Sony accounts compromised - upgrade your security

Kimbot

There have been a few accounts "hacked" over the past couple of weeks.

http://www.bbc.com/news/technology-37975241

If people haven't changed their accounts to 2fa then do so now

https://blog.malwarebytes.com/security-world/2016/08/how-to-enable-2fa-on-the-playstation-network/

Also maybe looking at adding 2fa to your other online accounts where possible to protect yourself especially with any financial info on accounts.

For anyone that had money take from their Paypal using their PSN please take note of this:

If your account has been hacked and money charged from your Paypal, people should go directly to Sony with it and not Paypal. That seems to be causing additional problems as it's going to take longer to get your account back/unbanned in that scenario.
https://www.playstation.com/en-ie/ge...-and-accounts/

Account debt - The user has requested a refund for a purchase through their bank (chargeback). This will usually result in a suspension until the debt is paid back. Please contact us for assistance.

brevity

I keep getting a change password notification from Sony but don't know if it's genuine.

Anyone else getting one?

Kimbot

brevity wrote: »

I keep getting a change password notification from Sony but don't know if it's genuine.

Anyone else getting one?

Is it an email?

brevity

jonnycivic wrote: »

Is it an email?

Yea, can happen up to 3 or 4 times a day.

This is the link:

https://account.sonyentertainmentnetwork.com/security/validate-password-reset-token...

Kimbot

brevity wrote: »

Yea, can happen up to 3 or 4 times a day.

This is the link:

https://account.sonyentertainmentnetwork.com/security/validate-password-reset-token...

Well I wouldnt use the link but go through your console or their website and reset your password.

Nailz

brevity wrote: »

Yea, can happen up to 3 or 4 times a day.

This is the link:

https://account.sonyentertainmentnetwork.com/security/validate-password-reset-token...

Sounds like you're details have been stolen from a service breach (can be any amount of them) and put up on the dark web for people to have free reign with. I would recommend not just enabling 2FA, but also changing your email address and password. Your email address is hardly a Yahoo account, is it?

https://haveibeenpwned.com/

Use the above website to see if your login email has been compromised in a breach. If you do decide to change your email address, make sure that you check that address hasn't been compromised either. In any case, try and use a unique password, independent from all your other passwords, just to be safe. You should really do that with every online service, it's a pain remembering unique passwords, but it's necessary unfortunately.

Varik

brevity wrote: »

Yea, can happen up to 3 or 4 times a day.

This is the link:

https://account.sonyentertainmentnetwork.com/security/validate-password-reset-token...

It means someone knows your email for the account and is hitting "forgot password" to be sent that email.

could be someone you know being a **** or more likely an email address showed up elsewhere and they're seeing if it matches up elsewhere.

Kimbot

Varik wrote: »

It means someone knows your email for the account and is hitting "forgot password" to be sent that email.

Interesting, I had a look in my email there for my PSN account and havent gotten those types of mails in a long time from them.

Varik

Checked to see if any other information was needed for a reset, just needed email and it sent the reset only had to do a human image check thing.

https://account.sonyentertainmentnetwork.com/liquid/reg/account/trouble-shooter!input.action?troubleSignIn=true

Sony Entertainment Network Password Change Notification

To change the password for your Sony Entertainment Network Account, please click on the following link.

link to reset

This link expires 24 hours from the time that it was sent. The link directs you to the Sony Entertainment Network Account Management website, where you can enter a new password.




This e-mail message has been delivered from a send-only address. Please do not reply to this message. For more information about your Account, please visit the links below.

Support:
https://www.playstation.com/get-help/contact-us/

For more information on our terms and policies, please visit the link below:

Terms of Use and Privacy Policy:
https://www.playstation.com/legal/PSNTerms/

This email has been sent on behalf of Sony Interactive Entertainment Network Europe Limited, a company registered in the United Kingdom with registration number 06020283, with its registered address at 10 Great Marlborough Street, London, W1F 7LP. The email has been delivered from a send-only address. Please do not reply to this message. If you have any queries, please contact Customer Support using the contact details found at http://eu.playstation.com/support/

“PlayStation” is a registered trademark of Sony Interactive Entertainment Inc and “SONY” is a registered trademark of Sony Corporation. .

Penn

The fact that it seems to only be happening in UK and Ireland is what's really weird about this.

jonnycivic, could you edit in to your OP that if your account has been hacked and money charged from your Paypal, people should go directly to Sony with it and not Paypal. That seems to be causing additional problems as it's going to take longer to get your account back/unbanned in that scenario.
https://www.playstation.com/en-ie/get-help/help-library/my-account/grief-reporting/banned-and-suspended-consoles-and-accounts/

Account debt - The user has requested a refund for a purchase through their bank (chargeback). This will usually result in a suspension until the debt is paid back. Please contact us for assistance.

Penn

Varik wrote: »

Checked to see if any other information was needed for a reset, just needed email and it sent the reset only had to do a human image check thing.

https://account.sonyentertainmentnetwork.com/liquid/reg/account/trouble-shooter!input.action?troubleSignIn=true

So for that, they'd have to have access to your email account? That's more worrying than hacking your PSN account. Any multitude of sites they could send a Forgotten Password request for

Kimbot

Penn wrote: »

The fact that it seems to only be happening in UK and Ireland is what's really weird about this.

jonnycivic, could you edit in to your OP that if your account has been hacked and money charged from your Paypal, people should go directly to Sony with it and not Paypal. That seems to be causing additional problems as it's going to take longer to get your account back/unbanned in that scenario.
https://www.playstation.com/en-ie/get-help/help-library/my-account/grief-reporting/banned-and-suspended-consoles-and-accounts/

Done was looking for info on that but with the PS site blocked in work its a pain haha

Varik

Penn wrote: »

So for that, they'd have to have access to your email account? That's more worrying than hacking your PSN account. Any multitude of sites they could send a Forgotten Password request for

Just referring to the repeated emails to allow a person to reset their password, all they'd need is the address but that doesn't do much on it's own.

Problem is if they know you're email, and send you a fake email if someone was to click on that and foolishly enter any additional details.

brevity

Nailz wrote: »

Sounds like you're details have been stolen from a service breach (can be any amount of them) and put up on the dark web for people to have free reign with. I would recommend not just enabling 2FA, but also changing your email address and password. Your email address is hardly a Yahoo account, is it?

https://haveibeenpwned.com/

Use the above website to see if your login email has been compromised in a breach. If you do decide to change your email address, make sure that you check that address hasn't been compromised either. In any case, try and use a unique password, independent from all your other passwords, just to be safe. You should really do that with every online service, it's a pain remembering unique passwords, but it's necessary unfortunately.

Ya that's what I suspected. I don't use PSN anymore as i don't have time to be honest.

It's a Gmail account but that passwords aren't the same and I have 2FA on my Gmail account.

Will check that site now. Thanks

Kingp35

Nailz wrote: »

You should really do that with every online service, it's a pain remembering unique passwords, but it's necessary unfortunately.

Completely agree with this. The best way is download Last Pass. It's a password manager/generator that will allow you to keep track of all your passwords. It's also available for mobile phones.

ibFoxer

I was given to understand on a previous thread that there was no PSN security breach? What I took from it, and of course I'm open to correction, was that it was isolated, and just like Mortgage Backed Securities in 2007, PSN was strong?

Kimbot

ibFoxer wrote: »

I was given to understand on a previous thread that there was no PSN security breach? What I took from it, and of course I'm open to correction, was that it was isolated, and just like Mortgage Backed Securities in 2007, PSN was strong?

THERE STILL HAS BEEN NO PSN SECURITY BREACH!!!!

ibFoxer

jonnycivic wrote: »

THERE STILL HAS BEEN NO PSN SECURITY BREACH!!!!

I'm sorry Jonny, it's has all the hallmarks. Your staunch defence kinda reminds me of this https://www.youtube.com/shared?ci=B43KDOZuEwo

No offence intended

EoinHef

ibFoxer wrote: »

I'm sorry Jonny, it's has all the hallmarks. Your staunch defence kinda reminds me of this https://www.youtube.com/shared?ci=B43KDOZuEwo

No offence intended

If johnnys word is not good enough maybe you will take the security experts opinion in the BBC article linked earlier in the thread. You have no clue and are basing your assumption on zero fact. Come back when you have a few facts.


Ill even link it again for ye:

http://www.bbc.com/news/technology-37975241

Kimbot

ibFoxer wrote: »

I'm sorry Jonny, it's has all the hallmarks. Your staunch defence kinda reminds me of this https://www.youtube.com/shared?ci=B43KDOZuEwo

No offence intended

I am staunch in my defense about it because I actually bothered to read into it and to save others time I even provided the information right here in my first post.

Riesen_Meal

One look at Sony's UK AskPSN Twitter handle should tell anyone what they need to know...

Nearly every person tweeting them since last weekend has been someone from UK/Ireland with compromised account details...

ibFoxer

EoinHef wrote: »

If johnnys word is not good enough maybe you will take the security experts opinion in the BBC article linked earlier in the thread. You have no clue and are basing your assumption on zero fact. Come back when you have a few facts.


Ill even link it again for ye:

http://www.bbc.com/news/technology-37975241

Explain this to me then, since I'm obviously not bright enough to get it- how is it that a brother of a work colleague of mine has an email address, let's assume it's JohnPSN@gmail.com, that he uses only for PSN, is for the last 3 weeks receiving notifications of a password change, he works for a cloud computing firm,and is very technically advanced. Another friend of mine uses his email for 3 accounts, XBL, PSN and Steam, yet has only ever had trouble with PSN. Or the countless number of cases across the World Wide Web- Fireteam Chat Podcast Facebook page, Twitter, Reddit, etc etc.

But please, continue the rhetoric, as I obviously have no clue.

Kimbot

ibFoxer wrote: »

Explain this to me then, since I'm obviously not bright enough to get it- how is it that a brother of a work colleague of mine has an email address, let's assume it's JohnPSN@gmail.com, that he uses only for PSN, is for the last 3 weeks receiving notifications of a password change, he works for a cloud computing firm,and is very technically advanced. Another friend of mine uses his email for 3 accounts, XBL, PSN and Steam, yet has only ever had trouble with PSN. Or the countless number of cases across the World Wide Web- Fireteam Chat Podcast Facebook page, Twitter, Reddit, etc etc.

But please, continue the rhetoric, as I obviously have no clue.

This is the direct quote from the article from a security advisor on the matter:

Cybersecurity expert Prof Alan Woodward said if there had been a breach, the leaked data would probably have appeared elsewhere.
"There are two ways this could happen: either someone has got into Sony's central systems, which have been compromised before, or people's individual systems have been compromised," he told the BBC.
"If there had been some kind of central breach, the dark web would have been alight with it and we in the industry would be aware of it by now, I have not seen anything.
He added that if individual accounts had been breached and Sony had reset their passwords then users would expect to be notified by email.
"The fact they haven't suggests that usernames and passwords have been given away unintentionally," he said.
"Clearly if someone is spending money it is criminal activity."
Sony was unable to clarify how many users were affected and the issue only appears to be affecting PlayStation users in the UK.

What is to say your friends systems arent compromised? And dont forget, mobile phones, tablets and anywhere else they log in to their account could be compromised by a keylogger etc. But its ok the experts are wrong and your right so its all sony's fault :rolleyes:

Penn

ibFoxer wrote: »

Explain this to me then, since I'm obviously not bright enough to get it- how is it that a brother of a work colleague of mine has an email address, let's assume it's JohnPSN@gmail.com, that he uses only for PSN, is for the last 3 weeks receiving notifications of a password change, he works for a cloud computing firm,and is very technically advanced. Another friend of mine uses his email for 3 accounts, XBL, PSN and Steam, yet has only ever had trouble with PSN. Or the countless number of cases across the World Wide Web- Fireteam Chat Podcast Facebook page, Twitter, Reddit, etc etc.

But please, continue the rhetoric, as I obviously have no clue.

We don't know. That's the answer. It could very well be Sony, but as per the BBC article, there are experts who see none of the signs which would be commonly associated with such a breach. There's also the fact it seems to only be happening in UK and Ireland. If Sony/PSN was hacked, it'd be happening at the very least throughout Europe.

The simple fact is, none of us know where these hacks are coming from. But at this stage, it's simply too early to say this is coming from Sony. If it were, they likely would have locked sh*t down until it was all resolved given what happened in the hack years ago. They would need to be far more proactive and transparent now than they were then. But like I said, experts in the BBC article have said that this doesn't show any signs of Sony/PSN being hacked.

All we can do is ensure our accounts are as secure as possible (enable 2-step authentication, maybe change password to something completely unique, keep an eye out for password change emails etc) until the cause of these hacks has been found and closed.

EoinHef

ibFoxer wrote: »

Explain this to me then, since I'm obviously not bright enough to get it- how is it that a brother of a work colleague of mine has an email address, let's assume it's JohnPSN@gmail.com, that he uses only for PSN, is for the last 3 weeks receiving notifications of a password change, he works for a cloud computing firm,and is very technically advanced. Another friend of mine uses his email for 3 accounts, XBL, PSN and Steam, yet has only ever had trouble with PSN. Or the countless number of cases across the World Wide Web- Fireteam Chat Podcast Facebook page, Twitter, Reddit, etc etc.

But please, continue the rhetoric, as I obviously have no clue.

I never questioned your intelligence,just your lack of any facts/proof.

Anecdotal stories are no use for obvious reasons.

If it turns out Sony have been hacked ill be just as pissed as any other PS user. In the hack years ago my CC was compromised but was lucky enough the bank caught it so wasnt out of pocket. Could have easily been worse. But regardless of what platform,shouting hack before were in the posession of more information is premature.

ibFoxer

jonnycivic wrote: »

This is the direct quote from the article from a security advisor on the matter:



What is to say your friends systems arent compromised? And dont forget, mobile phones, tablets and anywhere else they log in to their account could be compromised by a keylogger etc. But its ok the experts are wrong and your right so its all sony's fault :rolleyes:

I never said I was right, I said it bore the hallmarks of a hack and I asked for an explanation.

I'm not going to keep on about it, it's pointless, I quite enjoy the PSN experience and the various gaming devices but it's obvious that once something is said that isn't quite stellar then it's as if it's a personal slight, as opposed to a negative against a console or company. And that's why I'm out. Enjoy lads.

Kimbot

ibFoxer wrote: »

I never said I was right, I said it bore the hallmarks of a hack and I asked for an explanation.

I'm not going to keep on about it, it's pointless, I quite enjoy the PSN experience and the various gaming devices but it's obvious that once something is said that isn't quite stellar then it's as if it's a personal slight, as opposed to a negative against a console or company. And that's why I'm out. Enjoy lads.

I wont disagree with you that it seems like a hack but as I said in the previous thread about this, in and around a month ago a lot of information from hacks over the past couple of years surfaced on the dark web, mainly the yahoo stuff. When a company is to blame i will place the blame on them but what ever happened to "Innocent until proven guilty" instead people here just want someones head on a plate. I would be defending Microsoft/Apple/Google/FORD etc etc in the same manner if it involved them so this isnt because its Sony or has to do with Playstation.

maximoose

Hmm. I set up an Indonesian PSN account 3 weeks ago to take advantage of the cheap WRC 6 offer, with a brand new throwaway yahoo email address that hasn't been used with anything else.

Same password was used for both, both appear to have had attempts to steal this morning. No card details on the PSN account at least.

Kimbot

maximoose wrote: »

Hmm. I set up an Indonesian PSN account 3 weeks ago to take advantage of the cheap WRC 6 offer, with a brand new throwaway yahoo email address that hasn't been used with anything else.

Same password was used for both, both appear to have had attempts to steal this morning.

Thats very odd, a few users with the issue were also yahoo users with same details on their yahoo accounts as their PSN account.
Enable 2fa and a new unique password just in case

jonerkinsella

maximoose wrote: »

Hmm. I set up an Indonesian PSN account 3 weeks ago to take advantage of the cheap WRC 6 offer, with a brand new throwaway yahoo email address that hasn't been used with anything else.

Same password was used for both, both appear to have had attempts to steal this morning. No card details on the PSN account at least.

That's a strange one . I wonder if Yahoo is screwed then . I used a Gmail addy for the same offer and have had no problems yet , or with any of my other PSN accounts ( Hot , G , and my bro is on Y )

uprooted tradition

I think the main thing people need to realise is that there is a difference between Sony being hacked and your own account being compromised. I don't know which one happened in any examples above but if my email is hacked and someone uses that to get onto my PSN account, that isn't Sony's fault and it doesn't mean they have been hacked.

If someone broke into the Sony servers and got your details, that is Sony's fault and it does mean they have been hacked.

I don't need anything other than your email address to ask Sony to send you a password reset link, that doesn't mean your email has been hacked or Sony have been hacked it could be just someone acting the maggot.

If I use the same login and password for Facebook, Twitter, Email, Amazon and PSN, if someone gets the password for one, they are all compromised.

The only thing we as users can do is to take all the precautions available to us. At the moment the best one is 2 factor authentication so even if someone gets your login details, they still can't do anything unless they also get your phone. I just turned on 2FA yesterday because of all the reports of compromised accounts. I strongly recommend everyone does the same.