Gemüsepizza;159504436 said:The account was not "hacked". This guy either used a weak password or did not secure his computer sufficiently. Of course he wants to deflect from this by babbling something about two-factor-authentication or about anti-consumer blah, but the reality is, someone who is using a weak password or is not capable of securing his computer, would probably also not activate two-factor-authentication. It's his fault. And smh at the usual "omg I immediately deleted my cc info from my account". Don't use shitty passwords, and you won't get "hacked".
It doesn't matter how OP's bothers username and password was obtained. It was still a criminal act to fraudulently purchase items on his debit card. If the OP is in the UK, it was also be covered by the Computer Misuse Act as well.
The legitimate account hold was a victim of crime, and Sony have obtained revenue from a criminal act. That's a simple statement of fact. They should refund the account holder and seek damages/prosecution from the person who committed the crime.
Two factor is nice to have to give yourself further protection, but it isn't a panacea to online crime. Hacking, whether done through brute force, phishing, social engineering, data breach, or any other method, is still hacking and a crime.
It's completely fucked that Sony can nuke your account if you use your legal right to get your money refunded from your bank/card provided after a fraudulent transaction. Sony are the bad guys in all these cases, no matter how much victim blaming you do.