Wednesday, 9 November 2016

Rash of PlayStation Hacks Hits UK Gamers

Widespread reports of stolen PlayStation Network accounts, especially in the UK, have started appearing in support forums.
PlayStation gamers have taken in droves in the past few weeks to the Sony Twitter support handle as well as Reddit to report that they have had their accounts hacked. In some cases, users say that the compromises resulted in fraudulent charges being made—mostly, they complain of their account IDs being changed so they can’t log in.
Sony has yet to issue an official response, but it’s been replying to customer tweets directing users to a generic contact form.
The compromises could be stemming from phishing attacks, or credential re-use (i.e., a hack of another site yielded credentials that also work for PSN). The issue could also be botnet-driven.
The other possibility is a hack of the platform itself, which is not unprecedented. The 2011 PlayStation hack exposed the personal information of the entire PSN user base, 77 million people, including users' account names, dates of birth, email addresses and credit card details. The incident, which Anonymous took credit for, forced the company to shut down its entire system for almost a month.
In April, five years after the massive hack, Sony finally implemented two-factor authentication for the PSN. Encouragingly, 2FA has alerted some users to an account compromise. One person said on Reddit: “I've had my psn account hacked twice. Both times I managed to regain control of it. Then Sony released two factor sign in. Since Saturday I've gotten I think eight requests for the code. Someone is trying again and has somehow gotten my password.”