After hackers ran up a bill on my PlayStation account, Sony held it ransom, says user.
Sony is not known to be a particularly customer friendly company with many complaints of overcharging/wrong billing by PlayStation account users. However it crossed even that limit by harassing a genuine user for the wrongs committed by hackers.
Brad Bourque, a PlayStation aficionado suffered so much at the hands of Sony guys that he has now come out in open about the run he was given by Sony on Yahoo. “Instead of helping me, Sony decided that I had to pay for the games that my hacker purchased, or face a permanent ban on my account,” he says.
Brad’s Sony PlayStation account was hacked by hackers one lazy Sunday afternoon after he received mails from Sony for purchases made on PlayStation account from his PayPal account. He says, “I was scrolling through my inbox and noticed some odd emails from PlayStation, all of them at 3:01 AM. There were three $25 payments to my PlayStation wallet, and a purchase for NBA 2K16 and some credits. After checking to make sure my roommate hadn’t drunkenly purchased the game, thinking he’d pay me back later”
Later in the day, he received another email for Sony for confirming an email change which he did not do. Brad thought that Sony PlayStation account email change can only be done by clicking a link in an email sent to the old account first. This was found to incorrect as payment info, or at least a portion of it, is visible in the web interface for a PlayStation account. Once an attacker has your password, they can chat with Sony tech support, explain that they don’t have access to that email anymore, and use the visible info in the account to verify their identity, changing the email on the account to prevent recovery by its rightful owner — in this case Brad’s.
The hackers also added another Sony device to his PlayStation account, a PS Vita. Unlike a PS3 or PS4, a PS Vita can’t be removed from the account by Web, it can only be deactivated from the device itself.
Since it was Sunday and Sony support was closed, Brad called up PayPal to stop further misuse of his account by hackers to make any more purchase. “I called PayPal support, and an agent there was quick to de-authorize my PlayStation account from making any more pre-approved purchases. Then, I filed a dispute on all three $25 charges,” Brad states.
Getting Sony to restore his account back to him was also relatively easy. Brad recounts
Once I got home, I sat down at a computer and fired up Sony’s chat support. At first, the agent was helpful. The intrusion and email changing were a separate issue from the disputed purchases, so we would deal with them one at a time.”
The agent rolled back the account’s email to the previous address (mine), and forced a password reset when I confirmed the change. Then I was a little bewildered as the agent asked: “Now what do you want to do about the purchases?”
“I don’t want NBA 2K16, and I don’t want to add $75 to my PlayStation account,” I said. It sounded simple enough, or so I thought.
The agent passed the buck. They explained that in order to issue a refund, I needed to cancel the dispute with PayPal. Essentially, PayPal had taken the money back from Sony, and I needed to have PayPal release it so Sony could hand it back to me.”
So I contacted PayPal. This turned out to be a process in and of itself. Because the dispute was security related, I had to call PayPal support, verify my identity, and then say in no uncertain terms that I was closing the case permanently, and get a guarantee that PayPal wouldn’t reopen it.
I informed the Sony tech support agent once the dispute was canceled. I didn’t get a human response. Instead, I got a copied and pasted statement explaining that Sony doesn’t offer refunds, and the funds would only be returned to my wallet. I asked what would happen if I issued a chargeback at the debit card level, and the agent explained matter-of-factly that my account would be banned until I paid the $75 in fraudulent charges.
After six years as a paying PlayStation customer, my account was now being held hostage, not by a hacker, but by Sony. I had to cover the cost of the metaphorical broken window, or my account was going to be locked. Basically, I had to apologize and pay for a thief.
Brad noted that he was not a fan of Sony anymore, “Right now, I’m not a big fan of Sony’s attitude or policies. It’s bad enough to be hacked, but it’s even worse to have to pay for the digital damage.”
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.