PlayStation Twitter account was hacked by ‘security experts’
No proof of PSN being compromised
Earlier this week, for a brief moment, the PlayStation Twitter account was hacked and sent out the following tweet:
PlayStation Network Databases leaked #OurMine
Subscribe to #DramaAlert
No, we aren’t going to share it, we are a security group, if you works at Playstation then please go to our website ourmine . org → Contact
The now deleted tweet indicated that not only did the group responsible overtake an important social account of PlayStation, but that they’d gained access to PSN databases as well.
For 140 characters, there sure is a lot to unfold here so let’s start big picture. The good news here is that if PlayStation was to be compromised by anyone, a group like this is theoretically who you’d want to do it. That’s because:
Tyler Treese writes for PlayStation LifeStyle:
OurMine is a popular Saudi Arabian security hacker group that has hacked celebrity accounts in the past to advertise their security services. In the past they’ve hacked the Twitter accounts of Pokemon Go creator John Hanke, Twitter co-founder Jack Dorsey, and Google CEO Sundar Pichai.
From Wired, Andy Greenberg:
In a conversation with WIRED, one anonymous member of the group insisted that OurMine’s string of tech exec embarrassments is only its way of teaching us all a helpful lesson. “We don’t need money, but we are selling security services because there is a lot [of] people [who] want to check their security,” he wrote in less-than-perfect English, declining to offer his name or the location of what he described as OurMine’s three-person team. “We are not blackhat hackers, we are just a security group…we are just trying to tell people that nobody is safe.”
The pitch from OurMine is simple — we’re hacking you to show you how poor your security is. By hiring us, we can ensure these types of hacks from more sinister groups don’t take place.
How true this is remains to be seen. Once again Wired:
In fact, it’s worth taking all of OurMine’s claims with a heaping dose of skepticism. The OurMine member claimed, for instance, that the hackers have already collected $18,400 in fees for security services they’ve performed for willing clients. But when WIRED requested evidence of those transactions, he sent a screenshot from the group’s PayPal account that appeared to be doctored: It showed $5,000 payments from the companies Conversely and TruthFinder, but Conversely tells WIRED it never paid for any such “security” service. “The screenshot is fraudulent — we have never heard of OurMine until now, and would definitely never purchase such a service,” Conversely spokesperson writes. TruthFinder didn’t immediately respond to a request for comment.
As for hacks like this, much like the supposed celebrity ‘iCloud hack’ that took place in 2016 (different group), no accounts from Twitter in this case or Apple were actually compromised which is a huge and important distingshion. Instead, hacks like this are performed through social engineering where account information is phised out and constructed through recovery methods. If I had to take a guess, I’d say there’s a good chance the PlayStation Twitter account didn’t have 2-step verification on, nor did the connected accounts like the attached e-mail for password recovery. From there, the account was brute forced which forced a password recovery and the team behind had enough of various account information to change the password recovery towards an email they controlled.
So Twitter account aside, was anything else ‘hacked’ from PlayStation? OurMine claims they have access to a PlayStation Network Database but it’s unclear what exactly that means or how true it is. If it is true, it’s likely something we won’t hear about as it will be a negotiation that will take place behind the scenes. If it’s not true, I also doubt we’ll hear much but unless the group has gained enormous sophistication in the past year, hacking a Twitter account is one thing, compromising PlayStation Network after all of their security woes and taking a piece of the database is something entirely different.
While unfortunate, unless there appears any concrete proof, I’d shrug this off as nothing more than lazy security methods for the PlayStation Twitter account and not a sign that your information through PSN is in jeopardy.
If you yourself don’t have 2-step verification on your various accounts, including PlayStation Network, I’d suggest taking this as a reminder that now is as good a time as any to do it.
Thanks for reading! If you liked this post, let me and others know by 👏 below (you can 👏 more than once!) which also helps the site grow!
