I think my PSN account was hacked. Sony seems to refuse to help me

So I got an e-mail just about 45 min ago that my password had been changed. A few seconds later, an e-mail the sign-in ID had been changed. I went to log in and see what was what, and could not log in. Further, a “forgot my password” failed as my e-mail isn’t registered. What!?

So I’m worried someone, somehow signed in as me, changed my password and changed my sign-in to another e-mail. My wife at the same time got an e-mail that the PSN charges to our paypal had been cancelled. That’s my PSN Plus account, I assume, being terminated. What? What the hell is going on?

I had her change our PayPal password.

I tried to contact Sony. No phone number. I tried agent chat - need a sign in ID! What the FUCK am I supposed to do? So I’m then told to tweet @AskPlayStation. Sure, I do. This account is replying to stuff every few minutes, but it has so far ignored all four of my tweets and my message.

Any suggestions?

The e-mails contain links that read, “if you aren’t the one that made this change, click the below link to contact customer service” but both links lead to a broken page that claims I lack permissions to view the content. Super stuff, Sony.

Twitter account continues to completely ignore me.

https://www.playstation.com/en-us/network/legal/contact-us/

Thanks triggercut, I could NOT find that information anywhere on their site or through just google searching, for whatever reason. They aren’t open until tomorrow, I guess I’ll call them then. I think we covered the important stuff like paypal and such, so we’ll see what they say tomorrow when I call. I may end up just formatting the PS4 and selling it. This is bullshit.

Allow me to jump in, as this absurd and grotesque situation is strictly the same I was confronted with when Microsoft decided to shut down my Skype account because it had been supposedly hacked.
Same deal: “we can’t help you without the login you can’t use”, e-mail with hoops jumping and dead links to non-working support sites, a supposedly reactive twitter account that just never answered, a robotic Microsoft employee that could not do anything for me [edit: actually false, he managed to remove the CC# tied to my Microsoft account tied to my Skype account by some thaumaturgy] besides giving me a phone number to an automated server where I waited in line for 20 minutes before calling it a quit.
I can’t help with anything constructive (I just sighed and moved on in a now happy Microsoft-free life), but looking a bit under the hood of such big companies is quite a traumatizing experience.

Best of luck with this! Sadly, it’s much easier to steal an account, than it is to get a stolen account back. I went through a similar thing with WoW at one point. I’ve also been through this hoop with MS which took over a month to rectify.

All of these companies need to give any change of account data a cooling off period before it activates. There is no reason that a legitimate user needs to have all their info changed “right now”, and the fact that that isn’t a giant red flag is pretty silly.

Sony has excellent chat service actually, that I’ve used quite a few times. Fast and reliable, at least in the past.

Edit: Seems that was actually SOE, as I can’t find anything remotely like in for PSN / PS4

From what I’ve read this morning, as long as there are no charges made to your PayPal or any credit/debit cards that are outstanding, they should be able to fix it in less than 30 minutes via phone.

If there are charges they have some sort of ridiculous hostage-holding situation where you have to pay for everything the hacker charged before you get your account back. (WTF Sony seriously).

PSN has been around 10 years now, still no two-factor authentication. Why?

Thankfully, there were no charges. The first agent I spoke with refused to help me without the serial number I used to create my account - which would technically be the PS3 I (thankfully) still have. I assume my PS4 s/n would have worked as well, but he wouldn’t accept it. He then asked for the first and last four of a CC I may have used, but I’ve only ever used PayPal. He said he couldn’t help me and abruptly left the chat. No idea.

I tried again, and this guy found my account tied to the S/N I provided and was able to get me moved back over. I created a new password and I should be all shiny now, though I will have to log in at lunch here and make sure.

To be honest, this experience has been so dumb (there were NO checks in place to stop this from happening to begin with, which is beyond alarming - I need to provide serial numbers, e-mail addresses, signin ID’s, and all manner of information and some guy that somehow (!!?!?!!?) knows my login e-mail and password just gets in and in 60 seconds re-assigns my entire account to him?) I may just sell the PS4. I found lots of articles, from Kotaku to just forum posts, where Sony is way behind the times in terms of user security.

The best thing with some of these hacks is that it is the Customer Support who probably got your account hacked in the first place, through social engineering by the culprit.

"hey, I have this and that information and I seem to have lost my email blabla, can you change it to … "

But when you then call them and claim (and are) the actual customer, they follow their script because they do not want to be socially engineered – since you’re just being honest.

Also there’s this:
https://www.leakedsource.com/

Post in your email adress and see all the places it is ‘matched’ and what kind of information leaked:

For example thanks to a few hacks this information is “leaked”

MySpace.com has: 1 result(s) found. This data was hacked on approximately 2013-06-11 00:00:00 email, username, hash, password2, Possible plaintext password, Real_Password2,
Adobe database has: 1 result(s) found. This data was hacked on approximately 2013-10-01 00:00:00
username, hash,
Unknown Emails has: 1 result(s) found. This data was hacked on approximately 0000-00-00 00:00:00
email, Possible plaintext password,
Xsplit Users has: 1 result(s) found. This data was hacked on approximately 2015-06-01 00:00:00
username, hash, Possible plaintext password, firstname, lastname, email, birthday, register_date, last_login,
Anandtech.com has: 1 result(s) found. This data was hacked on approximately 2016-03-15 00:00:00
username, Possible plaintext password, hash, email, register_date, last_login, birthday, ipaddress, salt,
Futuremark Forums has: 1 result(s) found. This data was hacked on approximately 0000-00-00 00:00:00
username, email, ipaddress, Possible plaintext password, hash, salt,
Hardforums Vbulletin Forums has: 1 result(s) found. This data was hacked on approximately 2015-04-27 00:00:00
username, email, ipaddress, Possible plaintext password, hash, salt,

That’s a good question! Right after reading Scott’s post, I logged into my PSN account to activate 2FA, and was surprised the only form of password protection is the archaic question/answer nonsense. Ridiculous.

I’ve been dealing with similar nonsense with my Battle.net account, which was apparently hacked sometime in the last five years (it’s been that long since I played WoW). I was going to buy Overwatch, but now I can’t seem to get into my account at all, which makes me wonder if I really want to drop $60 on Overwatch…

I have had issues like this with Origin and Battlenet before. I switched from asking for recovery to asking for deletion both times. That they do fairly promptly.

But what is funny is the results from that site. Three records. Two are several years old and for services I never had an account on. The third is my WildStar account hacked last year. Well, I certainly wasn’t using it. Who wants WildStar accounts right now anyway?

I found that same information on “haveIbeenpwned” earlier this week (ironically) and saw Wildstar (I don’t remember even playing that - it’s an MMO, correct?) and Nexus Mods and some other old game from like 2012 (also an MMO, go figure, I don’t even usually play those). I couldn’t dig into WHAT information was taken, and some of them are so old I figured I wouldn’t worry about it.

I’ve changed most of my passwords at this point (some stuff that requires two-factor authentication I’ve not worried about) and I guess it all worked out okay. I DO wish I knew where exactly my PSN account information was leaked - it’s a new password I only started using earlier this year, and wouldn’t have been in use on Nexus or especially earlier than that. I wonder if PSN was hacked and no one is (yet?) talking about it.

I’m not so much worried about the account as to the aggregated information about “you” that can be collected, which makes your other accounts more likely to be hacked.

Date of Birth; They know that if you ever been honest.
Last 2-3 places you’ve lived, Sure, a few hacks, and they might have that as well,
Your “IP” address history so they can see some of the places you’ve lived/been.

Etc.

My other email was even worse…

MySpace.com has: 1 result(s) found. This data was hacked on approximately 2013-06-11 00:00:00 What is in this database?
Adobe database has: 1 result(s) found. This data was hacked on approximately 2013-10-01 00:00:00 What is in this database?
Unknown Emails has: 1 result(s) found. This data was hacked on approximately 0000-00-00 00:00:00 What is in this database?
Nexus Mods has: 1 result(s) found. This data was hacked on approximately 0000-00-00 00:00:00 What is in this database?
Gmail Accounts has: 1 result(s) found. This data was hacked on approximately 2014-09-01 00:00:00 What is in this database?
vb_lotro_com has: 1 result(s) found. This data was hacked on approximately 2013-08-01 00:00:00 What is in this database?
Stratfor Leak has: 1 result(s) found. This data was hacked on approximately 2011-12-24 00:00:00 What is in this database?
FFShrine.org has: 1 result(s) found. This data was hacked on approximately 2015-07-04 00:00:00 What is in this database?
Openraid.org Forums has: 1 result(s) found. This data was hacked on approximately 2015-08-09 00:00:00 What is in this database?
Avast.com has: 1 result(s) found. This data was hacked on approximately 2014-05-26 00:00:00 What is in this database?
ExtremeOverclocking.com has: 1 result(s) found. This data was hacked on approximately 2015-12-29 00:00:00 What is in this database?
Futuremark Forums has: 2 result(s) found. This data was hacked on approximately 0000-00-00 00:00:00 What is in this database?
Spellforce.com has: 1 result(s) found. This data was hacked on approximately 2016-03-21 00:00:00 What is in this database?

Wow, I didn’t know Nexus Mods and AVSForum were hacked. I’m really glad I use a password manager now and keep all my passwords unique.

MySpace.com has: 1 result(s) found. This data was hacked on approximately 2013-06-11 00:00:00 What is in this database?
Adobe database has: 1 result(s) found. This data was hacked on approximately 2013-10-01 00:00:00 What is in this database?
Nexus Mods has: 1 result(s) found. This data was hacked on approximately 0000-00-00 00:00:00 What is in this database?
AVSForum.com has: 1 result(s) found. This data was hacked on approximately 2016-01-23 00:00:00 What is in this database?
Android Forums has: 1 result(s) found. This data was hacked on approximately 2013-12-26 00:00:00 What is in this database?

This is all I got on my current email addy:

VerticalScope Network (Vbulletin) (939 Websites) has: 2 result(s) found. This data was hacked on approximately 2016-02-01 00:00:00 What is in this database?
VerticalScope Network (IPB) (46 Websites) has: 1 result(s) found. This data was hacked on approximately 2016-02-01 00:00:00 What is in this database?

Vbulletin eh? Hmmm :)