Danny M

An update! I'm sorry I've been quiet, but I've spent the last couple of days learning as much as I can about PSN account theft: How long it's been happening, why people are being affected, and so on. I've likewise exchanged a ton of emails with and spoken extensively on the phone with multiple high-ranking people at Sony in different departments over a series of lengthy calls. I want to sincerely thank them for listening, asking great questions, being thorough and thoughtful, and doing everything they can to help. I owe them a lot, and it's through their efforts that I hope we will see action. On the next episode of Sacred Symbols, I will go deep into what we've learned (and because it's so important, we will make this episode free-for-all upon release this Friday). The reality, as far as we can tell, is that the PSN is extremely vulnerable to so-called "social engineering": Using completely mundane information -- like what you'd find on a Wal-Mart or Target receipt (if that) combined with nothing more than an email address -- and using those details to hijack innocent people's accounts via call center customer service representatives. This technique completely circumvents not only your password, but your 2FA, etc. It happened to me, it's happened to many others, and it will continue to happen unless fundamental changes are made. In addition to the people at Sony that have been so helpful, I want to thank people in my community with IT, infosec (etc.) backgrounds who have stepped up in major ways, all without being asked. We've learned an enormous amount about the who, what, where, why, and so on, all because of these people volunteering their time and effort. I'm actually (pleasantly) shocked how good these folks are. We have been and will continue to be passing along everything we've learned (and continue to learn) to Sony, in hopes that we can be useful in solving this major problem for the entirety of the PlayStation community. Ultimately, I have two goals: 1.) To help convince Sony that they need to make serious, immediate efforts to secure people's accounts on PlayStation Network. (We are in this stage.) 2.) To help reunify people with their stolen accounts. (This is a big one, and my heart is so heavy for people who have lost access, sometimes for months and even years, through no fault of their own, and with seemingly no recourse for them. It's simply not fair.) More on the show! In the meantime, be well. <3

With the help of my friends and connections at Sony, I got my account back. I want to thank everyone for their kind words, advice, and direction! It meant a lot. I fully know I exercised advantages due only and exclusively to my stature in the PlayStation community and my many tethers to the mothership. These are absolutely not privileges many other people have. I simply must acknowledge that. With that said, I know this has been happening to a lot of folks over time, and we've even covered it on Sacred Symbols on a few occasions. I will dive deep into the situation on the next episode, but rest assured I am already bending (and will continue to bend) the ears of who I can to hopefully help convince the powers-that-be that this is a real issue they have to contend with. Thanks again.

Update: I called support before I even talked to anyone at Sony that I know. They called me back just now as they said they would; I'm not entirely sure if it was because of my original call, or because Sony people stepped-in. Either way, they told me it will take three weeks for them to get to have any answers, which seems fucking insane. They removed my credit card info, etc., from the account in the interim, but seemingly couldn't mass-change the password and boot others off in the interim? Okay then. If I don't get my account back by tomorrow, I'll file with the Better Business Bureau, as has been recommended. I'd be more patient if it was my fault, if I was phished or clicked a bad link or otherwise did something. Then I'd be like, okay... I get it. But I did absolutely nothing, and in fact had an account with an alphanumeric password and 2FA. That didn't matter. I'm telling them they have a serious breach, and that seems irrelevant, so I will press.

More details for the curious: -I spoke to my connections at PlayStation PR, who helped me escalate, and to whom I am thankful.* -Multiple friends at Sony-owned studios reached out to me unprompted to say they've also asked to escalate the situation internally through their own means.* -I even reached out to the Mayor of Gaming, my old pal Greg Miller, to see if he knew anyone who could help. He knows everyone; always has. I am grateful for his assistance as well. I'm sure a voicemail from me was the last thing he expected. -I totally appreciate the "digital games" argument, but I'll be real with you: I don't really give a shit about my library, in which I think I have like 700 games. I won't touch 99%+ of them ever again. I care about my Trophies and save data, period. I understand I am an edge case in this regard, but felt like I should be clear why I'm actually bummed, so as to not be disingenuous. -Whether or not I become a GI Joe YouTuber depends entirely on the outcome of this situation. * - I understand these are major advantages most people affected do not have. I acknowledge that fully.