Some of Our Sources
- TutsPlus - Code
- Six Revisions
- Web Designer Depot
- Noupe
- My Ink Blog
- Spyre Studios
- Codrops
- Daily Now
- The Verge
- TechPowerUp
Help Webnuz
Referal links:
October 10, 2018 03:30 am
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/tIC_p_6M1es/why-i-bid-700-for-a-stolen-psn-account
'Why I Bid $700 For a Stolen PSN Account'
Patrick Klepek tells the story of a PlayStation Network user who had their 13-year-old account stolen via what appears to be a social engineering scheme against Sony. Klepek managed to track it down and start negotiating for its release. An anonymous Slashdot reader shares an excerpt from the report: 1,200. That's how much someone is asking for a PlayStation Network account I've been investigating for the past few weeks. "Secure," the person calls it, claiming the account will "never be touched" by the original owner again. "He won't be getting it back," they claim. More than a thousand dollars? That's a little rich for my blood, and so I counteroffer: $700. "Btc?" they respond, accepting my bid. (BTC refers to bitcoin. The majority of transactions like this take place using cryptocurrency; it's generally harder, but not impossible, to trace.) I didn't purchase the account, of course. But I could -- anyone could, if they only knew where to look. This account wasn't on a shady market because someone was clumsy with their digital security. They had a strong password and two-factor authentication. When they were notified about problems with their account, they called Sony and asked for help. Despite all this, despite proving their identity over and over, they lost access to their PSN account, including any trophies earned or any games purchased. It was gone...well, sort of. The original owner no longer had access, but this person -- the individual asking for $1,200 but who quickly and without hesitation dropped to $700 -- did.[...]More than likely, Sony itself is a victim of a clever social engineering scheme, in which a user, or series of users, repeatedly spammed their representatives, until it found someone willing to accept the limited information they did have, and calculated the system would eventually lock the account in their favor. Even a "failed" social engineering attempt can be a success, if the person calling comes away with new information about the account. Every company in the world can fall victim to social engineering, as there are no true fail safes. But Sony's setup seems especially ripe for it. Why didn't the system get flagged as "sensitive" sooner? Why can a user flip off two-factor authentication over the phone? How can an account get abandoned, when it's still active? There are ways Sony could have prevented this from happening. In the end, the original account owner was magically handed the account. "Sony promised that they were going to set it up so no reps could make any changes," the account owner said, "but they are still investigating how this happened."Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/tIC_p_6M1es/why-i-bid-700-for-a-stolen-psn-account
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot