From Patrick Klepek :
Lots more at the full article: https://waypoint.vice.com/en_us/art...-why-i-bid-dollar700-for-a-stolen-psn-account
Interestingly, this sounds almost exactly like a scenario that we had a thread about a while back: https://www.resetera.com/threads/banned-from-psn-on-my-birthday.68193/
Seems like Sony customer service is pretty much incompetent and hasn't kept up with modern security practices. These kinds of social engineering attacks are well known at this point, and companies like Amazon and Apple have updated their policies to fight them. But it seems like all you need to do to get Sony to turn over a PSN account is call enough times until you get a rep lazy enough to let you in.
Kinda scary, considering I'm in the same boat as the subject of the article. Strong, unique passwords, two-factor authentication, the works. And yet it seems like nothing would really stop someone who wanted to steal my account because Sony isn't doing the right thing.
$1,200. That's how much someone is asking for a PlayStation Network account I've been investigating for the past few weeks. "Secure," the person calls it, claiming the account will "never be touched" by the original owner again. "He won't be getting it back," they claim. More than a thousand dollars? That's a little rich for my blood, and so I counteroffer: $700.
"Btc?" they respond, accepting my bid. (BTC refers to bitcoin. The majority of transactions like this take place using cryptocurrency; it's generally harder, but not impossible, to trace.)
I didn't purchase the account, of course. But I could—anyone could, if they only knew where to look. This account wasn't on a shady market because someone was clumsy with their digital security. They had a strong password and two-factor authentication. When they were notified about problems with their account, they called Sony and asked for help.
Despite all this, despite proving their identity over and over, they lost access to their PSN account, including any trophies earned or any games purchased. It was gone...well, sort of. The original owner no longer had access, but this person—the individual asking for $1,200 but who quickly and without hesitation dropped to $700—did.
Lots more at the full article: https://waypoint.vice.com/en_us/art...-why-i-bid-dollar700-for-a-stolen-psn-account
Interestingly, this sounds almost exactly like a scenario that we had a thread about a while back: https://www.resetera.com/threads/banned-from-psn-on-my-birthday.68193/
Seems like Sony customer service is pretty much incompetent and hasn't kept up with modern security practices. These kinds of social engineering attacks are well known at this point, and companies like Amazon and Apple have updated their policies to fight them. But it seems like all you need to do to get Sony to turn over a PSN account is call enough times until you get a rep lazy enough to let you in.
Kinda scary, considering I'm in the same boat as the subject of the article. Strong, unique passwords, two-factor authentication, the works. And yet it seems like nothing would really stop someone who wanted to steal my account because Sony isn't doing the right thing.