Last Night PlayStation’s Twitter Accounts Were Hacked, PSN Database Possibly Breached

Last night you may have seen some strange tweets from various PlayStation accounts on Twitter, which all but confirmed the accounts had been compromised. A internet security firm called OurMine claimed to be the perpetrators of the account hacks, and also tweeted that it had breached the PSN database, gaining access to user account data.

OurMine left a message on the PlayStation Twitter account urging someone at Sony to contact them to discuss the security issues raised, though the Tweets are now gone. OurMine stated it would not be sharing the details of the account database. However this alleged breach of account data will raise alarms considering how Sony has been targeted before. Who can forget the 2011 network outage which saw accounts compromised.

Sony has not acknowledged a breach of its database systems, but a statement to allay any fears would be welcome. Of course if you are worried change your password and make sure that you have two step verification activated.

Source: NeoGaf

Written by
From the heady days of the Mega Drive up until the modern day gaming has been my main hobby. I'll give almost any game a go.

17 Comments

  1. I’m not a member of twatter, does that mean my ps accounts safe?

    • The article sounds like both twitter and the PSN database was breached, which would suggest no. Password change time!

      • No, some muppets whose only skills appear to be hacking Twitter accounts made some claim about having done more. Which nobody should believe as it’s not what they do.

        And rushing to change passwords is a bad idea. Assume they had somehow got access to the PSN database (they haven’t), they’ve either got the encrypted database (so the chances of you personally being affected are slim), or they’ve got full access to one of Sony’s servers (in which case, assume that changing your password has just given them your new, plain-text password).

        So no need to rush to change it. But do make sure you’ve got the 2-factor authentication turned on. Not because of this, but because it’s a very sensible idea anyway.

    • Did you enable 2fA?? If so you have absolutely nothing to worry about (unless you were stupid enough to use your PSN password elsewhere)

      Even so, I am calling fake on anything beyond a Twitter hack…

      • Well done. You’ve failed to understand both how 2 factor authentication works, and how Sony have implemented it. Impressive.

        Having it turned on actually makes password reuse slightly less stupid (but still not advisable). If someone’s got your password from somewhere else, and you’ve reused it on PSN, that extra security should protect you. That’s the whole point. Bad people can’t log in to your account without your phone, even if they’ve got the password.

        But Sony have implemented it by just sending a 6 digit number as a text message. The least secure way of doing it. So there’s still the potential for bad things to happen. A reasonably small chance, but still more than “absolutely nothing to worry about”.

        No security measures are going to be 100% safe. Just safer.

        You’re right that it’s unlikely to be anything more than some Twitter accounts being compromised.

      • Pretty sure you have failed to understand 2FA, and what the seconds factor actually is. It’s not the 6 digit alpha numeric case sensitive password (which is more secure than my bank by the way), the 2nd factor is physical device access.

        https://www.securenvoy.com/two-factor-authentication/what-is-2fa.shtm

        “requires not only a password and username but also something that only, and only, that user has on them, i.e. a piece of information only they should know or have immediately to hand – such as a physical token.”

      • That would be the ideal situation, yes. A physical thing that only you have (ignoring theft or losing it).

        Sony went for sending a 6 digit number in a text message. A plain text message without any encryption. Better hope you don’t end up with anything dodgy installed on your phone that might be reading your messages. Usually that wouldn’t really be an issue (as most text messages are going to be of no interest to anyone), but sending anything important by text seems unwise.

        Google can use text messages for 2FA, but they’ve realised it’s not enormously secure and are pushing other options. They just push a notification to your phone (over a secure connection) that asks if you’re trying to log in somewhere else. They’ve made pressing a single button on your phone a more secure option than sending a code in a text. And easier than having to type a 6 digit number.

        If Sony are more secure than your bank, I’d change banks. Mine needs to generate a code using my card (a physical thing only I have access to) and a card reader (which anyone could have). And once a device is authorised, I still need to enter 1 or more of several numbers and passwords every time.

      • Made a huge assumption that someone who hacked a corporation was also going to hack your phone to read your text messages to get your PSN account..

        Are you for real?

  2. They’re not an “internet security firm”. That makes them sound legitimate. They appear to be a small group that “hacks” Twitter accounts and then try and sell their services to secure your accounts to prevent someone (presumably they’re the someone) hacking them in the future.

    So basically criminals taking over social media accounts with some added extortion on top. Not an “internet security firm”.

    There’s absolutely no reason to believe they’ve accessed anything more than a Twitter account. Or accounts. Certainly no need to panic anyone.

  3. So a group hacks the PS Twitter account and then has access to PSN user data???? How are they related???

    They most likely did get the PS Twitter account but not the PSN data…

    To be fair last night I was having issues on PSN, very slow on my PS4 and was signed out a few times…

    • Yep, they got into the Twitter accounts somehow (as that’s what they do), but there’s zero chance they’ve got anything more.

  4. I forgot I’ve even got a twitter account. Maybe they could tell me what my password is, as I haven’t got a scooby.

  5. A few months ago, someone opened a sub account on my PS4 and started purchasing FIFA credits. I contacted Sony and they disabled the sub account and set up two-step verification. Now whenever I do anything on my account, a code is sent to my phone and I can’t proceed until I enter it.

    No idea how they managed to add the sub account but they had access to a pretty huge library of games for a while. Leeches! Although I did get a refund for the FIFA credits.

    Then, last week I had an email from Sony thanking me for my purchase of Batman Begins HD. I thought I’d been hacked again because I didn’t receive a two-step password notification on my phone. Turns out one of my Nephew’s had auto-signed in on my PS4 and was going to town on the PSN… And because I had auto-sign in on my main account, the two-step verification wasn’t needed for purchases and I couldn’t get a refund. I’ve now changed the settings so you require a password whenever you make a purchase on the store.

    So I feel pretty secure now and if these people can get through all that I don’t know what else they can do.

    There are decent security features there, you just have to take the time to set them up it seems.

  6. Hopefully they’re just lying about the database business. I have two-step set up but don’t know for sure what it protects, presumably purchases and logging in on new devices. Can we assume we’ll get a text in the unlikely event that anyone tries to jimmy our account open?

    • Yes, it protects any activity on a new device. (Or what it thinks is a new device, which is a mild annoyance if you try and use the web store and your browser has updated or your ISP decided to give you a new IP address)

      And if someone tries to get into your account, you’ll get the text message with the code. Which would be a sign that someone was trying to get in somewhere else.

      Obviously it doesn’t protect you in anyway against drunken late night purchases, ghosts, or those weird little small people. Children, I think they’re called. Or anything else that involves having physical access to an already authenticated device.

      • Small people, the little password sponges that somehow learn to pay for stuff on the internet before they can even read? They’re amazing and frightening.

  7. I bet Microsoft did it out of jealously of the SUPERIOR games that…..

    Yeah, even I know when to not stoop that low for a joke.

    Guessing that this means the string on a cup will be moved from an unlocked cupboard to one with a lock. Though hopefully, it’s just twitter that got hacked instead of the service again. That said, i wouldn’t be surprised if it did get hacked again due to how flimsy the network is.

    *waits for a certain member to comment about how “Wrong” i am and why I need to bask in the glory of the Playstation*

Comments are now closed for this post.