-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
PSN account hacked (£300+ stolen) - Any help?
- Thread starter HT UK
- Start date
A disgrace people are STILL keeping their CC/Debit card info on their accounts after all these type of threads. Some people just need to experience things to learn, and even then some still never learn.
Doctor_Thomas
Member
Playing Devil's Advocate.
Sony's security record, from my personal point of view, has been perfectly fine. I have never had any money stolen and I have had my card details on there since day 1 and even after the great month long outage fiasco.
If someone is accessing an account through other means like social engineering (I severely doubt anyone in customer service can see a password, let alone give it out), then that falls on the end user for not keeping their details secure or putting their information where it should be used.
In fact, as far as I'm aware, most "hacks" on PSN and Live have been due to FIFA Ultimate Team and putting your account details into dodgy websites to get points, not through brute force attacks or guessing.
I don't think anyones saying that it couldn't be the OPs fault, noones saying that. But I hate these defenders who jump straight to a corporations defense when they really don't have the slightest idea. Like somehow Sonys security is perfect which is very silly indeed going from past history. It also just seems to be that their are more complaints about peoples PSN accounts and them being 'hacked' in comparison to Xbox Live accounts. I just don't see every single case being due to people's stupidity, or maybe I'm seriously underestimating people
Doctor_Thomas
Member
They legitimately do. If they also found it to be a baseless claim, they'll reverse the charge back (example: You order something from Amazon and it arrives, but you just don't want to pay for it).
flipswitch
Member
How many characters long should someones password be?
benicillin
Banned
First things first, the fact that Sony doesn't yet have two-factor authentication is an issue and I think everyone should pressure them to get it instituted. But again, don't call it a "hack" when what you're really saying is "someone got into my friends PSN account with their email or password." Usually this happens through spyware keylogging your information or because you use the same email/password on multiple sites - make all of your passwords unique and use a password manager like LastPass or Keepass to keep everything straight. 99% of the time that will be enough to protect you.
Captain Tuttle
Member
It's hilarious, I've seen people accused of being astroturfers for much less.
I don't understand Sony's seeming reluctance to implement a two step verification
i'm skeptical because big banks must deal with hundreds if not thousands of "hacked" accounts/fraudulent purchases a day. perhaps they only investigate if it's over a certain threshold.
i can't even imagine the crap paypal has to deal with.
good luck dude I'm currently in legal proceeds with them its nearly 6 months after my incident occurred. Just do a chargeback if you dont have anything of value on the account. if you do you are probably in for the long and painful process i'm going though.
aspiegamer
Member
The only "account security" problem in this thread is that of the OP (or his brother I guess? That makes it even more of an unknown). This would have been 100% avoided had credit card info not been stored on the account for auto-payment of purchases. Period. It's that simple. 2-step authentication can't 100% solve that, either. The OP needs to deal with this via their bank. And yeah, their customer service doesn't have the most glowing track record, but that's not the matter at hand here. It's not Sony's job to babysit everyone to see if they're keeping their info safe client-side.
I'm not "blaming the victim" since someone did fraudulently use their funds (which should be fixed!), but blaming Sony for it? Oh please. This exact process would play out in this manner no matter whose service this was.
There's a 99% chance this incident was caused by the OP's brother giving their password to someone else, at some point, and/or using the same password across services so that someone with access the one password could access any other. Moreover, it was absolutely 100% avoidable on the OP's part. Keeping payment info saved on your personal console is one tier of risky but on someone else's PSN? No. Just, no.
In these situations it's often someone the victim knows (sadly). Maybe with some brainstorming they can come up with some possible suspects and file a police report if desired. OP? I hope you get your money back and solve the case. Consider this one of those "life lesson" moments after it's resolved.
benicillin
Banned
It doesn't exactly happen overnight, it took Microsoft a pretty long time to enable two-factor authentication for everyone. I imagine that Sony is implementing it but we all know how long it takes them to make any kinds of changes on the back-end for accounts. Hearing that they are working on it would be nice, though.
I don't think anyones saying that it couldn't be the OPs fault, noones saying that. But I hate these defenders who jump straight to a corporations defense when they really don't have the slightest idea. Like somehow Sonys security is perfect which is very silly indeed going from past history. It also just seems to be that their are more complaints about peoples PSN accounts and them being 'hacked' in comparison to Xbox Live accounts. I just don't see every single case being due to people's stupidity, or maybe I'm seriously underestimating people
No offense, but there is no reason to think Sony' security has been compromised.
And MS gets a ton of these as well, you just see more since Sony's customer service is infamous for giving people a hard time over this.
I have to imagine there is a technical reason.
Sony can't even allow members to alter their user names.
Starwolf_UK
Member
Being Fifa'd usually meant you were a victim. EA recently revised the auction house (you can only sell players for what they are worth +/- a few % unlike the free setting before) which is why fraudsters seem just moved into people selling off entire PSN accounts. I forget how the silly system it works but the buyers don't worry about things being revoked because of something like you log into this bought account once then hide the account offline which means you can still download and play all the purchased games on one of your other accounts.
Those purchases will obviously be locked to that piece of hardware.
They do to some extent. I had one retailer try to reverse the reversal (card details were leaked, lesson here is when a web browser warns you that the SSL certificate has expired, don't buy) because they had Paypal seller protection and physically sent the WoW subscription I alleged purchased...to the wrong address. I pointed out both the incorrect address, website advertising things instantly e-mailed and paypal seller protection not covering intangible items to my bank and was fine. Still bloody annoying that they couldn't look at the evidence but had me do it basically.
BumblebeeCody
Member
Makes me wonder why we don't have two-step verification on Xbox and PlayStation.
Doctor_Thomas
Member
So, there's two types of refund. The first is when there's some issue with the product or service. They have to do some investigation, because the bank pays the money upfront. The bank later claims the money back from the retailer if there's something wrong, but take the money back from the customer if it isn't. There's very strict rules that are followed for unwanted transactions and customers are, generally, referred to the point of sale or retailer, especially in the cases of major retailers, to take up a complain with the company directly.
Fraud works slightly differently. In a lot of cases, they won't actually refund the money until they investigate because they need to make sure it wasn't the customer actually doing the transactions. These investigations can take longer, just because of the nature of them. This is generally when the customers details have been used to make a purchase against other details - to pay for something to get it delivered elsewhere or for services to be paid for or something that the customer couldn't possibly have done. In this case, the card wasn't compromised, the PSN account was, so they may opt for the top charge back type of refund.
Sony should, really, be taking a more understanding role if someone does a chargeback, especially since Sony have the ability to disable and remove the content (I know this for a fact because they refunded and deleted Killzone Shadow Fall when I bought it for 85p and felt guilty). Yes, the account should probably be locked to prevent further action, but resetting the password, sending an email and deleting the purchased content should be they way they operate and it bothers me that they don't.
I don't think anyones saying that it couldn't be the OPs fault, noones saying that. But I hate these defenders who jump straight to a corporations defense when they really don't have the slightest idea. Like somehow Sonys security is perfect which is very silly indeed going from past history. It also just seems to be that their are more complaints about peoples PSN accounts and them being 'hacked' in comparison to Xbox Live accounts. I just don't see every single case being due to people's stupidity, or maybe I'm seriously underestimating people
I don't think most are jumping to defend a corporation. Most were arguing about the incorrect use of the word "hacked".
I'm against victim blaming, but people really do need to do more to secure their passwords and accounts. There are still too many people who lose passwords to phishing scams and then yell on about their account being hacked. No, you clicked a link you shouldn't have and gave someone your password. Also, we all know about Sony's customer service in these cases, so stop leaving your card on file. That there would remove almost all of these problems we're seeing. Yes, Sony should probably add some more security measures, but since they haven't, it's your duty to do something to help protect yourself.
OP, feel bad for your brother. At least he won't lose much if you do indeed do a chargeback and lose the profile. But as said above, let this be a lesson. If you don't think something has good enough security measures for you, don't leave your card on file with them. Especially when there is plenty of history showing that the company in charge of that service isn't very good at handling compromised accounts and spent money.
Gemüsepizza;159507028 said:
There are enough ways of social engineering that it is possible the account was hacked. It is also possible it was a weak password. Ultimately though the transactions were fraudulent so Sony needs to refund the money and retract the licences that have been paid for.
If Sony do not do it then you can speak to the bank about it and get the money back that way but Sony will probably ban the PSN account. Personally if it were me I would ask the bank to see if they can see where the charge originated from, if this shows it was not in the vicinity of your home you have clear evidence of fraud and can show this to Sony and state they either refund the money and rescind the licences for those transactions or you will get the bank to take the money back. When they ban the account I would go to small claims court and demand either financial compensation for the content that has been lost so it can be replaced or reinstatement of the account so you have access to the content that has been paid for.
They can point to their EULA and TOS as much as they like but they are unlikely to stand up in court.
The whole point of charge backs is to give consumers a legal remedy for fraudulent transactions, Sony threatening to ban accounts and black list consoles for using this legal remedy when it can be shown to be a genuine case of fraud is blackmail.
EDIT: If they were to remove the licences for the purchases you have charged back and make it so you could no longer buy new products on that account, while harsh, that would be legal in my eyes as they are not preventing you from accessing content you have purchased, they are just preventing you from buying more content through that account.
Terbinator
Member
I do have 2SV on my MS account?
You're in the UK so should have the benefit of much stronger consumer protections.
File small claims if need be.
autoduelist
Member
They actually can tell where the purchases are made from. Are you absolutely sure no friend did this, or another sibling, or your brother? Because if Sony is saying the purchases came from your system, I'd seriously look into that before saying they're wrong.
Well, it would help if you actually did use the correct word, since what you're saying is factually incorrect. Sony wasn't hacked. The account was compromised due to some other reason - malware on their PC, or a weak password, or re-used passwords. Saving your cc info on secure servers isn't unsafe in and of itself, it's unsafe if you don't keep your own systems secure, though.
this is the correct course of action. it will take a long time to go through the process but its probably the only way you have any chance of getting your money back and keeping the account.
truestatic
Member
Would it solve things if deactivating attached devices from an account also unlinked it from all payment methods? Cuz that seems like the no-brainer obvious solution to this sort of crap. I think this is the second thread we've had about this exact sort of incident in as many weeks.
TheLostBigBoss
Banned
If he charges back with his credit card won't Sony ban is PSN account?
I've read similar stories with Steam and Sony I think.
I've read similar stories with Steam and Sony I think.
Diablohead
Member
does your brother use the ps4 controller on pc too? because for what I remember it also keeps giving inputs to the ps4 at the same time and someone here on gaf nearly or did buy a game by accident due to it.
*edit* ignore me, the systems were deactivated and stuff so there was more to it.
*edit* ignore me, the systems were deactivated and stuff so there was more to it.
Yes but he could then make a complaint in the small claims court, while he might be in breach of the EULA or TOS chances are they do not pass muster in a court. Denying someone access to products they have legitimately purchased simply because they used a legal remedy to handle an issue of fraud, after contacting the company to try and deal with it informally too, will be frowned upon.
Just imagine the scenario where you buy a lot of stuff off of Amazon, someone gains access to your account and they buy a lot of stuff fraudulently. You do a charge back for these fraudulent transactions and Amazon in response close your account and demand you return everything you have purchased from them using that account. That is the equivalent scenario with physical products and it sounds totally ludicrous. I cannot imagine a court siding with Sony or Steam or any other digital content provider in that scenario. Having the account restricted so you can only access old content, harsh but legal. Closing the account so you cannot access any content, illegal.
Has your friend made sure he changed his password and set his own PS4 as his primary? Because if Vita can't find a locally paired PS4, it starts searching for your activated PS4. I started playing my brothers BF4 session on HIS account as my PS4 is activated on his PS4 (for reasons one could imagine).
kingwingin
Member
I thought if you logged into your psn account on a different system it would ask you to confirm credit card details. Did they remove that?
thecoolFNF
Member
After reading all these horror stories in the past I deleted my debit card info off my ps3. Gotta play it safe man.
TheChewyWaffles
Member
Cause clearly the OP's brother had it coming....or something.
Banjo-Kazooie
Member
I mean, banks aren't in the business of just having money stolen from them sooooo
Pocky4Th3Win
Member
So the person who accessed the account new the password because it asks you for it when you log into the store and again when you go into account details to unregister consoles (at least it does for me).
They also needed to know the email associated with the account... doesn't sound like a hack, sounds more like social engineering the account info from the user.
They also needed to know the email associated with the account... doesn't sound like a hack, sounds more like social engineering the account info from the user.
does that mean the user doesn't have the right for cover or a refund though? EU law stipulates you can get a refund for any reason within 15 days of a purchase.
They told me my consoles didn't exist on their system.
My ps3 slim (2010)
launch vita
and launch ps4
supposedly didnt exist on their system. which is clearly bollocks.