stricter requirements to be allowed to recover lost accounts but that's a double edged sword since you might be required to share your ID or other personal documents.
How is this "easy" unless you get your mail hacked or are stupid enough to share these details by yourself?
They could instruct their employees to require stricter requirements to be allowed to recover lost accounts but that's a double edged sword since you might be required to share your ID or other personal documents.
LordCBH
Member
At the very least PlayStation support should be able to see if a console has been active on your account in the past few months and should ask you for the serial number from it. Could even go farther and want a picture of the serial on the console itself.
Both PSN and NSO support passkeys.
If the attack vector was support it's just social engineering and identity theft for a targeted attack. It's not that easy unless the guy is famous and has public information out in the wild. the alternative is innocent people being locked out of their accounts who have forgotten their credentials. Guy got his account back and hacker wasted his own time for some needless fraud. This isn't that big a deal in the end but it's a nuisance for those targeted.
They should just add a delay to a password/email change, send an email to your registered account even if the person calling is claiming they've lost access to that email and then give the person some time to reject the change if it's not them. Unless the persons email itself is compromised then it should prevent this type of fraud.
LordCBH
Member
Theoretically, could PlayStation implement a push a notification of the attempted change to the PlayStation mobile app on your phone or as a notification to the console if you're already signed in and online? With an option to decline the change?
mdkirby
Gold Member
And yet every man and his dog are now demanding we hand over our passports and faces to verify age, either through vulnerable systems they implement themselves or through larger but still vulnerable centralised systems.
It won't be long until everyone is running around with copies of people's official ID to even more effectively compromise these systems.
It won't be long until everyone is running around with copies of people's official ID to even more effectively compromise these systems.
That's also a good idea. They should be able to if the person hasn't disabled notifications for the app.
reinking
Gold Member
You can't get that kind of customer service these days. Now everyone is like, prove it. I just want to get back to my games man.
It's absolutely incredible that they would let someone hijack an account just with a transaction ID. FFS that's insane. I know there needs to be some way of recovering an account, but there are all kinds of additional checks they could be making. What about asking for a credit card linked to the account? Or logging the person out and prompting them to log back in, and then giving them 24 hours or something to do that? It's just unforgivable to have this kind of weakness when people are spending thousands on their accounts.
Hypereides
Member
This is one of the major, and mean major, reasons people should really be apprehensive about the digital future. Many of these big companies didn't take security into account once they fully transitioned their operations onto the net.
Just scored Diffusionx's ID fresh off a data dump at a darkweb forum. Here it is:
mayham2199
Member
When looking into this apparently Steam also had this issue but they made changes after discovering it.
PlayStation security never changes, I see.
Fake
Member
CentralScrutinizer
Member
Sony should raise the price os PS+ again to pay for employees to create basic features that should be free to any ecosystem that harvests user data.
It's a shame Sony can't afford to do this. A pity really.
It's a shame Sony can't afford to do this. A pity really.
GrayChild
Member
What's your PSN account name btw? Just asking.
xrnzaaas
Member
Sony shouldn't be so quick with changing the email based only on PSN ID & transaction data. How about sending an e-mail to the original account, a text to your linked phone or a notification through the PlayStation app? You know, to make sure that this person actually needs to make a change?
midnightAI
Member
This isn't a hack though is it?
mckmas8808
Mckmaster uses MasterCard to buy Slave drives
Cert.in.Death
Member
Sounds like someone who signed the training session affidavit is in for a spanking.
DEAD ORIGINAL
Member
What I find crazy is why anyone would have there credit card or debit card saved to there PSN account, I use Shopto PSN cards.
Unknown?
Member
Yeah, it's not "easy" per say but a hole that needs to be filled. Also this is not hacking...
LordCBH
Member
ReyBrujo
Member
Yeah, same old issue that has been happening for years already. That was my first thought yesterday when they posted about this guy's hack. It only happens with idiots posting their transaction ids online. And just as people posting QRs for concerts in pics online, well deserved.
Then you lose your account to a hacker and won't be ever be able to get it back since they will deny all charges and will require much more manpower to check who is telling the truth. Also the system is not AI-scalable which is what every company wants nowadays.
Then you lose your account to a hacker and won't be ever be able to get it back since they will deny all charges and will require much more manpower to check who is telling the truth. Also the system is not AI-scalable which is what every company wants nowadays.
Last edited:
Who posts their transaction details online? Why would you?
TintoConCasera
I bought a sex doll, but I keep it inflated 100% of the time and use it like a regular wife
And people were wondering why nobody on PC wanted to sign up for PSN to play Helldivers 2.
neo raider
Member
Its not just that u get a transaction receipt and you'll get an account that easily
Its more like u get in touch with someone from the inside
I genuinely thought everybody knew about the corrupt PlayStation admins that were selling not only accounts but also very sensitive data like card details/phone numbers/ip addresses/hardware serial number and addresses
Do I think sony would do anything? HELL NO
And to touch back on stealing accounts, PlayStation employees that had access to accounts used to only sell inactive, non high profile accounts that had rare usernames.
Now days they dont care, they'll sell anything for the right price
Its more like u get in touch with someone from the inside
I genuinely thought everybody knew about the corrupt PlayStation admins that were selling not only accounts but also very sensitive data like card details/phone numbers/ip addresses/hardware serial number and addresses
Do I think sony would do anything? HELL NO
And to touch back on stealing accounts, PlayStation employees that had access to accounts used to only sell inactive, non high profile accounts that had rare usernames.
Now days they dont care, they'll sell anything for the right price
Last edited:
CentralScrutinizer
Member
Hopefully, since this happened to a high profile figure / journalist, there's actually some investigative journalism going on to reveal whats really going on if this is true. Hopefully Colin doesn't just drop this.
semiconscious
Member
thanks for this...News Community Clickbait Thread 'PlayStation Network Accounts Can Be "Hacked" Even If Protected by 2FA, Passkey'