PlayStation Users Suffering Social Engineering Attacks

PlayStation Users Suffering Social Engineering Attacks

The last big digital attack of the PlayStation Network was in December 2014, when the Lizard Squad brought down the entire network. Since then, numerous PlayStation accounts have been subject to social engineering attacks, some of which have cost users hundreds of dollars to be fraudulently charged to their credit cards.

In one such case, a user found himself locked out of his PlayStation account. He contacted Sony customer service and the agent told him that his gaming account had been switched to another PlayStation located in Europe. Quickly remembering that he had connected his credit card to his PlayStation account, he contacted his credit card company only to discover that $570 of extra points in FIFA ’15 (points used for in-game purchases) had been billed to his card.

It seems that the attackers have been gaining access to accounts by impersonating the account owner during a customer service call, which doesn’t seem all that difficult since Sony customer service only requires the person’s name, email and PSN username before adding another console to the account. Besides lax company policies, due to Sony suffering a major data breach in 2011 that leaked information on approximately 77 million accounts, there’s reason to believe that some of this data is still available on the Internet, like names, usernames and emails. This is the perfect information to successfully execute a social engineering attack.

Victims are finding themselves stuck with bills for stolen goods while Sony’s platform still does not support two-factor authentication, which would enable users to take proactive action to further secure their accounts.

Image: charnsitr /

About the Author

Ginger Hill is Group Social Media Manager.

  • Ahead of Current Events Ahead of Current Events

    In this episode, Ralph C. Jensen chats with Dana Barnes, president of government business at Dataminr. We talk about the evolution of Dataminr and how data software benefits business and personnel alike. The Dataminr mission is to keep subscribers up-to-date on worldwide events in case of employee travel. Barnes recites Dataminr history and how their platform works. With so much emphasis on cybersecurity, Barnes goes into detail about his cybersecurity background and the measures Dataminr takes to ensure safe and secure implementation.

Digital Edition

  • Environmental Protection
  • Occupational Health & Safety
  • Spaces4Learning
  • Campus Security & Life Safety