PSN Account Being Held For Ransom - Any Experience?

Edit: I don't know if I'll even get noticed: Twitter thread, I Don't have a big social media footprint.

Hey duders, looking for help/input or to share in misery here.

I don't want to seem like a Karen, but this is the 5/6th attempt over a few weeks.

2FA was recently bypassed on my original PSN account, I was not even able to refute it as they say they cannot change the account for 'security reasons'. Sony support basically told me to get fucked. I used 2FA authenticator app, now have to cancel credit cards, losing friends, over a decade of purchases and trophies gone? The guy was gloating on Twitter after attempting to phish account details from me (which I ignored.)

You're telling me that this is acceptable? Anyone have experience as a Sony tech or this practice?

Should I issue a chargeback on recent purchases? What ramifications would that have? Any thoughts?

I would do a charge back and tell your bank not to let any purchases go though on PSN. Normally what Sony will do if you do a charge back is lock the account until they get the money back for whatever purchases where made, which for now you don't have access to the account anyway so whatever, at least the other guy is locked out as well. Then if they finally resolve the issue and give you your account back they will probably talk with you about the charge back and how its going to be fixed. I saw the post before i assume a mod removed it because there may be some personal info in there, but if they said they will call Friday all you can do is wait and hope. Hopefully it gets resolved.

Edit: and a charge back would help a little confirming you are in fact the person who owns the credit card at least, and now that money is getting taken away from the account Sony might want to get that back by talking to you and actually resolving this. As a person who got into the account would obviously not be able to do that

I'm sorry that this happened to you. Sony's customer support is notoriously bad. I definitely would not give up. The first thing I would do is get somebody on the phone and refuse to get off until you got a better answer than what "Kevin" gave you. "Kevin" may be a "chat supervisor" but he is clearly typing based on a script and based on some of his constructions and sentences may not be a native English Speaker, which can sometimes make people adhere even more to the script because they don't fully know what's going on. Get someone on the phone and escalate as far and as high as you can.

I would not do chargebacks just yet because assuming you caught this quickly you have a longer window to do so, and chargebacks can make Sony kind of hostile to you in my experience. I would exhaust phone support and things like CEO email bombing and other customer support tactics before going there (though I wouldn't wait more than a few days, especially if they are making charges, and if my bank issues a fraud query I would of course be honest about it.) Closing the card associated with the account is probably a good idea though.

This is far from over. Sony's practice is always to refuse to help you the first time, like an insurance company reflexively denying all claims. You just need to press forward and see if you can get a genuine person on the phone with the power to help. They probably got around your 2FA using social engineering to recover the account, so as the rightful owner if you can talk to the right person you can likely get it back. I can't guarantee anything of course, but I would press as hard as I could because if you're like me you've got a lot of money tied up in this thing.

Good luck, duder!

@sketchaetch: How did your 2FA get bypassed? If you're using an authenticator app then surely the person who stole your account would need access to your physical phone?

Edit: Apologies if that didn't sound particularly sympathetic - what you're going through absolutely sucks. I'm just confused as to how it was even possible?

As others have said, you should get Sony on a phone and just keep demanding to speak to someone more senior until you get the answers that you want, or at the very least answers that make sense. I assume that's how the guy got access to your account in the first place, by calling up support and claiming to be you with your personal information until they disabled your 2FA and gave him access to your account.

I have also had 2FA bypassed on my Sony account before. No idea how this happens, seems like a huge issue on their end. The scammer tried to charge a couple purchases to my account. The first purchase went through, but the second was flagged by my credit card company, who promptly called me. I told them I didn’t recognize the purchases and they rejected the second purchase and put a chargeback on the first purchase. Later, I was able to regain access to my account by answering security questions and resetting some info. But since I had a charge back on my account, Sony locked my account soon after and emailed me the webpage where I could reach out to customer support for chargebacks (because my account was suspended, I was not even able to start an online chat or call a representative to discuss it, so my only recourse was really to use that webpage). After reading stories online, I was certain I would need to pay back the cost to regain access to my account. To my surprise, I explained the whole situation in gritty detail on the support site and a few days later was given access to my account with no fuss. I was honestly stunned that I didn’t need to pay back. Depending on how much the purchases were for, it might be worth issuing a charge back. Like someone above me said, Sony will probably suspend your account, which is fine since you can’t access it right now anyways and it would also block the scammer from accessing it, and it might give you an opportunity to reach out to support. Just know that most likely you will have to pay Sony back for the charge back. I really think my situation is the minority situation, unfortunately. All that being said, I am kind of surprised they aren’t more helpful with just regaining access to your account. It is probably worth calling them on the phone and escalating as much as possible if you can.

Wow, that is some extremely shitty support. Pretty scary, I'm also one of those that had PSN since the start and mostly buy digital, so many years worth of purchases (like 400+ games) and trophies that can just go away and they don't care.

What you can do is go on social media and try your best to blow the story up. And make sure you mention Kevin and how intentionally unhelpful he was. Also try calling Sony on the phone. You might get better consumer service. I've found that online consumer service clients don't really do much when it comes to serious issues for many major corporations. They just follow a prepared script. Even today, the best course of action is to get someone on the phone, which is why businesses go out of their way to keep that from happening with automated answering machines and the like. In fact, if you call Sony, all you will hear is how they are busy and can help you better if you go through their online service, as you see for yourself, that's not true. Just stay on hold for as long as it takes to talk to a real person. Also, if you do get someone real on the phone, and they start to give you the run around, demand to speak to a supervisor or manager. No matter how much they stall, they'll have to honor your request, or they could be in danger of a lawsuit.

It always seems to me that Sony is especially bad at adhering to their script hoping that people just sort of go away at that first interaction. They seem to cave pretty readily at actual pressure though so don’t give up.

I've only had one experience and i know you don't want to hear it but it was very good, my account was accessed and payments made through the attached Paypal, i gave Playstation a call and got a very helpful and happy Australian guy who sorted it out and returned the payments.

@sweep: I believe they either socially engineered to change the e-mail first, because Sony doesn't ask for anything to do that. Or maybe spoofed SMS? The e-mail was changed once already at the beginning of the month, but I was able to get it changed back and thought I had it fixed. I got a *text* 2FA ping on my phone, despite also having authentication applications, but figured he didn't have the code so I could just get it resolved when I got home from work.

The guy then tries to "help" me on Twitter because his friend got into the account and wants to give it back. I didn't fall for any of that. I still tried to be cordial even though I know he's a scumbag.

Next I get messages from my friends saying that he's changed the name and is playing fucking Fortnite. My intention was to get it back and ask about putting more security on the account, but they won't even allow me to try to get it back. It's absurd.

I'm not sure if it's a SIM spoof? Social Engineering? I just want to be able to talk to someone (anyone) that has a connection. Has there been another data breach? There's got to be a loophole they're bypassing.

This morning: spoke to local Consumer Protection just a few minutes ago, lengthy conversation. Will file paperwork there, but we'll see if that goes anywhere.

If I were on your shoes I would tell to verify the last purchases he made on your card with a bank statement. It should be a proof enough.

@mf_goon: From what i have seen most of the time with a charge back they might not put that money back into your bank account, but they should at least put it back in your PSN wallet. Sony im sure can see all the IP addresses and console serial numbers that the account has been used on probably with time stamps, so when an actual person at Sony who knows what they are doing has a look will instantly see that these charges are fishy and should remove the charges. And there chat support is probably not able to do anything about this because they shouldn't have access to change things as sensitive as this. But the line of "to bad so sad, cant do anything for you" is not how they should handle this at all, unless they know he is getting a call from a higher up that can actually do something and are just getting him off the chat.

Odds are the way someone got yours and OPs account even with 2-step was ironically calling up Sony and asking to get access back to an account. Social engineering is a fairly easy way to get access to someone else's stuff, all you need is persistence until you get that customer service person who feels sorry not knowing its not the real account holder. That is probably why chat support is not helping, because they honestly shouldn't be able to for security reasons. And OP looks like he is smart enough not to give his DOB and security questions to the "hacker" which he would probably use to screw up the account even more, or get into another account. That or if you use a phone for 2-step SMS spoofing is a thing (better to use an authentication app), and because social engineering works on cellphone company's as well its another backdoor. Or they just find a hole that the cellphone company didn't think of.

Another four attempts today at various times, three times they hung up after placing me on hold. Another they said, again, security reasons. My gut says they used some SMS spoofing or man-in-the-middle type stuff to get by the text-based 2FA that was on the account (in addition to the app-based authentication.)

I honestly have nothing in the tank here, I trying to ping Jason Schreier and Patrick on Twitter to see if they had done any stories about any account selling dark web stuff or could point me to someone, but I understand not being seen in the daily flood of pings they must get.

Consumer Protections said I should try to find a class action suit? So that's really probably not a possibility. I wouldn't even know where to start there, and have no idea how widespread the issue is.

@sketchaetch: Did a little research on reddit, seems like there are plenty of people with the same issues you're having. I've just read several threads from people saying they've had their 2FA authentication circumnavigated and disabled without receiving any warnings or messages from Sony. Apparently it's possible to call up sony support, pretend to be someone else using very limited information (Name, DOB, address, etc) tell them you've lost your phone and then blag your way through security until they give you the keys to the account.

My guess is that it seems the Sony customer service in your country, hired the wrong people so it ends up something like that.

Another couple of attempts to absolutely no avail. He's spamming my phone number with the authentication codes, so I doubt that he's able to get in after the first day?

I'm also starting to get Japanese e-mails on the original account information.

I'm sorry if the updates are annoying, I'm just desperate since no other social media or support is working. They tell you to call immediately, but then say they can't do anything? I'm sure all PSN credit is gone, various games I've recently purchased digitally are burned. Just, defeated.

Sleepless nights, cancelled cards, nobody will give me the time of day. Sent a message to Sony PR, but I really have lost my faith in everything at this point.

The saga goes nowhere. (If this is considered spamming I apologize.)

Another attempt yesterday, provided all information requested. Was courteous, asked to speak to a manager or someone who could explain the situation. My account is still locked for security reasons. The guy is trying to sell the account to my friends, that kinda shit. Gotten absolutely nowhere.

I could really use some success stories from folks at this point. My faith is totally gone. I'm not an anxious person usually, but this has totally invaded my thoughts. Or if anyone has worked for their call center?

Normally I would use this opportunity to remind everyone to activate 2FA, but it doesn't seem to do much for me. Has anyone had to call in after having lost their 2FA authenticator or changed phone numbers? I can't find any information on the process. I'd like to know how he was able to bypass it. I know when I lost my Battle.net authenticator years and years ago I had to provide a copy of a driver's license to get it removed... anything like that?

There was the article Patrick wrote about this a few years ago, which is why i was hoping he would respond to you and maybe do another story on this taking Sony to task for apparently not fixing this issue. It got resolved, but that was after Sony knew that Patrick was probably doing an article on this specific situation. It looks like they had the same problem of Sony saying that apparently nothing could be done. Try and get with him again, and maybe @rorie or another duder could get in contact and he might help? An article on how shitty Sony customer service overall has been should probably be done, just because i have seen very few stories that work out without having to jump though a lot of hoops.

@lego_my_eggo: I've tried a few pings, but haven't had any luck. I know I can't be the only one that had this happen. The only way we can get procedure change is to ring the bell. It just feels like it's a mute instrument right now.

This is my life now:

It might be worth contacting the authorities as well at this point. It looks like there is enough stuff going on that the person has committed multiple crimes that im sure is not on the top of there list, but it might be simple enough that they can check some records and track this person down and make him stop. Worth a shot if it looks like Sony really are not going to budge on the BS excuse of they cant do anything.

I would just recommend not giving up yet, im sure there is a lot of money tied to that account from past purchases.

Just to clarify OP, is your 2FA based on texts/emails from Sony or through a dedicated app?

This happened to a friend of mine and Sony basically just said “well since you don’t have access to the account anymore we can’t help you” after trying with them over and over again. He eventually had to go to his bank to get his money back and wasn’t able to get his PSN account recovered. He didn’t even bother to make a new account. He just got rid of his PS4

@burd_dev: I had both types of 2fa on that account, I'm truly sure he just socially engineered his way though support pretending to be me.

I've gone nuclear with internet security now, this whole thing has made me put on a tinfoil hat.

As a general rule never use text/email 2fa if you can utilize an actual factual app. Though if they did social engineer it (and support accounts aren't bound to your PSN account) I'm not too sure how much you could do about it. I'd just keep plugging away at support or hail mary getting your plight picked up by some form of media that puts the screws to Sony to rectify. I'd strongly recommend including the screenshots of them trying to sell the account back.

@burd_dev: The plan was to remove SMS 2FA. The thing is I can provide all the data that the thief can, that's why I'm going crazy. I just can't get anyone to talk to me objectively about it. There has to be a nuclear option of faxing in a blood sample if need be.

We put faith in these companies when they tell us to buy digital, but you can have a random dude just take your entire collection? It's not like someone jacked a car radio - there has to be an electronic trail that any reasoning person could see.

Thank you all for your input, I know I haven't solved this yet, but comradery helps.

I feel like I'm just screaming into the void.

And this is one of the many reasons I'll never trust Sony anything.

I had this issue. Hacker changed phone number, password, and contact info. You should Contact support again. They will ask you to verify purchases you have made in the past around certain timeframes. I did this and they gave me a temporary password to login and change my password and reclaim my account.

Not sure what country you live in, but I live in US.

Hope this helps.

He just put all my personal information out on Twitter as well as issued a suspension on my account. I'll be calling authorities tomorrow, for what good that'll do.

Account was suspended for hate speech, which I haven't even been able to access for over a week and a half.

At the very least this guy seems like a fuckin idiot so if nothing else it probably won’t be too hard to put this fools boots to the fire as well.

@sketchaetch said:

He just put all my personal information out on Twitter as well as issued a suspension on my account. I'll be calling authorities tomorrow, for what good that'll do.

Account was suspended for hate speech, which I haven't even been able to access for over a week and a half.

I hope he will get sued afterwards.

You might also try filing a complaint with the Better Business Bureau, search Sony Interactive Entertainment. Looks like they already have a really bad rating with them, and some of the responses are just "hey talk with our customer service" but sometimes it is enough to get someones attention and get things rolling. Worth a shot. Either way making as much of a stink out of this as you can looks like the only option, and hopefully they get someone competent in charge of there customer service.

I had the account back for about two weeks, finally got it back. Thought I was in the clear - and just lost it again to the *same* customer service social engineering.

I'm looking for any help, anyone I can talk to.

GLHB

You are probably going to have to do the same BS all over again to get it back. The Patrick article mentioned something about them flagging the account so this doesn't happen again, which you would assume they would have done already after this. But mention it this time and see if that finally fixes it so they cant just ask customer service for your account again.

Not only did they say they would put in extra security last time this happened, but I also sent in screenshots and paperwork verifying my identity to Sony / cards used. I had changed the usernames per their suggestion and they reverted all the changes without actually talking to me about it. (I think, at least. I have not heard a single word from Sony.)

I'm guessing I was in the clear until they changed it back to the username he was aware of where it got taken in the first place. Shitty thing is it's some fuckin' punk kid that skips school to call PlayStation Support. (At least creeping on Twitter would lead you to believe.)

Basically, if you've got an account that was part of that big leak a while back, I would change your username and maybe you prevent this from happening to you?

This has me just wanting to give up gaming, tbt.