My PSN has been breached need advice

[Jon-Patrick-S]

Okay so I was in my PS4 setting and saw that my PS4 wasn't set as my primary PS4 but when I tried to activate it I couldn't because it said another PS4 was already activated but I've only ever owned this one. I logged into my account on my computer and now I'm more or less certain my PSN has been breached as both my PS3 and PS4 have been deactivated and if I check the media and devices section of my account online I'm met with this message

 

I don't know how my account information got out I don't game share and I I don't remember signing into anything shady but a couple of days ago I got an e-mail about suspicious activity on my Facebook account with someone trying to log in from I think Sweden and the timing seems too close to be unrelated. Nothing has been purchased under my account and I'm in the process of changing my password but Sony have gotten pretty strict on the criteria (The password cannot contain a sequence of 3 letters or numbers in order) so I'm trying to come up with something I'll remember.

 

Regardless of how it happened what I need to know is what to do now. As far as I can see there's nothing I can do from Sonys website because it says I can only deactivate the other PS4 which is now set as my primary PS4 from that console and the option to deactivate all devices has already been used by whoever has access to my account. I don't know if contacting Sony support can hep the situation or not pretty much every time I hear people talking about their customer support its rarely because they were of any actual use.

 

Basically just any advice people can give would be appreciated if this happened to you or someone you know because I'm honestly just in a panicked mess right now over this and don't know what to do.

[SuffyZorugelion]

Well, I'd give Sony a call of I were you. I keep hearing horror stories about their phone service so let's hope for the best. Hope you get your account back.

[StrickenBiged]

Change your password right now. Write it out if you have to make something complicated that you're worried you won't remember (a hacker doesn't have access to a piece of paper in your pocket, after all) but do it or else the other guy will. 

 

Take off any credit cards or PayPal that are connected with the account. Again, right now. 

 

Then call Sony. 

Pro tip for passwords:

1. Take a phrase which will be memorable to you, but try to make it something random. So, for example, a phrase like "Green elephants love spam".
2. Take out the spaces: Greenelephantslovespam
3. Replace some letters with 1337-style numbers: Gr33n313ph4n7510v35p4m
4. Split it in two: Gr33n313ph4n75[...]10v35p4m
5. Now pick a word that is the first thing the site or whatever reminds you of. For PSN, you might be reminded of "gaming". Put that word in the gap: Gr33n313ph4n75gaming10v35p4m
6. Apply the same 1337-style numbers to the new word: Gr33n313ph4n75g4ming10v35p4m
7. Throw in some punctuation for good measure (don't use !, everyone uses that apparently): Gr33n313ph4n75g4ming10v35p4m&*

This advice was given to me by a friend who works in cyber security. The theory is that you use your memorable nonsense phrase around every password you make, and only have to change the central bit on each website you visit. So all of your passwords suddenly look like they're cryptic to the casual observer, but are actually pretty memorable because you get used to typing out the phrase quickly, and only have to remember the middle part of each password, which can be something easy because you're garbling it with 1337-style numbers anyway. 

 

The password that I just generated would take a laptop 312 undecillion years to crack, according to howsecureismypassword.net.

[vanesamacri]

I once sent in my PS4 console for repairs (official Sony service) and they must have changed the motherboard or a similar component, because when I got it back, it wouldn't recognise it as the same console I had previously registered as my primary one. I had to unbind all my Sony consoles in order to be able to set this "new" PS4 as my main one.

[Jon-Patrick-S]

Alright I got my paypal removed and my password changed I used a random generator with letters numbers and symbols which looks pretty strong and I have it written down on paper but I'll try your friend's method if I change it to something I'll remember later on it. I've googled around a bit and as far as I can see I'm gonna have to wait six months for the option to deactivate all accounts to come back unless I get really really lucky with customer support. I'm gonna try contact Sony later on but for now I just need to go out for a little bit to get my head clear, my sincere thanks for the help posted here this has just come as a huge unwanted shock to me.

[DaivRules]

Change your password right now. Write it out if you have to make something complicated that you're worried you won't remember (a hacker doesn't have access to a piece of paper in your pocket, after all) but do it or else the other guy will. 

 

Take off any credit cards or PayPal that are connected with the account. Again, right now. 

 

Then call Sony. 

Pro tip for passwords:

 

You got that right!

 

Although, whenever I think of secure passwords, I think of XKCD and this one: https://xkcd.com/936/

[StrickenBiged]

I think of XKCD and this one: https://xkcd.com/936/

 

"correct horse battery staple" would be a good phrase to garble and put around another word. That sort of thing is perfect.

 

c0rr3c7h0r53g4mingb4773ry5t4p13&* = 177 undecillion years to crack.

 

correcthorsebatterystaple = only 8 septillion years. 

 

If you think you'll last longer than the next 8 septillion years, then you should use the former!

[Quikdrawjoe]

Use Gmail (or any email) that has 2 step verification.  "Hackers" normally gain access through your email account associated with your various profiles (including PSN). 

[DaivRules]

Use Gmail (or any email) that has 2 step verification.  "Hackers" normally gain access through your email account associated with your various profiles (including PSN). 

 

Eek! Looks like my email provider does not support 2 step, but they're owned by AOL, who does. What??? Check yours here.

 

Luckily, I don't keep credit cards on file with Playstation so if they hack my sorry excuse for a profile, the joke is on them!

[Quikdrawjoe]

Eek! Looks like my email provider does not support 2 step, but they're owned by AOL, who does. What??? Check yours here.

 

Luckily, I don't keep credit cards on file with Playstation so if they hack my sorry excuse for a profile, the joke is on them!

 

Hopefully you don't use said email provider for anything else (banking related).

[damon8r351]

Just a point of advice in general, don't make your actual birthdate public information to people you don't know personally. It's actually a sensitive bit of info used in part to verify access to things you may not necessarily want people you don't trust getting into. Like, for instance, your PSN account.

[Jon-Patrick-S]

So I'll just give a final update of the night on what has happened so far for those interested. As stated earlier I've changed my password to one which should be much stronger and disconnected my paypal account from PlayStation for good measure. Since then I've managed to reactivate my PS3 and PSP with no problems but my account remains tied to the unknown intruder's PS4 and there definitely doesn't seem to be any way to reinstate my own console from my end.

 

I've written an email to Sony customer support in hopes of help or answers, the general story I see around the internet is they'll tell me I just have to wait out the six months for the option to deactivate all consoles to return. If that's the case I'd rather just deal with it over email rather than over the phone where I risk getting in any way emotional about the situation but if they come back to me saying to phone them up I'll give it a shot.

 

To close things off I'll just say to anyone out there reading this be serious about your online security. I thought I was being careful enough but clearly somewhere along the way I wasn't. Don't just think to yourself oh it won't ever happen to me though because this has been a real wake up call for me and it has been in no way pleasant. Right now I'm taking measures to secure my email, social media, steam etc and as people discussed above if 2 step verification is an option take it, you're better safe than sorry. Finally I just want to give a huge thanks to everyone who read and posted on this thread my head was a mess when I posted it and people here really helped me snap back to reality. Keep being awesome PSNP community.