PSN being compromised via Neverwinter?

May 14, 2013
3,883
0
450
GA
#1
See a lot of "My PSN was Hacked" lately, and I saw it mention in one of the threads about a Neverwinter exploit, but it wasnt explained. I just did a quick Google search and it seems the issue is started to spread (people accounts being compromised), and Neverwinter is starting to look like a common denominator.

Here is reddit discussion on it: https://www.reddit.com/r/Neverwinter/comments/4wer4o/beware_of_being_hacked_on_ps4/

https://www.reddit.com/r/Neverwinte..._would_a_hacker_profit_from_buying_zen_on_my/
 
Sep 19, 2007
7,940
1
0
#6
Sounds like the old Fifa "exploit", where there's not actually an exploit from that game, but every other exploit and leaked password is used to buy currency that can easily be sold to other accounts.

edit: Yeah, what Palette Swap said
 
Dec 19, 2009
927
0
640
#11
My friend was hacked this week-end. I was at his place when it happened...

The hacker spent the 34€ he had in his wallet to buy some NEVERWINTER shit and changed his password.

We tried to get to Sony but their costumer service is closed during the week-end.

So we sent a mail to them... but no news yet.

Fortunately, my friend uses PSN cards and never saved his credit card in the system.
 
Feb 17, 2012
3,873
2
495
#14
Fortunately, my friend uses PSN cards and never saved his credit card in the system.
Biggest advice anyone could get when it comes to this, regardless if it's PSN or XBL or eShop I only use prepaid cards. Having my banking info compromised is much worse than trying to get a game that you are off by 1 cent
 
Nov 22, 2015
7,589
45
260
#15
So I can get harmed even though I've never purchased Neverwinter or war frame? ;_;
It's no different to FIFA. The game isn't a point of entry. It just allows people to send currency to a different account so it becomes a popular game to steal money and accounts for.
 

Orca

Member
Aug 6, 2011
4,473
0
540
#17
So I can get harmed even though I've never purchased Neverwinter or war frame? ;_;
It has nothing to do with those games aside from them being used to monetize the hack. They get your password/email elsewhere, then use those games to make money off it. Blaming the game is ridiculous and solves nothing.
 
Jun 13, 2013
644
0
335
www.youtube.com
#18
I'm pretty sure that's the real culprit.

164 million emails and passwords were compromised, a fair amount that were probably associated with PSN accounts.
In this case, NWN just looks like FIFA: not a point of entry, just a way to somehow launder that money.
This is exactly the case. It's stupidly hilarious how easy it is to get your hands on a PSN account with an active PayPal account on it. Creditcards require atleast the first or last couple of digits and an expiration date but with PayPal, everything is fine.

All you have to do is basically avoid having an active PayPal account connected to your PSN until it atleast forces some kind of two step verification.

Neverwinter is just being used as a way to quickly offload the goods. People used to buy a lot of digital games from the PSN store and sell the account but using Pay2Win items allows the hacker to move a larger amount of money in a lower amount of time.

It's currently being used instead of Fifa Ultimate Team coins since the only way to get those is through buying in-game trading card packs which is largely luck based and therefore less reliable.
 
Feb 6, 2015
9,154
0
0
#19
It has nothing to do with those games aside from them being used to monetize the hack. They get your password/email elsewhere, then use those games to make money off it. Blaming the game is ridiculous and solves nothing.
I didn't blame anyone. I don't know how you got there. I'm asking a question, going by the tittle of the thread.
 
Apr 8, 2014
6,860
3
0
#25
So Sony can't exactly be blamed for these recent hacks then? More on the devs for letting their game be exploited?
Sony can be blamed for not having 2FA, but there is absolutely nothing wrong with the games.

This is literally people using the same password (or similar passwords) for multiple accounts online.
 
Nov 22, 2015
7,589
45
260
#26
So Sony can't exactly be blamed for these recent hacks then? More on the devs for letting their game be exploited?
Neverwinter is on the Xbox One too. The console with 2FA. I'm not seeing multiple threads on here reporting Xbox accounts being taken for Neverwinter cash.
 
#30
May 17, 2013
2,557
0
0
#31
Biggest advice anyone could get when it comes to this, regardless if it's PSN or XBL or eShop I only use prepaid cards. Having my banking info compromised is much worse than trying to get a game that you are off by 1 cent
The biggest advice is stop using the same fucking password everywhere.
 
Feb 25, 2014
6,015
0
0
#32
WTF? I didn't see no thread about this. GAF failed me!?
More info on the hack -

 
Oct 5, 2014
996
43
300
#35
It has nothing to do with those games aside from them being used to monetize the hack. They get your password/email elsewhere, then use those games to make money off it. Blaming the game is ridiculous and solves nothing.
That is true of FIFA and Neverwinter, but the Warframe server was compromised and usernames/emails copied.

If you use the same credentials on multiple web pages, an unscrupulous person has a greater chance of gaining access to your account. When the victim enters their information in here --> https://haveibeenpwned.com/ <-- we see a high coloration between prior compromises their gaming account being hacked.
 
Nov 22, 2007
9,722
0
0
#36
After so many password breaches, you really do need different passwords for everything these days, that or a password manager. I just started playing NWN last week and this makes me nervous.
 
Aug 15, 2007
31,370
0
975
#37
After so many password breaches, you really do need different passwords for everything these days, that or a password manager. I just started playing NWN last week and this makes me nervous.
yep. i have separate passwords for anything i consider sensitive or where financial transactions can be made.

for the rest i just use the same less secure password. as i dont care if someone hacks my gaf account or posts as me on reddit lol
 

Joni

Member
Aug 11, 2007
30,094
0
0
My House
#40

JP

Member
Mar 7, 2010
6,737
168
0
#43
  • JP

    JP

It's bewildering that people are still using the same passwords for different places, it's just asking for trouble.
They shouldn't scare you as long as you don't reuse the same password on every website/service. Use a password manager and make 30 character passwords and stop worrying about this nonsense.
I'd always recommend Diceware as a method of producing passwords, a really good way to increase your bits of entropy.
 
Jul 30, 2009
7,787
165
705
#46
Good passwords are useless against social engineering. 2FA and a OTP are far more impervious to that sort of attack.
Nothing to engineer if I have unique passwords/email for each service I use, plus two-step.

One service goes down, there's basically nothing tying it to my other accounts.

Besides, critical data is better protected, so there's very little chance my bank/visa/whatever involving money can be touced.