If Someone Hacks Your PSN Account, You're Kinda Screwed

If Someone Hacks Your PSN Account, You're Kinda Screwed

Over the past few years, Sony's PlayStation Network has proven itself to be totally resilient and definitely not susceptible to any sort of major hack. So of course, it's perfectly reasonable that they still don't have two-step verification.

For the past day or so, the web has been exploding over this Reddit post by user kadjar that talks about PSN customer service. In short: kadjar says his account was hacked and used to make some $US600 worth of fraudulent purchases, but when he took the issue to Sony, they said they could only give him back a maximum of $US150 in PSN credit. (That's the max you can hold in a PSN wallet at one time.)

Normally, this wouldn't be a problem — it's credit card fraud, so he could just take it up with his credit card company — except if you try to file a chargeback on a PSN purchase, you'll probably get banned, as kadjar pointed out. Getting banned on PS4 means losing many of your game licenses — the ones you paid for — as well as trophies, friends lists, and everything else you use every day on your PlayStation.

Exacerbating this whole issue is the fact that PSN users can only deactivate their PlayStation accounts once every six months — so if a hacker gets access to your password, deactivates your PSN account from your PS4, and activates it on their own PlayStation, you'll have to wait a very long time to get it back.

Presumably Sony has these policies in place to prevent fraud — we've reached out to Sony for comment, but haven't heard back yet — and although we don't know if this Redditor was actually hacked, others have chimed in to air similar gripes. Ultimately, it seems like Sony doesn't have very effective ways to deal with people making fraudulent purchase claims.

But that's all beside the point. The bigger, more fundamental problem here is that the PlayStation Network doesn't have two-step verification — a security method that lets you use an email address or phone as an extra form of protection from account theft — which in 2015 is just unacceptable. Xbox Live has it. Steam has it. Why is PSN so far behind?

Picture: Donald Traill/AP


    Man that doesn't sound good! I have multiple accounts on my PS3 for different regions with a bunch of games i purchased on sale, i'd hate to have to rebuy them if someone hacked them!

    (Thankfully i created fake email addresses for each, don't tell anyone! lol)

      Good luck recovering your password if you ever lose it then.
      I created a US accout for my PSP back in 2010 and i can't ue it on my VITA because the email adress and credit card number were fake. Now trying to hack into my own account...

      i got hacked today i had 500 psn money i was goin to get games

    What's even worse is that a heap of banks don't even have two step verification. My Gmail is protected better than my money :(

      Not sure if Westpac has changed this but their online banking passwords are 6 characters max.


        Is commonwealth the only one up to the times these days? Nfc native phone payments, instant online banking with the power to update everything through it, two step authentication...

        Dealing with nab is still like pulling teeth, everything is on paper and has to be sent between detached departments. Handling fraud took a bloody age despite it taking them two seconds to kill my card and two days to tell me they had.

          Westpac is pretty behind the times. But we have an awesome deal on our home loan and the offset account against it is worthwhile. But NFC please......

            I have an nfc sticker on the back of my "dumb" watch which is linked to an account. When my time steel arrives it will be wearing it.

            Your move, apple.

          "Is commonwealth the only one up to the times these days? Nfc native phone payments, instant online banking with the power to update everything through it, two step authentication..."
          non-case sensitive passwords when logging in to netbank

          I have most of that with Bank of Queensland. Just a shame they cannot put out a god damn phone app. So I have to use their mobile site like some pleb.

        Fun tip if you know someone's Westpac customer ID. Type it in, then enter an incorrect password a couple of times. Presto, the victim is now locked out of their account. If you really want to be a douche bag just enter random numbers into the customer ID field and lock out strangers for no reason.
        Best of all, they won't be able to use the same password when they manage to reactivate their account. So they can go through all the fun of trying to remember their new password and accidentally locking themselves out when they get it wrong three times.
        It's a crazy mix of weak security and absolute overkill.

        [Edit; I don't recommend actually doing that, aside from being a stupid thing to do to someone it's a terrible idea to mess with banks. Eventually you're going to need them for something. I just find it puzzling that you're able to do that.]

        Last edited 13/03/15 5:38 pm

    If Sony know that accounts get banned if customers do chargebacks then why don't they change that fucking policy? This would be an automated thing that can easily be changed. But then again this is the same company that doesn't even allow you to change your username.

    Also why would anybody keep their CC details on a Sony platform after the million times they've been hacked?

    I haven't trusted Sony with my credit card information ever since that initial hack years ago.

    I use prepaid cards or paypal now.

    Last edited 13/03/15 11:26 am

    If you've got content that you've paid for on your PSN account and it gets banned/deactivated in these circumstances, then surely you'd have a case with consumer affairs or whatever they're called to force Sony to reactivate your account?

      The Terms of Service for this sort of thing generally indicate that you don't actually own any of the content, and the licenses to use it can be revoked:

      Except as stated in this Agreement, all content and software provided through SEN First Party Services are licensed non-exclusively and revocably to you, your children and children for whom you are a legal guardian (collectively for purposes of this section, "You" or "Your"), solely for Your personal, private, non-transferable, non-commercial, limited use on a limited number of Authorized Devices in the country in which your account is registered.


        Which means exactly nothing in most western countries. Contract law usually goes any clause that negates a state granted right (ie redress against being screwed by a corporation) is considered null and void along with any clause that references it. Consumer protection laws exist, people have been brainwashed into thinking they have no rights.

          I'm not talking about them just taking away the licenses for no reason, but rather for violating the terms of service. You're given access to the service under certain conditions, and if you don't abide, your access (along with any related content) is revoked.

          These sorts of clauses could just be for worst case scenarios though, so in 100 years your grandchildren can't sue Sony because they can't play The Last of Us any more.

            The terms of service are the contract - in the event of a conflict between what the terms of service say and what consumer law says, the consumer law generally wins out.

            Under consumer law, it's perfectly legal for you to get your credit card company to reverse unuathorized charges on your credit card. Just because Sony's TOS says they can suspend your account if that happens, that doesn't necessarily mean they're actually legally allowed to suspend your account.

          Consumer protection laws exist, people have been brainwashed into thinking they have no rights.

          Brainwash is a bit of a harsh word, but it is interesting how public perception got warped. It's very creepy that it happened without any sort of conspiracy or even effort. They all just independently insisted their agreements were able to completely circumvent any and all laws and eventually people just accepted that that must be how it works.
          I guess there aren't really many situations where people are forced to think about it. Most of us don't get unfairly banned from services or screwed on warranties often enough to think 'oh, they can't just decide there's no warranty and smooth it over with an agreement I was forced to sign'. It's only when Sony support staff give you account to someone who sounded sincere over the phone, who later gets it banned, that you stop and think 'wait, why are they allowed to screw me out of a decades worth of PSN purchases?'.

          If you're playstation isn't connected to the internet and all your games are sitting on your harddrive what's stopping you from accessing them?

    Back in April 2011 they had a major hack with over 70 million customer details stolen or something... they kept it secret for over a week if I recall...I wouldn't give my Credit card details to Sony..No way.

    This is the hidden cost of the PSN being free for so long. Last generation Microsoft had almost unlimited money to sink into improving their services. XBOX Live alone brought in mountains of cash to go back into Microsoft account development. Meanwhile if Sony wanted to overhaul security that money has to actually come from somewhere. Where Sony responded to problems Microsoft just had people working on it all the time which cut off a lot of problems before they could form.
    It'll be interesting to see how this generation plays out with the PS4 in a lead role it has a solid hold on competing against Microsoft's access to a much larger network than any console manufacturer can justify. I mean Azure provides something Sony literally can't compete with. Sony are under a lot of pressure to keep the PSN going feature for feature with XBOX Live, which really takes away from the amount of money they can spend on improving the security side of the service.
    I almost feel like Microsoft should go out and strike a very generous deal with Nintendo and Sony to open up what they've got to the other consoles a little.

    You're surprised the company that last year forgot to renew it's domain registration for sony online entertainment, dropping all of it's PC based online games off the internet for days, has shit customer service?

    Polly doesn't like this cracker. I am a new convert to Playstation after the whole always online, only digital purchase, no sharing thing Microsoft tried to pull + not having the Last Of Us. Should I be worried?

    What can I do to prevent bad things happening to me? Come on Shuhe Yoshida or whoever is in charge. Fix your security!

      You're a train late, things have changed almost 180.
      Right now Microsoft is working their ass off to make people forget this shit and Sony just does nothing at all, not even releasing games.
      At this point i am considering getting on board with microsoft, because they seem to reallly work on their stuff while sont basically thought they had won after the E3 fiasco and now seem to completely ignore their customers.

    Not to laugh at others misfortune, but this reminds me of the time my brother logged back into his XBL account to find his name had been changed from something like 'Ecto-1' (Ghostbusters) to 'tweekybard15274'. (Can't remember the exact thing).

    As funny as that particular incident was, it sucks that shit like this happens though, regardless of which platform it happens on. And I think that's the key point.

    Last edited 13/03/15 1:04 pm

Join the discussion!

Trending Stories Right Now