Hello Lemmy, so I've been using Playstation basically all my life but this last years I've using more Steam than Playstation, so I stopped using my Playstation account.
In December from the last year, I received a strange email from Playstation telling me that I changed my account's password, I really didn't care expecting to be phishing (specially due to the emails use for Sony for this kind of emails), but one day I logged into my console and for my surprise I got a lot of recent hours in some games that I never played before, and no, I don't share this account with anybody nor my console.
So I changed my password, my email, and reset my 2FA, kicked all the connected devices and I expected that that's it, but no, one day after that I check my profile and again, I got recent hours in games that I have never even played, so I repeated this but this time I contacted Playstation, and in the first instance you need to talk with an AI until the AI decide your case need to escalate to an human, and after that the human just repeat the same over and over again, they basically tell you: "Oh man, that's too bad. All I can do for you is change your email and send you a link on how to improve your digital security" and instantly disconnect the chat, having you to wait for over 40 minutes to just send you a link and then cutting off the chat.
I've playing this cat and mouse game with this intruder and with Playstation support and nothing seem to change, no matter what I change they always access my account, and Playstation doesn't seem to care at all.
I really don't care much about that account since I'm now an PC player, but man, having somebody accessing your account to play their games feels like somebody entering your home just to use the bathroom without flushing, and Sony being the landlord who lends them the key.
So I'm here just asking if somebody know some email to contact Sony or somebody with more authority than the useless chat support agent.
Edit: I wanted to add, that all of this is really odd. Why if they can basically bypass all the security of my account they haven't changed the email account to theirs? Why Playstation never notify me if they logged into my account, but it does when I do? Why use my account to play shitty F2P games instead of creating their own account? And why if Playstation security is so easily to bypass to the point of gaining full access to an account with 2FA they just keep abusing my account instead of others? I mean, I haven't read of anybody else going through this.
I had something similar once with a notification of something with FIFA (literally never played any of them in my life) on my account. Logged playing time but from what I could tell, there wasn't really activity on it. Changed my password and seemed to be fine. Idk if maybe it's some kind of bug or what, because I don't see how they could get past 2FA.
Edit: I should mention I do not own FIFA and it never showed up in installed games
I also started to believe that is some kind of bug, because I find virtually imposible that almost 10 minutes after I change my password, email and 2FA they just keep playing as nothing changed. Maybe this is a zero 0 exploit, or I'm being specifically targeted for this, but I don't believe so.
yeah, bug seems more likely but it's still irritating and worrying, and sony's fuckin useless. cancel the service.
if you really believe it's targeted, at this point I'd worry your entire infrastructure is compromised - if they can see every 2fa fill, if they can see you changing passwords etc., then it becomes simple to keep getting in.
get a new laptop, or, run a linux live instance on something, and change your emails and passwords.
It could also be an unintentional discovery of some kind of cross-site vulnerability, causing someone else's history ends up on your account.