Jump to content



Photo

Sony falls victim to (yet another) hack


  • Please log in to reply
39 replies to this topic

#31 Skiver

Skiver

    Neowinian Senior

  • Tech Issues Solved: 2
  • Joined: 10-October 05
  • Location: UK, Reading

Posted 19 December 2013 - 10:57

Didn't know about this so thanks to all the OP's!

 

Was anyone else a little cautious about clicking the link in the tweet and changing your password? With everything that is going on in todays world it wouldnt suprise me if someone hacked the twitter account and used a bogus link to get peoples passwords!




#32 vetFourjays

Fourjays

    Neowinian Senior

  • Joined: 09-September 05
  • Location: Staffordshire, UK

Posted 19 December 2013 - 10:58

That doesn't explain why my account had it's password reset though.

Precautionary measure. Have heard a lot of reports of this happening across many other sites (Twitter, Facebook, Dreamhost). I think the recent breaches (e.g. Adobe) have forced companies to be a bit more pro-active.

Best solution for Sony would be to add two-factor authentication.

#33 Audioboxer

Audioboxer

    Hermit Arcana

  • Joined: 01-December 03
  • Location: UK, Scotland

Posted 19 December 2013 - 10:59

If it is the same, I have to wonder what Fifa is doing that makes it possible. Never bought the "social engineering" line that was used to explain it before.

Accounts being compromised doesn't necessarily mean Sony have been hacked. There are many (far easier) ways to gain access to an account that wouldn't involve a network-wide breach.

FIFA is one of the only ways to convert an account into real money by selling it, and alongside COD just happens to be one of the most popular games. This is also why you see a lot of European accounts compromised due to FIFA being popular here. If COD had an incentive for making real money it would be used instead of FIFA.

When the Chinese were selling PSN accounts loaded with $150 a few years back on DHgate they were selling for $10-15. Point is the download library or even wallet balance doesn't bring in much, but the FIFA card mode (forget its name) has you cashing out larger sums. There's plenty of more eloquently described summarisations of how FIFA makes money all over Google.

I'm pretty sure its to do with the fantasy points and cards being tradeable. So you can nab someone's account, buy a ton of what you want on FIFA and then transfer those points or cards to another account. Essentially piggy backing virtual goods that have a monetary value. At this point you can now charge Joe Bloggs online $40 for the Messi card Sony want $50 for, and he's actually giving you money to your PayPal account. Loading up hundreds of dollars in a PSN wallet is no use to a hacker, they can't cash it out, so need to find a way to get money into their own banks/hands.

#34 The_Decryptor

The_Decryptor

    STEAL THE DECLARATION OF INDEPENDENCE

  • Tech Issues Solved: 3
  • Joined: 28-September 02
  • Location: Sol System
  • OS: iSymbian 9.2 SP24.8 Mars Bar

Posted 19 December 2013 - 12:05

For like 3 weeks (Created an account not long before I got my PS4), I do use my email on other sites (being my only email account), never played FIFA, never used the PS store, Australia and every few days so far.

 

Randomly resetting the password for no reason is just going to make people use easy passwords to reuse them, it doesn't make it any more secure.



#35 XorpiZ

XorpiZ

    Neowinian

  • Tech Issues Solved: 1
  • Joined: 13-July 12

Posted 19 December 2013 - 12:46

For like 3 weeks (Created an account not long before I got my PS4), I do use my email on other sites (being my only email account), never played FIFA, never used the PS store, Australia and every few days so far.

 

Randomly resetting the password for no reason is just going to make people use easy passwords to reuse them, it doesn't make it any more secure.

 

Sony obviously isn't telling the whole story. Companies don't just go around randomly resetting peoples passwords for no particular reason.



#36 Audioboxer

Audioboxer

    Hermit Arcana

  • Joined: 01-December 03
  • Location: UK, Scotland

Posted 19 December 2013 - 13:16

For like 3 weeks (Created an account not long before I got my PS4), I do use my email on other sites (being my only email account), never played FIFA, never used the PS store, Australia and every few days so far.

Randomly resetting the password for no reason is just going to make people use easy passwords to reuse them, it doesn't make it any more secure.

How easy was your password to guess? Changing the password is good in the sense that if its a password someone uses everywhere (seriously stupid) they will be forced to use something else. The issue of people choosing to use/change to an easy password lies on the onus of the user. Sony can't be held to blame if you set your password as dog.

If a trend cannot be found then it simply may be random resetting flags triggered in the database. If you want to read into it any more that is your choice but there is no compelling or factual evidence to suggest any sort of network hack at this point. The most obvious choice for me was targeting people who had not changed their password in months/years but that trend is nuked if you're this new.

#37 Andrew G.

Andrew G.

    #MalcolmYoungStayStrong

  • Tech Issues Solved: 7
  • Joined: 14-September 03

Posted 19 December 2013 - 13:31

From what I have read this is the same issue that has plagued XBL since 2011/early 2012, where Russians IIRC, are social engineering the support teams to take accounts. They bought XBL points, sold them online with instruction to spend the points ASAP because "Microsoft would remove them" (with no explanation as to why). The other common trend was to redeem Fifa UT points onto the accounts, which is why so many people found Fifa in their recent play history despite not owning/playing it. Both EA and MS refused to take any blame for it and the matter was never explained.

 

I remember helping Xbox Support with the websites selling the accounts at the time, but it's been so long now I don't remember the names of them. Was definitely Russian or Far East EU countries though.

 

http://www.eurogamer...were-not-a-hack

http://www.eurogamer...-buy-fifa-packs

 

If Fifa is appearing on people's accounts it's history repeating itself.



#38 sbauer

sbauer

    Neowinian

  • Tech Issues Solved: 2
  • Joined: 05-September 03
  • Location: Baltimore, MD
  • OS: Windows 7 / OSX
  • Phone: iPhone 5

Posted 19 December 2013 - 17:30

For like 3 weeks (Created an account not long before I got my PS4), I do use my email on other sites (being my only email account), never played FIFA, never used the PS store, Australia and every few days so far.

 

Randomly resetting the password for no reason is just going to make people use easy passwords to reuse them, it doesn't make it any more secure.

Run your email address through this tool. Does it show anything?

 

https://shouldichangemypassword.com/



#39 The_Decryptor

The_Decryptor

    STEAL THE DECLARATION OF INDEPENDENCE

  • Tech Issues Solved: 3
  • Joined: 28-September 02
  • Location: Sol System
  • OS: iSymbian 9.2 SP24.8 Mars Bar

Posted 20 December 2013 - 01:30

How easy was your password to guess? Changing the password is good in the sense that if its a password someone uses everywhere (seriously stupid) they will be forced to use something else. The issue of people choosing to use/change to an easy password lies on the onus of the user. Sony can't be held to blame if you set your password as dog.

If a trend cannot be found then it simply may be random resetting flags triggered in the database. If you want to read into it any more that is your choice but there is no compelling or factual evidence to suggest any sort of network hack at this point. The most obvious choice for me was targeting people who had not changed their password in months/years but that trend is nuked if you're this new.

 
It was 20+ characters, mixed case, with numbers and punctuation, used just for the PSN (So no re-use as I said).
 

Run your email address through this tool. Does it show anything?
 
https://shouldichangemypassword.com/

 
Nope, no service I've used has been hit, and even then I don't reuse passwords across sites.

#40 vetFourjays

Fourjays

    Neowinian Senior

  • Joined: 09-September 05
  • Location: Staffordshire, UK

Posted 20 December 2013 - 10:15

FIFA is one of the only ways to convert an account into real money by selling it, and alongside COD just happens to be one of the most popular games. This is also why you see a lot of European accounts compromised due to FIFA being popular here. If COD had an incentive for making real money it would be used instead of FIFA.

When the Chinese were selling PSN accounts loaded with $150 a few years back on DHgate they were selling for $10-15. Point is the download library or even wallet balance doesn't bring in much, but the FIFA card mode (forget its name) has you cashing out larger sums. There's plenty of more eloquently described summarisations of how FIFA makes money all over Google.

I'm pretty sure its to do with the fantasy points and cards being tradeable. So you can nab someone's account, buy a ton of what you want on FIFA and then transfer those points or cards to another account. Essentially piggy backing virtual goods that have a monetary value. At this point you can now charge Joe Bloggs online $40 for the Messi card Sony want $50 for, and he's actually giving you money to your PayPal account. Loading up hundreds of dollars in a PSN wallet is no use to a hacker, they can't cash it out, so need to find a way to get money into their own banks/hands.

From what I have read this is the same issue that has plagued XBL since 2011/early 2012, where Russians IIRC, are social engineering the support teams to take accounts.

This makes more sense now. (Y)



Click here to login or here to register to remove this ad, it's free!