Slashdot Mirror

← Back to Stories (view on slashdot.org)

'Why I Bid $700 For a Stolen PSN Account' (vice.com)

Posted by BeauHD on from the stories-with-happy-endings dept.

Patrick Klepek tells the story of a PlayStation Network user who had their 13-year-old account stolen via what appears to be a social engineering scheme against Sony. Klepek managed to track it down and start negotiating for its release. An anonymous Slashdot reader shares an excerpt from the report: 1,200. That's how much someone is asking for a PlayStation Network account I've been investigating for the past few weeks. "Secure," the person calls it, claiming the account will "never be touched" by the original owner again. "He won't be getting it back," they claim. More than a thousand dollars? That's a little rich for my blood, and so I counteroffer: $700. "Btc?" they respond, accepting my bid. (BTC refers to bitcoin. The majority of transactions like this take place using cryptocurrency; it's generally harder, but not impossible, to trace.) I didn't purchase the account, of course. But I could -- anyone could, if they only knew where to look. This account wasn't on a shady market because someone was clumsy with their digital security. They had a strong password and two-factor authentication. When they were notified about problems with their account, they called Sony and asked for help. Despite all this, despite proving their identity over and over, they lost access to their PSN account, including any trophies earned or any games purchased. It was gone...well, sort of. The original owner no longer had access, but this person -- the individual asking for $1,200 but who quickly and without hesitation dropped to $700 -- did.
[...]
More than likely, Sony itself is a victim of a clever social engineering scheme, in which a user, or series of users, repeatedly spammed their representatives, until it found someone willing to accept the limited information they did have, and calculated the system would eventually lock the account in their favor. Even a "failed" social engineering attempt can be a success, if the person calling comes away with new information about the account. Every company in the world can fall victim to social engineering, as there are no true fail safes. But Sony's setup seems especially ripe for it. Why didn't the system get flagged as "sensitive" sooner? Why can a user flip off two-factor authentication over the phone? How can an account get abandoned, when it's still active? There are ways Sony could have prevented this from happening. In the end, the original account owner was magically handed the account. "Sony promised that they were going to set it up so no reps could make any changes," the account owner said, "but they are still investigating how this happened."

102 comments

  1. savedyouaclick: The guy didn't actually bid $700 by Anonymous Coward · · Score: 1

    Dear article OP, the scammer wasn't accepting your bid... he was asking if you're a moron. (He was looking for idiots to pay him in untraceable currency.)
    I'm guessing the scammer "sold" the account a few dozen times.

  2. $1200 by Anonymous Coward · · Score: 0

    They were hoping for an RTX 2080 Ti card but settled for less?

  3. Sony's security is not such good by sentiblue · · Score: 4, Insightful

    Don't you have to make credit card payments to PSN? And by having credit card statement, can't they just use your credit card number to confirm who owns the account? The fact that the hacker guarantees the original owner cannot get it back leads me to believe that Sony hasn't done a good enough job.

    1. Re:Sony's security is not such good by Anonymous Coward · · Score: 0

      It's likely people selling stolen accounts will say anything to get the BTC because what are you going to do when it goes wrong? All the hijacked accounts I've seen for sale on DNMs come with amazing guarantees whether it's Netflix or Paypal accounts with credit, that can't possibly true. They also sell RDP access, various odd card/id checking tools with text file guide bundles that give me BBS nostalgia and sometimes crystal meth. I think we can be sure that the hacker/sales person is frankly just lying.

    2. Re:Sony's security is not such good by Darinbob · · Score: 1

      You shouldn't even need such an account. Buy your games somewhere other than the account and then you always have them. If you lose the account that keeps track of meaningless trophies, it's no big deal as you make a new one. If Sony is tying all your gaming to an account, then boycott them.

    3. Re:Sony's security is not such good by Calydor · · Score: 2

      Except the trophies, achievements or whatever you choose to call it aren't meaningless to the individual player. In many cases there may be a quick association to the moment of getting especially the rarer and harder achievements, which is no different than looking through a photo album. Would you call photo albums meaningless? To the person involved with the photos, I mean, not the world at large.

      --
      -=This sig has nothing to do with my comment. Move along now=-
    4. Re:Sony's security is not such good by TheLongshot · · Score: 5, Interesting

      You don't if you buy gift cards. In fact, after the last hack, I didn't trust Sony with my credit card info, so all of my payments I made on PSN were through cards.

    5. Re:Sony's security is not such good by Anonymous Coward · · Score: 0

      No, not necessarily. Like Comcast, in my country of origin, there
      are PSN stores sprinkled about with payment kiosks that accept
      cash (there's a bitcoin slot but I always pay in US greenbacks).
      So unless you save those payment receipts, you have little chance.

      CAP === 'smudge'

    6. Re:Sony's security is not such good by TuringTest · · Score: 1

      Don't worry too much. Unlike your old photos, the internet's got a copy of the trophies that you can check anytime.

      --
      Singularity: a belief in the "God" idea with the "demiurge" relation inverted.
    7. Re:Sony's security is not such good by Anonymous Coward · · Score: 0

      feckin-A game-gaffot ... can you hear the childish drool you type?

    8. Re:Sony's security is not such good by AmiMoJo · · Score: 2

      Some games aren't available as physical copies. You have to buy them through PSN.

      Boycotting Sony isn't much of an option. Aside from PS4 exclusives, the XBOX is the same and while Nintendo seems to be slightly better with the Switch it doesn't get a lot of the games that the other two do.

      This is an area that needs some regulation. As people move to buying software online (and it is buying, even if they try to claim it's licencing) they should have the same rights as they have when buying physical software. If the service dies or loses their account details they need some rights to get back what they lost or compensation.

      In fact it should go further for physical purchases too. Loss of functionality must be compensated, e.g. turning off online play servers after only a couple of years.

      And something needs to be done about banning consoles and accounts permanently.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    9. Re:Sony's security is not such good by h33t+l4x0r · · Score: 3, Funny

      Boycott Sony? You might as well ask gamers to boycott oxygen.

    10. Re:Sony's security is not such good by Cmdln+Daco · · Score: 1

      Not really, it doesn't need 'regulation.'

      The physical copy has real value, and always should have value above 'online purchased' copies.

      If the game vendor wants the online copy to retain value better, that's their responsibility and they need to figure out what to do to keep the value up. It's not our responsibly as taxpayers to subsidize the 'value' of online purchases.

    11. Re: Sony's security is not such good by e3m4n · · Score: 1

      Games purchased thru their store, DLC, and other add-ons are account based. Your annual subscription for PSN is also tied. It could be financially a mess if you have spent a lot of money on non tangible products and unlock codes.

      I am not a fan of owning a game without a corresponding disk. Some games like fortnite and battlefront also do the whole âbuy goldâ(TM) model to alter appearances or unlock weapons.

      I could see how this could be a disaster if your identity got stolen. Posession is 9/10ths of the law, so they say. Not much proof without something tangible to back up.

    12. Re:Sony's security is not such good by Anonymous Coward · · Score: 0

      I'd hope not for the simple reason cards get stolen and people will claim their accounts were hacked/stolen too. The scam goes something like this

      1) Sell account
      2) Wait for payment
      3) "transfer" (which is usually nothing more then giving login/password)
      4) Report account hacked /stolen ..
      5) Profit after account gets restored

      Happens quite often with in game items (tl;dr your kids buy what are called lootboxes or lootcrates for in game items like skins, weapons, character actions, etc.. Different games have different semantics but the gist is the same). If you ever hear them talk about CS:GO skins or Fortnite / PUBG -- have a nice little chat with them about gambling.

    13. Re:Sony's security is not such good by Anonymous Coward · · Score: 0

      Don't you have to make credit card payments to PSN? And by having credit card statement, can't they just use your credit card number to confirm who owns the account? The fact that the hacker guarantees the original owner cannot get it back leads me to believe that Sony hasn't done a good enough job.

      That would be even more dangerous. Now you are giving your credit card info to a corporation that could (easily) leak your info to the world. Besides, credit card number should not be verified/seen by the person on the phone at Sony. Do you trust a stranger on the other line of the phone to not copying down your credit card info?

    14. Re:Sony's security is not such good by Anonymous Coward · · Score: 1

      My credit card company lets me generate one-off card numbers (aka "shop safe"). I use those for merchants about whom I question their security chops.

    15. Re:Sony's security is not such good by Ihlosi · · Score: 1
      Don't you have to make credit card payments to PSN?

      You can, but you don't have to. There are other ways.

    16. Re:Sony's security is not such good by Anonymous Coward · · Score: 0

      Either is an option. I don't buy games, and don't pirate either. So I limit myself to free games. Some open-source games are good, some browser games are nice. No need to pay for games (or any other software) these days. Boycott those who wants your money.

    17. Re:Sony's security is not such good by apoc.famine · · Score: 2

      Boycotting Sony isn't much of an option.

      Why not? I've been doing it for a decade or more now. Seems to be working fine for me.

      --
      Velociraptor = Distiraptor / Timeraptor
    18. Re:Sony's security is not such good by epine · · Score: 3, Insightful

      Boycotting Sony isn't much of an option.

      Sure, you can boycott Sony. But to make this effective in reducing your exposure, it probably involves boycotting most of the gaming industry, as a whole.

      If you're a gamer, you've probably heard a term for this: collateral damage. Welcome to Collateral Damage. Please enjoy your stay. Amenities available: the great outdoors, and old school shit like that.

      I was an avid game in the 1990s and I purchased a system to be able to run Microsoft software to be able to run a favourite game.

      Worst decision I ever made. It should have been a Linux or BSD box. End of story. And all those hours should have been invested in mastering bash (or zsh) instead of mastering spin, strafe, jump, grapple in a single motion.

      What A Beautiful Mind failed to explain about John Nash: it's never just a single containing matrix.

      For every matrix you solve, another enclosing matrix springs into being. You solve one matrix about being shit on by a single software vendor, another matrix springs into being about being shit on by an entire software segment.

      As WOPR once said, sometimes the only winning move is to not play.

      Sure, you care about your virtual trophies, and the immense skill you cultivated in achieving those. But you didn't have to choose to go down that path in the first place. Many other paths would have offered comparable thrills, and some of those were probably far more on your own terms. But now you have sunk cost because you did go down that path, and your next move is dominated (in the game theoretic sense) because you are 100% committed to accepting a local frame stacked against your desires.

      Jordan Peterson says start by cleaning up your own bedroom.

      The sooner you jettison local frames stacked against your own interests, the sooner your life will track a better slope.

      I got involved as a sports fan for a while. It was a great Petri dish to explore human cognition. But then my favourite resource disappeared behind a paywall. Sure, I could pay. But now the discussion is limited to include only those people who choose to pay. The group structure is now inherently different. It's no longer such a great Petri dish for me to explore human cognition (having become far more captive and insular). I have no hard feelings about this.

      But I decided to blow my cherished franchise off, rather than follow it into the paywall penumbra. Is this a stable penumbra, or just an incubating umbra waiting to swallow me whole? Why should I risk an eventuality of that nature, entirely outside of my own control. Lesson learned, way back in the 1990s.

      Soon enough, of course, I found other rewarding activities which now occupy those energies. And I'm certainly not the worse off for it. There was a three month period where I felt a bit mopey, because I missed the familiar context for injecting ludicrous things with a long inside-baseball group context. That can't be replaced overnight.

      There are many box-control business models out there. I'm now loyal to none of these, and I never will be again.

      If only I had a time machine, that's one message I would surely send to my younger self making foolish choices back in the 1990s.

      Dear younger self:

      I know you get a completely unreasonable joy from the simultaneous spin, strafe, jump, grapple frag, but trust me, it's a trap. I know you think shell script was designed by a colony of drunken monkeys, but trust me, it's NOT a trap. All you do in the shell is construct strings, fork/exec, and test exit codes to control program flow. Yes, some of the quoting rules in complex commands are Unix's version of Microsoft's DLL hell. Get over it. You'll thank me later.

      With chagrin,
      your pathetic older self

      [*] P.S. every quotation mark should be two instances of a 32-character random nonce, never to be ever used again. That's how you make nested quoting work without exponential escape growth. You'l

    19. Re:Sony's security is not such good by drinkypoo · · Score: 1

      You don't if you buy gift cards. In fact, after the last hack, I didn't trust Sony with my credit card info, so all of my payments I made on PSN were through cards.

      Well, you got halfway there. You were supposed to just not trust Sony, full stop. That's the only sane response to their ongoing indifference towards security on PSN.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    20. Re:Sony's security is not such good by drinkypoo · · Score: 1

      Boycott Sony? You might as well ask gamers to boycott oxygen.

      Sony is scum and has always been scum. If you love games, you have to hate Sony. If you love Sony, then you hate other gamers.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    21. Re:Sony's security is not such good by AmiMoJo · · Score: 1

      I mean boycotting Sony isn't much of an option if you like to play video games.

      The only other options are Microsoft who are just as bad, or Nintendo who don't have a lot of the games you want.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    22. Re:Sony's security is not such good by Gr8Apes · · Score: 2

      Except the trophies, achievements or whatever you choose to call it aren't meaningless to the individual player. In many cases there may be a quick association to the moment of getting especially the rarer and harder achievements, which is no different than looking through a photo album. Would you call photo albums meaningless? To the person involved with the photos, I mean, not the world at large.

      I guess this is where I part ways with the current games. I could care less about "trophies" or "achievements". I play games for fun and interest. I also suppose this is why my last triple A game purchase was created more than a decade ago, instead going with smaller shops and indie offerings. I don't care to grind through endlessly repetitive actions for a "trophy" that claims I did 'x' 1000[0[0]]+ times in bronze/silver/gold no less, because the color on screen makes it worth more!!!!

      --
      The cesspool just got a check and balance.
    23. Re:Sony's security is not such good by apoc.famine · · Score: 1

      I'm not sure why you think Sony is the only developer putting out video games. Are you unfamiliar with the hundred or so other large developers? Or the thousands of small independent ones? The giant app market which is churning out games at a breakneck pace?

      Seriously, I've not played a Sony game for a decade, and I am absolutely not hurting for gaming. Haven't even missed them, to be honest.

      --
      Velociraptor = Distiraptor / Timeraptor
    24. Re:Sony's security is not such good by AmiMoJo · · Score: 1

      I know, I'm pointing out that many of the AAA games people want to play come out on the PS4 and XBOX. You might get a Switch support, likely inferior due to its lower power but not always in the game of games like Fortnight. And you might get a PC port, but then you need to buy and maintain an expensive gaming PC.

      So really for a lot of people, especially kids, it's PS4 or XBOX. And XBOX isn't really any better in terms of security or having all your stuff tied to your account.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    25. Re:Sony's security is not such good by alvinrod · · Score: 1

      Why would you believe the hacker's guarantee that the original owner cannot get it back? That seems like the kind of bogus claim a person would make if they want to unload a stolen account, because who would buy stolen property that could magically be returned to the original owner at any time? Given that the summary ends with an indication that the original owner did get his/her account back, it would seem that the hacker was full of shit.

      Also, I'm not sure if the account people can get the full credit card number so I'm not sure if your proposed solution would work. Even if it were possible I don't think it would be a good idea since I don't want customer service people to be able to see my full credit card number when they have no business or need to know it. I also would never want to give it out to anyone who isn't immediately going to charge it for something even for the purposes of verification. Typically you only get the last four digits of the card being used for that purpose.

    26. Re:Sony's security is not such good by nitehawk214 · · Score: 1

      I mean boycotting Sony isn't much of an option if you like to play video games.

      The only other options are Microsoft who are just as bad, or Nintendo who don't have a lot of the games you want.

      Or, PC Master race.

      --
      I'm a good cook. I'm a fantastic eater. - Steven Brust
    27. Re:Sony's security is not such good by Anonymous Coward · · Score: 0

      Speak for yourself.

      I'm a long-time gamer, though not as much in the past few years. I've never had anything problem boycotting anything and everything made by Sony when it comes to games.

    28. Re:Sony's security is not such good by commodore64_love · · Score: 2

      >Would you call photo albums meaningless?

      Photo albums show my family, and family is far far more important than some stupid trophies I got in Final Fantasy 11

      --
      "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
    29. Re: Sony's security is not such good by Anonymous Coward · · Score: 0

      Eat my shorts!

    30. Re:Sony's security is not such good by Anonymous Coward · · Score: 0

      >Photo albums show my family, and family is far far more important [to me] than some stupid trophies I got in Final Fantasy 11

      Fixed for clarity.

      Not everyone has the same order of importance on family and PSN trophies that you do.

    31. Re:Sony's security is not such good by Darinbob · · Score: 1

      You can re-earn achievements without much trouble. I know some platforms attach money to these, which I always thought was crazy.

      (In Fallout 4 they pushed out a patch that prevented achievements if you used any mods, so the next day someone had a mod to re-enable achievments)

    32. Re:Sony's security is not such good by Calydor · · Score: 1

      The thing is I play a lot of online games with family, so we tend to get a lot of those rarer achievements at the same time.

      Everyone's mileage may vary, of course.

      --
      -=This sig has nothing to do with my comment. Move along now=-
    33. Re:Sony's security is not such good by Darinbob · · Score: 1

      The achievements for the most part that I've run across (PC games only), tend to either be automatic achievements you can't help but earn if you finish the game, additional easter-egg type things that yu may as well add to your TODO list, and stuff in DLCs so that you feel obligated to spend more money. I don't mind the TODO stuff myself and they can be fun (ie, finding how to destroy all the monitors in Portal 2, which you might not know is possible if it wasn't listed as an achievement).

    34. Re:Sony's security is not such good by Areyoukiddingme · · Score: 1

      I got involved as a sports fan for a while. It was a great Petri dish to explore human cognition. But then my favourite resource disappeared behind a paywall. Sure, I could pay. But now the discussion is limited to include only those people who choose to pay. The group structure is now inherently different. It's no longer such a great Petri dish for me to explore human cognition (having become far more captive and insular).

      Dude, you are waaaaay overthinking this. It's baseball. There's effectively no cognition involved. That's rather the point, as far as I can tell.

      P.S. every quotation mark should be two instances of a 32-character random nonce, never to be ever used again.

      Dude, you are way way way waaaaay overthinking this. Exponential escape growth is telling you to refactor your script into functions, or failing that, abandon shell script for a proper programming language. That rabbit hole you are digging at does not have a rabbit at the bottom of it. The burrow was abandoned long ago.

      So stop whimpering that your clever multiply-nested commands have more backslash escape characters than a Jupiter-scale Pine Barrens on Ringworld after a small asteroid hull breach that doesn't clear the upper atmosphere. GET OVER IT you irritating shit.

      And take your meds.

    35. Re: Sony's security is not such good by Scarletdown · · Score: 1

      Aye caramba!

      --
      This space unintentionally left blank.
    36. Re: Sony's security is not such good by Anonymous Coward · · Score: 0

      I paid $150 for a used i5 PC with 8gb of ram. I put in a used gtx780 that cost $150.

      So for $300 I got a gaming PC better than the upcoming PS6

  4. Re:No PSN accounts in FEDERAL PRISON by sentiblue · · Score: 0

    I know lots of people hate the President and it's their right... but did you have to bring him into this subject? No wonder you have to post as an anonymous COWARD.

  5. Re: savedyouaclick: The guy didn't actually bid $7 by Anonymous Coward · · Score: 0

    Who are these few dozen morons? I would like to sell them shares in a bridge.

  6. Pay your Customer Service Reps more by Anonymous Coward · · Score: 1

    Lesson to every company with phone/chat/email support:

    PAY REPS MORE, AND QUIT PUSHING FOR PERFECT PRODUCTIVITY.

    If you don't pay reps enough, they will simply not care, and when you push for higher productivity, you will get better productivity, at the cost of less attention paid to what is actually going on.

    I shit you not, the one time I let a social engineering thing go, it was only caught by the fraud team because of the rapid succession in which the fraudster tried to do things with it. What would have made me notice what was going on? Well not having to compete with a dozen other people at cheating KPI's by cherry picking easy support requests before others get them. Email support reps often throw back support requests that they think are too hard.

    The people who do chat support, are frequently talking to 8 other customers, and thus paying attention is very hard, this is why fraud queues are often phone-only because the CSR can only deal with one at a time. But they are still under pressure to keep the call short, and thus many verification steps, and notes on accounts are ignored because that is the first time they deal with the customer. If each representative was responsible for the same customers, then this would stop happening, because reps would recognize their own notes, and thus are responsible for their own fuckups.

    1. Re:Pay your Customer Service Reps more by Anonymous Coward · · Score: 0

      You're being paid to do a job, you either do it effectively or find another job where you can be paid more. This isn't that difficult to understand, they accepted the job with the proposed pay.

  7. Most people want poor security by FeelGood314 · · Score: 5, Insightful

    Usually any extra security you add is going to hurt legitimate people who forgot their password/login. These people out number the crooks and a large army of them will be very upset if they can't reset their account with minimal effort. It's a balancing act for customer support but better to lose one account and restore 100 users who have are having trouble. Those support calls cost a lot and there is limited profit potential from them. Don't expect this problem to be fixed or even improve anytime soon.

  8. Re: News for millennials, things that are irreleva by Anonymous Coward · · Score: 0, Funny

    How the hell is thIs news for slashdot front page??? Whatâ(TM)s next ??? Tips to catch more Pokémon go ???

  9. Harder to trace?? by Anonymous Coward · · Score: 0

    BTC leaves an unbreakable cryptographic record of every transaction that has ever been made. There are some ways to make it more difficult to trace, but they require a fair amount of work unless you never want to convert it back to fiat.

    1. Re:Harder to trace?? by Luckyo · · Score: 1

      The standard method which makes it de facto impossible to trace is spreading the transactions out in smaller amounts. Cost of trace rapidly ramps up to be more expensive than amount of money to be recovered.

    2. Re:Harder to trace?? by MooseTick · · Score: 1

      "BTC leaves an unbreakable cryptographic record"

      Nothing is unbreakable.

      --
      Ninjas don't carry tic tacs
  10. Yawn. by Narcocide · · Score: 1

    Inside job.

  11. ## a-connection-between-a-russian-bank-and-Trump by Anonymous Coward · · Score: 0

    https://www.newyorker.com/magazine/2018/10/15/was-there-a-connection-between-a-russian-bank-and-the-trump-campaign

  12. Why? by Anonymous Coward · · Score: 0

    Why would someone want another persons PSN account?

    1. Re:Why? by Anonymous Coward · · Score: 0

      If the original owner preferred digital, the account would be full of games tied to it.

    2. Re:Why? by stealth_finger · · Score: 1

      If the original owner preferred digital, the account would be full of games tied to it.

      So why not just spend the money on games?

      --
      Wanna buy a shirt?
      https://www.redbubble.com/people/stealthfinger/shop?asc=u
    3. Re:Why? by Pascoea · · Score: 1

      If the original owner preferred digital, the account would be full of games tied to it.

      So why not just spend the money on games?

      I mean, I'm no economics major, but I'd venture a guess that the account was advertised as having more than the asking price worth of games tied to it.

  13. Well... by Anonymous Coward · · Score: 0

    I shit on Sony. I throw flaming bags of human excrement at their headquarters. I give their CEO a yellow shower. DRM on audio CDs?

  14. Re: News for millennials, things that are irreleva by Anonymous Coward · · Score: 0

    How would you feel if someone stole your childhood?

  15. Re:No PSN accounts in FEDERAL PRISON by Anonymous Coward · · Score: 0

    Anonymous Cowards are merely to prove why unregulated speech is a completely bad idea, you should ignore everything they say.

  16. Fail by Anonymous Coward · · Score: 0

    No right minded person would pay 1200$ for an account, that is eqvivally dumb to paying 150k$ for a cryptokitty.

    I don't like stories about evil haxors like this because they are lies. The guy probably wanted 12$ for that account but only dumb people would buy a stolen account, it s against the TOS, even if the owner does not get it back it can be blocked then you throw your money into the dumpster, why bother instead of getting a legit one and leveling your characters up on your own.

  17. Did not pay by houghi · · Score: 1

    So he did not pay 1200USD and he then also did not pay 700USD for an account that might or might nit be his. Why not lower the price to10 cents?

    I once did not oay for stolen goods

    This is loke running after a bus to save money, which is stupid. Better run after a taxi and save more.

    Oh and I once offered 50 fEUR or a new car radio. All I had to do was pay upfront and they would get it.

    --
    Don't fight for your country, if your country does not fight for you.
    1. Re:Did not pay by Anonymous Coward · · Score: 0

      I think there is something here...some deeper meaning. As if the noises are trying to make actual sense.

    2. Re:Did not pay by Anonymous Coward · · Score: 0

      So he did not pay 1200USD and he then also did not pay 700USD for an account that might or might nit be his.

      "Bid" which is what the title says, and "paid" which is what you're changing it to, are two different words with two different meanings.

    3. Re:Did not pay by Anonymous Coward · · Score: 0

      700 seemed a bit high for me too
      30 bucks and a pack of gum is what I would have said

  18. Social Engineering Blues by mentil · · Score: 2

    Marking individual accounts as 'likely to be attempted to be hijacked' doesn't fix the broader problem, which is hardly exclusive to Sony. Surely security doesn't need to fly out the window when you call a helpdesk? Attackers being able to obtain bits of info about an account could be stopped by these interactions being handled by a chatbot, and programmed to not give up that info.
    So long as 'I forgot my password' or 'my 2FA got lost/broken' can work on administrators, then those security features can be bypassed. As phone scams have proven, people are really bad at detecting scams when talking over the phone. Sending notifications to the account and to all the on-file contact methods for the account e.g. "click here if you don't want your password reset, you have 24 hours" is imperfect, if you happen to not log in or check messages, such as if you're out of town or you just don't use the account often. Not sure what the solution to this is, aside from some perfect unduplicatable identity verification.

    --
    Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
    1. Re:Social Engineering Blues by Anonymous Coward · · Score: 0

      Marking individual accounts as 'likely to be attempted to be hijacked' doesn't fix the broader problem, which is hardly exclusive to Sony. Surely security doesn't need to fly out the window when you call a helpdesk? Attackers being able to obtain bits of info about an account could be stopped by these interactions being handled by a chatbot, and programmed to not give up that info.
      So long as 'I forgot my password' or 'my 2FA got lost/broken' can work on administrators, then those security features can be bypassed. As phone scams have proven, people are really bad at detecting scams when talking over the phone. Sending notifications to the account and to all the on-file contact methods for the account e.g. "click here if you don't want your password reset, you have 24 hours" is imperfect, if you happen to not log in or check messages, such as if you're out of town or you just don't use the account often. Not sure what the solution to this is, aside from some perfect unduplicatable identity verification.

      The reality is no matter how good the automated account management is all services like this eventually need to be able to reach a living person. These accounts are tied to things with real value, such as games, so they can't just be scrapped if you lose the important bits. Yes, it's that persons fault for forgetting something important but it doesn't change anything. Hiring the cheapest support they can doesn't help either since these people have no real incentive to be secure or maybe even don't understand what social engineering is.

      Never forget that most people aren't particularly competent and will happily hand over their password if you just ask.

  19. He should sue Sony by Alain+Williams · · Score: 2

    Sony have deprived him of goods (ie games) that he has paid for. Sony was scammed, but that is not the user's problem, he seems able to demonstrate that the scam was not caused by something that he did wrong. In the UK he could take them to the small claims court - which is quick and easy. Yes: Sony's lawyers would get involved but they would need to convince a judge that they are not liable.

    1. Re:He should sue Sony by MooseTick · · Score: 1

      "Sony was scammed, but that is not the user's problem,"

      Yet, it is the user's problem. That's the problem.

      --
      Ninjas don't carry tic tacs
    2. Re:He should sue Sony by Agripa · · Score: 1

      Sony have deprived him of goods (ie games) that he has paid for.

      He only rented them for as long as Sony chose to allow. Banks now play this game also; when someone hacks the bank, it is *your* money and *your* identity which are stolen.

  20. This is good of Klepeck by Anonymous Coward · · Score: 0

    To be doing decent reporting on something interesting again, instead of "101 ways I can self-flagellate for being a toxic white male" and other such extreme social justice bullshit that Vice.com (and other Waypoint staff) will routinely harp on about.

    He's a smart kid and now and then produces some great stuff, but man oh man can be he a total knob in regards to the endless virtue signal bullshit, instead of focusing on games. Gotta think of dem politics!

  21. Re: No PSN accounts in FEDERAL PRISON by Anonymous Coward · · Score: 0

    Imagine what prison can do for your laughing asshole, Trump Jr.

  22. Re:savedyouaclick: The guy didn't actually bid $70 by Anonymous Coward · · Score: 0

    They often ask the potential buyer for their sony account info and use that to steal another account.

  23. sjw editors by Anonymous Coward · · Score: 0

    Patrick Klepek tells the story of a PlayStation Network user who had their 13-year-old account stolen

    HIS, not their. Too much social justice, not enough grammar

    1. Re:sjw editors by Wulf2k · · Score: 1

      Their is perfectly fine from a grammar standpoint and has been used long before it was socially relevant.

  24. Re: No PSN accounts in FEDERAL PRISON by crypticedge · · Score: 2

    She's been investigated by corrupt republicans for over 35 years trying to force fake charges to stick without so much as a single charge being filed against her.

    He's been fined 3x for money laundering for the Russian Mafia since 2005. He was also fined in 2006 for money laundering for the bank of Iran, who used that money to fund ISIS.

    Doesn't quite seem on the same level.

  25. Re: No PSN accounts in FEDERAL PRISON by e3m4n · · Score: 1

    As true as that may be, I still fear a world where all speach is censored much more. We just need a /. Option to make AC posts not visible, and make it the default setting.

    They post AC for basically 1 of 2 reasons.

    1) they are using a mobile device and hate logging in practically every time they click a link from a response notification

    2) they lack the spine to stand by whatever hatefull, moronic, outlandish, or downright retarded bullshit they drivel.

    #1 is a technological issue and could be fixed with development of better tools.

    #2 just needs to be fixed with some chlorine dispersed in their gene pool.

  26. Re: No PSN accounts in FEDERAL PRISON by Anonymous Coward · · Score: 2, Insightful

    3# They've been contributing for over a decade anonymously. I've been here for 16 years and never created an account. I've had AC posts rated up to +5 for Insightful, Informative and Funny. It's not cowardice, I just want my posts to be interpreted free of assumptions about me caused by reading my posting history.

    Reading between the lines and guessing from writing style, there's a lot of people doing similar.

    Also, ACs don't get bot spam replying to every post they create, unlike people who piss off APK, the GNAA guy or the Russian troll that hates C Reimer.

  27. Interesting MS wants to open up XBL to PSN by Anonymous Coward · · Score: 0

    It'll be interesting to see what happens as a bridge is built between PSN and Xbox Live and Switch's online services

  28. My son had his Steam account stolen by BenJeremy · · Score: 5, Interesting

    It took way too long to get it back, but suffice it to say, for a service whose TOS claims you can't trade or sell accounts, they seemed happy to ignore the fact that the password, e-mail and language changed, and the users IP moved to Russia. I'd think a simple check on that would be enough to say "You are right, here's your account back, set it up for 2-factor and never screw up again"

    Instead, we had to go back and forth, feeding them product keys used in the account in a back-and-forth that had a 24 hour+ turnaround time (their side) and took a couple of weeks. Meanwhile, some punk in Russia had bought my son's account (worth well over $3000 at the time), and probably was out a couple hundred bucks when we got it back.

    1. Re:My son had his Steam account stolen by Anonymous Coward · · Score: 0

      "You are right, here's your account back, set it up for 2-factor and never screw up again"

      Except it wasn't the user who screwed up, right there in TFS:

      This account wasn't on a shady market because someone was clumsy with their digital security. They had a strong password and two-factor authentication. When they were notified about problems with their account, they called Sony and asked for help. Despite all this, despite proving their identity over and over, they lost access to their PSN account, including any trophies earned or any games purchased.

      This is entirely on Sony, and not the poor sucker who lost their account.

      Sony screwed up, Sony failed to fix the issue, Sony fucked up. This is not an issue of the user "screwing up". Your son may have screwed up, but the person in TFA sure didn't.

    2. Re:My son had his Steam account stolen by kanwisch · · Score: 1

      This same thing happened to a relative though Steam has refused to return the account. I used it as a learning opportunity about dependence on online brokers (Google, Steam, Amazon, you pick one) and digital licensing. Funny how others view us experienced IT folks as "fuddy duddy's" that the young ignore until its too late...

    3. Re:My son had his Steam account stolen by Anonymous Coward · · Score: 0

      worth well over $3000 at the time

      There's the real problem. No online gaming account should ever be worth anything, let alone thousands of dollars.

    4. Re:My son had his Steam account stolen by Anonymous Coward · · Score: 0

      worth well over $3000 at the time

      There's the real problem. No online gaming account should ever be worth anything, let alone thousands of dollars.

      It's not so much an "online gaming account" as it is a game store account with many purchases. It's the modern equivalent of a shelf of games which have value. My Steam account is worth significantly more than $3000. And before someone says "they should have bought physical copies" not every game has a physical copy, especially in Steam. Hollow Knight, which is extremely popular, cross platform, and out for over a year only recently got a physical release. ARK took several years as well. Welcome to the modern world.

    5. Re:My son had his Steam account stolen by Anonymous Coward · · Score: 0

      This same thing happened to a relative though Steam has refused to return the account. I used it as a learning opportunity about dependence on online brokers (Google, Steam, Amazon, you pick one) and digital licensing. Funny how others view us experienced IT folks as "fuddy duddy's" that the young ignore until its too late...

      It's purely a game of odds. Clearly, for the vast majority of users Steam allows them to download their games from anywhere and provides a "Friends" system so regardless of where they login or what game they are playing, they can group up with people they know.

      So is it worth giving that up in order to not worry about the .001% (random number, obviously) chance that the account will be stolen? Most people say no.

  29. Re: No PSN accounts in FEDERAL PRISON by Anonymous Coward · · Score: 0

    We already are "delt with". Started a few months ago when Slashdot added member posts start at +1, that wasn't enough though so they added +2 for some (maybe based on UID?).

    AND you still don't see 99% of the content on Slashdot unless you

    1) set BOTH sliders to the _right_ of 0 (missleading since it appears to be -1 when infact it's setting 0)
    2) Click "Check for new commennts"

    You won't see most posts otherwise and even that is assuming the content wasn't removed entirely / shadowbanned. It's not just "APK" who get banned / comments removed either. SystemD, SSL, pro Trump/Republican, etc all targeted depending on the time of day. Like anon #57455180, I only post AC and for the same reasons. People make mistakes, you either take what I say at face value or not. I'm not in it for karma though it would be nice if Slashdot had some kind of tripcode at least.

  30. Re: No PSN accounts in FEDERAL PRISON by Anonymous Coward · · Score: 0

    She has never been charged, true. But many of her business associates have been, and convicted. Her husband gave them pardons as well. She surrounds herself with criminals, pardons them, but no, no, no. She herself has never done anything. /sarcasm

  31. Serial numbers by Registered+Coward+v2 · · Score: 1

    Each PS has a unique serial number. Require that for any account changes; and ty the account to the serial number to keep it working. They could also add a second number to the box to allow for getting a replacement PS if the original one dies. If it gets stolen, send a copy of the police report. Not perfect, but it adds a layer of complexity to stealing an account while keeping the information needed to legitimately do so available.

    --
    I'm a consultant - I convert gibberish into cash-flow.
  32. but...why? by Anonymous Coward · · Score: 0

    What does the thief gain from this? I get it if the article mentioned the PSN account was unique, like a two letter username, or a year, or something someone else wanted. But he stole it and used it?

  33. Not surprised by Anonymous Coward · · Score: 0

    A friend of mine completely illiterate in tech had a godaddy website. She lost the password. They asked her all the secret questions, she got them wrong. Then they asked her what the CC was on the account. She did not know. They still gave her a new password. I'd like to see a "too bad" response when you can't prove yourself, but it is not going to happen. There are too many like my friend. I use encryption on my disks and I know if I forget the password, then the disk data is just gone. No hail Marys.

  34. Re: No PSN accounts in FEDERAL PRISON by Dragonslicer · · Score: 1

    We already are "delt with". Started a few months ago when Slashdot added member posts start at +1

    It's been that way for as long as I remember, and I've been here well over 10 years.

    that wasn't enough though so they added +2 for some (maybe based on UID?).

    It's based on "karma", which is having a large number of posts moderated up. In other words, once you've shown that you can make a positive contribution to discussions, you get an extra +1 bonus.

  35. Re: No PSN accounts in FEDERAL PRISON by Anonymous Coward · · Score: 0

    Based on Karma you fucking moron.

    Fuck off and die.

  36. Re:savedyouaclick: The guy didn't actually bid $70 by Anonymous Coward · · Score: 0

    I can think of nothing sadder and more pathetic than someone so wrapped up in their gaming that they are willing to pay money to get an account back.

    Turn off the computer or console, and fucking go outside.

  37. Re: No PSN accounts in FEDERAL PRISON by Anonymous Coward · · Score: 0

    #3 Some opinions may trigger some extremely thin-skinned people and people don't want to run the unnecessary risk of getting doxxed, SWATed, or stalked.

  38. Re: No PSN accounts in FEDERAL PRISON by crypticedge · · Score: 1

    Any every single person who worked on trumps campaign has been investigated with several putting in plea deals, and over 80% being charged.

    Also, trump was still the only one out of the two to be fined for laundering money for criminals (a criminal act in and of itself)
    Trump was also the only president in US history to commit treason.

  39. Glad he got his stuff back. by zawarski · · Score: 1

    Whew. Glad he got his digital trophy thing-a-ma-jigs back. Don't know what I do if I lost mine. Wait. Yes, I do. I have no idea what that fucking is. Money well spent.

  40. Re: News for millennials, things that are irrelev by Anonymous Coward · · Score: 0

    A PS4 came out like 4 years ago.

  41. Re:savedyouaclick: The guy didn't actually bid $70 by Cederic · · Score: 1

    Pay, no, but.. it would cost several thousand pounds to re-acquire the games in my Steam library. You can bet there'll be action if I lose access to it.

  42. RIFE! Hire an editor, Motherboard (and Slashdot) by mythosaz · · Score: 1

    > But Sony's setup seems especially ripe for it.

    Rife. Rife means abundant. Ripe means fully mature.

  43. Re: No PSN accounts in FEDERAL PRISON by Anonymous Coward · · Score: 0

    Yeah, hiding anonymous cowards from general view has been one of the best decisions /. ever made. If you have someone to say, but can't or won't show your face, it better be so fucking good that it gets modded up a bunch.

    ZIP

    P.S. => I'll be modding most of this thread down for being totally off-topic. You dipshit