XorpiZ Posted December 19, 2013 Share Posted December 19, 2013 Topics merged. Has been going on for weeks. Still no new info or confirmation besides the password resets, from Sony. Sorry, wasn't aware it was part of the on-going issues. I'm really curious as to why Sony hasn't said anything. Imagine if it was Microsoft, Apple or Google that kept quiet like that. The backlash would be insane. Link to comment Share on other sites More sharing options...
+Audioboxer Subscriber² Posted December 19, 2013 Subscriber² Share Posted December 19, 2013 Because it's not a hack of the network, it's individuals accounts being compromised. Most likely from passwords/email addresses obtained elsewhere (same combinations used on forums) or from Sony CS (phishing). Surprised at the topic title to be honest, comparing this to the actual PSN hack is pretty silly. For anyone about to slam me, read this http://www.vg247.com/2013/12/16/ps4-xbox-one-launches-inspire-34000-daily-hacking-attempts-on-consoles-report/ Link to comment Share on other sites More sharing options...
The_Decryptor Veteran Posted December 19, 2013 Veteran Share Posted December 19, 2013 That doesn't explain why my account had it's password reset though. Link to comment Share on other sites More sharing options...
Fourjays Veteran Posted December 19, 2013 Veteran Share Posted December 19, 2013 I've read it's related to Fifa again. Any more info on it other than the resets?If it is the same, I have to wonder what Fifa is doing that makes it possible. Never bought the "social engineering" line that was used to explain it before. Apparantly Sony has been hacked, again.Accounts being compromised doesn't necessarily mean Sony have been hacked. There are many (far easier) ways to gain access to an account that wouldn't involve a network-wide breach. Link to comment Share on other sites More sharing options...
+Audioboxer Subscriber² Posted December 19, 2013 Subscriber² Share Posted December 19, 2013 That doesn't explain why my account had it's password reset though. How long has it remained the same password for? Is your email address used on other sites? Especially gaming ones. Do you play FIFA? Have you ever used the online PlayStation network store? What country do you live in? (European countries are high on that list I linked to). How often do you log into PSN, have large gaps of inactivity? There's some common sense approaches to explain what could be random resetting. Link to comment Share on other sites More sharing options...
Skiver Veteran Posted December 19, 2013 Veteran Share Posted December 19, 2013 Didn't know about this so thanks to all the OP's! Was anyone else a little cautious about clicking the link in the tweet and changing your password? With everything that is going on in todays world it wouldnt suprise me if someone hacked the twitter account and used a bogus link to get peoples passwords! Link to comment Share on other sites More sharing options...
Fourjays Veteran Posted December 19, 2013 Veteran Share Posted December 19, 2013 That doesn't explain why my account had it's password reset though.Precautionary measure. Have heard a lot of reports of this happening across many other sites (Twitter, Facebook, Dreamhost). I think the recent breaches (e.g. Adobe) have forced companies to be a bit more pro-active. Best solution for Sony would be to add two-factor authentication. Link to comment Share on other sites More sharing options...
+Audioboxer Subscriber² Posted December 19, 2013 Subscriber² Share Posted December 19, 2013 If it is the same, I have to wonder what Fifa is doing that makes it possible. Never bought the "social engineering" line that was used to explain it before. Accounts being compromised doesn't necessarily mean Sony have been hacked. There are many (far easier) ways to gain access to an account that wouldn't involve a network-wide breach. FIFA is one of the only ways to convert an account into real money by selling it, and alongside COD just happens to be one of the most popular games. This is also why you see a lot of European accounts compromised due to FIFA being popular here. If COD had an incentive for making real money it would be used instead of FIFA.When the Chinese were selling PSN accounts loaded with $150 a few years back on DHgate they were selling for $10-15. Point is the download library or even wallet balance doesn't bring in much, but the FIFA card mode (forget its name) has you cashing out larger sums. There's plenty of more eloquently described summarisations of how FIFA makes money all over Google. I'm pretty sure its to do with the fantasy points and cards being tradeable. So you can nab someone's account, buy a ton of what you want on FIFA and then transfer those points or cards to another account. Essentially piggy backing virtual goods that have a monetary value. At this point you can now charge Joe Bloggs online $40 for the Messi card Sony want $50 for, and he's actually giving you money to your PayPal account. Loading up hundreds of dollars in a PSN wallet is no use to a hacker, they can't cash it out, so need to find a way to get money into their own banks/hands. Fourjays 1 Share Link to comment Share on other sites More sharing options...
The_Decryptor Veteran Posted December 19, 2013 Veteran Share Posted December 19, 2013 For like 3 weeks (Created an account not long before I got my PS4), I do use my email on other sites (being my only email account), never played FIFA, never used the PS store, Australia and every few days so far. Randomly resetting the password for no reason is just going to make people use easy passwords to reuse them, it doesn't make it any more secure. Link to comment Share on other sites More sharing options...
XorpiZ Posted December 19, 2013 Share Posted December 19, 2013 For like 3 weeks (Created an account not long before I got my PS4), I do use my email on other sites (being my only email account), never played FIFA, never used the PS store, Australia and every few days so far. Randomly resetting the password for no reason is just going to make people use easy passwords to reuse them, it doesn't make it any more secure. Sony obviously isn't telling the whole story. Companies don't just go around randomly resetting peoples passwords for no particular reason. Thief000 and BajiRav 2 Share Link to comment Share on other sites More sharing options...
+Audioboxer Subscriber² Posted December 19, 2013 Subscriber² Share Posted December 19, 2013 For like 3 weeks (Created an account not long before I got my PS4), I do use my email on other sites (being my only email account), never played FIFA, never used the PS store, Australia and every few days so far. Randomly resetting the password for no reason is just going to make people use easy passwords to reuse them, it doesn't make it any more secure. How easy was your password to guess? Changing the password is good in the sense that if its a password someone uses everywhere (seriously stupid) they will be forced to use something else. The issue of people choosing to use/change to an easy password lies on the onus of the user. Sony can't be held to blame if you set your password as dog.If a trend cannot be found then it simply may be random resetting flags triggered in the database. If you want to read into it any more that is your choice but there is no compelling or factual evidence to suggest any sort of network hack at this point. The most obvious choice for me was targeting people who had not changed their password in months/years but that trend is nuked if you're this new. Link to comment Share on other sites More sharing options...
DrunknMunky Veteran Posted December 19, 2013 Veteran Share Posted December 19, 2013 From what I have read this is the same issue that has plagued XBL since 2011/early 2012, where Russians IIRC, are social engineering the support teams to take accounts. They bought XBL points, sold them online with instruction to spend the points ASAP because "Microsoft would remove them" (with no explanation as to why). The other common trend was to redeem Fifa UT points onto the accounts, which is why so many people found Fifa in their recent play history despite not owning/playing it. Both EA and MS refused to take any blame for it and the matter was never explained. I remember helping Xbox Support with the websites selling the accounts at the time, but it's been so long now I don't remember the names of them. Was definitely Russian or Far East EU countries though. http://www.eurogamer.net/articles/2011-11-10-fifa-ultimate-team-xbl-account-hijacks-were-not-a-hack http://www.eurogamer.net/articles/2011-10-14-xbl-accounts-hacked-to-buy-fifa-packs If Fifa is appearing on people's accounts it's history repeating itself. Fourjays 1 Share Link to comment Share on other sites More sharing options...
sbauer Posted December 19, 2013 Share Posted December 19, 2013 For like 3 weeks (Created an account not long before I got my PS4), I do use my email on other sites (being my only email account), never played FIFA, never used the PS store, Australia and every few days so far. Randomly resetting the password for no reason is just going to make people use easy passwords to reuse them, it doesn't make it any more secure. Run your email address through this tool. Does it show anything? https://shouldichangemypassword.com/ Link to comment Share on other sites More sharing options...
The_Decryptor Veteran Posted December 20, 2013 Veteran Share Posted December 20, 2013 How easy was your password to guess? Changing the password is good in the sense that if its a password someone uses everywhere (seriously stupid) they will be forced to use something else. The issue of people choosing to use/change to an easy password lies on the onus of the user. Sony can't be held to blame if you set your password as dog. If a trend cannot be found then it simply may be random resetting flags triggered in the database. If you want to read into it any more that is your choice but there is no compelling or factual evidence to suggest any sort of network hack at this point. The most obvious choice for me was targeting people who had not changed their password in months/years but that trend is nuked if you're this new. It was 20+ characters, mixed case, with numbers and punctuation, used just for the PSN (So no re-use as I said). Run your email address through this tool. Does it show anything? https://shouldichangemypassword.com/ Nope, no service I've used has been hit, and even then I don't reuse passwords across sites. Link to comment Share on other sites More sharing options...
Fourjays Veteran Posted December 20, 2013 Veteran Share Posted December 20, 2013 FIFA is one of the only ways to convert an account into real money by selling it, and alongside COD just happens to be one of the most popular games. This is also why you see a lot of European accounts compromised due to FIFA being popular here. If COD had an incentive for making real money it would be used instead of FIFA. When the Chinese were selling PSN accounts loaded with $150 a few years back on DHgate they were selling for $10-15. Point is the download library or even wallet balance doesn't bring in much, but the FIFA card mode (forget its name) has you cashing out larger sums. There's plenty of more eloquently described summarisations of how FIFA makes money all over Google. I'm pretty sure its to do with the fantasy points and cards being tradeable. So you can nab someone's account, buy a ton of what you want on FIFA and then transfer those points or cards to another account. Essentially piggy backing virtual goods that have a monetary value. At this point you can now charge Joe Bloggs online $40 for the Messi card Sony want $50 for, and he's actually giving you money to your PayPal account. Loading up hundreds of dollars in a PSN wallet is no use to a hacker, they can't cash it out, so need to find a way to get money into their own banks/hands. From what I have read this is the same issue that has plagued XBL since 2011/early 2012, where Russians IIRC, are social engineering the support teams to take accounts.This makes more sense now. (Y) Link to comment Share on other sites More sharing options...
Recommended Posts