Note: If you happen to be one of the users unfortunate enough to have been a victim of this latest scam, do yourself a favor and call Sony directly at 1-800-345-7669. Disputing the charges with your bank, credit card issuer, or via PayPal will only result in your account getting banned and the potential loss of all of the legit purchases you have made on that account.
Original Story: It seems as though some ‘hackers’ are up to no good again. Users are waking up in the morning to find an email from Sony notifying them of changes made to their PSN profile, usually accompanied by an email thanking them for their purchase of Zen, a currency used in the recently released Neverwinter. I refer to these basement dwelling degenerates as ‘hackers’, though in reality they are most likely using stolen passwords from the recent LinkedIn hack to access PSN users account information.
The way this ‘hack’ works is similar to the issues FIFA users ran into a few years back. Information that has been gained from another hack is being used to change the email associated with a PSN account, either through the online tool provided by Sony(can’t find the link right now, will add once I rediscover it) or by tricking Sony Support Staff into changing the email through social engineering. Usually the only information you would need to convince Sony Support is the original email and date of birth, both of which would have been included in the LinkedIn hack. Once the ‘hacker’ has an email under their control linked to the account, they use that email to reset the account password, change the primary PS4 linked to the account, purchase as much ‘Zen’ as possible using any payment data attached to the account, and then sabotage the account in an attempt to lock out the original owner.
The sad fact is both Sony and Neverwinter publisher Arc Games are innocent bystanders in this latest issue. Though there are indeed issues with security on PSN, there has not been any breach of security. The ‘hackers’ are simply abusing loop holes in Sony’s policy regarding account recovery and the lack of any competent two factor authentication to make a purchase on PSN. Sony announced that they were adding two factor authentication to PSN back in April this year. Unfortunately the new feature simply isn’t ready for production yet and wasn’t turned on in time to stop these fraudulent charges from occurring. For the record, Microsoft added two factor authentication to Xbox Live accounts in 2013, while Nintendo has not even acknowledged the idea.
To add salt to the already festering wounds are multiple complaints on Reddit, NeoGaf, and the Official Playstation Support Forums from users who have had their accounts banned for disputing these fraudulent charges. Although Sony may not be directly responsible for the security issues PSN users are currently facing, it is clear they still have a very very long way to go towards securing their network so that it is safe for their users. Again, if you are a victim of this latest scam, call Sony directly at 1-800-345-7669. Do not dispute the charges with your bank, credit card issuer, or PayPal.
Sony and Nintendo have an obligation to secure our accounts from fraud and it is not acceptable for them to wait until it becomes a problem before they act. It’s time for Sony to acknowledge their shortcomings in their attempts to secure their network for the safety of their users. If that means swallowing a bit of pride and asking Microsoft for help, so be it. Securing our accounts against potential fraudulent charges should be a priority for all of the major console manufacturers.