No, I Didn’t Buy $175 Worth Of Video Games
The time was 11 p.m. My family and I were waiting for our plane at Orlando airport after a long day at Disney. My wife and son were asleep, so I got on my phone and learn that I could download a PlayStation game for free for a limited time. I tried to log into my PlayStation account and notice my password didn’t work. No big deal, maybe I forgot the number I usually add to the end of all of my passwords. I hit forgot password to send a password reset to my email. However, my email app kept giving me an error message. “Ok,” I thought. I had a password reset email texted to my phone and was able to log in and update the password.
I was able to log into my PlayStation account and add the game to my cart. At checkout, the price for the game was $0- of course. I kept reading. Credit – $9.75. “Hey, Sony gave me free credit!” “Wait, what”, I thought to myself. I quickly went to my purchase list and noticed a bunch of games I know I didn’t buy for download- some were games I already owned disk. I quickly checked my online bank account and noticed a $175 purchase from PlayStation Store. I’ve never spent more than $20 on a downloadable game. Unfortunately, Sony was closed so I would have to wait until morning to contact them.
I contacted Sony the next morning and explained the situation. They said that my refund would be processed within a few days and reminded me that is was my responsibility to protect my account. Great, that was easy. I realized someone had hacked my email, so I decided to check my credit card account online. However, when I tried to log in, it was locked due to suspicious activity. When I called them, they told me that someone had tried to make a $175 from the PlayStation Store. They denied it because they know my spending habits. That, at least, was good news. Then my wife said she couldn’t log into her Instagram.
I’ve Made A Huge Mistake
So, how did this happen? It was my fault. Someone had figured out the password to one of my emails. It’s was an old one provided by my ISP that I used for junk email and my PlayStation account. Funny thing is, I had scheduled for the installation of a new ISP in two weeks. I’d been using variations of the same password on all of my online accounts. That wasn’t the first time someone had gained access to that particular email. Unfortunately, when I found out about it I did something dumb- I changed the number at the end of the password.
The hacker was able to once again guess my email password, and use it to access all of the accounts I had connected to it. My email was used to log into the PlayStation account, and from there all they had to do was press “forgot password”. A reset password link was sent to the hacked email the hacker was able to change it to whatever they wanted. My credit card and PayPal account stored on my PlayStation account for purchases and the PayPal is connected to my bank. From there, the hacker purchased Playstation funds using my PayPal. Luckily, the max Playstation allows you the purchase at once is $175.
How You Can Protect Your Online Accounts
After that wake-up call, I immediately set out to secure all of my accounts. Now, I can say with confidence that all of my online accounts are secure. Here’s how you can do the same.
Use Strong Passwords
The first line of defense for protecting your account is a strong password. Most websites allow you to use symbols, numbers, and capital letters when creating a password. Find a way to utilize all of that in your password. You should never use a password that’s easy for a hacker to guess. If your password is “password”, stop using that right now. STOP! I really can’t be too hard you- my old wi-fi password was “123456789”. Don’t use any password patterns like your name and a series of numbers. An example of this is “JohnSmith1234” or “JaneDoe4321”. That’s what hackers are looking for.
You need to make it hard for them. Instead, I suggest using a phrase that can be turned into an acronym with symbols and numbers. We will use the phrase “John Smith is number 1 at playing golf!” As an acronym that would be “JSin1apg!” or “JSi#1apg”. Make it a phrase that’s easy for you to remember but make sure the password can have at least 8 characters.
Don’t Use The Same Passwords On Different Sites
I know it’s convenient- I’m guilty of this too. If someone does happen to get past your strong password, they won’t hesitate to try that same password on all of your accounts. Once, again do not make it easy for the hacker. Find a way to come up with a different password for each and every account. If you think you will have trouble remembering all of those different passwords, get yourself a good password manager. With a password manager, can have different passwords on your accounts, but use one master password to access those same accounts.
Some great password managers are:
Sticky Password– Sticky Password has a free version that allows access to password data on a single device and has a password generator. The premium version that allows you to sync passwords across different devices.
LastPass– The LastPass free version stores passwords, generates passwords, and notifies you if one of your passwords are too weak. The premium version allows you to share passwords with as many people as you want, includes 1gb of encrypted file storage, and unlocks two-factor authentication (explained below in next section).
Dashlane– Dashlane free will generate and store passwords. It will also notify you of any security breaches from companies that you have an account with (of course the company would have to disclose the breach first). Their premium version unlocks two-factor authentication and priority support.
Set-up Two Factor Authentication
Two-factor authentication, also called multi-factor authentication or 2fa, adds an extra layer of security to the login process. Yes, it’s a little inconvenient, but I’m certain it would have prevented the hack on my PlayStation account. 2FA had been added to PlayStation a few months back, but I never got around to setting it up.
2FA works by requiring you to enter a special code the first time you log into an account. When 2FA is set up, you enter your username and password like normal. Then, depending on your account settings, the account will ask for a special code will be texted or emailed to you (some even allow you to use a fingerprint). You can choose to have the account ask for the code only for the first time you log in on a new device or every time you log in on any device. If other people have access to the computer you log in, I would defiantly have the account ask for the code every time.
I have set up 2FA on all accounts that offer it. Now, if a hacker were to use “forgot password” to access my account, they would need the code. That code will be safely on my person. I admit that 2FA is not perfect, and some expert hackers are able to bypass it, but it is better than nothing.
Even if you don’t do the first two things I mention, I strongly recommend setting up 2FA if the account offers it. If you don’t set up 2FA, and your account gets hacked, the hacker probably will set it up for themselves. You will find it hard to get back into your own account.
I have codes authentication codes texted to me. One drawback of using text is that hackers may be able to intercept that text and log into your account. If you really want security, you can prevent that by using a special USB key fob. Instead of entering a code that was texted, you insert the USB when the code is asked for. No one will be able to log into your accounts without that key.
Be Safe Out There
Every day, millions of accounts are hacked. What I’ve just explained is only the basics of keeping your online accounts safe; there’s plenty more. I hope you know enough now to not make it easy for hackers to gain access to your accounts. If you know your accounts are well protected, then great for you. But, if you know your account is vulnerable, take steps to correct it now. Don’t do what I did and wait until you lose money. It could have been way worse for me.
Thanks for reading my post. If you have any questions or know of other ways people can protect their accounts please let me know in the comments.
7 Comments
Hi. Thank you for the informative post. Sorry you have to go thru that but glad that you were able to get back your money. I will definitely look into the password manager apps you mentioned above. I don’t know if it’s old age, but I can’t recall by sheer memory the numerous passwords I have to remember, especially when I don’t log in the account often! Definitely in need to have password manager.
Thanks, Daisy. I don’t think it has anything to do with old age, not that you’re old. It’s all of these accounts we’re signing up for. I have so many that sometimes I forget that I’ve already signed up. I can’t tell you how many times I’ve gotten the “this email is already associated with an account” message.
So sorry you had to go through that! This post has been an eye opener for me. It’s something I’ve slacked on! I guess I’ve been lucky as the last time my Facebook got hacked was 2007! Definitely need to reassess my passwords again
Thanks for commenting. The worst part about that is they got into my wife’s Instagram and changed her password. She lost access to some of our kid’s baby photos. She took them using the Instagram app and they’re gone.
[…] Amazon Prime is tied to your email. That means after the free trial from one Amazon account expires, you can create another Amazon account under a different email and use that free trial. Be careful, besides being inconvenient, it could cause a cybersecurity risk by having your information in multiple Amazon accounts. If you want to learn more about how to protect your online accounts check here. […]
Such a great helpful post Kris! I am not always the best at making sure to do these things and I often need a reminder to be more cautious. Keep the great content coming! I love your blog!
Thanks, for you support!