Hello dear SG community. So far I always made topics in the Deals category, but something sooo unlikely happened to me, I want to share it with you before I get crazy. It's not a life matter situation, but a small mystery with juicy Amazon, eBay, Sony, and hacking (?) in it.

TLDR: someone stole me a 40€ PSN code and I don't understand why and most importantly, what is the probability of the events that leads to the theft.

Here are the chronological facts:

  1. On July 16th 2018, Amazon France offered a good deal on a PlayStation Plus subscription code: 15 months for 40€. I bought two codes, one for me, the other to share with a friend or to resell.
  2. My subscription wasn't over so I didn't activated my code immediately after buying it (yes, I know I can activate it early).
  3. At the beginning of October, since I didn't find anyone in my relatives/friends interested by the second code, I decide to put it on eBay.
  4. On October 10th, somebody sabotages my Internet connection in my building (I still don't know who). Anyway, I have to connect my computer through an open Wifi network. This is a free hotspot for subscribers of my Internet provider that you can pick up across the city. You need credentials to use it.
  5. On October 11th, someone buys my code on eBay. To avoid any Paypal scam, I only accept bank transfer as payment. The buyer adds my IBAN on his bank account but has to wait 48 hours before he can do a bank transfer to it.
  6. On October 14th, the buyer sends the money.
  7. On October 16th, I receive the money on my bank account. Immediately after, I send the code to the buyer through eBay messaging.
  8. Few hours later, the buyer tells me the code doesn't work and have already been redeemed. At first I have doubts on his sincerity, but after a few messages I become confident that he tells me the truth.
  9. I contact Sony to ask them why the code doesn't work. They tell me the code has been redeemed on another SEN account on October 14th 18:27:38 CEST. It's exactly two days before I send the code to the buyer. So it can't be him who redeemed it.
  10. Of course Sony don't want to give me another code. Since it's not the buyer fault, I send him the second code I have, which was supposed to be for me.

All of these events raise several questions:

  • How the code could have been redeemed?
  • How is it likely that the code was stolen TWO DAYS before I sell it? It's been lying around my emails and my Amazon account for 3 months!
  • During the time I was connected to an open Wifi, I may have connected to my Amazon account to check the codes (I don't recall exactly). One thing sure is that my computer remained turned off on October 14th since I wasn't home. Could a neighbor have hacked the Wifi a few days before and intercepted the codes? Even if Amazon website is encrypted through SSL? Note that my computer is 100% virus-free and trojan-free.
  • If someone stole my code through hacking, why didn't he stole both codes?
  • Could someone have brute-forced the code?

And this is why I call these unlikely circumstances:

  • If I had decided to get rid of the code a few weeks before, I wouldn't be talking about it now.
  • If the buyer hadn't delayed the sending of the payment because of his bank rules, I would have received the payment on October 13th and sent the code to the buyer the exact same day.
  • If my Internet hasn't been sabotaged the EXACT same week I was selling the code, the hypothesis of a Wifi hack would have been ruled out.

The only loss is in this story is money, so take it lightly :) I'm just curious about your ideas and opinions on how this has happened.
And also, what do you think I should tell Amazon if I want to get a refund?

Thank you for reading my story!

6 years ago*

Comment has been collapsed.

I think you'd only have a shot at a refund if the code was claimed on a date before you purchased it. Since it was used a while after you paid for it, the responsibility would be out of their hands. For example, if you purchased a physical copy of a game, want to sell it on ebay and realize the day you want to ship it that it has been opened and the game disk or cartridge was missing, you couldn't hold amazon at fault since it wasn't shipped that way. (Sorry if that analogy sucks haha.)

I do think it's a peculiar thing to happen but since the code was used just before you tried to sell it rather than shortly after you obtained it, I don't think amazon had anything to do with it. The internet trouble around the time sounds suspicious but isn't much to go on about. And I doubt you need anyone telling you to not connect to anything needing a password when on an unsecured network, so lesson learned I guess?

Still if you happen to do find out more I want an update.

6 years ago
Permalink

Comment has been collapsed.

Your analogy is strange but I get it :)
Yeah I do agree that I waited too much time to take care of those codes. I've chatted with Amazon and they told me this: "contact us again with a response from Sony so that we can do a refund in case the code has been used". I guess I can have hope? But if they see in the response from Sony a date so close to the day I've contacted them, they may find it suspicious, no?

6 years ago
Permalink

Comment has been collapsed.

I mean, I have seen examples of amazon having impeccable customer service even when they didn't need to, so in that sense it is worth a shot if you're already been in contact with them. I do think you you could contact them with the Sony response, I mean they want to do the honorable thing so you can do too. Better than letting them think you never contacted Sony.

If they sometimes mix up codes it's also possible the code was sold twice so maybe someone happened to get the same code as you around that time?

6 years ago
Permalink

Comment has been collapsed.

Since its a sale, like publishers/retailers they often mixed up the codes. Your code may have been given to someone else again and since you did not redeem it immediately it was redeemed. Personally, I'll to dig with Sony for more details.

I do not believe anyone will hack you in your building unless they know you're a big youtuber or online personality that chances you have codes hanging around. Unless you're in a work in real life that attracts anyone's interest and you have shown too much information to others.

Do you share your computer with someone else or if you did not set a personal password, who could have excess your computer? Perhaps its someone you know or unknowingly left the computer unattended and was breached in that manner.

Edit: Is your email 2FA protected?
Cheers~

6 years ago
Permalink

Comment has been collapsed.

Yes the Wifi hacking seems very unlikely, I'm not a popular person, just a regular citizen living in a building with 24 apartments.
I've checked my computer logs and nobody has used it the day I wasn't home. But the contrary would have surprised me, since only my wife and I live here, and she doesn't like computers very much :P
And yes, my email is on Outlook.com has two-factor authentication activated.

6 years ago
Permalink

Comment has been collapsed.

Actually, something odd happened to me today. I lost my wifi connection suddenly in the afternoon. I use an old computer so my wifi stick at times gives me issue and does not register connectivity. However, it always connects to the router. Today, both my mobile phone and computer lost the wifi connectivity on the router at the same time. Which had never happened before.

As nowadays, my cable tv also relies on my fibre internet, I turned on my TV to check if I could connect to my cable which I could. Its low probability that both my PC and Mobile fails at the same time. Also if the router is at fault, then my Cable TV should not fire up. Its such an odd experience but I resolved the router connectivity with powering it on and off. I probably should contact my ISP and ask if there is any FAQ on it. Tomorrow I guess.

Happen to chance upon your thread too. Makes it an even weirder experience. Do you have a landlord or sorts?
Cheers, Cruse~

6 years ago
Permalink

Comment has been collapsed.

Hmmm maybe your router got an update that disturbed the Wifi for some time?
And no landlord nor caretaker, I own the apartment I live in.

6 years ago
Permalink

Comment has been collapsed.

I forgot to mention, the error on the mobile was on the line of "Failed to authenticate" although my wifi ID was identified I can't connect. Until I went to restart my router. I have not reset my router nor I think my ISP updates my router without my knowledge as they own my modem but not my router.

I will advise you to continue with Sony and figure where the user is from perhaps and slowly. try to link clues together, Best of Luck in figuring out. Cheers, Cruse~

6 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 6 years ago.

6 years ago
Permalink

Comment has been collapsed.

I understood what you mean. I live in a relatively safe environment. There's a police station just below my block, although that does not mean anything. The most likely culprit if any would be my neighbors but on the wifi list there are more than 10 wifi spots that I can detect. There is also free government wifi although I had never tried using it since its darn slow,

My family has the habit of looking out for strangers, any strange voice, noice, etc as we lived in a common corridor unit. I doubt someone actually was hacking me but I will not doubt if someone was targeting en masse. Most likely a router glitch as I was using internet as the time it happened and its resolved after I power on/off the router a few minutes later. Being hacked was the 1st thing that crossed my mind but I did not encounter any disruption after that.

My ISP is also known to have breakdowns or maintenance without telling their customers. They believe that the majority of the population is sleeping at 2-3am thus noone is using the internet and they can do as they please during that time . . . Most of the time I had to find out the hard way but not I have my mobile to check if the internet is really out for maintenance.

Well, I am pretty sure celebs often get hacked or induced ransomware into their computers. Its not their field and often than not in reports from time to time I read about celebs not knowing how to use the computer. All their time is spent on preparation, acting, socializing and more practices, etc. They are the most likely silent victims.
Edit: checked my bank account, email and Steam do not seem to have any abnormalities.
Regards, Cruse~

6 years ago*
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 6 years ago.

6 years ago
Permalink

Comment has been collapsed.

I had been using Fibre internet for awhile so previously the cable wifi was very unstable but as long as the hardware are not faulty, Router, Modem, wifi stick, PC USB port, I do not really have connection issue. Except that my internet is based on a shared network so when everyone from my block/area are using the internet, it slows since my plan is the lowest, i get the smallest pie. hahaha

My PC is old so I had been getting USB error where the Wifi stick just disconnects. Been using this case for 5-7 yrs and the MB was last replaced at least 3yrs ago can't remember. It still functions fine for surfing and playing simple games though hehehe.

I often wake up at nite due to insomnia and light sleeping. Nowadays 5 hrs, so I spend time around 2-3am on surfing. Also that's the time when the European Football/Soccer starts. I just have a US timing in my regular schedule lol. There's alot of times others I met on the internet thought I am American. XD

I'll call in the ISP tomorrow just to have a peace of mind since its Sunday today and practically forgot about it till now. hahaha Cheers~

6 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 6 years ago.

6 years ago
Permalink

Comment has been collapsed.

1.16 TB used between 23 Sep - 21 Oct. I probably go broke if I use my mobile plan to watch streams. I constantly let Twitch run on moblie for my supported streams. Last month when my modem broke. I have to pay 100+ because I do not use a data plan. I try to restrict all data usage at home and if I wanted to watch something I'll download it. Better for the pockets than streaming.

:D Thank you for your well wishes, going to eat dinner now. Laters~

6 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 6 years ago.

6 years ago
Permalink

Comment has been collapsed.

I know and won't do it in a cafe or an airport, but here it's a public Wifi you can only access in my building, on the floor I live and the floor above. Only a few apartments are close enough to connect on it. The area is very limited. And unfortunately with my personal Internet connection not working, I had no other choices :/

6 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 6 years ago.

6 years ago
Permalink

Comment has been collapsed.

Me neither, on one hand it looks unlikely I've hacked exactly the day I went on Amazon. But on the other hand, I don't see what could lead to the use of this code only a few days after this event.

6 years ago
Permalink

Comment has been collapsed.

How far away you can connect to wifi depends on two things - the strength of the signal and the quality of the receiving antenna. I built a directional wifi antenna out of a Pringles can and some bits and pieces when I was young and poor. I used it to get free internet from the library wifi just over 1km away (just short of a mile), instead of paying for my own broadband.

It's also very easy to sniff passwords and secret data over an open wifi point. Always - ALWAYS - use VPN if you are on any wifi network that you do not control yourself. You do not know who else can see all your data as you use the network, see your passwords, or even hack your computer.

6 years ago
Permalink

Comment has been collapsed.

Nice DIY :)
I am a very trustful person and didn't think anything like that could ever happen to me. Moreover, I have Windscribe VPN installed, but forgot about it :(

6 years ago
Permalink

Comment has been collapsed.

Anything and everything on your computer can be accessed if you connect to a public network. That includes Chrome cookies and temporary internet files. Any half-assed attempt of data-mining through a network connection could steal some, if not, all of your data.

It's highly unlikely that the code given by Sony is at fault. Amazon has built-in systems that blocks the same codes (even with space differences) on any CSV file.

6 years ago
Permalink

Comment has been collapsed.

My neighbors doesn't look like hackers. But well, you never know someone until... Is it that easy? Even if you go on secured websites with https/SSL?

6 years ago
Permalink

Comment has been collapsed.

Another possibility you didn't mention is that it wasn't actually sold by Amazon but a third (marketplace) party? If so then anyone from this company could have stolen it. Or wherever they got the code from was an unsafe source. Or someone else could have gotten access to their PC(s). Or they just send the same code out twice to two different customers (by mistake (or not)).

6 years ago
Permalink

Comment has been collapsed.

It was sold by Amazon during Prime Day. I don't think it could be an Amazon employee.

6 years ago
Permalink

Comment has been collapsed.

Having worked for Amazon I maybe wouldn't rule that out so quickly...

6 years ago
Permalink

Comment has been collapsed.

You were doing business on an unsecured public WiFi connection. That's almost certainly the culprit.

6 years ago
Permalink

Comment has been collapsed.

Yeah I guess. What I don't get is why did he steal 1 code, not both? They are on the same Amazon page.

6 years ago
Permalink

Comment has been collapsed.

Check your browser history to see if any of those site you were using on the free network were downgraded to HTTP.

Technical details for the geeks: https://avicoder.me/2016/02/22/SSLstrip-for-newbies/

6 years ago
Permalink

Comment has been collapsed.

Good idea. Unfortunately, I've checked my browser history and all Amazon and Outlook pages have HTTPS in front of them.

6 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 4 years ago.

6 years ago
Permalink

Comment has been collapsed.

Thank you, I've asked Sony for more details on the thief, waiting for their response. Could I ask them to revoke the code? I don't know if it has been done before.

6 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 4 years ago.

6 years ago
Permalink

Comment has been collapsed.

Without exploring all the possibilities (and they are many), the most likely one might be that you created an account on a third party site using the same password used by your e-mail therefore granting to whoever manages or has access to that site's database free access to your e-mail. Any place that uses the same password, no matter when the account was created can possibly be used to gain access to your email and therefore to any codes and further data stored in there. Try to use unique and strong passwords whenever possible and change them periodically without using easy to guess patterns.

6 years ago
Permalink

Comment has been collapsed.

I was sure you had a lead here. But my email password is unique and I have never used it on another website. And I have 2FA, so I should be informed if anyone tries to connect to it. I have checked the Outlook login history, and everything looks fine.
Regarding Amazon, my account uses an email alias (another email address) I've created for this Amazon account. But I may ask Amazon for login history since they're not public data like Outlook.
Anyway, that was good thinking :) I should improve my password management to avoid any issue in the future.

6 years ago
Permalink

Comment has been collapsed.

This is certainly really interesting and reading through the comments, I don't think I have anything to add but good luck in obtaining a replacement code :)

6 years ago
Permalink

Comment has been collapsed.

To not repeat the others... brute-forcing a key like that seems really unlikely. Chances are drastically small.

6 years ago
Permalink

Comment has been collapsed.

Well.I 've got a reasonable yet useless analysis for you.Of course,it's just for fun.
Cause what's gone is gone,and this kind of mishap is very unlikely to happen to you ever since.If not,probably my point works.

That is,you have another personality whose existence is unnoticed by your usual self so far.And that personality happened to want to subscribe for the PSN service under his or her own name.

Case closed~ And I have suddenly got an urge to check if people can actually complete a series of tasks that require certain concentration and consciousness while sleepwalking.

6 years ago*
Permalink

Comment has been collapsed.

AN UPDATE!
After a dozen phone calls and emails with Sony and Amazon, I found myself in a dead end. Both rejected their fault on each other. I couldn't get more information from Sony about the thieve, telling me it was confidential. At first, one Amazon guy tried to obtain a refund, but it was denied.
A month later, I contacted Amazon again to try my luck. Glad I did. I finally managed to get a refund on my purchase. Case closed! I will never know what happened, but at least I got my money back.
Thanks to everyone who replied, very much appreciated! It was fun to know your opinions. Enjoy your holidays :)

5 years ago
Permalink

Comment has been collapsed.

Sign in through Steam to add a comment.