Support NeoGAF

[CLEEK]

The account was not "hacked". This guy either used a weak password or did not secure his computer sufficiently. Of course he wants to deflect from this by babbling something about two-factor-authentication or about anti-consumer blah, but the reality is, someone who is using a weak password or is not capable of securing his computer, would probably also not activate two-factor-authentication. It's his fault. And smh at the usual "omg I immediately deleted my cc info from my account". Don't use shitty passwords, and you won't get "hacked".

It doesn't matter how OP's bothers username and password was obtained. It was still a criminal act to fraudulently purchase items on his debit card. If the OP is in the UK, it was also be covered by the Computer Misuse Act as well.

The legitimate account hold was a victim of crime, and Sony have obtained revenue from a criminal act. That's a simple statement of fact. They should refund the account holder and seek damages/prosecution from the person who committed the crime.

Two factor is nice to have to give yourself further protection, but it isn't a panacea to online crime. Hacking, whether done through brute force, phishing, social engineering, data breach, or any other method, is still hacking and a crime.

It's completely fucked that Sony can nuke your account if you use your legal right to get your money refunded from your bank/card provided after a fraudulent transaction. Sony are the bad guys in all these cases, no matter how much victim blaming you do.

 

[data]

I'll just put this here: https://haveibeenpwned.com

 

[EatMyFace]

Why not blame Sony. I cant recall anyone ever saying 'My Amazon account got hacked and Amazon said tough luck.'

Because no one ever really gets hacked unless there's a large data breach.

 

[Pocky4Th3Win]

does that mean the user doesn't have the right for cover or a refund though? EU law stipulates you can get a refund for any reason within 15 days of a purchase.

Well he can get a refund if he can prove to Sony that his brother did not make the purchase, I am sure that Sony sends out an email when you unregister/register a device to your account since they do when I remove or add a CC to my account.

 

[CLEEK]

Because no one ever really gets hacked unless there's a large data breach.

Yes they do.

Hacking by definition is simply to gain unauthorized access to a system or account. Unauthorized is the key word. It means using your credentials without your express permission.

If you have been a victim of a phishing scam, you have been hacked and its a crime. If you left yourself logged in to the PSN webstore on a shared PC and someone else uses your account, you have been hacked and its a crime. If you write down your credentials on a post-it note and someone uses it, you have been hacked and its a crime.

In the UK, the Computer Misuse Act is very clear on this. If OP's brother didn't give express permission for someone else to use his details, then yes, he was hacked.

http://en.wikipedia.org/wiki/Computer_Misuse_Act_1990

Using another person's username or identifier (ID) and password without proper authority to access data or a program, or to alter, delete, copy or move a program or data, or simply to output a program or data to a screen or printer, or to impersonate that other person using e-mail, online chat, web or other services, constitute the offence.

In these cases, its compounded because financial fraud has been committed too as a result of unauthorised access to someone's account.

 

[petran79]

First things first, the fact that Sony doesn't yet have two-factor authentication is an issue and I think everyone should pressure them to get it instituted. But again, don't call it a "hack" when what you're really saying is "someone got into my friends PSN account with their email or password." Usually this happens through spyware keylogging your information or because you use the same email/password on multiple sites - make all of your passwords unique and use a password manager like LastPass or Keepass to keep everything straight. 99% of the time that will be enough to protect you.

In the case of Blizzard it happens if your account is inactive for a while, say over a month. First time account was locked and I had to send them a copy of my ID. They made purchases with a foreign debit card which were cancelled.Then I added SMS verification and changed password and email. Yet I received few weeks later an email that someone had attempted to log-in. Notice I did use Ubuntu at that time. Fortunately SMS activation unlocked my account. Changed long password again, hope they leave me alone.
Also gmail blocks email access from external mail clients for security.

 

[Occam]

My main question regarding this still is: http://www.neogaf.com/forum/showthread.php?t=1009393