Somebody is accessing my Playstation account and Playstation support doesn't seem to care

Hey there!

Hello Lemmy, so I've been using Playstation basically all my life but this last years I've using more Steam than Playstation, so I stopped using my Playstation account.

In December from the last year, I received a strange email from Playstation telling me that I changed my account's password, I really didn't care expecting to be phishing (specially due to the emails use for Sony for this kind of emails), but one day I logged into my console and for my surprise I got a lot of recent hours in some games that I never played before, and no, I don't share this account with anybody nor my console.

So I changed my password, my email, and reset my 2FA, kicked all the connected devices and I expected that that's it, but no, one day after that I check my profile and again, I got recent hours in games that I have never even played, so I repeated this but this time I contacted Playstation, and in the first instance you need to talk with an AI until the AI decide your case need to escalate to an human, and after that the human just repeat the same over and over again, they basically tell you: "Oh man, that's too bad. All I can do for you is change your email and send you a link on how to improve your digital security" and instantly disconnect the chat, having you to wait for over 40 minutes to just send you a link and then cutting off the chat.

I've playing this cat and mouse game with this intruder and with Playstation support and nothing seem to change, no matter what I change they always access my account, and Playstation doesn't seem to care at all.

I really don't care much about that account since I'm now an PC player, but man, having somebody accessing your account to play their games feels like somebody entering your home just to use the bathroom without flushing, and Sony being the landlord who lends them the key.

So I'm here just asking if somebody know some email to contact Sony or somebody with more authority than the useless chat support agent.

Edit: I wanted to add, that all of this is really odd. Why if they can basically bypass all the security of my account they haven't changed the email account to theirs? Why Playstation never notify me if they logged into my account, but it does when I do? Why use my account to play shitty F2P games instead of creating their own account? And why if Playstation security is so easily to bypass to the point of gaining full access to an account with 2FA they just keep abusing my account instead of others? I mean, I haven't read of anybody else going through this.

Lol, this actually make the most sense, the only weak point of this theory is that no matter how poisoned I can be, I would never play soccer games or Roblox.

Do you have a carbon monoxide detector?

This reminds me of the Reddit post where they thought the land landlord kept breaking in and leaving them post-it notes etc. but it turned out they were suffering from carbon monoxide poisoning and didn't remember doing it themself.

Ideas:

- if playstation has some kind of account sharing, yours is enabled.
- if you ever used another playstation device, it might have been registered to your account/email.
- your email address might be compromised in itself. Check security, logins etc.
- your backup might be compromised. Check that as well.
- if you ever had someone visit your house and use your playstation, PC or accounts in general without your knowledge or supervision, it's probably their fault.
- If you use WiFi and live in a populated area, there are many ways in which it can be highjacked, snooped on and otherwise infected with nastiness.
Everything which passes through your internet connection isn't really all that safe without the needed precautions.
- Same with Bluetooth.
- your browser might be hiding a snoop in itself or its extensions.
- if you use any kind of "ai", you're absolutely fucked in every way possible.

That's about all I can think of. Good luck.

Do you pay for this service? If yes, call your bank and dispute the last charge, then put a permanent stop pay on the vendor.

https://www.playstation.com/en-us/support/account/sign-in-psn/#alldevices

"Sign out of PlayStation Network on all devices

If you can't physically access your PlayStation console, you can sign out of all your devices by using Account Management online.

Sign in to Account Management.

From the left sidebar, select Security. 

Select Sign Out on All Devices from the bottom of the screen."

Boot them out, change the password and 2FA again.

Change the email address on the account in case your email is compromised.

I had something similar once with a notification of something with FIFA (literally never played any of them in my life) on my account. Logged playing time but from what I could tell, there wasn't really activity on it. Changed my password and seemed to be fine. Idk if maybe it's some kind of bug or what, because I don't see how they could get past 2FA.

Edit: I should mention I do not own FIFA and it never showed up in installed games

It could also be an unintentional discovery of some kind of cross-site vulnerability, causing someone else's history ends up on your account.

I also started to believe that is some kind of bug, because I find virtually imposible that almost 10 minutes after I change my password, email and 2FA they just keep playing as nothing changed. Maybe this is a zero 0 exploit, or I'm being specifically targeted for this, but I don't believe so.

As far as I know, they didn't try to purchase anything yet, they just use my account to play specifically F2P games.

yeah, bug seems more likely but it's still irritating and worrying, and sony's fuckin useless. cancel the service.

if you really believe it's targeted, at this point I'd worry your entire infrastructure is compromised - if they can see every 2fa fill, if they can see you changing passwords etc., then it becomes simple to keep getting in.

get a new laptop, or, run a linux live instance on something, and change your emails and passwords.


maybe run portmaster on your main pc to see if there's any kind of fuckery traffick

This does make me wonder actually if the statistics are just messing up somehow. I have heard of them being inaccurate before, but not to this extent. Definitely weird.