What is the point of hacking PSN accounts?

[MazeHaze]

So my GF doesnt play my ps4 much, but she has an account with her paypal on it from when she bought Life is Strange. Woke up this morning and somebody charged like 120 bucks on her account for Spiderman and Need for Speed. What is the point of this even? We noticed the transaction immediately, they didn't even change her password. She got on and changed her password and removed her paypal

What is the point of doing this though? Surely most people notice they are missing money within a day or so and lock the account back down right? It seems like a wasted effort to be able to play a game for an hour or two before the account holder notices. Also how do people get in to PSN accts like this? She only uses this email + password for PSN and steam, steam account is uncompromised. If they got in by using her personal information and calling Sony Support, wouldn't her password be changed? Just trying to wrap my head around this, any insight would be much appreciated.

Sony support doesn't open for an hour, so she will call then then, will they refund these purchases? I think the only thing she ever bought was LiS, so if she has to do a chargeback and lose her acct it's whatever, but she would still rather not.

 

[ThingsRscary]

I always advise people to use TWA with the use of OTP since it's the most effective way until now.

 

[Malfious]

Someone did this to me about 5 years ago but Sony wouldn't let me get a refund cos 'it was my fault'

 

[Kudo]

You will most likely have to fight Sony for the refund - they don't really give those out that easily.
The hacker might have changed the primary console of the account and could be still playing those games.

 

[Hamster Plugin]

Sony really does not like giving refunds so you may have lost your money.

You'll want to have two-step authentication on all your PSN accounts.

 

[Joeyro]

People can download games on your hacked account and play them on their own, usually hackers sell those accounts. 2FA is a blessing.

 

[PurgeVIII]

Don't dispute the purchases with PayPal. Thats a one way ticket to getting the PSN account banned.
Sony also might not give you a refund since they are very stingy with them. Hopefully this doesn't happen to her again.

 

[JayWood2010]

Ive had my PSN account hacked 3 times, and all three times Ive had to change my credit card because of it. I make sure to remove all of my information on PSN now. Ive had horrendous experiences with PSN, and that is disregarding the slow download speeds I get on there, that works on other consoles+PC perfectly.

Honestly if Sony works on anything next generation, make your online service better.

As for your question, Im not really sure why people do what they do. One person who hacked my account bought a TV show that is still on my account to this day. It just sucks, and it doesnt help that Sony's customer service sucks.

 

[plebc]

Bunch of kids trying to obtain free games. Those accounts are being sold on forums for a few dollars.

 

[OrangeNova]

I had to fight sony to refund my account when someone bought some Zenbucks for NWN on my account... it's a pain

 

[ProstatePuncher]

Pretty sure people do it just to wind others up. There's no other reason for doing it.

 

[Ayra Sutoraifu]

Ive had my PSN account hacked 3 times, and all three times Ive had to change my credit card because of it. I make sure to remove all of my information on PSN now. Ive had horrendous experiences with PSN, and that is disregarding the slow download speeds I get on there, that works on other consoles+PC perfectly.

Honestly if Sony works on anything next generation, make your online service better.

As for your question, Im not really sure why people do what they do. One person who hacked my account bought a TV show that is still on my account to this day. It just sucks, and it doesnt help that Sony's customer service sucks.

Click to shrink...

So, how is that 2FA experience for you?

 

[MazeHaze]

Pretty sure people do it just to wind others up. There's no other reason for doing it.

Click to shrink...

This is the only thing I can think of. The accounts get locked down almost immediately, it's not like you can buy a ton a fraudulent games and play them forever.

 

[Lashley]

They sell them if they have digital games attached

 

[KenobiLTS]

I think they will activate the account as primary on their own PS4. This allows them to use your games on their own accounts. So no matter what you do (changing the password, deactivating acccount, canceling the purchase and ...) they can use the purchased games on their own account as long as they're offline.

 

[Raysoul]

Question, what is it with PSN accounts that I usually hear stories of it being easily hacked? Are accounts more prone to hackers than MS or Nintendo accounts?

 

[Deleted member 21709]

Someone did this to me about 5 years ago but Sony wouldn't let me get a refund cos 'it was my fault'

Click to shrink...

Did you make a thread about that in the old place?

 

[danhz]

What is the point of doing this though? Surely most people notice they are missing money within a day or so and lock the account back down right? It seems like a wasted effort to be able to play a game for an hour or two before the account holder notices

Click to shrink...

Buy the game with your money, set ur account as primary, download the game, set console offline.

Play the game for free until they finish it, then, they connect to internet. They will lose the access to the account and the game, but if they are singleplayer games, who cares?, they already finished it.

Idk how sony handles this, banning their accounts? the entire console? but its pretty annoying. It happened me once and thx god the bank cancelled the payment at the moment becuase it was just done after a transaction i had done.

And in other cases, they set ur account as primary in their console and if you dont notice, if you have ps+, they have it free then. Many people dont even know this happens, and when they try to play a game offline, the system obv says u cant, since u cant play offline in second accounts, and many people thinks this is a sony issue.

 

[JayWood2010]

So, how is that 2FA experience for you?

Click to shrink...

Considering that I have been on PSN for a decade, and they added Two Step Authentication in 2016, I would say not well for me considering I didnt have the option until it was too late.

And it certainly hasnt helped with the speed I get on PSN. For the first time ever I paid for PS+ this weekend to play Firewall online. a 9GB update took an hour and half to dload. Compared to all of my other devices which would have been finished in probably less than a half hour.

As I said, Ive had terrible experiences with PSN.

 

[Adamska]

I always advise people to use TWA with the use of OTP since it's the most effective way until now.

Click to shrink...

I don't understand these terms and how they relate to an account being hacked.

Also, since my primary PSN account is not one from my own country, so far I have only fed it codes for bucks, so even if someone hacks it, they won't get much out of me, but it really shouldn't happen as often as it seems it does.

 

[MazeHaze]

I think they will activate the account as primary on their own PS4. This allows them to use your games on their own accounts. So no matter what you do (changing the password, deactivating acccount, canceling the purchase and ...) they can use the purchased games on their own account as long as they're offline.

Click to shrink...

Ohhhh, that makes more sense. So even if we deactivate their PS4 as primary, it doesn't matter for them as long as they stay offline?

 

[Deleted member 3190]

This is the only thing I can think of. The accounts get locked down almost immediately, it's not like you can buy a ton a fraudulent games and play them forever.

Click to shrink...

If they're able to make their PS4 the primary console for the account they can go offline for a period of time and still play those games. Not sure how long that is though.

 

[galv]

Question, what is it with PSN accounts that I usually hear stories of it being easily hacked? Are accounts more prone to hackers than MS or Nintendo accounts?

Click to shrink...

Yes. Not sure about Nintendo but it's worse than MS.

Their 2FA system is somewhat hidden and a pain to setup and is laughably out of date - who still uses SMS 2FA in 2019?

And Sony doesn't exactly have the best track record when it comes to their backend systems.

I have no doubt that PSN is less safe than other competing console services.

 

[KenobiLTS]

Ohhhh, that makes more sense. So even if we deactivate their PS4 as primary, it doesn't matter for them as long as they stay offline?

Click to shrink...

Yeah, they can play them forever, as long as they're not connected to internet.

 

[AfropunkNyc]

Why would psn be an exception of getting hacked? I had a couple of my accounts get attempted hack on PC. Uplay, Steam, Epic. My only account that actually got hacked was Origin, where the person didn't change my password but played games i didn't get to play and got the achievements for these games.

 

[MazeHaze]

Good news is she doesn't give much of a fuck about the account, so if we need to charge back that's no biggie. Curious to see what Sony says.

My only question at this point is how did they get in the acct? Do people use phishing for this? Wouldnt the password have been changed if that was the case?

 

[TimPV3]

My only question at this point is how did they get in the acct? Do people use phishing for this? Wouldnt the password have been changed if that was the case?

Click to shrink...

When a big site gets hacked, the username/passwords are sold in bulk, and someone that buys, say, 1k will run something to try them on a combination of websites (which is why it's recommended you use a different login on each website). Every website that successfully logs in gets marked down and they'll sell the login info somewhere. Usually they advise not to change the login info because the owner will be notified (or you need their email access) and the buyer will get locked out of the account.

Usually they'll sell PSN accounts with a lot of games, if the person wasn't an idiot and charged the PayPal they probably could've been on there for a while without you guys knowing. It's also possible they could've set their PS4 yo the primary one and disconnected it from the internet so even if you change the password, they'll still get to play the games.

 

[Teamocil]

Sony's customer service is fucking shameful so your money is likely gone for good. "4 the players" my ass.

 

[MazeHaze]

When a big site gets hacked, the username/passwords are sold in bulk, and someone that buys, say, 1k will run something to try them on a combination of websites (which is why it's recommended you use a different login on each website). Every website that successfully logs in gets marked down and they'll sell the login info somewhere. Usually they advise not to change the login info because the owner will be notified (or you need their email access) and the buyer will get locked out of the account.

Click to shrink...

Right, but she only uses this login for steam and psn (and I think the passwords are different)

 

[Oklusion]

Relevant link: https://haveibeenpwned.com/

 

[Vespa]

What's TWA and OTP?

Is OTP one time purchase?

 

[Jaded Alyx]

Their 2FA system is somewhat hidden and a pain to setup and is laughably out of date - who still uses SMS 2FA in 2019

Click to shrink...

I can't even receive the code to set it up. I don't have this problem with any other service. It's a joke.

 

[Asakusa15]

A few years ago some french kid stole my wife's PSN account and spent 30€ on FIFA points. WTF?
Sony support was very helpful and refunded us the money. I wonder what happened to the kid's PS4.

 

[MazeHaze]

She just spoke with Sony. They are refunding her but said it will take up to two months lol

 

[Lant_War]

How can people not have 2FA in 2019

 

[MazeHaze]

How can people not have 2FA in 2019

Click to shrink...

Because she used the account once like
3 years ago. Pretty sure it might have been before Sony even offered 2fa.

 

[Ayra Sutoraifu]

who still uses SMS 2FA in 2019?

Click to shrink...

A lot.
What is wrong with sms 2FA?

 

[Ant_17]

People already said to use 2 step, but I go a little farther and remove my card info when I'm done buying stuff. Just a tip.

 

[galv]

A lot.
What is wrong with sms 2FA?

Click to shrink...

https://www.theverge.com/2017/9/18/16328172/sms-two-factor-authentication-hack-password-bitcoin

https://www.slashgear.com/sms-two-factor-authentication-is-unsafe-use-these-instead-27539168/

https://www.makeuseof.com/tag/two-factor-authentication-sms-apps/

https://www.wired.com/story/reddit-hacked-thanks-to-woefully-insecure-two-factor-setup/

TL;DR: SMS 2FA is by far the easiest to beat since SMS is based on insecure technology. App-based 2FA is safer (but not as safe as physical keys like Yubikey) since they rely on one-time recovery keys (which you can decide to opt out of with most apps).

 

[sensui-tomo]

She just spoke with Sony. They are refunding her but said it will take up to two months lol

Click to shrink...

Never heard of a 2 month refund.

 

[MazeHaze]

Never heard of a 2 month refund.

Click to shrink...

*Shrug* idk, she got a confirmation number and everything. So we'll see.

Edit: I should mention this will be a refund to her bank account, not PSN wallet.

 

[Melchiah]

And it certainly hasnt helped with the speed I get on PSN. For the first time ever I paid for PS+ this weekend to play Firewall online. a 9GB update took an hour and half to dload. Compared to all of my other devices which would have been finished in probably less than a half hour.

Click to shrink...

No such issues here. I could download the 43GB GT Sport beta file in an hour on my old 100Mbps connection. It's been fast throughout this gen, and it gave reasonable speeds on PS3 when I moved to wired connection. In fact, downloading the 6,4GB Remember Me took me 45 minutes on PS3, and I had a slower connection at the time.