PSN Accounts Hacked

[Demon_Skeith]

Yesterday, IGN reported Sony was sending out emails to PlayStation users, requiring password changes after noticing "irregular activity" on PSN accounts. Following our story, we received messages from multiple sources claiming their accounts were used to make unverified purchases. According to one person, his account was used to add $150 to his PlayStation Store wallet, while another found mysterious purchases related to FIFA 14.

"Just last night, at about 1:10 AM, I received an email saying $50 was added to my wallet," Marcus Elyiace told IGN via email. "No more than 15 seconds later, I receive another email saying the same thing. I immediately login to my account [...] but by the time I did that, another $50 dollars was taken from my card."

Elyiace contacted Sony customer service and forwarded IGN the details of the conversation. The Sony rep said all the charges would be refunded within five to seven days and stressed "making sure that your password is not something that you use on other places around the internet."

Another PSN user, Bobby Atkins, says funds were also added to his Store wallet. But before Atkins noted the charges to his credit card, someone had purchased FIFA 14 content with his account. The inclusion of FIFA in the mix brings back memories of 2011, when multiple Xbox 360 users' accounts suddenly found charges of FIFA 12 content they had never purchased.

Downloading content via another person's account to the hacker's PlayStation device may seem like a fruitless effort, but there is some reasoning--if you can call it that--to the madness. Theoretically, the person in control of the account could designate their PlayStation device as the "primary" console, then proceed to download the content. When the victim resets their password, the access would obviously be revoked. But assuming the game in question doesn't require DRM verification, or if the unverified PlayStation is kept offline, they could possibly still use the content or game.

Other messages to IGN included a fraudulent charge for $650 to a clothing retailer on the same card linked to the person's PSN account, and other users who found games on their account they had never opted to purchase. All of the alleged victims received the "irregular activity" email from Sony. Sony has sent this same password reset email out at least twice in as many weeks.

source

It's why I don't have a Credit card on my account.

 

[zoldos]

Yeah neither do I.  I'll usually buy a pre-paid card and use the full amount....

 

[Azareal]

Again? Sony really should step up their security as they just seem to be hit by things like this quite a lot.

 

[zoldos]

Maybe we'll get a free game like last time. lol

 

[fantanoice]

Yeah I made sure not to have my credit card details attached to my account after the last hack. It's pretty worrying though.

 

[Demon_Skeith]

Again? Sony really should step up their security as they just seem to be hit by things like this quite a lot.

All security does is delay hackings. If one is going to be hacked they will be hacked.

Maybe we'll get a free game like last time. lol

Not large scale enough to cause that.

 

[zoldos]

How large scale was it, and should I be concerned?

 

[VirusZero]

It's unlikely that the PSN was actually hacked at all (or else there would be much wider scale issues). These sound like isolated cases where a few people either didn't use a strong enough password (on their PSN account or email account used to create their PSN account) or they engaged in some game sharing or trophy-aid. 

Remember to use strong passwords...
That is have a password that:
- contains at least one number. 
- contains one punctuation mark.
- contains one capital. 
- is at minimum 8 characters (though over 15 is better).
- is not a common and/or dictionary word (and if you think of using "password" or any variation thereof for your actual password? Be aware that according to a 2012 survey it was the number 1 password. So take a guess what those looking to break into an account would be most likely to try?)
- is not a name of family or close friend.
- is not an anything closely associated with you. (So if you go on about how you love Nintendo... Don't use "Mario" as your password.)

And don't give out your password for any reason. (Reps from Sony, or any other company, don't need your password to interact with or alter your account. They have tools on their end.)

 

[zoldos]

Okay gotcha.  I have a strong password so it should be okay, and I definitely don't keep a payment instrument on file.