Seriously. This needs to be forced on everyone. If you're on GAF you should know better.More victim blaming in this thread already I see. Sony should make two step mandatory.
Seriously. This needs to be forced on everyone. If you're on GAF you should know better.More victim blaming in this thread already I see. Sony should make two step mandatory.
I work PS Support UK and I honestly am mystified as to why they do it. They change the email addresses to nonsense garbage 10 minute mails, and they usually just wallet fund to the max and leave it there. I think its just to harass people.
Then there's the compromisers who make sub accounts, buy shitloads of FIFA points on the sub accounts, and then leave it there. I think its something to do with trying to move the FIFA points to other accounts via transfers, but I'm not sure as I don't know how FIFA works really.
So for most of them, it's just to cause unnecessary stress?! Like they actually get no monetary benefit out of it??? Seems really weird and unfortunate. Does 2FA use SMS or email?
How about personal accountability? The option is there for 2 fa. The op chose not to enable it. That's 100% on him.
What is 2FA and how do you do it?
I just don't put my CC info on it and just buy cards/codes.
Wait what? So the people "victim blaming" are telling op to do exactly what you want to make mandatory.
You sound like an expert.More victim blaming in this thread already I see. Sony should make two step mandatory.
You can't "Force" 2FA it's not setup like that. Only thing you can do is advice/promo it.Seriously. This needs to be forced on everyone. If you're on GAF you should know better.
Both should be used if allowed. It's really only "insecure" if there is a bug in the system SMS is fine for majority of people because SMS 2FA is only "insecure" if you targeted and they contact your service provider and get details to transfer your sim and if that's the case you have more things to worry about.A strong unique password is more important than SMS 2FA which is pretty insecure.
Sorry OP, that really sucks. I'll take this as a cautionary tale and go enable 2FA.
edit: Done. You can do so by going to: https://www.playstation.com/en-us/account-security/2-step-verification/
People are blaming the victim for not enabling 2FA. I'd call that victim blaming.
Just out of curiosity, what did they buy?
But no, nothing you can do for now for refunds.
But definitely update your security.
Edit: glad uk support helped
OP you changed your password too right? 2FA is good second layer protection but you should have separate passwords on anything involving money. For major accounts - bank, PSN, PayPal etc I even use completely different email addresses
What do you mean with garbage?
Good to hear that things worked out without any problems
Nothing you can do at the moment. You need to wait until its open on Monday.
EDIT: Nice, you contacted UK Support. They can help anyone in the Europe, Middle East and African regions, but getting a hold of them can be tough with the cost of a call.
Next time, use stronger passwords, and ALWAYS, ALWAYS, ALWAYS use 2 Step Verification. Also, change passwords on everything else that uses a password even vaguely like the one you used on PSN.
Also, note down your backup codes for 2SV. If you don't, and you lose your phone or change number and can't get a code, you're gonna need to phone up Support and go through a process to have it removed, which can take a few days. Backup codes never get noted down, so please be the first person in the Universe to do this.
Good that this ended well for you OP. I'm in agreement that Sony should force 2FA for everyone. Make it mandatory on the next login. I feel like that would solve a fair amount of these cases before they become a problem. The average gaffer especially knows that people are always trying to hack accounts so there really isn't any excuse to forgo 2FA at this point. That's not victim blaming, that's protecting your property....so to speak.
Sucks man, hope you get it sorted.
I never save my payment options or leave credit in console accounts.
Sorry OP, that really sucks. I'll take this as a cautionary tale and go enable 2FA.
edit: Done. You can do so by going to: https://www.playstation.com/en-us/account-security/2-step-verification/
People are blaming the victim for not enabling 2FA. I'd call that victim blaming.
It wasn't hacked. You had a weak password that you used somewhere else and no 2FA despite a million warnings.
You'll have to wait until Monday.
You can't "Force" 2FA it's not setup like that. Only thing you can do is advice/promo it.
The people victim blaming are saying it's OPs fault because he didn't have 2 factor. It wasn't his fault, it was the person who got into his account. OP didn't do this to themselves. Should they have 2 factor on? Yes, if you have the option always have it on, but just because he didn't doesn't mean it's ok for people to access his account without his authorisation and do whatever the hell they like with it.
Thanks for explaining all of that. Yeah, I think I'm going to activate it.Even if you just buy PSN cards this still won't prevent the possibility of someone taking over your account if they somehow manage to login using your username / password if the chance comes up and they obtain that information.
2FA basically sends a randomly generated code that is prompt to your cell phone via the Playstation App (Not unsimilar to Steam Guard Authenticator), It's an extra layer of protection to verify the person logging into your Sony account is you and no one else.
Since the only means to get around the 2FA is if someone had access to your Cellphone and could use the text message recieved to then login your PS4 or whatnot.
However 2FA has some caveats with older Sony devices. It does not play nicely with PSP's and PS3 and Vita's require a special password from a specific Sony redirect website. One password for each device, so it comes to the issue of needing to manage several passwords if you have more than one Sony device, but using a Password manager allows you make this less cumbersome.
Still if your account and personal information is of value to you, then 2FA is most definitely worthwhile to use.
The OP was most likely using the same password that appears on an easily purchased list of compromised accounts across multiple accounts, accessed the email account and taken it from there.
Poor IT security is wholly down on the user. While the person who committed the offence is the bad guy, the opportunity to commit the offence was enabled by the user.
Like saying on social media you're going out, leaving your house unlocked and the alarm code on a post-it next to the alarm.
I work PS Support UK and I honestly am mystified as to why they do it. They change the email addresses to nonsense garbage 10 minute mails, and they usually just wallet fund to the max and leave it there. I think its just to harass people.
Then there's the compromisers who make sub accounts, buy shitloads of FIFA points on the sub accounts, and then leave it there. I think its something to do with trying to move the FIFA points to other accounts via transfers, but I'm not sure as I don't know how FIFA works really.
Yh true forgot email based ones.Phone-based 2FA, no. But I don't see why you couldn't do it with email-based 2FA.
I mean, IIRC this is what GOG did - sent everyone a mail saying that in X amount of time they're going to make 2FA opt-out instead of opt-in and instructions on how to eventually disable it.
Depending on how willing/computer minded you are you can get a password manager to assist with creation of storing passwords.I didn't use the PSN password on any other site, although quite similar. For example: Redhouse45 and on other sites Redhouse44?
It's annoying having to use different passwords for each site but I guess I'll have to make a change from now on. Luckily only PSN and paypal hold anything of value, I couldn't care less if they hacked my other stuff.
If you don't have two factor on your account and your account gets compromised, you are to blame.More victim blaming in this thread already I see. Sony should make two step mandatory.
Unique randomized passwords is what password managers are for.I didn't use the PSN password on any other site, although quite similar. For example: Redhouse45 and on other sites Redhouse44?
It's annoying having to use different passwords for each site but I guess I'll have to make a change from now on. Luckily only PSN and paypal hold anything of value, I couldn't care less if they hacked my other stuff.
If your account gets compromised you are not to blame. The person to blame is the person who did the hacking mate.If you don't have two factor on your account and your account gets compromised, you are to blame.
I don't know how anyone could read GAF even semi-regularly and not have it on their account. Just pure negligence and laziness.
Thanks everyone for your replies. It sure was more devastating than I ever thought it would be. I changed my password to an annoyingly long one along with the 2FA just in case. I always remove my credit card after buying a game but I've received a couple of voucher cards lately and I was afraid the "hacker" would've spent all of it on some fifa cards or something. He had a full hour before it got sorted but didn't use a penny, really strange. I'm glad he was a kind "hacker".
Either that or something like Neverwinter currency/items, anything that can be traded in-game. They tend to try to buy things they can move to another account, and then sell the items or the account itself for real money.
It wasn't hacked. You had a weak password that you used somewhere else and no 2FA despite a million warnings.
You'll have to wait until Monday.
2 step is pain in the ass and should never be mandatory.The sooner more online services start making 2FA mandatory, the sooner it becomes a normal thing for the majority of people who use online services in general. More services should be taking the lead in enabling more secure accounts for their clients.
I didn't use the PSN password on any other site, although quite similar. For example: Redhouse45 and on other sites Redhouse44?
It's annoying having to use different passwords for each site but I guess I'll have to make a change from now on. Luckily only PSN and paypal hold anything of value, I couldn't care less if they hacked my other stuff.
More victim blaming in this thread already I see. Sony should make two step mandatory.
Thanks for explaining all of that. Yeah, I think I'm going to activate it.
That way, I'd probably feel better about putting my CC info on there.
I did not unfortunately, bad mistake.
Yh true forgot email based ones.
Depending on how willing/computer minded you are you can get a password manager to assist with creation of storing passwords.
Unique randomized passwords is what password managers are for.
I use KeePass, which is open source and local, not cloudbased, meaning it's arguably more secure, but less convenient, accessible.
And also you really, really should keep multiple regular backups on multiple storage devices.
I used to keep just one backup that I kept overwriting. One time when I made that backup, the database had been corrupted. Meaning I overwrote the previous backup, a working database, with a corrupt one...
Luckily the built-in recovery feature managed to unfuck that situation.
KeePass, 1Password and LastPass were the ones I chose from some years ago. There may be other valid options nowadays.
Quick "best password manager" google seems to form the consensus that LastPass remains a top choice.
enabled that now!
and make sure to get the backup codes. I have seen too many people ignore them and then regret it later.
Perhaps he was trying to sell the account or something. It's a good thing you don't have to worry about finding out lol. I try to do Steam/eShop/PSN/XBL cards for any purchases I make now and I'd recommend that for every digital purchase if possible. Save yourself the trouble. I use PayPal if I have to. Can't put credit card info out there anymore. One of my old and inactive cards was used on Walmart's website just today so now I'm even more paranoid.
Pretty much fucked until support is open.
Did you have 2 factor authentication ?
How do you set this up?
Plenty folk don't even know it's a thing, if you created your account before it was put in place then you would never know it exists especially if you have not had any issues.
How do you set this up?
Ha I see. Yh that would still be better than using the same password atm because in this day and age of things getting compromised right,left and center my trust in companies keeping my data safe is low.I'm decently computer minded, the only reason I used the same password everywhere is since it was easy to do, and literally no risk of forgetting a password. Since Chrome remembers passwords everywhere I'll go ahead and actually change the passwords on important accounts.
Bulk email everyone that signed up for PSN to activate it, problem solved.
https://www.playstation.com/en-us/account-security/2-step-verification/
Ha I see. Yh that would still be better than using the same password atm because in this day and age of things getting compromised right,left and center my trust in companies keeping my data safe is low.
In terms of backup codes. You will find that in your account settings somewhere can't recall where atm. These are used when locked account of your account for whatever reason.(Not having your device for example)
You used always grab these when setting up 2FA most services give this to you when you set it up.
Check here
Is there a way to have 2fa without the ability to receive texts on your phone? Like a key app similar to what they have for MMOs or something? I can't afford to pay my bill anymore and 2FA is still active.
Not the right place to ask but still does anyone have a working link for the active chat support at US PSN? I am unable to watch PS videos(movies I own) on my mobile device, says you need to deactivate at least one other device. I have tried searching everywhere and there ain't an option to deactivate a mobile device!