Sony falls victim to (yet another) hack

By Ironman273
in PlayStation

 Share

Recommended Posts

Community Regular

XorpiZ

Posted
Posted

Topics merged.

 

Has been going on for weeks. Still no new info or confirmation besides the password resets, from Sony.

Sorry, wasn't aware it was part of the on-going issues.

 

I'm really curious as to why Sony hasn't said anything. Imagine if it was Microsoft, Apple or Google that kept quiet like that. The backlash would be insane.

Link to comment
Share on other sites
Grand Master

+Audioboxer Subscriber²

Posted
  • Subscriber²
Posted

Because it's not a hack of the network, it's individuals accounts being compromised. Most likely from passwords/email addresses obtained elsewhere (same combinations used on forums) or from Sony CS (phishing).

Surprised at the topic title to be honest, comparing this to the actual PSN hack is pretty silly.

For anyone about to slam me, read this http://www.vg247.com/2013/12/16/ps4-xbox-one-launches-inspire-34000-daily-hacking-attempts-on-consoles-report/

Link to comment
Share on other sites
Grand Master

Fourjays Veteran

Posted
  • Veteran
Posted

I've read it's related to Fifa again. Any more info on it other than the resets?

If it is the same, I have to wonder what Fifa is doing that makes it possible. Never bought the "social engineering" line that was used to explain it before.

 

Apparantly Sony has been hacked, again.

Accounts being compromised doesn't necessarily mean Sony have been hacked. There are many (far easier) ways to gain access to an account that wouldn't involve a network-wide breach.
Link to comment
Share on other sites
Grand Master

+Audioboxer Subscriber²

Posted
  • Subscriber²
Posted

That doesn't explain why my account had it's password reset though.

How long has it remained the same password for? Is your email address used on other sites? Especially gaming ones. Do you play FIFA? Have you ever used the online PlayStation network store? What country do you live in? (European countries are high on that list I linked to). How often do you log into PSN, have large gaps of inactivity?

There's some common sense approaches to explain what could be random resetting.

Link to comment
Share on other sites
Grand Master

Skiver Veteran

Posted
  • Veteran
Posted

Didn't know about this so thanks to all the OP's!

 

Was anyone else a little cautious about clicking the link in the tweet and changing your password? With everything that is going on in todays world it wouldnt suprise me if someone hacked the twitter account and used a bogus link to get peoples passwords!

Link to comment
Share on other sites
Grand Master

Fourjays Veteran

Posted
  • Veteran
Posted

That doesn't explain why my account had it's password reset though.

Precautionary measure. Have heard a lot of reports of this happening across many other sites (Twitter, Facebook, Dreamhost). I think the recent breaches (e.g. Adobe) have forced companies to be a bit more pro-active.

Best solution for Sony would be to add two-factor authentication.

Link to comment
Share on other sites
Grand Master

+Audioboxer Subscriber²

Posted
  • Subscriber²
Posted

If it is the same, I have to wonder what Fifa is doing that makes it possible. Never bought the "social engineering" line that was used to explain it before.

Accounts being compromised doesn't necessarily mean Sony have been hacked. There are many (far easier) ways to gain access to an account that wouldn't involve a network-wide breach.

FIFA is one of the only ways to convert an account into real money by selling it, and alongside COD just happens to be one of the most popular games. This is also why you see a lot of European accounts compromised due to FIFA being popular here. If COD had an incentive for making real money it would be used instead of FIFA.

When the Chinese were selling PSN accounts loaded with $150 a few years back on DHgate they were selling for $10-15. Point is the download library or even wallet balance doesn't bring in much, but the FIFA card mode (forget its name) has you cashing out larger sums. There's plenty of more eloquently described summarisations of how FIFA makes money all over Google.

I'm pretty sure its to do with the fantasy points and cards being tradeable. So you can nab someone's account, buy a ton of what you want on FIFA and then transfer those points or cards to another account. Essentially piggy backing virtual goods that have a monetary value. At this point you can now charge Joe Bloggs online $40 for the Messi card Sony want $50 for, and he's actually giving you money to your PayPal account. Loading up hundreds of dollars in a PSN wallet is no use to a hacker, they can't cash it out, so need to find a way to get money into their own banks/hands.

Link to comment
Share on other sites
Grand Master

The_Decryptor Veteran

Posted
  • Veteran
Posted

For like 3 weeks (Created an account not long before I got my PS4), I do use my email on other sites (being my only email account), never played FIFA, never used the PS store, Australia and every few days so far.

 

Randomly resetting the password for no reason is just going to make people use easy passwords to reuse them, it doesn't make it any more secure.

Link to comment
Share on other sites
Community Regular

XorpiZ

Posted
Posted

For like 3 weeks (Created an account not long before I got my PS4), I do use my email on other sites (being my only email account), never played FIFA, never used the PS store, Australia and every few days so far.

 

Randomly resetting the password for no reason is just going to make people use easy passwords to reuse them, it doesn't make it any more secure.

 

Sony obviously isn't telling the whole story. Companies don't just go around randomly resetting peoples passwords for no particular reason.

  • Thief000 and BajiRav
  • Like 2
Link to comment
Share on other sites
Grand Master

+Audioboxer Subscriber²

Posted
  • Subscriber²
Posted

For like 3 weeks (Created an account not long before I got my PS4), I do use my email on other sites (being my only email account), never played FIFA, never used the PS store, Australia and every few days so far.

Randomly resetting the password for no reason is just going to make people use easy passwords to reuse them, it doesn't make it any more secure.

How easy was your password to guess? Changing the password is good in the sense that if its a password someone uses everywhere (seriously stupid) they will be forced to use something else. The issue of people choosing to use/change to an easy password lies on the onus of the user. Sony can't be held to blame if you set your password as dog.

If a trend cannot be found then it simply may be random resetting flags triggered in the database. If you want to read into it any more that is your choice but there is no compelling or factual evidence to suggest any sort of network hack at this point. The most obvious choice for me was targeting people who had not changed their password in months/years but that trend is nuked if you're this new.

Link to comment
Share on other sites
Grand Master

DrunknMunky Veteran

Posted
  • Veteran
Posted

From what I have read this is the same issue that has plagued XBL since 2011/early 2012, where Russians IIRC, are social engineering the support teams to take accounts. They bought XBL points, sold them online with instruction to spend the points ASAP because "Microsoft would remove them" (with no explanation as to why). The other common trend was to redeem Fifa UT points onto the accounts, which is why so many people found Fifa in their recent play history despite not owning/playing it. Both EA and MS refused to take any blame for it and the matter was never explained.

 

I remember helping Xbox Support with the websites selling the accounts at the time, but it's been so long now I don't remember the names of them. Was definitely Russian or Far East EU countries though.

 

http://www.eurogamer.net/articles/2011-11-10-fifa-ultimate-team-xbl-account-hijacks-were-not-a-hack

http://www.eurogamer.net/articles/2011-10-14-xbl-accounts-hacked-to-buy-fifa-packs

 

If Fifa is appearing on people's accounts it's history repeating itself.

Link to comment
Share on other sites
Proficient

sbauer

Posted
Posted

For like 3 weeks (Created an account not long before I got my PS4), I do use my email on other sites (being my only email account), never played FIFA, never used the PS store, Australia and every few days so far.

 

Randomly resetting the password for no reason is just going to make people use easy passwords to reuse them, it doesn't make it any more secure.

Run your email address through this tool. Does it show anything?

 

https://shouldichangemypassword.com/

Link to comment
Share on other sites
Grand Master

The_Decryptor Veteran

Posted
  • Veteran
Posted

How easy was your password to guess? Changing the password is good in the sense that if its a password someone uses everywhere (seriously stupid) they will be forced to use something else. The issue of people choosing to use/change to an easy password lies on the onus of the user. Sony can't be held to blame if you set your password as dog.

If a trend cannot be found then it simply may be random resetting flags triggered in the database. If you want to read into it any more that is your choice but there is no compelling or factual evidence to suggest any sort of network hack at this point. The most obvious choice for me was targeting people who had not changed their password in months/years but that trend is nuked if you're this new.

 

It was 20+ characters, mixed case, with numbers and punctuation, used just for the PSN (So no re-use as I said).

 

Run your email address through this tool. Does it show anything?

 

https://shouldichangemypassword.com/

 

Nope, no service I've used has been hit, and even then I don't reuse passwords across sites.

Link to comment
Share on other sites
Grand Master

Fourjays Veteran

Posted
  • Veteran
Posted

FIFA is one of the only ways to convert an account into real money by selling it, and alongside COD just happens to be one of the most popular games. This is also why you see a lot of European accounts compromised due to FIFA being popular here. If COD had an incentive for making real money it would be used instead of FIFA.

When the Chinese were selling PSN accounts loaded with $150 a few years back on DHgate they were selling for $10-15. Point is the download library or even wallet balance doesn't bring in much, but the FIFA card mode (forget its name) has you cashing out larger sums. There's plenty of more eloquently described summarisations of how FIFA makes money all over Google.

I'm pretty sure its to do with the fantasy points and cards being tradeable. So you can nab someone's account, buy a ton of what you want on FIFA and then transfer those points or cards to another account. Essentially piggy backing virtual goods that have a monetary value. At this point you can now charge Joe Bloggs online $40 for the Messi card Sony want $50 for, and he's actually giving you money to your PayPal account. Loading up hundreds of dollars in a PSN wallet is no use to a hacker, they can't cash it out, so need to find a way to get money into their own banks/hands.

From what I have read this is the same issue that has plagued XBL since 2011/early 2012, where Russians IIRC, are social engineering the support teams to take accounts.

This makes more sense now. (Y)
Link to comment
Share on other sites
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.