Sony's PSN Attacked Again! 93,000 Accounts Compromised!

[LunarEdge]

I know there is discussion about this in the GEOHOT topic, but I feel as though this issue has gotten to the point that it warrants it's own topic. According to this article, the PSN service will be shut down "indefinitely." Here is the article...

Internet gamers were frustrated last week when Sony shut down its PlayStation Network. Now, they might have reason to be worried.

On Monday, the Japanese electronics giant said it is keeping its PlayStation Network videogame service offline indefinitely following a hacking attack it now says may have compromised user’s information.

To ensure the network’s integrity, Sony said it is currently rebuilding the service, which connects more than 75 million PlayStation customers over the Internet, letting them play videogames and chat together. “This is a time intensive process and we’re working to get them back online quickly,” Sony spokesman Patrick Seybold said in a blog post.

Sony is still investigating the “external intrusion” that forced the electronics giant to shut down its network last Wednesday. In an email, the company also said it is also trying to figure out if any personal information, such as credit card numbers, may have been compromised in the attack.

Last week’s outage came at a particularly bad time for the videogame giant. Many of its teenage customers were hoping to virtually punch, kick and choke each other in new videogames, including Warner Bros. Entertainment’s Mortal Kombat, over the three-day Eastern weekend.

Instead, many of them griped on Facebook, Twitter and even the Digits Blog. Many of the upset gamers said they wanted more transparency from Sony as the process of rebuilding its service continues. Others threatened to switch sides, as it were, and join Microsoft’s Xbox Live service, which largely offers the same features as the PlayStation Network.

Not all gamers were distraught and some said the furor was over the top. “You would have thought the world had just ended,” Matt, a commenter on the Digits blog, wrote.

Linky

Why do we as the legit gamers have to suffer, I'll never know, but I hope it comes back soon, but than again, if all this work done to the PSN means they won't get hacked again anytime soon, than I guess I can wait, I can always do, you know... something else.

Some stores such as "Game Station" are even making deals to trade in PS3's to get 360's for little to nothing.

Edited October 12, 2011 by LunarEdge

[Yong]

That's actually a pretty good deal. Though it's capitilizing on a terrible note, still it's a rather nice trade in deal.

[eXtaticus]

This is nothing but proof, if proof was ever needed, that the PSN service - in comparison to subscription services such as Xbox Live - is nothing more than the online gaming equivalent of a charity soup kitchen; a nice fairly nice asset while it lasts, though forever unpredictable and totally unreliable in the face of any kind of real, heavy use. Of course, PS3 owners should be fairly used to Sony stripping out the features of a console that they've already paid far too much money for - after all, they managed to remove OtherOS without too much fuss being made over it.

Oh, wait...

It's fairly needless to say that Sony is going to haemorrhage sales because of this - oh well; roll on third-party servers and non-unified services, right?

[JezMM]

Is this just the multiplayer service or is everything internet related down? I mean I know it'll get back eventually, the only way this really affects me is I still haven't got round to downloading the exclusive PS3 BioShock 1 DLC.

Sucks for avid PS3ers though.

[Carbo]

http://www.reddit.com/r/gaming/comments/gx6o4/im_a_moderator_over_at_psxscenecom_the_real/

I'm a moderator over at PSX-Scene.com - The real reason PSN is down.

Ok, I've seen a bunch of speculation of why people think PSN is down, and I thought I should just post what the community knows in comparison to what Sony is telling everyone. The truth is, there was a new CFW (custom firmware) released known as Rebug (http://rebug.me). It essentially turns a retail console into a dev console (not fully, but gives you a lot of the same options that usually dev's only have access to). Anyway, this new CFW was quickly figured out by 3rd parties (not Rebug) to give CFW users access to the PSN network again via the dev networks. With a little manipulation of the URL's through a proxy server you could get your hacked console back online. Not that big of a deal, right? Well, it also turns out that some people over at NGU found out that you could provide fake CC# info and the authenticity of the information was never checked as you were on Sony's private developer PSN network (essentially a network that Sony trusted). What happened next was extreme piracy of PSN content. Sony realizing the issue here shut down the network. Now, before you go freaking out about the latest information posted about Kotaku, no ones personal information was accessible via this hack. Not to say they couldn't get it, but no one is admitting to it being available. Anyway, that's the real reason for the PSN downtime. Sony is now rebuilding all of it's PSN servers to be more secure and (hopefully) make sure the CFW users cannot get online anymore.

Edit #1: To those of you saying that this is speculation, you are correct. But, it is speculation based on a lot of facts and the outcome seems to make the most sense.

1. Rebug was released on 3/31/11.

2. First guides of how to use the dev network to get back on COD games on 4/3/11.

3. Word of "shady" sites finding a way to pirate PSN content via the dev networks on 4/7/11 (basing this on posts I had to delete on the website).

4. PSN goes down on 4/20/11

Now, you can believe Sony's PR team which has kept you completely in the dark, or you can see the list of events above and come to your own conclusion. Now, this isn't the first time Sony has fought back against the PS3 modders from getting on PSN. A couple of months ago we had a utility called f*ckPSN that changed the necessary header information that was being sent to Sony to allow modified consoles back online. We were able to use it for about a month. Then came the new TOS, the mass e-mail to PS3 customers, and software update 3.56 and 3.60. So, once again, yes this is all speculation, but it is speculation based on previous actions and known facts.

Edit #2: Mathieulh just mentioned that he has been in contact with someone that has official access to the SCE devnet servers and it was posted to them today that only 3.60+ debug firmwares will be allowed on the dev network anymore. All earlier versions will be cut. If you want to retain your access you need to contact Sony and upgrade to 3.60 debug firmware.

Edit #3: Ok, it looks like some various news sites have picked up this story and taken it out of context. Once again, this is all speculation and information gathered from various devs in the PS3 scene. It might very well not be the real reason PSN is down, but as the timeline fits, it's a reasonable explanation. Now, as to Rebug directly allowing this to happen, that's not the case at all. Different CFW's have had access to the dev network the whole time. This is not new news for people in the PS3 scene. It's what people have figured out what to do with the said network that has caused all the recent issues. Saying that Rebug is what did this is like saying a gun manufacturer is responsible for every death that happens with a gun.

Edited April 26, 2011 by Carbo

[Glenn]

Well, won't be using my new console to restart Sonic Unleashed, then, if the 44Mb software patch is unavailable. That's all I want it for.

I find it pretty disgusting that stores are trying to encourage people over to the Xbox360 because of a hacking attack, though. Not only do Microsoft charge insane amounts of money for their online service (in contrast with Sony, who provide the PlayStation Network for free) but most people don't just own the console itself. What about all the videogames themselves? Since an Xbox360 can't play Blu-Ray discs, the premier format, then that exchange offered by GameStation is a total cheat (not to mention a 320Gb HDD for a 250GB HDD also being unfair).

Prior to this outrage, I hated hackers for breaking the law anyway. Now I absolutely loathe them. So many people trying to enjoy so many videogames have been harmed, not to mention Sony themselves (who were only trying to protect their property from criminal damage in the first place). What makes it worse is that the hackers are trying to come across as "heroic" and "fighting for consumers". Disgusting behaviour.

[Carbo]

Prior to this outrage, I hated hackers for breaking the law anyway. Now I absolutely loathe them. So many people trying to enjoy so many videogames have been harmed, not to mention Sony themselves (who were only trying to protect their property from criminal damage in the first place). What makes it worse is that the hackers are trying to come across as "heroic" and "fighting for consumers". Disgusting behaviour.

I think you're mixing up actual hackers with Anonymous here. The people sabotaging never once claimed they were "fighting for consumer rights", and while Anon was, the only thing they did was DDoS some servers with LOIC which lasted only for a number of hours, but they ceased that once they found out that it was actually affecting players, which was never their intended purpose.

[Badnik Mechanic]

I find it pretty disgusting that stores are trying to encourage people over to the Xbox360 because of a hacking attack, though. Not only do Microsoft charge insane amounts of money for their online service (in contrast with Sony, who provide the PlayStation Network for free) but most people don't just own the console itself. What about all the videogames themselves? Since an Xbox360 can't play Blu-Ray discs, the premier format, then that exchange offered by GameStation is a total cheat (not to mention a 320Gb HDD for a 250GB HDD also being unfair)

They're doing it because they know as well as I do that the moment the PSN is back they're going to make a fortune selling second hand PS3's? It's still one of the best and cheapest blu ray players on the Market for one thing.

The PSN isn't down forever for goodness sake, you would have to be either a complete blithering idiot or a complete anti fanboy to even comprehend that, do people forget when microsofts online service kept shutting down during Christmas 07? That lasted nearly a week, score one for paid service eh? Yet when the free service goes down, oh hail Mary must trade on consoles! Maybe they should have charged subs? That way idiots who are tempted by these offers wouldn't trade in once they discovered they would lose money?

Anyway the news article that the OP linked to. Is it not possible to link to a less sensationalist one? Let's not forget here, regardless as to what epic title the guy has who makes the PS blog entries, he is not working on the team that has the job of trying to fix the problem, in fact I doubt the team tasked with fixing the problem even bother to give regular updates since I doubt they normally do pr related stuff like that. So when that article says Oh it's down indefinately, that's not what the ps blog guy is saying at all.

I don't know how many people work in some kind of chain or franchise industry, but have you ever tried to contact either head office or if you work in head office get in contact with a retail/HDP/service/outlet etc base just to get an answer for a simple question like "did mark work on Sunday?" sometimes your're lucky if you get an answer in a week! And regardless as to how big or small the issue it's just the same. Only with the PSN, they need to gervin touch with teams on different sides of the world, does anyone else have any idea how hard that is to do? So I'm really not suprised that the PS Blog isn't the most informative thing lately, or for an example closer to home, look how many checks AAUK had to go through before he could do a blog entry on something. I wish it wasn't like that and we did have fully upto date info, but we don't, and I'm not suprised, because that's what happens when you try to get all the facts for a blog article. It's a complete bastard trying to get all the facts quickly.

[Blacklightning]

do people forget when microsofts online service kept shutting down during Christmas 07? That lasted nearly a week, score one for paid service eh? Yet when the free service goes down, oh hail Mary must trade on consoles! Maybe they should have charged subs? That way idiots who are tempted by these offers wouldn't trade in once they discovered they would lose money?

Halo 3 was released around that time, fyi, and the game was literally so popular online at the time that it singlehandedly caused Live outages by way of sheer number of people playing at the same time if I remember correctly. When you compare that to Sony taking down PSN of their own will until further notice, citing hackers as the problem with the possibility of information theft (a possibility, by the way, that is reinforced by several neoGAFers reportedly suffering fraudulent transactions from accounts linked to their PSN already), the comparison kinda starts to fall apart and it's pretty clear to see why people would make a bigger deal over one rather than the other.

Just putting that out there.

Edited April 26, 2011 by Blacklightning

[Glenn]

I think you're mixing up actual hackers with Anonymous here. The people sabotaging never once claimed they were "fighting for consumer rights", and while Anon was, the only thing they did was DDoS some servers with LOIC which lasted only for a number of hours, but they ceased that once they found out that it was actually affecting players, which was never their intended purpose.

With great respect, potato/potato (damn, that saying doesn't work at all in writing).

[Patticus]

An update from James Gallagher from the EU blog.

Posted on 25 April by James Gallagher – Blog Manager, SCEE

PSN UpdateCountries: AE, AU, GB, IE, NZ

I know you are waiting for additional information on when PlayStation Network and Qriocity services will be online. Unfortunately, I don’t have an update or timeframe to share at this point in time. As we previously noted, this is a time intensive process and we’re working to get them back online quickly. Will keep you updated with information as it becomes available. We once again thank you for your patience

So it's an update about an update with no new info in the update.

Epic scenes here, ladies and gentlehogs. Epic scenes.

[Dobkeratops]

Oh hey, another perfectly legal, fine experience enhancement to every PS3 owner made possible by the trusty and reliable "homebrew community". The hacking of the system has surely improved our day to day enjoyment of the device! Where can I donate to these fine gentlemen?

in comparison to subscription services such as Xbox Live - is nothing more than the online gaming equivalent of a charity soup kitchen;

I'm sorry guys, I cannot find a lol emoticon big enough for this one.

[Gamerguy21]

Big Update

Thank you for your patience while we work to resolve the current outage of PlayStation Network & Qriocity services. We are currently working to send a similar message to the one below via email to all of our registered account holders regarding a compromise of personal information as a result of an illegal intrusion on our systems. These malicious actions have also had an impact on your ability to enjoy the services provided by PlayStation Network and Qriocity including online gaming and online access to music, movies, sports and TV shows. We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week.

We’re working day and night to ensure it is done as quickly as possible. We appreciate your patience and feedback.

Valued PlayStation Network/Qriocity Customer:

We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:

1. Temporarily turned off PlayStation Network and Qriocity services;

2. Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and

3. Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it:

U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228.

We have also provided names and contact information for the three major U.S. credit bureaus below. At no charge, U.S. residents can have these credit bureaus place a “fraud alert” on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below.

Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013

Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241

TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790

You may wish to visit the web site of the U.S. Federal Trade Commission at www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania Avenue, NW, Washington, DC 20580 for further information about how to protect yourself from identity theft. Your state Attorney General may also have advice on preventing identity theft, and you should report instances of known or suspected identity theft to law enforcement, your State Attorney General, and the FTC. For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone (877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202; telephone: (888) 743-0023; or www.oag.state.md.us.

We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at 1-800-345-7669 should you have any additional questions.

Sincerely,

Sony Computer Entertainment and Sony Network Entertainment

Source

...Well, that sure sounds bad. Basically, the PSN will probably be down for another week or less (not too long), but it seems that a ton of personal info has indeed been compromised/ However, Sony is still not completely sure if credit card info has been taken or not. They still encourage you to keep an eye on your card, though.

So yeah, remember to change your password as soon as PSN goes back up.

Edited April 26, 2011 by Gamerguy21

[Dobkeratops]

MAN THIS HOMEBREW THING SURE IS GREAT

I'm paranoid enough to use disposable debit cards for all my online purchases, but still sucks :\

[Tracker_TD]

Oh snap. If Credit Card info is lost, Sony'll get sued big time. They should have done more to protect our details... seriously regretting putting all my details on PSN now...

[Detective Shadzter]

Here's the EU version:

Thank you for your patience while we work to resolve the current outage of PlayStation Network & Qriocity services. We don’t have an exact date to share at this moment as to when we will have the services turned on, but are working day and night to ensure it is as quickly as possible. We are currently working to send the following message via email to all of our registered account holders regarding a compromise of personal information as a result of this malicious attack on our servers, so please look for this information via email as well. Please note that we are as upset as you are regarding this attack and are going to proceed aggressively to track down those that are responsible.

Follow us on Twitter @PlayStationEU for live updates and read the FAQ at eu.playstation.com/psnoutage for further information.

Thank you for your patience.

http://blog.eu.playstation.com/2011/04/26/psnqriocity-service-update/

[Badnik Mechanic]

Has anyone had one of these emails that they're supposed to be sending out? Not had one myself and neither has any of my other PSN accounts.

It would be nice to know if the data we originally entered is stored on the system or if it gets wiped once we change it. Like I said in the other topic, once this whole "Hey lets bugger up everyones fun!" game started back at the start of the month I changed most of my details to utter bollocks. Card Details havn't been on there for years.

I might be wrong, but potentially Sony could get one hell of a fine in the UK over this, Data Protection act issues a standard £5000 fine on EVERY violation. So say they took my details, thats 1 violation... say they took dobkeratops' thats 2... £10,000 fine, then cycle on and on and on.

[LATER BUDDY]

Suddenly those dumb point-based currency systems that Microsoft and Nintendo use don't seem as dumb anymore, XD.

And just checked, I haven't received an email about the matter from them either. What is it supposed to be about? A general apology or something?

[Dobkeratops]

Suddenly those dumb point-based currency systems that Microsoft and Nintendo use don't seem as dumb anymore, XD.

Uuuh... you still have to enter a credit card number to buy those points online, you know.

[Detective Shadzter]

Suddenly those dumb point-based currency systems that Microsoft and Nintendo use don't seem as dumb anymore, XD.

And just checked, I haven't received an email about the matter from them either. What is it supposed to be about? A general apology or something?

As Dobkeratops said, you can still buy those points with your credit/debit card on the Xbox Live Marketplace, Wii Shop Channel and DSi Shop. Are you referring to those points cards you can get in the shops? You can get PSN cards in the shops, too.

[Badnik Mechanic]

GOOD NEWS! Sorta...

I've just had a look on the official forums. There is some slight good news.

According to RabidWalker who is a moderator over at the official EU/UK Playstation forums (the ones Sony runs). He said the following via twitter.

RabidWalker: hi badass, if the card details have been removed they won't be retained on there

So if you've had your details on there previous and removed them, chances are thats one less thing to worry about. I guess this would also apply to personal detail.

But emails will definately be an issue since it's part of your login info.

If not done so already, if your PSN password and email password are the same (why though...) change your email password now. You can't change your PSN password until the service comes back online.

But when it does I would advise you change everything including your password recovery question/answers.

[Velotix von Skruviktorrius]

Whoever did this, they really don't like Sony - they went straight for the company's jugular: customer confidence.

They're going to be reeling from this one for years.

[Shaddix Leto Croft]

Whoever did this, they really don't like Sony - they went straight for the company's jugular: customer confidence.

They're going to be reeling from this one for years.

Ya think, I've totally been put of ANYTHING PSN/Playstation related now even though I use the PSP version this has put my confidence at an all time low atm =/

[Badnik Mechanic]

Ya think, I've totally been put of ANYTHING PSN/Playstation related now even though I use the PSP version this has put my confidence at an all time low atm =/

Just use PSN cards, I've been using them since they came out in the UK and like I said, my details have been complete and utter bollocks, I can still use them just fine.

Also lets be honest here, the people who did this are criminals, no two ways about it.

Oh yeah and another thing. Xbox Live/Wii owners.

Change your details too.

What you think this won't happen again? This will happen again, it might be Sony, it might not be, but it will happen again. with the direction consoles are going in, this was always going to happen at some point. Frankly with all the stories about ****** Xlive/Sony/Wii admin account getting stolen, I'm amazed it took as long as it did before a major cluster fuck of biblical proportions happened.

For ANY online service, if you can play your games, go online without your real name/addres/card details being online, there is NO reason at all for them to be on there. This applies to Sony, Microsoft, Nintendo, OnLive, hell lets go down to the graveyard, dig up the Dreamcast and change those details too!

There is no reason for you to leave them there.

Wasn't it only last month that play.com told people that those who ordered between two said dates had all their details taken?

This will happen again. *fades into darkness like a black phantom*

Also this video quite accurately sums up todays events... Contains a huge Portal 2 spoiler.

Edited April 26, 2011 by Hogfather

[Scar]

This whole debacle is massively illegal though.

If the person/group who did this get found out, they are fucked royally. First of all, they attempted to ruin consumer faith in Sony, and they are not going to be happy about it.

Most people over here aren't too fussed about this, because it may be possible to trade in your PS3, but its impossible to trade in save-data and countless hours of gameplay time.

Not to mention the following of LBP and Uncharted is pretty huge.