The Sony Playstation Network has been offline for about a week now. I'm posting a new thread because there's been an important development which warrants its own thread:
All your information including "name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID" have been stolen, as well as, possibly, "profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers".
Finally, "(...) we are advising you that your credit card number (excluding security code) and expiration date may have been obtained"
Basically, there's a catastrophic security crisis going on with the PS3's Playstation Network, which has compromised data for 77 million user accounts. There is still no ETA for resumption of PSN services. All of the quoted text comes directly from Sony, btw, so you can be sure this isn't just some third party speculating on the issue.
UPDATE #3: In its ongoing investigations over the april PSN Security breach, Sony discovered that "older credit card numbers and expiration dates from a 2007 database may have been compromised". 24.6 million SOE accounts may have been breached, including 12,700 non-US credit or debit card numbers as well as about 10,700 direct debit records. This means you should be concerned for your account and any credit or debit card you may have associated to SOE games such as EverQuest, EverQuest II, The Matrix Online, PlanetSide, Star Wars Galaxies, Free Realms, Vanguard: Saga of Heroes, and DC Universe Online. This is not a second attack, this is just more damage reports from the original attack: Joystiq article Ars technica article + Show Spoiler [original text of update #3] +
On May 03 2011 07:24 godemperor wrote: There is NO second attack! New info from Sony:
This information, which was discovered by engineers and security consultants reviewing SOE systems, showed that personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007. The information from the outdated database that may have been stolen includes approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain.
On May 03 2011 08:14 godemperor wrote: From what I gathered, there was an attack on PSN and SOE in April. Sony realized that there was an attack on PSN and shut it down for "maintainance". Last night there Sony shut down SOE servers and soon after there were reports that 12,000 CC numbers were stolen. It is now revealed that the 12000 CC numbers were form the first attack.
From what I gathered, they stored everything as plain-text.
As a developer this makes me facepalm on so many levels.
I'll be interested to see what the implications are for Sony internationally, given that here in the UK we have this little thing called the Data Protection Act which REQUIRES you to store sensitive data encrypted.
I just finished calling my credit card company to cancel my card. Thankfully I'm paranoid and use a different password for just about everything and my psn password was unique, but all that personal info is just floating out there now. Soooo annoying.
I'm SO fucking pissed. Sony THEMSELVES didn't even announce this! I HAD TO FIND OUT FROM A BLOG SITE. So unacceptable =\ And of course now my information is up for grabs. FUCK.
On April 27 2011 21:40 Synystyr wrote: I'm SO fucking pissed. Sony THEMSELVES didn't even announce this! I HAD TO FIND OUT FROM A BLOG SITE. So unacceptable =\ And of course now my information is up for grabs. FUCK.
It doesn't say so in any of the links in the OP, but I've read in several other sites and my local papers saying the number of compromised user accounts sits at 77 million; added that to the OP.
Pretty happy I got an Xbox 360 instead of PS3. Also the people in charge of PSN must be real idiots if they didn't do anything to protect all that private information. It'll be interesting to see how this works out for them.
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information
One person hacked their database? This whole thing sounds like it will go down in video game history.
This is why I personally hate any form of registration that wants you to use your real life information, I don't even use facebook because anyone can find your name and your information becomes a 'merchandise' for other companies.
Patrick Seybold // Sr. Director, Corporate Communications & Social Media While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility.
Which means it is probably wise to cancel the credit card if you have ever bought anything on the concerned Sony services.
I personally have never bought anything from Sony online, but I still got a lot of information leaked. Going to have to change password at Sony as the minimum.
On April 27 2011 21:33 Body_Shield wrote: The console might not recover from this, we could be seeing the death (or at least serious maiming) of a product.
I've been using Sony platforms for 10 years but I seriously hope this happens. This is not OK, and they deserve it.
Edit: Sorry old browser made me send it halfway through!
On April 27 2011 22:09 Zato-1 wrote: It doesn't say so in any of the links in the OP, but I've read in several other sites and my local papers saying the number of compromised user accounts sits at 77 million; added that to the OP.
SBS news (probably the most respectable news program in Australia) reported "approximately 80 million accounts" had been compromised earlier tonight. So 77 million sounds about right.
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information
One person hacked their database? This whole thing sounds like it will go down in video game history.
That phrase doesn't state if it was one person doing it or multiple. It states the minimum case of what it was. It might just as well have been a payed team from one of their competitors that broke their protection (one removed to have plausible deniability).
On April 27 2011 21:39 GTR wrote: massive class action lawsuit against sony incoming?
I would bet on it.
This is actually good news in a way as well, now it will force stricter laws for privacy and data protection. I hate facebook and the likes for it, as well as google, yahoo, psn, xbox, etc... for collecting privacy information. This needs to stop globally and hopefully this major screwup will force governments to bring in the iron fist and introduce some privacy protection laws and forbid all these crap companies from stealing and keeping private information against our will.
On April 27 2011 22:10 Attican wrote: Pretty happy I got an Xbox 360 instead of PS3. Also the people in charge of PSN must be real idiots if they didn't do anything to protect all that private information. It'll be interesting to see how this works out for them.
Im sure they did protect information, its not like you can click on someone and it will show your whole information, but come on it is a hacker, you cant blame Sony for this.
On April 27 2011 22:13 anonmice wrote: I havent read it the whole article yet, but with this what will happen to the stocks?
I'm not a gambling man, but I'd be willing to bet good money on Sony stock prices falling, even if it's just because of some uninformed investors panicking and scrambling to sell.
On April 27 2011 22:10 Attican wrote: Pretty happy I got an Xbox 360 instead of PS3. Also the people in charge of PSN must be real idiots if they didn't do anything to protect all that private information. It'll be interesting to see how this works out for them.
Im sure they did protect information, its not like you can click on someone and it will show your whole information, but come on it is a hacker, you cant blame Sony for this.
If its true they stored the information in plain text you damn well can blame them.
On April 27 2011 22:10 Attican wrote: Pretty happy I got an Xbox 360 instead of PS3. Also the people in charge of PSN must be real idiots if they didn't do anything to protect all that private information. It'll be interesting to see how this works out for them.
Im sure they did protect information, its not like you can click on someone and it will show your whole information, but come on it is a hacker, you cant blame Sony for this.
People are faulting Sony for this because of the degree to which they went to protect information; there are standard and, in come countries, legally mandated minimum levels of security to use when storing such information, and apparently Sony didn't comply with those minimum security standards- the damage done (by the hackers, obviously) might have been significantly lower if Sony had taken security measures which really are pretty basic.
On April 27 2011 21:39 GTR wrote: massive class action lawsuit against sony incoming?
I would bet on it.
This is actually good news in a way as well, now it will force stricter laws for privacy and data protection. I hate facebook and the likes for it, as well as google, yahoo, psn, xbox, etc... for collecting privacy information. This needs to stop globally and hopefully this major screwup will force governments to bring in the iron fist and introduce some privacy protection laws and forbid all these crap companies from stealing and keeping private information against our will.
Governments like if when they can easily get a hold of private information in the name of anti-piracy (not privacy) measures. If anything, governments are forcing companies to store more data than they want (happening here in Sweden).
On April 27 2011 22:24 Kinky wrote: Related to the unbanning of all 360's? It's a conspiracy...
It sounds like most of the banned consoles will be instantly rebanned once they are recognized as PBU by Xbox Live. Although it does make those PS3 players want to play 360 instead to get their COD fix -_-;;
On April 27 2011 22:13 anonmice wrote: I havent read it the whole article yet, but with this what will happen to the stocks?
I'm not a gambling man, but I'd be willing to bet good money on Sony stock prices falling, even if it's just because of some uninformed investors panicking and scrambling to sell.
Sony stock has not variated significantly since the information release. Sony is a huge corporation with a broad, horizontal product line. I doubt this will have a strong impact on company stock, it would already show.
On April 27 2011 22:24 Kinky wrote: Related to the unbanning of all 360's? It's a conspiracy...
It sounds like most of the banned consoles will be instantly rebanned once they are recognized as PBU by Xbox Live. Although it does make those PS3 players want to play 360 instead to get their COD fix -_-;;
Either it's an attack by microsoft to get more people to buy the 360(admit it, it could happen), or it's a planned attack that was supposed to fuck up sony's rep.
either way, I'm thinking that PSN is seriously dead, and that sony will never really recover from this...
On April 27 2011 22:30 Yurie wrote: Does anybody know if Sony EULA states that they are not liable for loss of your personal data? I am willing to bet it says so.
Which means they can only be reliably sued for storing it as plain text in countries that forces better protection (if this was the case).
Pretty pissed about this to be honest. I really hope they didn't store everything in plain text. Wonder if they will ever find the person/people responsible for the hack though?
Anyone got more info from a reliable source on how they store CC details? I can't honestly believe it would be stored as plaintext. If so, wow, I don't even ...
Is this some weird try to destroy console markets? For some reason there been quite many news in our country of how, PC gaming is dying and consoles are nourishing(even thou I don't believe that), and this kinda seems like some weird attack on both companies.
On April 27 2011 22:35 Arnstein wrote: The hackers have said that they only did this to hurt Sony, and wouldn't harm any of the PS owners.
Do you have a source on this? I think that canceling your credit card might be a bit extreme, if they really have 77 million, what are they going to do with yours? Also it says they don't have your security code.
On April 27 2011 22:35 Arnstein wrote: The hackers have said that they only did this to hurt Sony, and wouldn't harm any of the PS owners.
Oh, alright. I'll just take their word for it, then. I'm sure they only had good intentions in mind when accessing 77 million users worth of personal data.
I had a bad feeling typing in shit on a console so my info is 100% made up, what's the point in giving your real info anyways? Not like they need to send you shit.
On April 27 2011 22:39 razorsuKe wrote: You guys actually used your real information?
I had a bad feeling typing in shit on a console so my info is 100% made up, what's the point in giving your real info anyways? Not like they need to send you shit.
Unless you gave your bank the same fake information (which is a federal crime), how on earth are you going to buy products of the PSN store if your account has fake bank information?
On April 27 2011 22:35 Arnstein wrote: The hackers have said that they only did this to hurt Sony, and wouldn't harm any of the PS owners.
Oh, alright. I'll just take their word for it, then. I'm sure they only had good intentions in mind when accessing 77 million users worth of personal data.
Hackers are known for keeping their promises, and they are good, truthful and law abiding people
Seriously cant believe that Sony let this happen. And I dont know how it could take them this long to respond : /
On April 27 2011 22:30 Yurie wrote: Does anybody know if Sony EULA states that they are not liable for loss of your personal data? I am willing to bet it says so.
Which means they can only be reliably sued for storing it as plain text in countries that forces better protection (if this was the case).
For EULAs to be legally binding, the things they say have to be legal so even if it says they aren't liable, there may be laws that say they are liable thus you shouldn't worry about it too much.
On April 27 2011 22:35 Arnstein wrote: The hackers have said that they only did this to hurt Sony, and wouldn't harm any of the PS owners.
Oh, alright. I'll just take their word for it, then. I'm sure they only had good intentions in mind when accessing 77 million users worth of personal data.
Hackers are known for keeping their promises, and they are good, truthful and law abiding people
Seriously cant believe that Sony let this happen. And I dont know how it could take them this long to respond : /
While hackers probably wouldn't do anything unlawful with the info, those guys were probably crackers, which means trusting their word is not the best idea.
I cancelled my credit card. I don't think it's being that paranoid either -- waiting 10 business days for a new one is no big deal. When I called them, they said they have been hearing a lot about the "Sony problem" today from different sources (and of course CC owners); "yes, the CC information is compromised", "No, it's nothing to worry about".
On April 27 2011 23:11 TurmoilFish wrote: Canceling your CC isn't being paranoid. I mean even if it IS 77 million people, what if the one they chose was you?
I have an xbox, so I'm good lol.
Without the security code, though, how useful is a credit card number? Any transaction without a physical card requires it.
Seems like the thing to be more worried about is identity theft / fraud. The only thing that surprises me right now is that PSN never asked for social security numbers. Seems like everyone else does, these days.
On April 27 2011 23:10 MrHoon wrote: Uhg I really really don't want to cancel my card since im overseas right now ;-; I dont even know if they send BoA cards overseas
EDIT: Wait, do they have my CVC Code on the card? If they don't I dont see any reason to cancel my account...
as far as i understand then no, they dont have your CVC code.
On April 27 2011 23:10 MrHoon wrote: Uhg I really really don't want to cancel my card since im overseas right now ;-; I dont even know if they send BoA cards overseas
EDIT: Wait, do they have my CVC Code on the card? If they don't I dont see any reason to cancel my account...
no they specifically said the hackers didn't get the security (CVC) code.
On April 27 2011 23:08 Rob28 wrote: 77 million accounts... what do you do with 77 million pieces of personal information? spam? electoral fraud?
You sell it to the highest bidder. Why take the trouble of using peoples credit cards, sending spam when there's entire groups out there specialised in it. 77mil details are worth quite a lot.
On April 27 2011 22:35 Arnstein wrote: The hackers have said that they only did this to hurt Sony, and wouldn't harm any of the PS owners.
Oh, alright. I'll just take their word for it, then. I'm sure they only had good intentions in mind when accessing 77 million users worth of personal data.
They did it to scare away customers from Sony. This is just an attack on Sony as a company, not on any private customers like myself and all the other people who have a PS3. An official statement from the hackers regarding this have been made, but I can't seem to find it right now. Of course the media needs to scare you as much as possible, so they won't publish this as much.
Think what you want, but I'm not scared that any of the hackers will use my money/info.
On April 27 2011 23:10 MrHoon wrote: Uhg I really really don't want to cancel my card since im overseas right now ;-; I dont even know if they send BoA cards overseas
EDIT: Wait, do they have my CVC Code on the card? If they don't I dont see any reason to cancel my account...
no they specifically said the hackers didn't get the security (CVC) code.
Considering that they have been hiding this for quite a while, I wouldn't be surprised if this was a lie.
Well for all you PSN users this is where start canceling the cards you are using on the PSN and that will be that, Banks will understand and issue you a new card number. As for the system itself.. May have to start paying $50 a year for xbox live till another system can come out since i know some people hate Bill Gates and or just hate the XBOX in general!! But definitely going to be lawsuits going on and will also be seeing Sony go down and in the worse way too.
On April 27 2011 23:10 MrHoon wrote: EDIT: Wait, do they have my CVC Code on the card? If they don't I dont see any reason to cancel my account...
You are naive if you think CVC are some kind of a requirement to actually make purchases with a credit card number. You could start with Amazon for example...
On April 27 2011 22:39 razorsuKe wrote: You guys actually used your real information?
I had a bad feeling typing in shit on a console so my info is 100% made up, what's the point in giving your real info anyways? Not like they need to send you shit.
Unless you gave your bank the same fake information (which is a federal crime), how on earth are you going to buy products of the PSN store if your account has fake bank information?
I don't give my bank information to anyone, I do online purchases with a credit card specially reserved for online purchases so it can be cancelled anytime without affecting the rest of my life.
Plus I believe you can buy those PSN money cards at game stores.
From what I remember (it's been a while since I bought anything off PSN) it was a separate entry for purchases since I could be using someone's else's card anyways.
Is it certain that they stored personal data in text form? As, in the U.K thats illegal under the data protection act. O dear this is getting company destroyingly bad for sony which is a shame IMO as i liked there consoles.On a brighter note Nintendo might want to get there console out a.s.a.p.
If i never purchased anything from the PSN, do I still have to worry about card details etc? I don't remember if I ever entered it, I haven't hardly used the thing online since 2008.
On April 27 2011 22:39 razorsuKe wrote: You guys actually used your real information?
I had a bad feeling typing in shit on a console so my info is 100% made up, what's the point in giving your real info anyways? Not like they need to send you shit.
Unless you gave your bank the same fake information (which is a federal crime), how on earth are you going to buy products of the PSN store if your account has fake bank information?
I don't give my bank information to anyone, I do online purchases with a credit card specially reserved for online purchases so it can be cancelled anytime without affecting the rest of my life.
Plus I believe you can buy those PSN money cards at game stores.
From what I remember (it's been a while since I bought anything off PSN) it was a separate entry for purchases since I could be using someone's else's card anyways.
It does not matter if it was a separate entry or not, whatever information you used for any purchase whatsoever is stored in the system.
You can have whatever amount of alternate credit cards, the fact remains that whichever you gave to PSN the hackers now have.
On April 27 2011 21:32 maJes wrote: From what I gathered, they stored everything as plain-text.
As a developer this makes me facepalm on so many levels.
I'll be interested to see what the implications are for Sony internationally, given that here in the UK we have this little thing called the Data Protection Act which REQUIRES you to store sensitive data encrypted.
they processed credit cards, which means they had to be PCI compliant (http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard), so they probably used SSL. i kind of feel like they weren't storing the CC#s either, because then they'd know for sure that all the CC data had been stolen. since the communication between their web server and internal servers probably isn't encrypted, once an attacker was inside, he could view all the CC transactions as they happen.
who knows though, maybe they were stupid enough to be storing CC#s
On April 27 2011 22:19 gruntrush wrote: Was this an anon breach? Seems like too big a coincidence after they just declared war on sony.
No, Anonymous already publicly denied this.
Not to say it couldn't have been an anon, but officially it isn't.
I have to say, the idea of anonymous issuing public statements always amused me. I mean, who are they speaking for? At most, the members of a single irc channel or /i/ board. The thing really doesn't operate in a way that makes public denials or official positions in general possible.
OT: I will lol so hard if it turns out that Sony was actually keeping credit card data in plaintext. My bet is that the credit card info was encrypted, but the IT people were lazy and didn't encrypt the personal info.
I'm kind of familiar with corporate law; their lawyers would have had to be involved with setting up the TOU and EULA for the payment system, and there's no way they would let them store CC data unencrypted.
However, corporate law hasn't really adapted to the fact that if a hacker steals the other personal data, they can access things like email and amazon.com accounts which can be used to steal money, so it is definitely possible that no one made them encrypt that data.
Edit: in response to CTStalker, isn't PSN one of those one-stop-shop kind of things where you can just click purchase and buy something, without having to enter your credit card number each time? It seems like they would have to store numbers, no one wants to enter their CC number with a controller each time they go to buy a $1 marketplace game. If the cc data really was unencrypted, there's a lawyer somewhere who should be reprimanded or disbarred for ridiculous negligence.
On April 27 2011 22:35 Arnstein wrote: The hackers have said that they only did this to hurt Sony, and wouldn't harm any of the PS owners.
And you believe them? Are you kidding me? Don't be stupid. If your credit card information makes it onto the internet you can be certain someone out there will take advantage of it, and you believe some guy hiding behind his computer wont use the information he has? That's ignorance at its best.
On April 27 2011 21:32 maJes wrote: From what I gathered, they stored everything as plain-text.
As a developer this makes me facepalm on so many levels.
I'll be interested to see what the implications are for Sony internationally, given that here in the UK we have this little thing called the Data Protection Act which REQUIRES you to store sensitive data encrypted.
they processed credit cards, which means they had to be PCI compliant (http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard), so they probably used SSL. i kind of feel like they weren't storing the CC#s either, because then they'd know for sure that all the CC data had been stolen. since the communication between their web server and internal servers probably isn't encrypted, once an attacker was inside, he could view all the CC transactions as they happen.
who knows though, maybe they were stupid enough to be storing CC#s
I think that's why there is uncertainty about the CC numbers. I've worked on PCI compliant stuff before so I'm pretty aware of what needs to be done, whether they did it or not though still remains unknown
Also to the gentleman above re: data protection act, the BBC article on this states that the Information Comissioner (think that's the right title) has said that unless the data was stored in the UK he can't do jack all about it :/
On April 27 2011 23:11 TurmoilFish wrote: Canceling your CC isn't being paranoid. I mean even if it IS 77 million people, what if the one they chose was you?
I have an xbox, so I'm good lol.
Without the security code, though, how useful is a credit card number? Any transaction without a physical card requires it.
Seems like the thing to be more worried about is identity theft / fraud. The only thing that surprises me right now is that PSN never asked for social security numbers. Seems like everyone else does, these days.
Okay I see a lot of people saying this and I can guarantee that you do not need a physical card or the security code for some transactions. I order food from this one place over the phone and they only need the credit card number. I'm sure there are other places as well. It might not be like someone buying a car in your name, but if I stole someone's credit card information and I only had the credit card number, I would max that shit on ordering food and stuff lol.
On April 27 2011 22:35 Arnstein wrote: The hackers have said that they only did this to hurt Sony, and wouldn't harm any of the PS owners.
And you believe them? Are you kidding me? Don't be stupid. If your credit card information makes it onto the internet you can be certain someone out there will take advantage of it, and you believe some guy hiding behind his computer wont use the information he has? That's ignorance at its best.
On April 27 2011 23:11 TurmoilFish wrote: Canceling your CC isn't being paranoid. I mean even if it IS 77 million people, what if the one they chose was you?
I have an xbox, so I'm good lol.
Without the security code, though, how useful is a credit card number? Any transaction without a physical card requires it.
Seems like the thing to be more worried about is identity theft / fraud. The only thing that surprises me right now is that PSN never asked for social security numbers. Seems like everyone else does, these days.
Okay I see a lot of people saying this and I can guarantee that you do not need a physical card or the security code for some transactions. I order food from this one place over the phone and they only need the credit card number. I'm sure there are other places as well. It might not be like someone buying a car in your name, but if I stole someone's credit card information and I only had the credit card number, I would max that shit on ordering food and stuff lol.
Yea, you're right. I was misinformed about that. I actually thought that it was required. It honestly should be. Either way, this changes little to nothing for me. I check my bank statement nearly everyday. The moment I see a charge that's not me, you can bet it'll be canceled before it gets out of pending. I don't think I'm going to cancel my card until more information is released.
On April 27 2011 22:35 Arnstein wrote: The hackers have said that they only did this to hurt Sony, and wouldn't harm any of the PS owners.
Do you have a source on this? I think that canceling your credit card might be a bit extreme, if they really have 77 million, what are they going to do with yours? Also it says they don't have your security code.
You don't need the security code for a lot of purchases. It depends mostly on how strict the company you're buying from is on determining if the person giving the info is the actual card holder. I worked at a call center that accepted orders over the phone for awhile and if someone couldn't read the 3 digit number (or was too stupid to find it) you could just put a N in that field and the order would still go through just fine.
Really depends on how picky the system is that the purchase is being made through.
And yes, Sony would have the main CC numbers stored somewhere, if for no other reason than to be able to verify/do refunds for fraudulent purchases.
in response to CTStalker, isn't PSN one of those one-stop-shop kind of things where you can just click purchase and buy something, without having to enter your credit card number each time?
Yes, this is an option. You can, of course, opt to not have the info saved and just re-enter it for each purchase.
No matter what, it's a huge blow to Sony. They've been struggling to catch up to Microsoft in every region that isn't Japan ever since launch, and had been making some decent progress lately. Completely negated for a lot of people, now. Sony always struck me as having the better hardware to Microsoft's better software (shit that doesn't break much/is reliable, but is kinda clunky to use vs. stuff that breaks constantly but has a better interface).
On April 28 2011 00:00 Ganjamaster wrote: LOL at ordering food with a stolen credit card number, how ridiculously poor and grimy you have to be haha
About as poor and grimy as you would be if you were stealing credit cards in the first place. Haha let's laugh at poor people, Ganjamaster. It's unfortunate that not everyone has the excess income to smoke weed and post condescending things on the internet that are directed at no one in particular, being a hypothetical situation as it were.
If you aren't clueless, it's not hard to change a few passwords and keep an eye on your CC activity. All other personal information of yours can be pretty much stolen by a hacker at anytime.
Shit happens, hope it gets back up soon so I can play some MK9. Other than that, this is hardly phasing to me.
On April 27 2011 22:39 razorsuKe wrote: You guys actually used your real information?
I had a bad feeling typing in shit on a console so my info is 100% made up, what's the point in giving your real info anyways? Not like they need to send you shit.
Unless you gave your bank the same fake information (which is a federal crime), how on earth are you going to buy products of the PSN store if your account has fake bank information?
I don't give my bank information to anyone, I do online purchases with a credit card specially reserved for online purchases so it can be cancelled anytime without affecting the rest of my life.
Plus I believe you can buy those PSN money cards at game stores.
From what I remember (it's been a while since I bought anything off PSN) it was a separate entry for purchases since I could be using someone's else's card anyways.
It does not matter if it was a separate entry or not, whatever information you used for any purchase whatsoever is stored in the system.
You can have whatever amount of alternate credit cards, the fact remains that whichever you gave to PSN the hackers now have.
yeah, and I'm simply saying that I don't care since my personal info is all fake and my credit card is easily cancel-able at any time.
On April 28 2011 00:00 Ganjamaster wrote: LOL at ordering food with a stolen credit card number, how ridiculously poor and grimy you have to be haha
About as poor and grimy as you would be if you were stealing credit cards in the first place. Haha let's laugh at poor people, Ganjamaster. It's unfortunate that not everyone has the excess income to smoke weed and post condescending things on the internet that are directed at no one in particular, being a hypothetical situation as it were.
Haha dude cmon, you are going to go through all the trouble of buying a computer, learning how to hack one of the most powerful corporations in the world in order to cop some free pizza off campus food.. give me a break, you have to be pretty damn cheap to do that.
And I am not laughing at the poor people in the world at all, in fact quite the contrary, but it seems in this world every time you use the term "poor" it has to be condescendingly. I used it as a statement of fact. You have to be pretty damn poor to order food online off a stolen credit card, the same way you have to be pretty damn poor to be begging for change in the subway. These statements are not condescending, they are facts. I did not say "ROFL at people being poor and doing X" I said "ROFL at people stealing credit cards to buy food online".
Hmm. My hotmail, yahoo, and WoW accounts all got hacked on this past Saturday. Makes me wonder if these guys were to blame using my psn info to find out stuff. Either way i'm super pissed since i've been getting raped by hackers lately. Seriously. You hack my WoW account worth 1200+ and now this shit. I'm ready to abandon technology all together and go fucking get a spear and kill some boars see if i level up cause this stuff is plain stupid now.
Starcraft 2 is the only thing that makes me want to use a computer/technology.
On April 28 2011 00:11 Ryhn wrote: CVC codes are what, three digits?
0 - 9
There are only 10^3 possible combinations of numbers to make up a CVC code.
A mere 1,000.
I don't use credit cards very often, but what is the limit on payment attempts with a bad CVC code?
A wrong pin will fail 3 times then it locks the card up. I'm assuming the same with a security code. At least i hope. Makes me seriously consider getting a new debit card from my bank now. Guess i'll keep a close eye on my transactions for awhile.
On April 28 2011 00:00 Ganjamaster wrote: LOL at ordering food with a stolen credit card number, how ridiculously poor and grimy you have to be haha
About as poor and grimy as you would be if you were stealing credit cards in the first place. Haha let's laugh at poor people, Ganjamaster. It's unfortunate that not everyone has the excess income to smoke weed and post condescending things on the internet that are directed at no one in particular, being a hypothetical situation as it were.
Haha dude cmon, you are going to go through all the trouble of buying a computer, learning how to hack one of the most powerful corporations in the world in order to cop some free pizza off campus food.. give me a break, you have to be pretty damn cheap to do that.
And I am not laughing at the poor people in the world at all, in fact quite the contrary, but it seems in this world every time you use the term "poor" it has to be condescendingly. I used it as a statement of fact. You have to be pretty damn poor to order food online off a stolen credit card, the same way you have to be pretty damn poor to be begging for change in the subway. These statements are not condescending, they are facts. I did not say "ROFL at people being poor and doing X" I said "ROFL at people stealing credit cards to buy food online".
I thought you were referring to my statement that if I had stolen a credit card number (which would not be through hacking) I would use it to buy food because I know I don't have to have a SN. Like I said though, I imagine you can get stuff from other places with just that. At the very least, I know I can get cigarettes -_-; and I would def. buy like 5 cartons.
You said poor AND grimy, how can I not see it as a negative connotation? You have to be pretty damn douche to call people trying to survive 'grimy'. This statement is not condescending, it's fact.
On April 28 2011 00:24 Engore wrote: Hmm. My hotmail, yahoo, and WoW accounts all got hacked on this past Saturday. Makes me wonder if these guys were to blame using my psn info to find out stuff. Either way i'm super pissed since i've been getting raped by hackers lately. Seriously. You hack my WoW account worth 1200+ and now this shit. I'm ready to abandon technology all together and go fucking get a spear and kill some boars see if i level up cause this stuff is plain stupid now.
Starcraft 2 is the only thing that makes me want to use a computer/technology.
Get an Authenticator for your Battle.net account and make sure your passwords are diverse...don't use the same password for every single account you own. That sounds like the situation here....and send a ticket to Blizzard on your WoW account. You'll get everything back, they're pretty good about it.
On April 28 2011 00:24 Engore wrote: Hmm. My hotmail, yahoo, and WoW accounts all got hacked on this past Saturday. Makes me wonder if these guys were to blame using my psn info to find out stuff. Either way i'm super pissed since i've been getting raped by hackers lately. Seriously. You hack my WoW account worth 1200+ and now this shit. I'm ready to abandon technology all together and go fucking get a spear and kill some boars see if i level up cause this stuff is plain stupid now.
Starcraft 2 is the only thing that makes me want to use a computer/technology.
You get +1 strength +1 dexterity and +10 manliness. However you also get -10 to WoW-induced-paleness and -10 to fear of leaving the house. Social awkwardness stays the same because killing boars unfortunately is no longer a staple subject of conversation with others. GLHFDD
On April 28 2011 00:28 TurmoilFish wrote: So what if they use a credit card to buy food online? You act like they should buy something big and expensive and risk themselves getting caught.
Use the quote function, I was confused for a minute about whether or not you were referring to me.
On April 28 2011 00:24 Engore wrote: Hmm. My hotmail, yahoo, and WoW accounts all got hacked on this past Saturday. Makes me wonder if these guys were to blame using my psn info to find out stuff. Either way i'm super pissed since i've been getting raped by hackers lately. Seriously. You hack my WoW account worth 1200+ and now this shit. I'm ready to abandon technology all together and go fucking get a spear and kill some boars see if i level up cause this stuff is plain stupid now.
Starcraft 2 is the only thing that makes me want to use a computer/technology.
Get an Authenticator for your Battle.net account and make sure your passwords are diverse...don't use the same password for every single account you own. That sounds like the situation here....and send a ticket to Blizzard on your WoW account. You'll get everything back, they're pretty good about it.
Well i don't play WoW anymore, which is the reason i don't invest in an authenticator (plus r/l friends have trouble with them all the time). I'll admit the yahoo/hotmail weren't very different but my WoW account was supremely weird for the password. And ya my wow account is still banned due to the investigation.
And here I thought sony prided themselves on the PS3's security. I guess the security didn't translate over to the psn .
Also with nintendo's new "hardcore console" It could have been them, there would most certainly be a market for it after this. It doesn't have to be Microsoft.
On April 28 2011 00:00 Ganjamaster wrote: LOL at ordering food with a stolen credit card number, how ridiculously poor and grimy you have to be haha
About as poor and grimy as you would be if you were stealing credit cards in the first place. Haha let's laugh at poor people, Ganjamaster. It's unfortunate that not everyone has the excess income to smoke weed and post condescending things on the internet that are directed at no one in particular, being a hypothetical situation as it were.
Haha dude cmon, you are going to go through all the trouble of buying a computer, learning how to hack one of the most powerful corporations in the world in order to cop some free pizza off campus food.. give me a break, you have to be pretty damn cheap to do that.
And I am not laughing at the poor people in the world at all, in fact quite the contrary, but it seems in this world every time you use the term "poor" it has to be condescendingly. I used it as a statement of fact. You have to be pretty damn poor to order food online off a stolen credit card, the same way you have to be pretty damn poor to be begging for change in the subway. These statements are not condescending, they are facts. I did not say "ROFL at people being poor and doing X" I said "ROFL at people stealing credit cards to buy food online".
I thought you were referring to my statement that if I had stolen a credit card number (which would not be through hacking) I would use it to buy food because I know I don't have to have a SN. Like I said though, I imagine you can get stuff from other places with just that. At the very least, I know I can get cigarettes -_-; and I would def. buy like 5 cartons.
You said poor AND grimy, how can I not see it as a negative connotation? You have to be pretty damn douche to call people trying to survive 'grimy'. This statement is not condescending, it's fact.
We are heavily deviating from the topic, but ill answer this last comment of yours and well leave it at that.
A lot of poor people are grimy and I want to refer exactly to this precise subgroup of poor people. These grimy people will pickpocket and other forms of petty theft or crime to buy booze or drugs. Thus, when I say poor and grimy I am in fact separating this last group from the group of people "trying to survive". And yes, I mean to be condescening to this first group because they deserve it in contrast with the second group trying to make a living, which they clearly do not.
I have a lot of trouble believing that someone that has the skills to hack PSN would be struggling to survive and resort to ordering pizza off of stolen credit cards. Computer skills like that are in high demand. I don't buy it.
On April 28 2011 00:24 Engore wrote: Hmm. My hotmail, yahoo, and WoW accounts all got hacked on this past Saturday. Makes me wonder if these guys were to blame using my psn info to find out stuff. Either way i'm super pissed since i've been getting raped by hackers lately. Seriously. You hack my WoW account worth 1200+ and now this shit. I'm ready to abandon technology all together and go fucking get a spear and kill some boars see if i level up cause this stuff is plain stupid now.
Starcraft 2 is the only thing that makes me want to use a computer/technology.
Get an Authenticator for your Battle.net account and make sure your passwords are diverse...don't use the same password for every single account you own. That sounds like the situation here....and send a ticket to Blizzard on your WoW account. You'll get everything back, they're pretty good about it.
Well i don't play WoW anymore, which is the reason i don't invest in an authenticator (plus r/l friends have trouble with them all the time). I'll admit the yahoo/hotmail weren't very different but my WoW account was supremely weird for the password. And ya my wow account is still banned due to the investigation.
Do you have an Apple product that can download apps? The Authenticator for that is free AND you get a cute little Core Hound puppy pet It's absolutely worth it. It will keep you other Blizzard purchases and accounts safe as well. You wouldn't want your SC2 account compromised and taken away either
On April 28 2011 00:24 Engore wrote: Hmm. My hotmail, yahoo, and WoW accounts all got hacked on this past Saturday. Makes me wonder if these guys were to blame using my psn info to find out stuff. Either way i'm super pissed since i've been getting raped by hackers lately. Seriously. You hack my WoW account worth 1200+ and now this shit. I'm ready to abandon technology all together and go fucking get a spear and kill some boars see if i level up cause this stuff is plain stupid now.
Starcraft 2 is the only thing that makes me want to use a computer/technology.
Get an Authenticator for your Battle.net account and make sure your passwords are diverse...don't use the same password for every single account you own. That sounds like the situation here....and send a ticket to Blizzard on your WoW account. You'll get everything back, they're pretty good about it.
Well i don't play WoW anymore, which is the reason i don't invest in an authenticator (plus r/l friends have trouble with them all the time). I'll admit the yahoo/hotmail weren't very different but my WoW account was supremely weird for the password. And ya my wow account is still banned due to the investigation.
Do you have an Apple product that can download apps? The Authenticator for that is free AND you get a cute little Core Hound puppy pet It's absolutely worth it. It will keep you other Blizzard purchases and accounts safe as well. You wouldn't want your SC2 account compromised and taken away either
FUCKKK i probably will end up getting something. I seriously hate this. I have so many dumb emails from keyloggers. So annoying OMG. /wrists
Luckily I never bought anything on PSN and now I definitely won't. Already changed my password on the more important stuff. The problem is I have no idea what my security question and answer was, and I really don't wanna change all of them everywhere.
So glad I don't have to change my CC number though, updating it on every online store I use would be a giant PITA. Hopefully I can get away with just one console (xbox) next generation.
Eh purchased an authenticator >.> Also just on a note of hacking. In my emails i have the actual real blizzard email address approved and it shows a little green shield next to it. So fake emails with the same email don't show that shield? Will the real blizz emails always have that next to them now? I hate having to try and find out if its real or not..
On April 28 2011 00:34 shinosai wrote: I have a lot of trouble believing that someone that has the skills to hack PSN would be struggling to survive and resort to ordering pizza off of stolen credit cards. Computer skills like that are in high demand. I don't buy it.
I'm not selling it. All I said was that you can buy shit without a SN. That was the point of the post. Not that the person who receives these card numbers will use them to buy pizza, or that he is poor. Jesus Christ, people.
I never use an important CC for online purchases unless its the only way. iTunes = buy gift cards and never use CC, buy XBL sub cards at blockbuster instead of buying through xbl, etc.
On April 28 2011 00:48 Marcus420 wrote: I never use an important CC for online purchases unless its the only way. iTunes = buy gift cards and never use CC, buy XBL sub cards at blockbuster instead of buying through xbl, etc.
I think this is the first time I've ever found a good reason to buy gift cards for myself now. Good call o.O Will have to keep that in mind!
On April 28 2011 00:47 RoosterSamurai wrote: I haven't been online the PSN in about a year, since my ps3 has been broken. Since then I've been playing PC and xbox 360. Does this apply to me, too?
On April 28 2011 00:50 snpnx wrote: The person who has 77Million cards at his hands can just go
"Hey, I'll try the code 492". Then he goes through cards till he hits one that has it and bingo.
Just cause they don't have your Security Code doesn't mean ur save, brute forcing is a very useful way with that many cards at hand.
77 million accounts, not cards. Considering people used one time cards and so on you would probably get at most 1 million active cards and need to filter out the garbage.
On April 28 2011 00:50 snpnx wrote: The person who has 77Million cards at his hands can just go
"Hey, I'll try the code 492". Then he goes through cards till he hits one that has it and bingo.
Just cause they don't have your Security Code doesn't mean ur save, brute forcing is a very useful way with that many cards at hand.
77 million accounts, not cards.
It's still not a small amount of cards at his disposal by any means. The odds are most definitely in his favor. If we assume even 10% of the 77M accounts have bought something from PSN, that's 7.7 MILLION CREDIT CARDS! There are A LOT of opportunities for things to go his way.
On April 28 2011 00:50 snpnx wrote: The person who has 77Million cards at his hands can just go
"Hey, I'll try the code 492". Then he goes through cards till he hits one that has it and bingo.
Just cause they don't have your Security Code doesn't mean ur save, brute forcing is a very useful way with that many cards at hand.
77 million accounts, not cards.
It's still not a small amount of cards at his disposal by any means. The odds are most definitely in his favor. If we assume even 10% of the 77M accounts have bought something from PSN, that's 7.7 MILLION CREDIT CARDS! There are A LOT of opportunities for things to go his way.
As I said earlier in the thread, stolen cc's are sold for something like $3-5/each in bulk. Assuming he has cvc's and can find a buyer he'll make a looot.
On April 28 2011 00:44 OTIX wrote: Luckily I never bought anything on PSN and now I definitely won't. Already changed my password on the more important stuff. The problem is I have no idea what my security question and answer was, and I really don't wanna change all of them everywhere.
So glad I don't have to change my CC number though, updating it on every online store I use would be a giant PITA. Hopefully I can get away with just one console (xbox) next generation.
Yep same, good thing I never bought anything oN PSN -.-
Lol at all the sony fanboys on that blog commets talking about how its people who pirate games and what not that brought the PS3 down. Shit this all started with their bait and switch with the fucking linux. You don't mess with kids who like linux because shit like this happens.
I am so glad I never bought anything over PSN. Holy hell, I don't know how Sony managed to fuck this one up as severely as they did. I'll definitely be pretty hesitant to give them any money in the future.
On April 28 2011 00:58 br0fivE wrote: this pretty much explains why xbox is the far superior console.
PSN is a joke. hope all the xbox haters pay for their un-intelligent decision to buy the ps3.
Wow, that's an awful lot of hate over a personal decision made by strangers that doesn't effect you in the least. Don't ya think they'd have paid for their bad decision by, ya know, paying hundreds of dollars more for what you claim to be a worse product?
Maybe I'm missing something. If so, please enlighten me.
On April 28 2011 00:58 br0fivE wrote: this pretty much explains why xbox is the far superior console.
PSN is a joke. hope all the xbox haters pay for their un-intelligent decision to buy the ps3.
Wow, that's an awful lot of hate over a personal decision made by strangers that doesn't effect you in the least. Don't ya think they'd have paid for their bad decision by, ya know, paying hundreds of dollars more for what you claim to be a worse product?
Maybe I'm missing something. If so, please enlighten me.
He's just angry that someone else doesn't like his console and doesn't realize what a god send Bill Gates is. BTW homie, unintelligent is one word, not hyphenated.
XBOX360=Crap PS3=Crap Same price Computer=Crap compared to most computers but still good enough to run sc2!!
On April 28 2011 00:52 DayJP wrote: I lol'd hard console video games arent meant to be played online anyways so much as with a group of friends in your room :D
/oldschool
Agreed so much! I miss hanging around in a filthy room or someone's basement for hours chilling out and playing console games with friends, it's just not the same anymore... :/
On April 28 2011 01:50 gundream wrote: heard about it last week....but psn had nothing to say at that time......horrible responsibility
They discovered the breach between 17th-19th but they claim they didn't know the info had been stolen until now. If it turns out they're lying and they did know earlier they're gonna get sued to hell and back. Of course they'll probably get sued anyway.
On April 28 2011 02:12 wei2coolman wrote: This is why I'm a PC gamer, lulz :D, I can't believe the PSN was hit so damn hard... Hopefully they get their shit together.
I wonder what would be your answer if Bnet or Steam accounts were hacked...
On April 28 2011 02:12 wei2coolman wrote: This is why I'm a PC gamer, lulz :D, I can't believe the PSN was hit so damn hard... Hopefully they get their shit together.
I wonder what would be your answer if Bnet or Steam accounts were hacked...
steam and battle net arent run by incompetant monkeys
What if you never saved your credit card information on the PSN? I never saved it, mainly because I didn't want anyone to buy stuff off my PS3. Is it then encrypted?
Anyway, shit just got real.
Edit; No wait - I never bought anything off PSN, only my Xbox Live.
We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:
1) Temporarily turned off PlayStation Network and Qriocity services;
2) Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
3) Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.
We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence that credit card data was taken at this time, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, to be on the safe side we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security, tax identification or similar number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.
To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your account statements and to monitor your credit or similar types of reports.
We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at www.eu.playstation.com/psnoutage should you have any additional questions.
Sincerely, Sony Network Entertainment and Sony Computer Entertainment Teams
Sony Network Entertainment Europe Limited (formerly known as PlayStation Network Europe Limited) is a subsidiary of Sony Computer Entertainment Europe Limited the data controller for PlayStation Network/Qriocity personal data
Feel bad for everyone who was on PSN... how could a massive breach like this not be red-flagged as soon as it began? Their security people must be incompetent.
I hope this ends in all games on PSN being free! Let's all send an email to Sony requesting that all games on PSN should be free for at least 10 days after it's up again! :D :D :D
On April 28 2011 02:33 Sgany wrote: I just got this E-mail from PSN services + Show Spoiler +
Valued PlayStation Network/Qriocity Customer:
We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:
1) Temporarily turned off PlayStation Network and Qriocity services;
2) Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
3) Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.
We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence that credit card data was taken at this time, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, to be on the safe side we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security, tax identification or similar number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.
To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your account statements and to monitor your credit or similar types of reports.
We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at www.eu.playstation.com/psnoutage should you have any additional questions.
Sincerely, Sony Network Entertainment and Sony Computer Entertainment Teams
Sony Network Entertainment Europe Limited (formerly known as PlayStation Network Europe Limited) is a subsidiary of Sony Computer Entertainment Europe Limited the data controller for PlayStation Network/Qriocity personal data
We have discovered that between April 17 and April 19, 2011
Today's date: April 27th. Almost 10 days ago before they spoke up.
On April 28 2011 02:43 Arnstein wrote: I hope this ends in all games on PSN being free! Let's all send an email to Sony requesting that all games on PSN should be free for at least 10 days after it's up again! :D :D :D
Please. The most you're going to get is a free trial for playstation plus for a week. And a $5 giftcard if they get sued. I mean, how are they realistically going to compensate 70 million people?
The suit was filed today on behalf of Kristopher Johns, 36, of Birmingham, Ala., in the U.S. District Court for the Northern District of California. Johns accuses Sony of not taking "reasonable care to protect, encrypt, and secure the private and sensitive data of its users."
He also believes Sony took too long to notify him and other customers that their personal information had been exposed. Because of that, the complaint alleges, Sony did not allow its customers "to make an informed decision as to whether to change credit card numbers, close the exposed accounts, check their credit reports, or take other mitigating actions."
The lawsuit is asking for monetary compensation and free credit card monitoring, and is seeking class action status.
Dont worry about your Info,Credit Card and so on,because the group that did this isnt there for the information,it is there because of just ruining Sony
On April 28 2011 03:04 Crying wrote: Dont worry about your Info,Credit Card and so on,because the group that did this isnt there for the information,it is there because of just ruining Sony
ya.....id be worried that someone I haven't authorized has my CC address, name, etc.....
On April 28 2011 03:04 Crying wrote: Dont worry about your Info,Credit Card and so on,because the group that did this isnt there for the information,it is there because of just ruining Sony
I would just say never trust a hacker in any case. Who knows will they change their mind in the future or not. Better safe than sorry later.
On April 28 2011 03:04 Crying wrote: Dont worry about your Info,Credit Card and so on,because the group that did this isnt there for the information,it is there because of just ruining Sony
ya.....id be worried that someone I haven't authorized has my CC address, name, etc.....
Yours and the personal info of 77 million other people. It's not a pleasant thought, but honestly, what would anyone do with that quantity of information?
On April 28 2011 03:04 Crying wrote: Dont worry about your Info,Credit Card and so on,because the group that did this isnt there for the information,it is there because of just ruining Sony
On April 27 2011 21:32 maJes wrote: From what I gathered, they stored everything as plain-text.
As a developer this makes me facepalm on so many levels.
I'll be interested to see what the implications are for Sony internationally, given that here in the UK we have this little thing called the Data Protection Act which REQUIRES you to store sensitive data encrypted.
77 Million accounts means they had to have stored it in plain text.
Either way though cracking an encryption that most companies use is quite easy, they just wouldn't have access to all the accounts as quickly.
On April 28 2011 03:04 Crying wrote: Dont worry about your Info,Credit Card and so on,because the group that did this isnt there for the information,it is there because of just ruining Sony
Right because you can say this with utter authority. I wouldn't trust anyone who has broken the law to not break it again, especially since a tremendous increase in personal wealth is easily within their grasp by selling the information. Please back yourself up with evidence to make such a claim.
On April 28 2011 03:04 Crying wrote: Dont worry about your Info,Credit Card and so on,because the group that did this isnt there for the information,it is there because of just ruining Sony
A total of $300 was taken from my debit card on Saturday. However, my bank called me to notify me of a suspicious transaction and they confirmed it was indeed a fraudulent withdrawal. I’ve had to cancel my card and order a new one which the bank will transfer my previous account’s money into. The thing isI worry that many users who linked their bank accounts with their PSN account are in serious danger; I hope they all call their banks to immediately take action and prevent any fraudulent withdrawals.
On April 28 2011 03:04 Crying wrote: Dont worry about your Info,Credit Card and so on,because the group that did this isnt there for the information,it is there because of just ruining Sony
Who the hell in their right mind would not worry that their credit card was stolen?
A total of $300 was taken from my debit card on Saturday. However, my bank called me to notify me of a suspicious transaction and they confirmed it was indeed a fraudulent withdrawal. I’ve had to cancel my card and order a new one which the bank will transfer my previous account’s money into. The thing isI worry that many users who linked their bank accounts with their PSN account are in serious danger; I hope they all call their banks to immediately take action and prevent any fraudulent withdrawals.
I'd guess that the people who stole the data is keeping up to date with the news and realize they would need to capitalize on the personal information now before it becomes obsolete.
This is the one thing I never understood about the whole online gaming scene with platforms. Perhaps it's just because of my age, and to me a platform was for at-home, friends and family in the same room, sort of stuff; but really, when you get a console these days they want to know so much info - just to play a few games online?
E-mail address, home address, name, account name, passwords, yadda, yadda - and that's not even including the stuff they want if you choose to make a purchase. I always thought it seemed really sketchy and I guess now I know why.
I know some of that info seems pretty insignificant but the whole "Real ID" fiasco with battle.net, SC2 and WoW, really pointed out how much info you can gather on someone from just a name alone.
I think the companies that make these decisions to gather all this info would be better off being run by tech-savvy teens and 20-somethings who actually have a clue what's at risk
On April 27 2011 21:32 maJes wrote: From what I gathered, they stored everything as plain-text.
This sentence alone made me laugh so fucking hard for 5 minutes.
It's really surprising how badly the devs failed on the PS3... Isn't it common sense to at least encrypt personal information of your own customers so they don't get assraped by stuff like this?
Is there any more information about who conducted the attack? Was it anonymous again? I remember them saying that they wouldn't attack the customers directly but the timing seems suspicious.
This is the one thing I never understood about the whole online gaming scene with platforms. Perhaps it's just because of my age, and to me a platform was for at-home, friends and family in the same room, sort of stuff; but really, when you get a console these days they want to know so much info - just to play a few games online?
E-mail address, home address, name, account name, passwords, yadda, yadda - and that's not even including the stuff they want if you choose to make a purchase. I always thought it seemed really sketchy and I guess now I know why.
I know some of that info seems pretty insignificant but the whole "Real ID" fiasco with battle.net, SC2 and WoW, really pointed out how much info you can gather on someone from just a name alone.
I think the companies that make these decisions to gather all this info would be better off being run by tech-savvy teens and 20-somethings who actually have a clue what's at risk
Corporations enjoy having control over as much of your personal information as possible. By in large it benefits their marketing efforts since they can obtain demographic information directly from users. They can send you targeted ad materials and promotions via email or snail mail. But they also need address and other identifying information for you to make a credit card purchase. In the end, it shouldn't matter that much, since the corporation is not allowed to sell your information to a third party without your permission. When shit goes down like this, do you regret the money paid and time spent on PSN? I wouldn't. Instead I'd be angry as hell at Sony for allowing something like this to happen.
The suit was filed today on behalf of Kristopher Johns, 36, of Birmingham, Ala., in the U.S. District Court for the Northern District of California. Johns accuses Sony of not taking "reasonable care to protect, encrypt, and secure the private and sensitive data of its users."
He also believes Sony took too long to notify him and other customers that their personal information had been exposed. Because of that, the complaint alleges, Sony did not allow its customers "to make an informed decision as to whether to change credit card numbers, close the exposed accounts, check their credit reports, or take other mitigating actions."
The lawsuit is asking for monetary compensation and free credit card monitoring, and is seeking class action status.
And it's just the beggining. I would strongly advice to whoever has a PS3 to take measures to avoid even bigger problems.
On April 28 2011 03:04 Crying wrote: Dont worry about your Info,Credit Card and so on,because the group that did this isnt there for the information,it is there because of just ruining Sony
ya.....id be worried that someone I haven't authorized has my CC address, name, etc.....
Yours and the personal info of 77 million other people. It's not a pleasant thought, but honestly, what would anyone do with that quantity of information?
identity theft is alive and kicking and this is a wet dream for the scum that do it. Basically all the info you would ever need but 77 million different id's. It's been validated through a trusted 3rd party as well(Sony) so you know it's legit.
Fuck. Despite the fact that I like the PS3 more than Xbox, I must take the switch unless Sony comes up with some top notch spoiling for us PSN'ers, red roses and a box of chocolate, or it's game over. But damn, Nintendo and Microsoft must be clapping in their small hands now. King of consoles are down on their knees.
Time to buy all that junk that you should've had when you bought the Xbox360 the first time, I believe.
The fact, that security was breached - it happens. Some new mean amount of god like hackers will eventually break through, but they hesitate to tell the customers which CCs and highly personal (and at times valuable) information is obtainable? Jesus christ, Sony.
On April 28 2011 02:12 wei2coolman wrote: This is why I'm a PC gamer, lulz :D, I can't believe the PSN was hit so damn hard... Hopefully they get their shit together.
I wonder what would be your answer if Bnet or Steam accounts were hacked...
Probably the same, people aren't required to have Steam/Battlenet to play some games online. I don't own SC2 but the Warcraft 3 Bnet-account doesn't even contain any sensitive information.
On April 28 2011 00:33 Daliniues wrote: Also with nintendo's new "hardcore console" It could have been them, there would most certainly be a market for it after this. It doesn't have to be Microsoft.
Nah, it was obviously a joint operation by Microsoft and Nintendo
Why are so many people jumping to the conclusion that the data was not encrypted? To use it you need to decrypt it so the crackers may just have gotten their hands on the keys and decrypted the information. It's obviously also extremely bad, but not exactly the same thing. Or, as someone else has also suggested, listened in to the traffic in Sony's internal network, which might not have used SSL. SSL only protects the data from your end of the connection to the server end, to avoid someone listening in when it crosses (usually) the Internet.
Analogously passwords and other information could have been stolen not because they were stored in plain text but because of compromised login software. I am sure after the investigation they will know, but possibly the public/customers never will...
I have requested a new CC and I suggest you do too. If the information is out there it might not be used at once, but in a year or two.
On April 28 2011 03:42 Roeder wrote: Fuck. Despite the fact that I like the PS3 more than Xbox, I must take the switch unless Sony comes up with some top notch spoiling for us PSN'ers, red roses and a box of chocolate, or it's game over. But damn, Nintendo and Microsoft must be clapping in their small hands now. King of consoles are down on their knees.
Time to buy all that junk that you should've had when you bought the Xbox360 the first time, I believe.
The fact, that security was breached - it happens. Some new mean amount of god like hackers will eventually break through, but they hesitate to tell the customers which CCs and highly personal (and at times valuable) information is obtainable? Jesus christ, Sony.
y u no think t.t
King of consoles? Nintendo has been comfortably in that seat since....ever.
Sony royally fucked up with this one. I'm really, REALLY curious to see what the long-term implications are for their business.
On April 28 2011 04:20 Trowabarton756 wrote: bankruptcy?
believe it or not sony does more than sell gaming consoles. i doubt this will greatly affect their place in other markets.. especially considering the ps3 isn't exactly a household item, let alone this whole psn debacle.
regardless i'm shocked it took them so long to get the warning out there, and i'm going to request a new CC tonight.
Hold on. Let's say I bought something once online from the PS3 store. Was there an option to store the credit card info, or does it store automatically? o_O
On April 28 2011 04:36 blahman3344 wrote: Hold on. Let's say I bought something once online from the PS3 store. Was there an option to store the credit card info, or does it store automatically? o_O
On April 28 2011 04:36 blahman3344 wrote: Hold on. Let's say I bought something once online from the PS3 store. Was there an option to store the credit card info, or does it store automatically? o_O
It would all be stored automatically on the system I would think.. sue sue sue!!
On April 28 2011 04:36 blahman3344 wrote: Hold on. Let's say I bought something once online from the PS3 store. Was there an option to store the credit card info, or does it store automatically? o_O
automatically in your transaction history.
Well then...this may be bad for me. Time to take action. o_O
if EA would actually get their asses up and release a nice version of FIFA which is not the 1 year older version of the actual release i would not even own a ps3 -.-
On April 28 2011 04:36 blahman3344 wrote: Hold on. Let's say I bought something once online from the PS3 store. Was there an option to store the credit card info, or does it store automatically? o_O
automatically in your transaction history.
Well then...this may be bad for me. Time to take action. o_O
Not all of your data may of been stored, it could of just been the actual CC card/Exp without the 3 digit security code, that said, there is only a finite amount of 3 digit codes....given enough time a computer could find it with a brute force attempt.
How would one sue Sony? The information was stolen, not lost. I'm not much of a hacker, nor do I know much about it, but I'm sure that with enough determination anything could be hacked, no matter the security measures in place.
Some blog has got what appears to be an IRC transcript of intruders into the PSN network discussing their hack. It looks pretty authentic to me.
If the transcript is authentic, it's reassuring that the hackers don't seem to be criminals out to steal your personal details, just nerds having some fun breaking into computers. What's scary - and the hackers seem as perturbed as everyone else - is how lax Sony's security is. They went to great lengths to DRM the hell out of the Playstation 3, and then used it to store people's credit card details in plaintext on an unpatched webserver on the internet. What were these morons thinking?
On April 28 2011 05:16 Ym1r wrote: How would one sue Sony? The information was stolen, not lost. I'm not much of a hacker, nor do I know much about it, but I'm sure that with enough determination anything could be hacked, no matter the security measures in place.
You can absolutely be sued for being an idiot or lazy. The online translator I used translates the German law term as "due diligence". I guess Sony can be sued for saving the data and passwords in plain text. This is just lazy programming and the hours of work needed are in no way comparable to the headache the worst case scenario that happened is now producing. It perhaps also can be argued that they did not have enough security against whatever hacking occurred. [What the hackers did was of course illegal, too.]
so they got 77million peoples data. lets say theres 10million credit card #s in that which isnt unreasonable imo. even if they cant hack the cvcs (which i dont know anything about but they hacked psn so it isnt impossible) they have a ~1/333 shot at randoming correctly. so pure math says theyre going to have ~30000 working credit cards at their disposal. glad i dont have a ps3 but if i did i would cancel my cc.
Negligence is something that large corporations have been sued for successfully in the past. It's pretty likely that Sony is going to settle. They have no defense in court if they actually are in violation of the Payment Card Industry Data Security Standard.
On April 28 2011 04:20 Trowabarton756 wrote: bankruptcy?
In Starcraft terms, its like a terran player having his expansion attacked. He lifts his command center and he loses half his scvs there..... but he has like 6 other expansions already up and running. So financially he's just a little bit slowed.
How did Sony manage to screw up this big? I could understand if it came from a beta project that has no security, but the PS3 has been out for like 5 years. They should have known better and done more to taken care of their network. Or at least encrypted the data. This isn't 1990.
And a Credit Card will now be changed tomorrow at the branch. Who else is with me?
On April 28 2011 07:37 TOCHMY wrote: I bought a few PSP games via Media Go. Do you guys think this is affected to? I mean with the theft of credit card, personal info and what not.
and yes, since the entire PSN has been compromised I would be safe and say yes.
I'm glad I'm a PSN card user. The worst that happens to me is likely I lose my account and therefore access to the games I've already bought and Downloaded. they have my address too (i think I gave the real one), but I'm not too worried about that.
fuck. fuck. Well it's not like the data there is authentic. When I signed up the Philippines wasn't an option for a country so I just BS'ed my way through the data they needed. I don't recall giving credit card details because I don't own one. I think I'm pretty safe. I just have to guard my email.
Huge huge hit on Sony. They weren't even encrypted? Ouch.
Like one or more here said, big facepalm. Better go to the bank ASAP, I got my card canceled anyways, right before this happen (because I lost the card) lucky =D
Well, I'm glad i lied about all the information on that and any credit card info is useless because it was used so long ago the credit card I had on it was canceled after being robbed at gunpoint...
To all the people suggesting a class action lawsuit, it apparently isn't a likely option anymore. According to a new supreme court decision, a corporation can now block any attempts by customers to form a group intending to sue (5-4 Republican split lolwut). So, while they could still be sued, the cases would have to be individually arbitrated. Here's the link to the court decision for those interested: http://www.latimes.com/business/sc-dc-0428-court-class-action-web-20110427,0,1239412.story
Realistically, there's nothing Sony can do to rectify this situation. There is no freebie, no gesture of goodwill that Sony can do that will placate the masses. 77 million users' info was compromised; right now the only people who even have the meanest faith left in Sony is the SDF full of kiddies and people who don't live in the real world, where identity theft--especially potential theft of CC info--is a major concern. The fact that they didn't tell anyone about it in a timely manner also put the nail in their coffin. There's nothing Sony can do here. There is no "equally decent thing"; NOTHING measures up to having information that could negatively impact your entire life stolen out from under a company you entrusted to hold said information secure, in good faith.
Like clockwork, the first lawsuit resulting from the security breach of the personal data of more than 75 million Sony PlayStation Network customers has been filed.
The suit was filed today on behalf of Kristopher Johns, 36, of Birmingham, Ala., in the U.S. District Court for the Northern District of California. Johns accuses Sony of not taking "reasonable care to protect, encrypt, and secure the private and sensitive data of its users."
He also believes Sony took too long to notify him and other customers that their personal information had been exposed. Because of that, the complaint alleges, Sony did not allow its customers "to make an informed decision as to whether to change credit card numbers, close the exposed accounts, check their credit reports, or take other mitigating actions."
The lawsuit is asking for monetary compensation and free credit card monitoring, and is seeking class action status.
On April 28 2011 14:56 kaisen wrote: Realistically, there's nothing Sony can do to rectify this situation. There is no freebie, no gesture of goodwill that Sony can do that will placate the masses. 77 million users' info was compromised; right now the only people who even have the meanest faith left in Sony is the SDF full of kiddies and people who don't live in the real world, where identity theft--especially potential theft of CC info--is a major concern. The fact that they didn't tell anyone about it in a timely manner also put the nail in their coffin. There's nothing Sony can do here. There is no "equally decent thing"; NOTHING measures up to having information that could negatively impact your entire life stolen out from under a company you entrusted to hold said information secure, in good faith.
On April 28 2011 15:08 backtoback wrote: I think it is from microsoft not anon. It is all speculations atm though :/
Don't forget Nintendo.
I did last evening cancel my CC, just to be careful. When I called to the service, it seemed many others are doing same thing. Customer service lady said its not first case of exact same reason at same day and usually they don't have any waiting time in that service, now it was 10 minutes.
1 week without CC won't kill me, but still its nuisance.
Lol @ people saying this is the end of Sony. Revenues from PSN or PlayStation are just a small part of this company. This issue is bad press but they will be prepared for it to minimize the blow, and it's nowhere near "ending" or "done".
so what is everyone doing who has their credit card information stored? are you waiting it out, see if there's any stories of people losing cash or are you preemptively changing your CC number?
Long time since I used PS3 and PSN but I am sad to hear they and 77mil of people got pwn't by incompetence.
Anyway, I can't remember which info was required by PSN for account creation, standard stuff like Name, Country, Address, Mail? If that's the case, then hackers got information that is available on Facebook pages of most of those 77 mil of people.
On the bright side, once all this shit is done with it's all but guaranteed that Sony will be making sure they're massively more secure.
If anything, it's taking so long to come back up because the guys that are rebuilding the PSN are finding it hard to code quickly while constantly facepalming.
Of course wasn't Microsoft, Nintendo, or even a company within the industry. The shit storm that would happen if someone could prove it isn't even remotely worth the risk - especially since both of those companies are already beating Sony pretty handily at the moment.
aw my Cute PS3, so far the mail adress I use in the PSN is just for the PSN, and my password is different from the other, so I dont have to fear anything. But, thats sad, why Sony? ;_;. At least it will have one advantage massive security, and I dont think that it will harm the PS3 much, so far I know did they hack a few years ago the Xbox360 thing, too.
On April 28 2011 18:24 whiterabbit wrote: Long time since I used PS3 and PSN but I am sad to hear they and 77mil of people got pwn't by incompetence.
Anyway, I can't remember which info was required by PSN for account creation, standard stuff like Name, Country, Address, Mail? If that's the case, then hackers got information that is available on Facebook pages of most of those 77 mil of people.
CC info is different stuff tho.
Just received an e-mail from sony about it, naam, adres (stad, provincie, postcode), land, e-mail adres, geboortedatum, PlayStation Network/Qriocity wachtwoord en login en gebruikersnaam/PSN online id.
so thats: name, adress ( city, province, postcode), country, e-mail, date of birth PSN pass and log in and PSN online ID.
On April 28 2011 20:21 Qzy wrote: The disadvantage of monopoly: Everything is stored 1 place... Support pc, not consoles.
Easy.
This is not really a good argument for PC vs consoles because this could as well happen to any company selling stuff over the net. Hell just think aout WoW subscribers. Hackers could get that aswell. If blizzard had as bad security as PSN have that is. So yeah, support secure transactions and not Sony.
On April 28 2011 11:55 Subversion wrote: Was this Anonymous' work?
Anon would never do something that breaches user privacy. It's actually what they fight against.
It's funny that you think a bunch of twelve year old Japanophiles have any type of cohesive philosophy. God I'm so sick of this Anonymous-is-cogent crap. How can people be this bad at the Internet?
On April 28 2011 20:21 Qzy wrote: The disadvantage of monopoly: Everything is stored 1 place... Support pc, not consoles.
Easy.
This is not really a good argument for PC vs consoles because this could as well happen to any company selling stuff over the net. Hell just think aout WoW subscribers. Hackers could get that aswell. If blizzard had as bad security as PSN have that is. So yeah, support secure transactions and not Sony.
It's not a question of PC vs console, it's a question of monopoly. It's gray-area-illegal and should not be supported.
On April 28 2011 11:55 Subversion wrote: Was this Anonymous' work?
Anon would never do something that breaches user privacy. It's actually what they fight against.
It's funny that you think a bunch of twelve year old Japanophiles have any type of cohesive philosophy. God I'm so sick of this Anonymous-is-cogent crap. How can people be this bad at the Internet?
On April 28 2011 19:23 Vortok wrote: On the bright side, once all this shit is done with it's all but guaranteed that Sony will be making sure they're massively more secure.
thing that i find ironic is the people who deliberately didnt update firmware so they can run pirate wares on the console and circumvent the security, are all fine.
the only people screwed are actually the paying customers.
wow... i have a 360 and im glad i do, the first thing before i bought a console was which one should i get? i knew ps3 had free online, but i asked myself why it was free?...i didnt take the risk..and alot of my friends played 360, alot of them even said the online is better, as in ui and stuff, so i trusted them and spent the 99nzd a year to get online... i feel like a god right now for not buying a ps3
also...im assuming the ps3 vs. xbox thing is settled now? xD
not a fanboy of both kuz sc2 is ftw...but just sayin, 360 fanboys are gunna crush the ps3 ones xD
On April 28 2011 20:50 vertigo1 wrote: thing that i find ironic is the people who deliberately didnt update firmware so they can run pirate wares on the console and circumvent the security, are all fine.
the only people screwed are actually the paying customers.
That's pretty much always the case, nothing new about it.
I'm not surprised this happened to Sony at all, anything connected to the internet is not secured. You can make it very secure and encrypt the data, but hackers can still get to that data. The thing that kills security teams in companies is phishing emails. With those simple phishing emails, they can then plant backdoors and traps to gain access into the employee's machine, then they can work there way up to get an admin password and etc.
A lot of people are being exposed right now and we will only see more. RSA was caught by a simple phishing attempt on their employees, Krogers got all their customer's names and emails stolen.....
The funny thing is people are reacting that it took Sony a week to find out what was stolen...
At the company I work at now, we still find traces of data that was stolen last year... The CERT team here was only started about 3 years ago, so they are still trying to go through thousands of servers. The company is starting to really invest in security, as they do realize we are having million dollar blueprints stolen from China and Russia.
We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:
1) Temporarily turned off PlayStation Network and Qriocity services;
2) Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
3) Quickly taken steps to enhance security and strengthen our network infrastructure by rebuilding our system to provide you with greater protection of your personal information.
We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
For your security, we encourage you to be especially aware of email, telephone and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them as well.
To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it: - U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228.
- We have also provided names and contact information for the three major U.S. credit bureaus below. At no charge, U.S. residents can have these credit bureaus place a "fraud alert" on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below:
- You may wish to visit the website of the U.S. Federal Trade Commission at www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania Avenue, NW, Washington, DC 20580 for further information about how to protect yourself from identity theft. Your state Attorney General may also have advice on preventing identity theft, and you should report instances of known or suspected identity theft to law enforcement, your State Attorney General, and the FTC. For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone (877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202; telephone: (888) 743-0023; or www.oag.state.md.us.
We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at 1-800-345-7669 should you have any additional questions.
Sincerely,
Sony Computer Entertainment and Sony Network Entertainment
Meh....gonna be calling my bank later on to get my credit card changed now I guess. :/
On April 28 2011 11:55 Subversion wrote: Was this Anonymous' work?
Anon would never do something that breaches user privacy. It's actually what they fight against.
You don't think one of them has their sticky fingers on the creditcard database?
They might 'fight' some good causes (love the Westboro and Scientology), but don't see all of them as complete saints. They're anonymously - with good comes bad.
On April 28 2011 21:23 SpaceFighting wrote: also...im assuming the ps3 vs. xbox thing is settled now? xD
not a fanboy of both kuz sc2 is ftw...but just sayin, 360 fanboys are gunna crush the ps3 ones xD
Why is that? Despite the security breach (which is outrageous and they should be spanked for it) - hardware wise and in general the PS3 beats the Xbox still, I think.
Now this is nowhere near in this thread, so I'm just going to stop, but seriously.
On April 28 2011 20:21 Qzy wrote: The disadvantage of monopoly: Everything is stored 1 place... Support pc, not consoles.
Easy.
This is not really a good argument for PC vs consoles because this could as well happen to any company selling stuff over the net. Hell just think aout WoW subscribers. Hackers could get that aswell. If blizzard had as bad security as PSN have that is. So yeah, support secure transactions and not Sony.
It's not a question of PC vs console, it's a question of monopoly. It's gray-area-illegal and should not be supported.
I don't really see what that has with the topic to do then... and also it is a oligopoly not monopoly, which also is more or less the case for pc.
On April 28 2011 12:07 brijan wrote: How is it possible to do anything with the CC details if they don't have a CVC number? Random guessing?
There are places where you can buy stuff without the ccv.
Also it shouldn't matter if the creditcard numbers where hashed since they are kinda easy to brute force. (0-9, 16 characters and on some cards the first 4 are identical.)
This is honestly a minor pain in the ass at best. It's alarming that Sony stored shit the way they did, but if someone is capable of getting this far, one extra step to get to our personal info isn't going to stop them. In any case, all this means is that we should replace our CCs/Debits and be done with it.
Wow, this news is huge. I'm so glad I don't have a PS3, but I feel very sorry for everyone who does, and also a bit for Sony - although they are idiots for letting this happen in the first place.
Was my personal data encrypted? A: All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.
I went and got my card cancelled and reordered just in case (Now to find a way to buy things...), but I hardly blame Sony for this. It's not like they handed the info to the hackers on a platter. Well, my personal info, but what do I care, they could google search that info.
I wonder if this conflicts with things like Netflix in terms of privacy issues. Just to be the safe side, I had my parents check their accounts just in case as well.
Man, I don't even want to check my own at this rate that this is going downhill...
I'm even more afraid to know what happens when they do figure out all this stuff and how much backlash there is going to be.
Credit Card table was encrypted and the other data doesn't even matter much (I assume passwords were also encrypted)
Somehow it's all Sony's fault? Anything can be hacked. This week, it was Sony, next week it could be anyone else. I can assure you that a lot of people still use md5, something that is now easily broken. It doesn't even matter.
Oh well, the burden *should* fall on Sony, but in no way is it completely their fault.
(also, funny how people use this to justify their choice to buy an Xbox 360 - the console that has had so many hardware failures - with this thread.)
Hmm,this can be a lesson to all of us to make a different credit card for internet games.Fill it with money just about to buy the things/pay subscriptions.Never set up your main credit card in a website
On April 29 2011 01:21 Aerakin wrote: Wow, some of you people are just... stupid.
Credit Card table was encrypted and the other data doesn't even matter much (I assume passwords were also encrypted)
Somehow it's all Sony's fault? Anything can be hacked. This week, it was Sony, next week it could be anyone else. I can assure you that a lot of people still use md5, something that is now easily broken. It doesn't even matter.
Oh well, the burden *should* fall on Sony, but in no way is it completely their fault.
(also, funny how people use this to justify their choice to buy an Xbox 360 - the console that has had so many hardware failures - with this thread.)
Sony is critizised for the minimum effort they put into security. Credit card info was preatty much the only thing they had encrypted, passwords etc was stored as plain text. And that is going by what Sony says. Sony has been doing some shady things like collecting unrelated data whitout consent and installing rootkits on PCs to spy (with the excuse "it's anti-piracy!").
<user2> all connected devices return values sent to sony server <user2> example: <user3> user2: Debug models of course <user2> ><info category="76">32'' TFT-TV</info><info category="77">OEM</info><info category="88">release</info><info category="89">cex</info>
<user2> for example: <user2> creditCard.paymentMethodId=VISA&creditCard.holderName=Max&creditCard.cardNumber=4558254723658741&creditCard.expireYear=2012&creditCard.expireMonth=2&creditCard.securityCode=214&creditCard.address.address1=example street%2024%20&creditCard.address.city=city1%20&creditCard.address.province=abc%20&creditCard.address.postalCode=12345%20 <user2> sent as plaintext ... <user2> normally you ATLEAST enccrypt the securtity code, even if its ssl <user5> id hope sony would do such in a safe manner <user5> psn cards probably plain text to then <user2> fake certs are known since years as vuln so companies encrypt such data twice normally <user2> but hey its sony --> its a feature
<user2> i know a few guys who worked @ sony's psn backend. just when the ps3 was released we talked bout the first psn, at this time ALL was http and unencrypted. so you could see userpass etc plain. i asked em why is it that way. lame answer was "we thought it was adressed." - lol
So now that all of our information is out there, I guess there's no way to get it back. So, what, do we all just get screwed? We have to go and change our credit cards because Sony put virtually no effort into their security? Someone break it down for me, because I'm pretty mad...
On April 29 2011 02:12 RoosterSamurai wrote: So now that all of our information is out there, I guess there's no way to get it back. So, what, do we all just get screwed? We have to go and change our credit cards because Sony put virtually no effort into their security? Someone break it down for me, because I'm pretty mad...
If you wanna really be safe I would.
I was one of those lazy people who has the same password for everything, so I literally changed at least 20 passwords that were important. I never knew about keepass until this all happened, so having 25 digit passwords is cool.
Like Sony said, they aren't sure if the credit card info was taken, but I chose to not risk it and got a new card ordered.
If you remember your PSN password and it's the same as any other password you use, it's very highly recommended that you change those.
I'm kinda upset too, but I was just fortunate that none of my funds had been touched, or my e-mail hadn't been hacked into yet. So I don't have much to be furious about.
So far so good, nothings been touched of mine. I did go ahead and order a new debit card though, I am not taking Sony's word that the card numbers didn't go out, and then possibly get screwed weeks/months from now.
On April 29 2011 02:12 RoosterSamurai wrote: So now that all of our information is out there, I guess there's no way to get it back. So, what, do we all just get screwed? We have to go and change our credit cards because Sony put virtually no effort into their security? Someone break it down for me, because I'm pretty mad...
If you wanna really be safe I would.
I was one of those lazy people who has the same password for everything, so I literally changed at least 20 passwords that were important. I never knew about keepass until this all happened, so having 25 digit passwords is cool.
Like Sony said, they aren't sure if the credit card info was taken, but I chose to not risk it and got a new card ordered.
If you remember your PSN password and it's the same as any other password you use, it's very highly recommended that you change those.
I'm kinda upset too, but I was just fortunate that none of my funds had been touched, or my e-mail hadn't been hacked into yet. So I don't have much to be furious about.
Well, I don't really remember my PSN password, as I haven't been online in over 6 months (YLOD)...But I could probably guess it if I had to. I guess I'll need to be ordering a new debit card, too. x.x My faith in Sony has been shaken to the core. I used to debate to the death how far superior Sony was to Microsoft. And now I don't even want to think about it.
We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:
1) Temporarily turned off PlayStation Network and Qriocity services;
2) Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
3) Quickly taken steps to enhance security and strengthen our network infrastructure by rebuilding our system to provide you with greater protection of your personal information.
We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
For your security, we encourage you to be especially aware of email, telephone and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them as well.
To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it: - U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228 .
- We have also provided names and contact information for the three major U.S. credit bureaus below. At no charge, U.S. residents can have these credit bureaus place a "fraud alert" on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below:
- You may wish to visit the website of the U.S. Federal Trade Commission at www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania Avenue, NW, Washington, DC 20580 for further information about how to protect yourself from identity theft. Your state Attorney General may also have advice on preventing identity theft, and you should report instances of known or suspected identity theft to law enforcement, your State Attorney General, and the FTC. For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone (877) 566-7226 ; or www.ncdoj.gov. For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202; telephone: (888) 743-0023 ; or www.oag.state.md.us.
We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at 1-800-345-7669 should you have any additional questions.
Sincerely,
Sony Computer Entertainment and Sony Network Entertainment
On April 29 2011 01:21 Aerakin wrote: Wow, some of you people are just... stupid.
Credit Card table was encrypted and the other data doesn't even matter much (I assume passwords were also encrypted)
Somehow it's all Sony's fault? Anything can be hacked. This week, it was Sony, next week it could be anyone else. I can assure you that a lot of people still use md5, something that is now easily broken. It doesn't even matter.
Oh well, the burden *should* fall on Sony, but in no way is it completely their fault.
(also, funny how people use this to justify their choice to buy an Xbox 360 - the console that has had so many hardware failures - with this thread.)
Blaming Sony for their incompetence does not meant it's all Sony's fault. What else do you expect people to say after their information is stolen? "Good job Sony, at least our virginity is safe"?
This is one of the largest data security breach in history, and it doesn't happen every week, so behave all fanboy like doesn't help anyone.
Looks like there is some light in this mess! "Credit card companies find no PSN-related activity, all eyes on Hirai" Wells Fargo, American Express, and MasterCard say there's no unauthorized activity tied to leak; debacle may affect executive's succession to Sony's top spot; Sony shares sink 4.5%. + Show Spoiler +
As the PSN outage and data leak drag on, Bloomberg has posted a pair of articles that add to the ongoing saga. First, the news service reports that financial companies Wells Fargo, American Express, and MasterCard have seen "no unauthorized activity relating to Sony." The news comes shortly after Sony announced that all PSN credit card information had been encrypted during the time of the leak, and that there was "no evidence" that any had been stolen.
The credit card companies' revelation is a rare bright spot in the crisis, which is weighing heavily on the brow of one particular Sony executive. Bloomberg also reports that Kaz Hirai, who became head Sony's entire consumer electronics business on April 1, is under a magnifying glass to see how he handles the ongoing debacle. The scrutiny is particularly intense as Hirai has extolled a plan to use the PlayStation Network as the basis of a content store that will extend to other Sony devices such as HDTVs and Blu-ray players.
"Almost everything Hirai has been trying to do has an element of network," Mitsubishi UFJ Morgan Stanley Securities analyst Masahiko Ishino told the news service. "Sony's strategy to connect its products through network is very crucial for the company’s transformation. Sony may struggle if the business gets disrupted."
How Hirai copes with the PSN outage--which has already sparked government investigations and civil lawsuits--will likely affect his chances of succeeding current Sony Corp. CEO Sir Howard Stringer. As part the announcement of Hirai's promotion, Stringer himself said that he was the frontrunner. "This is an opportunity for the board to watch Hirai-san and judge his performance," said Stringer.
Unfortunately for Sony, the market is already weighing in on the PSN outage. Today, Sony shares fell 4.5 percent to 2,260 ($27.71) on the Tokyo Stock Exchange. It was the largest decline for the company since the tragic earthquake and tsunami hit Japan in mid-March.
On April 29 2011 03:56 Xeofreestyler wrote: I am so glad that I got a nintendo 64 instead of a playstation when I was a kid right now
I'm glad I went for a playstation instead. You certainly missed out. This is only a small problem, Sony has the tools and money to fix it, we just all have to be patient.
On April 29 2011 03:56 Xeofreestyler wrote: I am so glad that I got a nintendo 64 instead of a playstation when I was a kid right now
I'm glad I went for a playstation instead. You certainly missed out. This is only a small problem, Sony has the tools and money to fix it, we just all have to be patient.
how can they fix this problem with money? I mean they are not gonna buy the stolen data back
I really hope they learn from this incident, lets hope it won't happen again.
On April 29 2011 03:56 Xeofreestyler wrote: I am so glad that I got a nintendo 64 instead of a playstation when I was a kid right now
I'm glad I went for a playstation instead. You certainly missed out. This is only a small problem, Sony has the tools and money to fix it, we just all have to be patient.
how can they fix this problem with money? I mean they are not gonna buy the stolen data back
I really hope they learn from this incident, lets hope it won't happen again.
I hope that all companies providing an online service like this, be is XBL, wii store, paypal, etc learn from this. If they are taking a lax stance towards securing our data, then I hope this scares them all into being much more defensive with our personal data.
I really don't doubt that this event will affect how many people will buy a PS4 when/if it comes out.
Can I... Can I play my games now? seriously sony. I dont care if we all have to sign in under temporary username XXXXXX-2 or something, why is connecting to the internet through our console IMPOSSIBLE without our personal data? Have they really lost 'control' of their servers?? Should i ACTUALLY sell my ps3??
The folks over at the PSX-Scene forums are reporting that over 2.2 million customers' names, addresses, phone numbers and credit/debit card information is up for grabs to the highest bidder, including the crucial three digit CVV2 numbers.
Kevin Stevens, a Security Researcher, has been following the story and tweeted earlier, "Supposedly the hackers selling the DB says it has: fname, lnam, address, zip, country, phone, email, password, dob, ccnum, CVV2, exp date", but added that "it is not a rumor, it was a conversation on a criminal forum."
On April 29 2011 03:56 Xeofreestyler wrote: I am so glad that I got a nintendo 64 instead of a playstation when I was a kid right now
I'm glad I went for a playstation instead. You certainly missed out. This is only a small problem, Sony has the tools and money to fix it, we just all have to be patient.
Umm... Playstation1 wasn't even close to N64. Nowadays, PS3 > Wii, sure.
Anyways, all my friends who have PSN and all this jazz have been pissing themselves and freaking out... it's been terrible
On April 29 2011 03:56 Xeofreestyler wrote: I am so glad that I got a nintendo 64 instead of a playstation when I was a kid right now
I'm glad I went for a playstation instead. You certainly missed out. This is only a small problem, Sony has the tools and money to fix it, we just all have to be patient.
how can they fix this problem with money? I mean they are not gonna buy the stolen data back
I really hope they learn from this incident, lets hope it won't happen again.
I hope that all companies providing an online service like this, be is XBL, wii store, paypal, etc learn from this. If they are taking a lax stance towards securing our data, then I hope this scares them all into being much more defensive with our personal data.
I really don't doubt that this event will affect how many people will buy a PS4 when/if it comes out.
Believe me they learn, but it doesn't matter. Nothing is unhackable, if a man can program it, a man can reverse-engineer it. We need some Xel'Naga tech if we want to be safe
The Pentagon, the NASA etc has all been hacked. People should be aware that nothing is really safe on cyberspace, and consider that they are taking risk everytime information is put out there.
"The bulk of attacks on corporate and governmental computer networks go unreported because victims want to avoid the embarrassment and public scrutiny that come with acknowledging that their systems have been hacked.
Companies fear that their stock price might take a hit or that their brand might be damaged after news of an intrusion, said Jerry Dixon, a former government official who was instrumental in setting up the U.S. government's crime-fighting Computer Emergency Readiness Team.
"Everybody's network is getting hammered all the time," said Dixon, director of analysis at Team Cymru, a non-profit security research group."
"Security experts say that companies that are attacked remain silent most of the time.
For example, 85 percent of some 200 companies in electricity-producing industries said that their networks had been hacked, according to a survey released this month by security software maker McAfee Inc and the non-profit Center for Strategic and International Studies. Yet utilities rarely disclose such attacks.
One in four of those companies in the McAfee/CSIS study reported that they had been victims of extortion campaigns from hackers who had broken into their networks. (tinyurl.com/3vgp5us)
In many cases, intrusions go undetected by the victim company, leaving the firm and its customers completely unaware that criminals have access to their sensitive data.
"Everybody's data is at risk. We've all got to worry about our personal information, wherever it may be," said Josh Shaul, chief technology officer for Application Security Inc.""
Since everything is hackable and being hacked all the time, then Sony is even more culpable for not encrypting my personal data. At least give them an extra layer of trouble.... geeze. There is no excuse for that.
The folks over at the PSX-Scene forums are reporting that over 2.2 million customers' names, addresses, phone numbers and credit/debit card information is up for grabs to the highest bidder, including the crucial three digit CVV2 numbers.
Kevin Stevens, a Security Researcher, has been following the story and tweeted earlier, "Supposedly the hackers selling the DB says it has: fname, lnam, address, zip, country, phone, email, password, dob, ccnum, CVV2, exp date", but added that "it is not a rumor, it was a conversation on a criminal forum."
This is looking worse than i tought. Glad i cancelled my card but still T_T
I've been told that the CVV2 numbers weren't stored in Sony's servers. This is probably fake.
On April 29 2011 12:33 Kyrth wrote: Since everything is hackable and being hacked all the time, then Sony is even more culpable for not encrypting my personal data. At least give them an extra layer of trouble.... geeze. There is no excuse for that.
I agree, their security design seem to be pretty poor. I think they relied too much on the PS3 being unhacked in their thinking, very big mistake due to arrogance.
Forgetting to randomize your masterkey's integer is pretty stupid too.
Rumours are that Sony also had the main SSL key of PSN they use as a constant in a header file. It's terrible coding if true.
I'm just happy I never put my CC info on there. The only things I ever downloaded from PSN is a free demo and even then, I was never able to get my connection stable on my PS3 (probably has to do with opening ports, the PS3 gets kicked off my internet quickly) so it's definitely a bit lucky on my side.
Still unhappy about my personal information being there for hackers but it's not like you couldn't find it any other way.
On April 29 2011 13:04 noidontthinkso wrote: slowly im starting to get really angry how long do they fucking need to take this fucking ps3 server back online i want to change my fucking passwords
They said they aim for next week May 3rd I believe. They'll also make you (and everyone else) change your password when it goes online.
On April 29 2011 15:56 ShadeR wrote: So ps3 price drop in sight? i wanna buy one cheap for BF3.
BF3 on PS3? Come on dude! It's all about the PC.
Wholeheartedly agree PC is the way to go for any FPS. But i want to play a game with friends BW is a non option and most people i know own a console =S
OK, console gamers had it coming. This is the problem when EVERYTHING goes through one server, if it craps out, EVERYTHING is gone. This is like the equivalent of every game server going down while PayPal, Steam, and eBay simultaneously get hacked and info is stolen. This is why any system that funnels everything through one point is retarded. </rant> Anyway, anybody who tries to defend Sony by saying "Well the hackers did it not much Sony could do" Sony did the equivalent of setting the info written on post-its next to an open window in an office if the rumors are true and Sony stored the info in plaintext. They dun goofed, and I hope they pay.
On April 29 2011 03:56 Xeofreestyler wrote: I am so glad that I got a nintendo 64 instead of a playstation when I was a kid right now
I'm glad I went for a playstation instead. You certainly missed out. This is only a small problem, Sony has the tools and money to fix it, we just all have to be patient.
this right here is a major fan boyish comment (unless trolling) , this is a complete shitstorm not a small problem... sure they have the money/tools to fix it...but is it really necessary when all they had to do was to actually secure there shit?
On April 29 2011 03:56 Xeofreestyler wrote: I am so glad that I got a nintendo 64 instead of a playstation when I was a kid right now
I'm glad I went for a playstation instead. You certainly missed out. This is only a small problem, Sony has the tools and money to fix it, we just all have to be patient.
The sum of PS3 security, really interesting/scary clip if you have time to watch all of it.
Just got an email today from them, although I don't remember registering, perhaps I did for my PSP a long time ago. I was reading some things saying it will depend on the damage caused to determine the actual amount of money this is going to cost Sony. Regardless of how much it will cost them, I think they are ultimately going to lose some future business prospects or at least myself. If this turns out to be a lot worse than everyone expects I could see this being the start of Sony going out of business, or am I just being delusional?
You're not being delusional at all, apparently the current CEO was putting all his hopes and dreams into making all Sony's products rely on access to their network. People are not going to trust the network now with any sort of important data, so unless Sony finds a new path completely, they're in big trouble. Plus there is a lot of anger about their incompetence. Next generation when people see an Xbox with mostly the same cross platform games, a Nintendo with whatever it does, and a ps4 that's basically an Xbox + bad memories of a faceless corporation not even encrypting your personal info, sitting on known vulnerabilities for months, and then waiting a week to notify customers of the attack. What would you buy?
On April 29 2011 03:56 Xeofreestyler wrote: I am so glad that I got a nintendo 64 instead of a playstation when I was a kid right now
I'm glad I went for a playstation instead. You certainly missed out. This is only a small problem, Sony has the tools and money to fix it, we just all have to be patient.
Yeah, because getting all of your personal information stolen is only a "small problem".
On April 29 2011 20:46 Kyrth wrote: You're not being delusional at all, apparently the current CEO was putting all his hopes and dreams into making all Sony's products rely on access to their network. People are not going to trust the network now with any sort of important data, so unless Sony finds a new path completely, they're in big trouble. Plus there is a lot of anger about their incompetence. Next generation when people see an Xbox with mostly the same cross platform games, a Nintendo with whatever it does, and a ps4 that's basically an Xbox + bad memories of a faceless corporation not even encrypting your personal info, sitting on known vulnerabilities for months, and then waiting a week to notify customers of the attack. What would you buy?
Well, I was gonna say that I don't know about "out of business', that might even be assuming too much will come out of this, but if you're right about putting everything onto the network, Sony's in one hefty heap of shit. It'd be an icy cold day in hell before I'd trust the network now, especially if everything will one day connect to the network. Back to the drawing board for Sony executives, I suppose.
On April 29 2011 19:57 Pigsquirrel wrote: OK, console gamers had it coming. This is the problem when EVERYTHING goes through one server, if it craps out, EVERYTHING is gone. This is like the equivalent of every game server going down while PayPal, Steam, and eBay simultaneously get hacked and info is stolen. This is why any system that funnels everything through one point is retarded. </rant> Anyway, anybody who tries to defend Sony by saying "Well the hackers did it not much Sony could do" Sony did the equivalent of setting the info written on post-its next to an open window in an office if the rumors are true and Sony stored the info in plaintext. They dun goofed, and I hope they pay.
Well, your first statement isn't entirely true. We PC gamers would still have LAN =P A lot of stuff would have to happen to keep PC games from being played.
Hackers Claim to have 2.2 Million Credit Cards w/ CVVs
Kevin Stevens, a security analyst with Trend Micro, said in a tweet that "the hackers that hacked PSN are selling off the DB [database]. They reportedly have 2.2m credit cards with CVVs" - the latter being the three-figure number required for "card not present" transactions.
Stevens doesn't know this for a fact, but if you haven't cancelled your shit/changed your passwords yet. Please do.
edit: my mistake, this was posted a page back by monx.
Kevin Stevens, a security analyst with Trend Micro, said in a tweet that "the hackers that hacked PSN are selling off the DB [database]. They reportedly have 2.2m credit cards with CVVs" - the latter being the three-figure number required for "card not present" transactions.
Stevens doesn't know this for a fact, but if you haven't cancelled your shit/changed your passwords yet. Please do.
edit: my mistake, this was posted a page back by monx.
I don't remember PSN ever asking for my CVV. I'm very skeptical of this news.
Hackers Claim to have 2.2 Million Credit Cards w/ CVVs
Kevin Stevens, a security analyst with Trend Micro, said in a tweet that "the hackers that hacked PSN are selling off the DB [database]. They reportedly have 2.2m credit cards with CVVs" - the latter being the three-figure number required for "card not present" transactions.
Stevens doesn't know this for a fact, but if you haven't cancelled your shit/changed your passwords yet. Please do.
edit: my mistake, this was posted a page back by monx.
I don't remember PSN ever asking for my CVV. I'm very skeptical of this news.
It asks for it the first time you enter your credit card # as well as its expiry date. The first page of the process was
Name on Card CC # Expiry date CVV
Then once it verified that information you could progress to entering your address and the like. Or at least that is what it did for me, so I would believe if 1 user has to enter information one way everyone would. Note this was only asked of me once (as the information ties to your account until you change it) as such the CVV would be stored in their system as well.
Hackers Claim to have 2.2 Million Credit Cards w/ CVVs
Kevin Stevens, a security analyst with Trend Micro, said in a tweet that "the hackers that hacked PSN are selling off the DB [database]. They reportedly have 2.2m credit cards with CVVs" - the latter being the three-figure number required for "card not present" transactions.
Stevens doesn't know this for a fact, but if you haven't cancelled your shit/changed your passwords yet. Please do.
edit: my mistake, this was posted a page back by monx.
I don't remember PSN ever asking for my CVV. I'm very skeptical of this news.
It asks for it the first time you enter your credit card # as well as its expiry date. The first page of the process was
Name on Card CC # Expiry date CVV
Then once it verified that information you could progress to entering your address and the like. Or at least that is what it did for me, so I would believe if 1 user has to enter information one way everyone would. Note this was only asked of me once (as the information ties to your account until you change it) as such the CVV would be stored in their system as well.
Oh I think I remember that. Sigh.... I had better call my bank on monday and cancel my card. Damn hackers..... :S
Is there any way to know if my credit card was stored in their database? I attempted to enter in my credit card info about a month ago but it kept rejecting it. I googled the error, apparently it is common. I never actually successfully used my credit card so is this credit card in the clear? I'm too lazy to cancel it because I'm very dependent on online shopping and online goods
...the company is committed to helping its customers protect their personal data and will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs.
If the complimentary offer is to pay for ID theft protection then that's actually pretty respectable. If it's a complimentary offer to give users a link to a protection service that we have to pay for, then that's almost an insult.
Still, now they will encrypt data in the future. So that's a plus...
Sony's Kaz Hirai had a conference today about the situation: + Show Spoiler +
Sony has announced that the PlayStation Network and Qriocity services will be coming back online this week. When this week? Sony didn't specify. The restoration of the network will be implemented in phases between regions, so it won't all be back up at once and it was specified which regions will be getting the service back first. Expect a forced system software update once you sign in which will require all users to change their passwords.
The services you should expect to see back will include online game-play functionality for the PS3 and PSN, access to Qriocity, access to account management, access to un-expired movie rentals, PlayStation Home (THANK GOD), friends list and chat functions. The PlayStation Store, however, will still be down and is (vaguely) scheduled to be back sometime "this month."
To make up for the downtime, Sony will be offering a complimentary "Welcome Back" appreciation program for all PlayStation Network and Qriocity users. Sony will be giving out "selected PlayStation entertainment content for free download," 30 days free membership to PlayStation Plus for new and current PS Plus subscribers and 30 days free service to Qriocity subscribers. The "Welcome Back" offerings will be "rolled out over the coming weeks."
Here's what Sony has done to beef up security and what they're doing for everyone effected by the credit cards leaks.
First off, Sony is creating a new position of Chief Information Security Officer whom will be reporting directly to Shinji Hasejima, Chief Information Officer of Sony Corporation. On top of this, Sony worked closely with several security firms and have new security measures in place to detect intrusions to the network.
Some of the new security measures include "automated software monitoring and configuration management to help defend against new attacks," enhanced levels of data protection, encryption and software that can detect intrusions within the network. There's also more firewalls. You can never have enough firewalls. The company has even gone as far as moving to a new data center in a location that "has been under construction and development for several months."
As for any potential credit card thefts, Sony will provide users with complimentary assistance to enroll in identity theft protection services. Still, I'd recommend you all to cancel/update your cards if you haven't done so already.
One final note, and an obvious one at that, Sony is working with law enforcement agencies to track down and prosecute the individuals responsible for the illegal intrusion. Kaz Hirai spoke of the cyber attacks in a press release stating "These illegal attacks obviously highlight the widespread problem with cyber-security. We take the security of our consumers' information very seriously and are committed to helping our consumers protect their personal data.
In addition, the organization has worked around the clock to bring these services back online, and are doing so only after we had verified increased levels of security across our networks."
What do you think? Do you feel Sony is making things up to you in the right way or is it a case of too little, too late?
I really like Hirai, he seems to be the best person that can run Sony. Sony also fully apologized for their mistake:
And this too, Sony Considers Reimbursing Credit Card Replacement Costs in Light of Data Breach: + Show Spoiler +
In this morning's news conference, Sony Computer Entertainment head Kazuo Hirai said the company would consider covering costs associated with reissuing credit cards to PlayStation Network subscribers who feel their accounts have been compromised by the massive data breach of April 20. Hirai, noting that there have been no confirmed incidents in which fraud was committed with a credit card number stolen from the PSN breach, said the company has asked the FBI for a criminal investigation of the matter.
While there are 77 million accounts in the PlayStation Network, some are are held by the same household or person. Hirai said the owners of 10 million PSN accounts have been notified that their credit card information may have been compromised. However, the three-digit CVV number on the back of the card, required for purchases over the Internet, was definitely not compromised.
The replacement of a lost or stolen credit card is typically done for a customer for free, but to banks there is a cost of printing, processing and mailing the cards, plus a cost of lost business while the customer waits for a new one. Earlier in the week, news reports pegged the transactional costs of card replacement at between $3 and $5 per card. It's unclear who Sony would compensate, if it does, or if enough cardholders will ditch their cards to make it an issue that banks complain about to Sony.
Also in comments at this morning's news conference in Japan:
• Hirai apologized to Sony customers. "We would like to extend our apologies ... because potentially compromised their customer data," Hirai said, according to Gamasutra. "We offer our sincerest apologies."
• Hirai called out Anonymous by name. While he did not accuse the leaderless hacktivist collective of being behind this breach, Hirai noted past attacks for which Anonymous hackers did claim responsibility, including the publshing of personal information about Sony's top management, including information about their children.
• Hirai answered why Sony did not inform its users about the breach sooner. He said Sony shut down the network to prevent any further damage, then hired three companies to analyze the network. The size of the analysis and the gradual nature of the investigation, plus the time it took to wind down PSN to be ready for that examination, accounts for the delay, Hirai said.
• Hirai noted that. in light of the attack on Sony's San Diego data center, those operations are being moved to a new, undisclosed location. He also promised enhanced security to defend against any new attacks.
WOW ! You get one month of playstation plus for free as compensation!!
/sarcasm
This is such a joke. I am so glad i never bought or used my card on psn. I dont think i can ever trust sony's online store after this. They obviously don't take security seriously and should be buried for this.
On May 02 2011 03:53 T0fuuu wrote: WOW ! You get one month of playstation plus for free as compensation!!
/sarcasm
This is such a joke. I am so glad i never bought or used my card on psn. I dont think i can ever trust sony's online store after this. They obviously don't take security seriously and should be buried for this.
What the hell are you saying? The one month is simply a good gesture, if you actually read into the article you would see how they specifically discuss measure that they took to improve the online security system and whatnot. Sony screwed up bad, and they handled the situation the worse way possible. However, what they announced today is honestly the best they can come up with. What do you want them to do? Their system is hacked, they fucked up BIG time, and now they are despertly trying to handle the situation after they made it worse. They are looking into compensate you for your credit card changes, give you something of good gesture, and rebuild their trust with their consumer base by hugely focusing on their security system.
The damage is done, Sony cannot reverse the process. All they can do now is try their best to make the losses as small as possible ( They are already pretty damn bad).
debit cards are basically credit cards, but instead they are linked directly to your bank account instead of "imaginary money" that is your credit card limit.
On May 02 2011 05:41 CaffeineFree-_- wrote: Does it matter if we used a debit card?
dont think so. if your debit card can be used as a visa/mastercard, it means they can still use the pin/card number online to buy other shit. so it would be best to change ur pw.
I'm just wondering, does this effect all the credit cards I've used on PSN?
For example, I've used couple of my cards, debit card, AMEX, and mastercard on PSN. Right now, my AMEX is registered to my PSN account. So only my AMEX card should be compromised, right?
If at any moment in time you registered a card with them then yes, your credit card info is on their servers. However, there is no need to panic immediately and cancel your card, you just need to monitor your statement once a week to see if anything out of the ordinary is happening. If anything is indeed happening, you can just contact your credit card company within 60 days and the transaction will be cancelled and they will issue you a new card. The reason I am saying this is because as of yet, there is no evidence of credit card info actually being stolen and used, even Mastercard, VISA, and a couple of credit card companies 2 days ago stated that there has not been any PSN scandal related credit card fraud. Unless its fully proven then the info might be still safe.
On May 02 2011 03:53 T0fuuu wrote: WOW ! You get one month of playstation plus for free as compensation!!
/sarcasm
This is such a joke. I am so glad i never bought or used my card on psn. I dont think i can ever trust sony's online store after this. They obviously don't take security seriously and should be buried for this.
What the hell are you saying? The one month is simply a good gesture, if you actually read into the article you would see how they specifically discuss measure that they took to improve the online security system and whatnot. Sony screwed up bad, and they handled the situation the worse way possible. However, what they announced today is honestly the best they can come up with. What do you want them to do? Their system is hacked, they fucked up BIG time, and now they are despertly trying to handle the situation after they made it worse. They are looking into compensate you for your credit card changes, give you something of good gesture, and rebuild their trust with their consumer base by hugely focusing on their security system.
The damage is done, Sony cannot reverse the process. All they can do now is try their best to make the losses as small as possible ( They are already pretty damn bad).
You answered it. Its the most useless goodwill gesture ever next to the biggest security breach this year. Playstation plus is a joke of a service. Its just psn games that expire in a month and betas of new games. How is this supposed to rebuild trust with their customers? I already dont have much trust in a company after the removal of otheros, ps2 compatability, media card reader and playstation plus.
On May 02 2011 03:53 T0fuuu wrote: WOW ! You get one month of playstation plus for free as compensation!!
/sarcasm
This is such a joke. I am so glad i never bought or used my card on psn. I dont think i can ever trust sony's online store after this. They obviously don't take security seriously and should be buried for this.
What the hell are you saying? The one month is simply a good gesture, if you actually read into the article you would see how they specifically discuss measure that they took to improve the online security system and whatnot. Sony screwed up bad, and they handled the situation the worse way possible. However, what they announced today is honestly the best they can come up with. What do you want them to do? Their system is hacked, they fucked up BIG time, and now they are despertly trying to handle the situation after they made it worse. They are looking into compensate you for your credit card changes, give you something of good gesture, and rebuild their trust with their consumer base by hugely focusing on their security system.
The damage is done, Sony cannot reverse the process. All they can do now is try their best to make the losses as small as possible ( They are already pretty damn bad).
You answered it. Its the most useless goodwill gesture ever next to the biggest security breach this year. Playstation plus is a joke of a service. Its just psn games that expire in a month and betas of new games. How is this supposed to rebuild trust with their customers? I already dont have much trust in a company after the removal of otheros, ps2 compatability, media card reader and playstation plus.
I have to second this. Playstation plus is awful, who the fuck subscribes to that garbage? If they want to rebuild trust, start by giving me some free playstation points to buy whatever game I want instead of a service worth less than a quarter.
Playstation plus is honestly the sort of thing that would be free with most companies. Free crappy games and discounts on more crappy games. Oh, and some super exclusive wall paper.
My debit card has only $150 roughly so I'm not in deep shit of losing my life savings, but I'd rather not lose any money..still as kong as I monitor payments I don't have to cancel right away right? Also when u say change pw u mean my pin#? sry I'm not good at all with using cards :/
On May 02 2011 03:53 T0fuuu wrote: WOW ! You get one month of playstation plus for free as compensation!!
/sarcasm
This is such a joke. I am so glad i never bought or used my card on psn. I dont think i can ever trust sony's online store after this. They obviously don't take security seriously and should be buried for this.
What the hell are you saying? The one month is simply a good gesture, if you actually read into the article you would see how they specifically discuss measure that they took to improve the online security system and whatnot. Sony screwed up bad, and they handled the situation the worse way possible. However, what they announced today is honestly the best they can come up with. What do you want them to do? Their system is hacked, they fucked up BIG time, and now they are despertly trying to handle the situation after they made it worse. They are looking into compensate you for your credit card changes, give you something of good gesture, and rebuild their trust with their consumer base by hugely focusing on their security system.
The damage is done, Sony cannot reverse the process. All they can do now is try their best to make the losses as small as possible ( They are already pretty damn bad).
You answered it. Its the most useless goodwill gesture ever next to the biggest security breach this year. Playstation plus is a joke of a service. Its just psn games that expire in a month and betas of new games. How is this supposed to rebuild trust with their customers? I already dont have much trust in a company after the removal of otheros, ps2 compatability, media card reader and playstation plus.
I have to second this. Playstation plus is awful, who the fuck subscribes to that garbage? If they want to rebuild trust, start by giving me some free playstation points to buy whatever game I want instead of a service worth less than a quarter.
Playstation plus is honestly the sort of thing that would be free with most companies. Free crappy games and discounts on more crappy games. Oh, and some super exclusive wall paper.
You and me are not people who Playsation Plus is made for. Playstation Plus is a rewards program that benefits people who buy ALOT of shit on PSN. I totally agree that giving PSN Plus to everyone for 30months is not that good. However Sony did say that in addition to that selected games will be given out in addition to PSN Plus. I honestly dont care about this free shit, I care about the steps Sony are doing to improve their Security system. So far from what they did, it was a positive move however there needs to be more steps in that direction.
I dont fully trust Sony just yet, however I fully believe that Sony can come out of this better than before. This hit has been a lesson, and I think Sony learned the importance of their Security system the hard way.
On May 02 2011 06:01 kaisen wrote: I'm just wondering, does this effect all the credit cards I've used on PSN?
For example, I've used couple of my cards, debit card, AMEX, and mastercard on PSN. Right now, my AMEX is registered to my PSN account. So only my AMEX card should be compromised, right?
On May 02 2011 06:01 kaisen wrote: I'm just wondering, does this effect all the credit cards I've used on PSN?
For example, I've used couple of my cards, debit card, AMEX, and mastercard on PSN. Right now, my AMEX is registered to my PSN account. So only my AMEX card should be compromised, right?
Someone answer this question.
As I mentioned before, any credit card entered into the PSN is stored in Sony's database.
Each territory will be offering selected PlayStation entertainment content for free download. Specific details of this content will be announced in each region soon.
All existing PlayStation Network customers will be provided with 30 days free membership in the PlayStation Plus premium service. Current members of PlayStation Plus will receive 30 days free service.
so its free PS Plus AND a downloadable game or something of the like, not too bad I guess
the 1 month free playstation plus is kinda nice if you own a psp, just get a ps1 game and play it on your psp
took me 30 minutes to get someone on the phone to block my CC, apparently they're blocking CC's non stop because of this
I do hope Sony finds a way to recover, its a shame really, PSN was finally looking to catch up to XBL, and now, good luck winning back the customers trust after they go back online, I bet it'll take more then a free game and a month of PS+
On May 03 2011 08:46 Jibba wrote: Updated OP and renamed.
Don't think there's a link for this yet so here's one.
A further 25 million gamers have had their personal details stolen as a result of security breaches at Sony. ... In a message to its customers, Sony said: "We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company."
However, it added that "on 1 May we concluded that SOE account information may have been stolen".
A further 25 million gamers have had their personal details stolen as a result of security breaches at Sony. ... In a message to its customers, Sony said: "We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company."
However, it added that "on 1 May we concluded that SOE account information may have been stolen".
People are focusing on credit/debit card issue, but identity theft can be really scary too.
Last year my mom recieved constantly angry phone calls (and even some death threats) after someone had signed up on a auction site in her name and scammed people.
Some of the victims were understanding and called the police instead, but some "weren't that stupid" and was sure she was just conning them again. (And keep in mind these people have your phone number and adress)
Just put a block on my debit card and ordered a replacement. I should also be worrying about identity theft but I can't remember if I put in fake personal details into PSN and I'll have to wait until it's back up to see if that is the case.
This latest discovery makes no sense to me. Why would they even have a database of old payment information stored? Why would it take over two weeks to discover that they had been compromised when Sony claims to have Top Men on the case? And why were the hackers able to access these specific CC numbers but not the millions of current ones? Was this old db just lying around on the network, forgotten and unsecured? Makes no sense.
On May 02 2011 06:09 Oryinn wrote: Anyone know if this affects SOE purchases? Such as Planetside and their other MMO's?
This only affects PSN specifically. I am not sure if Planetside is on PSN, they may have their own servers and whatnot.
Since I still play planetside ill guess ill be on the safe side and keep checking CC transaction logs every now and then.
I updated the OP- yes, you should definitely be wary of any account and credit or debit cards you may have associated with Planetside or any other Sony Online Entertainment (SOE) game. Originally Sony claimed only PSN account related data was stolen, but they recently discovered that SOE account data was also compromised.
Isn't it just to falsely comfort yourself to say that this is all Sony's fault and that this can't happen elsewhere? Stuff like this can happen to every site that exists.
On May 10 2011 20:08 Arnstein wrote: Isn't it just to falsely comfort yourself to say that this is all Sony's fault and that this can't happen elsewhere? Stuff like this can happen to every site that exists.
The difference here is that the vast majority of sites that handle credit card information encrypt all of their information, not just some of it.
A massive company that handles millions of transactions should have equally massive security measures, and there's nothing pointing towards sony actually having good security measures.
On May 10 2011 20:08 Arnstein wrote: Isn't it just to falsely comfort yourself to say that this is all Sony's fault and that this can't happen elsewhere? Stuff like this can happen to every site that exists.
The difference here is that the vast majority of sites that handle credit card information encrypt all of their information, not just some of it.
A massive company that handles millions of transactions should have equally massive security measures, and there's nothing pointing towards sony actually having good security measures.
All my friends that work with internet security says that Sony doesn't have any worse encryption than what's normal.
On May 10 2011 20:08 Arnstein wrote: Isn't it just to falsely comfort yourself to say that this is all Sony's fault and that this can't happen elsewhere? Stuff like this can happen to every site that exists.
The difference here is that the vast majority of sites that handle credit card information encrypt all of their information, not just some of it.
A massive company that handles millions of transactions should have equally massive security measures, and there's nothing pointing towards sony actually having good security measures.
All my friends that work with internet security says that Sony doesn't have any worse encryption than what's normal.
How would your friends who work with "internet security" even know this? That sort of thing isn't made public (except in the case where you are annihilated by hackers and information gets out).
On May 12 2011 01:39 Arnstein wrote: Show nested quote +
All my friends that work with internet security says that Sony doesn't have any worse encryption than what's normal.
How would your friends who work with "internet security" even know this? That sort of thing isn't made public (except in the case where you are annihilated by hackers and information gets out).
What is the actual source that everything was/wasn't encrypted? There's lots of rumours but nothing really tangible, so far as I can see they just had a security breach.
i think people just started thinking that the info wasn't encrypted simply because Sony was able to get hacked and leaked all the info, when really most people really have no idea of what hackers could do to any other company who has ''standard'' security, which would be equivalent to Sony's like Arnstein mentioned.
Most good solo or organized hackers could probably steal whatever they want or get into any server they want, but most of the time its just not worth it, like the millions CC # that got stolen from Sony, there was people saying that the list was selling for what 100 000$ ? that's really not a whole lot of money considering the risk (and considering if you have to split it 10 way or whatever).
Unless you get to steal national/security or spy business plans and stuff like that and basically turn into a traitor/terrorist and sell it to other country/company for millions there's probably not much to be gained in hacking other then publicity and wanting to pass a message.
On May 12 2011 01:43 DamnTasty wrote: What is the actual source that everything was/wasn't encrypted? There's lots of rumours but nothing really tangible, so far as I can see they just had a security breach.
Did you read the OP? Sony made a post on their own blog about how non-credit card personal data was not encrypted.
Our goal here is not to come across as master hackers, hence what we're about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks? What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it.
God damnit Sony.
I'm so glad I don't own their systems, I really feel sorry for you owners.
Our goal here is not to come across as master hackers, hence what we're about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks? What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it.
God damnit Sony.
I'm so glad I don't own their systems, I really feel sorry for you owners.
Wow, I also read that this morning on some news sites. SQL-injections is like one of the standard things to protect against when you build databases, its programming 101. Furthermore storing passwords etc as plain text is just beyond stupid. It seems Sony really doesn't care about it's customers. Enough reasons for me never to buy any of their products ever again.
Besides that LulzSec supposedly also stole a huge amount of music codes / coupons.
EPT
![[image loading]](http://i.imgur.com/8VOCZ.jpg)
![[image loading]](http://cache.gawker.com/assets/images/comment/9/2011/05/1a314ed6adaf6dc1f3d905f23c5498a7/340x.jpg)
