Support NeoGAF

[Killthee]

A few weeks ago, Mic Folk got a weird email. The person writing it claimed they'd been playing Overwatch on a PlayStation Network account for more than six months, but the password had changed recently. But why would Folk know anything about this random dude's account? As it turns out, they'd "purchased" Folk's account through a website called PSN Games, one of many businesses trafficking in the selling of cheap games by sketchy means.

The individual who bought Folk's account was an Overwatch fan named Bennett Eglinton.

"Hello I purchased overwatch from psngames.org and this email was used as the account info," reads an email from Eglinton, sent in early March. "However the password I was given for the PlayStation Network sign in no longer works. Did you happen to change it? Can I get the new info."

Here's how PSN Games, which claims to offer "legal and genuine digital downloads, but sent in the form of an account," works. Let's say you want to play Mass Effect: Andromeda, but don't want to pay the game's full price, $60. Right now, PSN Games is offering it for $41.99. After checking out, PSN Games sends you the login information for an account, complete with email address and password. You then sign into that account and mark your PlayStation 4 as the primary device, which grants you access to play the game locally on your machine. After downloading the game, you're supposed to log out of the account and switch back to yours.

It doesn't take much to become an amateur PSN hacker, either. (Though hacker might be a generous term, in this case.) A simple Google search, which I'm not going to share here, can bring up software that will scrape databases of compromised accounts, automatically test them against the PSN login page, and if it works, compile how many games are tied to the account.

All of this can be accomplished in minutes.

https://waypoint.vice.com/en_us/art...work-account-resellers?utm_source=wptwitterus

Guess I shouldn't be surprised sites like these exist or how easy it is to test a database of compromised accounts against a site, but it's just something I never thought about.

 

[iBlue]

Sony needs to do something about it.

 

[benzopil]

It's super popular in Russia because games are expensive for a lot of people and they don't care if it's legal.

 

[gutterboy44]

If you don't read the article, here is the most important take away. Turn on that two form-factor authentication on your PSN account!! It isn't a hassle at all and worth it.

But do read the entire article, it's a good read on some shady shit.

 

[thebigmachine]

Have PSN account stolen OT's been eliminated? I haven't seen an influx of them in the last few weeks/months. I always want to know many of these peps are using a password manager or using a unique 20+ length password.

 

[Sho_Nuff82]

How dumb of a pirate would you have to be to ask the actual account holder to help you log in to their stolen account?

This is worse than a pirate, because they're paying money to steal and take away features from other players.

 

[Chesskid1]

it should be way more cheaper, you arent saving much.

 

[BiggNife]

This is some shady shit and I had no idea this was a thing.

Gonna put 2FA on my psn account when I get home. I know, I know, I should've done it earlier.

 

[Glix]

How dumb of a pirate would you have to be to ask the actual account holder to help you log in to their stolen account?

This is worse than a pirate, because they're paying money to steal and take away features from other players.

You gotta figure the guy is just an idiot. Sounded like he doesn't even realize how shady this all is, and thinks that the acct is voluntarily associated with this site or something.

 

[hanspampel]

How dumb of a pirate would you have to be to ask the actual account holder to help you log in to their stolen account?

This is worse than a pirate, because they're paying money to steal and take away features from other players.

whoever buys a shared account is obviously not well informed. otherwise they would not do it in the first place

so maybe he assumed he bought a legit shared account?




just never ever buy accounts
buy codes.
people here know that, but many sadly don't and people make money on this shit

 

[louiedog]

If you don't read the article, here is the most important take away. Turn on that two form-factor authentication on your PSN account!! It isn't a hassle at all and worth it.

But do read the entire article, it's a good read on some shady shit.

Also don't reuse passwords which is enabling this.

 

[KingParappa]

Thank god I have 2FA on my account. This is ridiculous.

 

[EmiPrime]

This crap is all over ebay too; type in any big game into the search field + download and you'll get a ton of results with "read description" or similar in the title that are for accounts rather than download codes.

http://www.ebay.co.uk/itm/Gears-Of-...926594?hash=item2f00535e82:g:Q3oAAOSwuxFY2QFo

 

[Salty Rice]

Well you gotta change your name somehow.

 

[Garrett Hawke]

actual games journalism <3

 

[Polk]

It's super popular in Russia because games are expensive for a lot of people and they don't care if it's legal.

Same in Poland, both Xbox and PS accounts.

 

[BigEmil]

" It doesn't take much to become an amateur PSN hacker, either. (Though hacker might be a generous term, in this case.) A simple Google search, which I'm not going to share here, can bring up software that will scrape databases of compromised accounts, automatically test them against the PSN login page, and if it works, compile how many games are tied to the account. "

As i thought, that's why you should use a completely unique password for your PSN, don't use a password for PSN you used elsewhere. If that account elsewhere accounts got hacked/breached they will test your email and password from elswhere on PSN database and if it works they got it

 

[Joni]

As usual, unique passwords are very important. With a touch of 2FA for complete ease of mind.

 

[Patrick Klepek]

If nothing else, please add two factor to your account, PSN and elsewhere.

 

[i-Jest]

It's great Sony had the good sense to make 2 step verification possible in all accounts. Mines been active since they made it available.

Next Step? Sony needs to disable Share Play and Crack down in this issue. Come up with a method to weed out rightful account holders from thieves. It's only getting bigger at this point. If it snowballs into something nearly uncontrollable, I'm sure A LOT of people are going to leave the platform, or straight up avoid it.

 

[Not Spaceghost]

Every service that hosts your digital purchases should have a goddamn authenticator available for it.

 

[MUnited83]

Sony needs to do something about it.

Outside of 2FA, which they already support, there is not much they can do.

 

[tim.mbp]

Does Sony not notify people of suspicious activity or when another console is set to primary?

 

[Dr. Zoidberg]

It isn't a hassle at all and worth it.

I feel like Sony's implementation of 2FA IS a hassle, but it's still very worth it. I should be able to link it with my Google Authenticator. I hate their text messages, but to their credit, they always arrive super-fast. It's only a hassle when logging into the PSN store on the web, but since the on-console store kind of sucks I do this all the time.

 

[gutterboy44]

I feel like Sony's implementation of 2FA IS a hassle, but it's still very worth it. I should be able to link it with my Google Authenticator. I hate their text messages, but to their credit, they always arrive super-fast. It's only a hassle when logging into the PSN store on the web, but since the on-console store kind of sucks I do this all the time.

Hmm, I thought they did a good job with the key generation. Like you said, instant texts and short enough to quickly memorize without ambiguous characters. I guess 6 digit numerical is easy too.

 

[Killthee]

Does Sony not notify people of suspicious activity or when another console is set to primary?

I think they force you to change your password if there's suspicious activity. They don't go into details on what has triggered it though nor do they notify you via email.

You also don't get an email notification when the primary console is changed.

 

[Cleve]

Hmm, I thought they did a good job with the key generation. Like you said, instant texts and short enough to quickly memorize with ambiguous characters. I guess 6 digit numerical is easy too.

Support for authentication apps would really be great though. I know it sounds dumb, but I have poor cell signal in my area(keep on fighting that tower townies. :| ), and sometimes don't get sms in a timely manner.

 

[Garrett Hawke]

Outside of 2FA, which they already support, there is not much they can do.

idk, when you log into steam from a new computer it asks for an access code via email regardless of whether or not you have set up steam authenticator. it's limited 2FA by default. they could do that

 

[Persona7]

Every service that hosts your digital purchases should have a goddamn authenticator available for it.

Or you can always use strong random passwords for every site and don't reuse any.

 

[Kaibutsu]

Next Step? Sony needs to disable Share Play

wait, what?

 

[walking fiend]

You haven't seen shady until you use Tor. They sell US passports there, let alone PSN accounts. Hacking random PSN accounts is a trivial matter

 

[thepenguin55]

Some people just refuse to make an honest living

 

[antibolo]

Or you can always use strong random passwords for every site and don't reuse any.

Nope nope nope, a strong password is always a good thing but it doesn't invalidate the need for 2FA.

 

[zephervack]

Those bundles with 5 random games are something else. There has got to be a better way of doing this without sacrificing people that own multiple consoles.

 

[Rookhelm]

I don't see why it would be necessary to steal people's accounts to resell them though. Especially if the point is for the buyer to download the game, set to primary, then basically give the account back (or am I misunderstanding that the buyer keeps the account forever?).


Wouldn't it be easier for this company to just create their own accounts, buy the game once, then re-sell it over and over to people?

 

[inner-G]

Thank god I have 2FA on my account. This is ridiculous.

.

Agreed. Hopefully there aren't many ways they can bypass it.

 

[Brandon F]

This happened to me on Xbox 360 during the widespread EA Ultimate Team shit. Some UK chav bought my account somehow, charged my card for FIFA '11 and ran up a bunch of money for team cards.

Thankfully the bank flagged it all as fraudulent immediately, before I was even aware, and I wasn't actually affected financially. Of course MS was incompetent and had to close my entire account for ~6mo while it performed an investigation. Couldn't access my purchases or log into XBL until resolved(though I could play offline). Eventually everything was transferred to a new account, but that alongside the infamous 2013 E3 debacle that was the Xbone reveal solidified my move to Sony.

Would fucking loathe it if something similar happened again on the other team.

 

[Killthee]

I feel like Sony's implementation of 2FA IS a hassle, but it's still very worth it. I should be able to link it with my Google Authenticator. I hate their text messages, but to their credit, they always arrive super-fast. It's only a hassle when logging into the PSN store on the web, but since the on-console store kind of sucks I do this all the time.

I agree. They should let you use third party authenticators like GA and the PlayStation app should have its own authenticator and one touch authentication like the blizzard authenticator.

 

[westman]

I don't see why it would be necessary to steal people's accounts to resell them though. Especially if the point is for the buyer to download the game, set to primary, then basically give the account back (or am I misunderstanding that the buyer keeps the account forever?).

Wouldn't it be easier for this company to just create their own accounts, buy the game once, then re-sell it over and over to people?

You are misunderstanding something. The buyer's console needs to remain the primary for the stolen account, or he would no longer be able to access its games under his own profile. So the primary status cannot be given back and reused by the seller.

 

[RichiRamjag]

Nope nope nope, a strong password is always a good thing but it doesn't invalidate the need for 2FA.

This 1000x.

I have 2FA on my main account, but I had to take back my old one that I used on PS3 after realizing someone stole it.

 

[ChouGoku]

Just put on 2FA