Sony's PSN Attacked Again! 93,000 Accounts Compromised!

[nuckles87]

Just use PSN cards, I've been using them since they came out in the UK and like I said, my details have been complete and utter bollocks, I can still use them just fine.

Also lets be honest here, the people who did this are criminals, no two ways about it.

Oh yeah and another thing. Xbox Live/Wii owners.

Change your details too.

What you think this won't happen again? This will happen again, it might be Sony, it might not be, but it will happen again. with the direction consoles are going in, this was always going to happen at some point. Frankly with all the stories about ****** Xlive/Sony/Wii admin account getting stolen, I'm amazed it took as long as it did before a major cluster fuck of biblical proportions happened.

For ANY online service, if you can play your games, go online without your real name/addres/card details being online, there is NO reason at all for them to be on there. This applies to Sony, Microsoft, Nintendo, OnLive, hell lets go down to the graveyard, dig up the Dreamcast and change those details too!

There is no reason for you to leave them there.

Wasn't it only last month that play.com told people that those who ordered between two said dates had all their details taken?

This will happen again. *fades into darkness like a black phantom*

Also this video quite accurately sums up todays events... Contains a huge Portal 2 spoiler.

Wii and DSi don't save credit cards, and they don't have accounts. An advantage of being behind the times I guess.

[Conando]

Ok, so seriously...How the fuck are we supposed to change and protect our password if the identity thieves know our security questions? Well, fuck me. Definitely not using a debit card again, I'm going to have to buy those stupid PSN cards. They better actually fucking sell them around here now, they haven't for a long time.

[Scar]

Ok, so seriously...How the fuck are we supposed to change and protect our password if the identity thieves know our security questions? Well, fuck me. Definitely not using a debit card again, I'm going to have to buy those stupid PSN cards. They better actually fucking sell them around here now, they haven't for a long time.

They probably will allow you to change your security password. I mean they HAVE to.

[Velotix von Skruviktorrius]

Reading all this, I feel like far from dodging a bullet by not owning a PS3, I've dodged a fucking firing squad.

Transmitting sensitive information across the internet unencrypted is grounds for a massive lawsuit alone, and I'm amazed it's taken four years for anyone to spot this. That makes using PSN for anything extremely dangerous, and suddenly I'm so glad I've never touched it once.

Good luck folks, but sadly this is the final straw for me, and now any chance of me ever buying a PS3, which was already unlikely, has dropped to 0. This lack of security, past or present, is inexcusable in the modern era for any reason.

[Scar]

Reading all this, I feel like far from dodging a bullet by not owning a PS3, I've dodged a fucking firing squad.

Transmitting sensitive information across the internet unencrypted is grounds for a massive lawsuit alone, and I'm amazed it's taken four years for anyone to spot this. That makes using PSN for anything extremely dangerous, and suddenly I'm so glad I've never touched it once.

Good luck folks, but sadly this is the final straw for me, and now any chance of me ever buying a PS3, which was already unlikely, has dropped to 0. This lack of security, past or present, is inexcusable in the modern era for any reason.

[Gamerguy21]

Speaking of the emails: am I the only one here who still hasn't gotten one? It's been nearly 24 hours (or over 24 hours; I don't remember exactly when that update was posted) since the blog update and knowing that some users STILL haven't been personally notified by Sony about this whole mess (assuming I'm not the only one not getting the email for some reason) is just sickening. Jeez Sony, could your PR possibly get any worse?

[Velotix von Skruviktorrius]

Let me make this clear because everyone seems so prone to forcing opinions into stereotyped camps: my opinion has nothing to do with bullshit console wars, and never has.

I severely doubt that they are just going to leave it as it is after all of this.

[Badnik Mechanic]

I severely doubt that they are just going to leave it as it is after all of this.

Edited April 27, 2011 by Hogfather

[Velotix von Skruviktorrius]

*sigh*

I'm not going to trust a company that literally doesn't care about their customer's personal security until international governments get involved. Why is that so hard for you to understand?

[Badnik Mechanic]

*sigh*

I'm not going to trust a company that literally doesn't care about their customer's personal security until international governments get involved. Why is that so hard for you to understand?

[Detective Shadzter]

Reading all this, I feel like far from dodging a bullet by not owning a PS3, I've dodged a fucking firing squad.

Transmitting sensitive information across the internet unencrypted is grounds for a massive lawsuit alone, and I'm amazed it's taken four years for anyone to spot this. That makes using PSN for anything extremely dangerous, and suddenly I'm so glad I've never touched it once.

Good luck folks, but sadly this is the final straw for me, and now any chance of me ever buying a PS3, which was already unlikely, has dropped to 0. This lack of security, past or present, is inexcusable in the modern era for any reason.

[PaddyFancy]

Speaking of the emails: am I the only one here who still hasn't gotten one? It's been nearly 24 hours (or over 24 hours; I don't remember exactly when that update was posted) since the blog update and knowing that some users STILL haven't been personally notified by Sony about this whole mess (assuming I'm not the only one not getting the email for some reason) is just sickening. Jeez Sony, could your PR possibly get any worse?

Edited April 27, 2011 by Major Ziggy

[Tracker_TD]

I got my email today. Just a copy-paste of the blog, whatever. Still, this royally sucks. Today I went about changing passwords and stuff. I shall not be hacked. I SWEAR IT. Still, this royally sucks. My CC info (well, my dads) is on there. Sony better do something right.

[Conando]

I should mention to people that are nervous of using their debit cards again. Bolt7 from Retro linked me this:

https://www.gamepointsnow.com/

I also looked up some things on Amazon and it appears that they e-mail 20 dollar card codes instantly, so it shouldn't be that hard to get our hands on such things.

[Velotix von Skruviktorrius]

[this post actually exists, I'm in disbelief]

I know you're not retarded Hoggy, so how the fuck you're using this excuse for logic I have no clue.

Having the "wisdom" to not enter legitimate details and get away with it is not any excuse for a company having poor security - it doesn't even follow logically, look at it! just look!: "I can enter false details to use PSN therefore Sony cares about me and the security of my personal details as a customer"; best non-sequitur I've ever read - and you're very lucky they don't seem to care about your false details which congratulations, proves my point exactly - if they were actually paying attention to their customers they would never let false details fly. That's a bookkeeping nightmare and a half when you find you need to contact a Mr. I.P. Freely about their suspicious activity on your network only you can't get hold of them because all the details on their customer profile are falsified. Great job Mr. Freely, you've flatly denied yourself direct customer service and have also probably just earned yourself a quick ban because for all intents and purposes your account is too suspicious to leave active.

That's just one example of what a bad idea it is to use false details on any non-trivial service, and I'm sure for almost all PS3/P users the PSN is far from trivial. Consequently you should be able to enter legitimate details with confidence. You're right though, with security like this fiasco, you'd have to use false details to protect yourself. The point is that this should never be the most reasonable course of action for any service the customer and the provider both give two shits about. Any self-respecting company offering payment by credit/debit-card should take the necessary steps to prevent identity fraud or not offer this payment option at all.

Finally, even if you personally don't care about the company, which is the impression I'm getting behind all this, they should care about you as a customer regardless.

Do you have or have ever had a PSP?

Great point, and lucky me, I haven't touched one of those either.

At least it does look like this system restructure Sony are implementing will include full data encryption, because if it doesn't they're going to have international watchdogs right up their arse over this for years.

[Scar]

This isn't just a rude awakening for Sony. This will hit all online businesses, because they are ALL susceptible to attack at any time.

Every online service will be ramping up security everywhere.

Of course this will hit Sony the hardest, because they seem to be the pin-head of everything.

@Velotix

This whole case doesn't mean Sony doesn't care about its customers. Up until last year, the PSN remained virtually untouched, so Sony obviously did something right in that area to protect its customers. I mean they threw a massive bitchfit over homebrew and jailbreak (evidently with good reason, because it is what resulted in this happening) and sued the person responsible for the jailbreak.

I don't know much about encryption, but I understand it was stupid of them not to have any, but they are dealing with it now.

I certainly hope that over the coming years leading into Generation 9, Sony not only research more powerful processors, but also more effective encryption. It seems that this whole hacking thing is a cat and mouse game. A barrier is set, and hackers must break it to show off their e-peens.

Edited April 27, 2011 by Scar

[Velotix von Skruviktorrius]

This isn't just a rude awakening for Sony.

This will hit all online businesses, because they are ALL susceptible to attack at any time.

Every online service will be ramping up security everywhere.

Of course this will hit Sony the hardest, because they seem to be the pin-head of everything.

Thing is, if their system was already properly secure to begin with (such as apparently Amazon is, good thing I do most of my online shopping with them huh?) there isn't much that you can do with the encrypted data in the time it takes to decrypt it, thus there isn't much more that these companies could do to improve security and customer confidence.

This will, hopefully, kick everyone else up the arse enough to implement proper security systems, yes, so something good might well come out of this.

[Dobkeratops]

You should just look into getting a virtual card for online purchases. I have one, works like a mobile phone in the sense that you recharge it at the bank whenever you need to spend the money and that's it.

When Shopto got hacked I had it stolen and some nigerian prince or whatever tried to use it, the bank called, canceled the card and issued me a new one in less than 5 minutes. They also were kind enough to transfer the funds I still had there, all 45 cents of it.

Also lols @ Velotix's cancellation of his likely inexistent intent of getting the system. C'mon son, spare us the moral card ;P

[Velotix von Skruviktorrius]

Also lols @ Velotix's cancellation of his likely inexistent intent of getting the system. C'mon son, spare us the moral card ;P

Actually, there have been games that are PS3 exclusive that I thought "ooh, I like the look of this, maybe I'll bite the bullet and get a PS3 after all". Usually a few days afterwards, Sony does something incredibly stupid to remind myself why I still haven't bought a PS3, and balance is restored to the universe.

[Scar]

Actually, there have been games that are PS3 exclusive that I thought "ooh, I like the look of this, maybe I'll bite the bullet and get a PS3 after all". Usually a few days afterwards, Sony does something incredibly stupid to remind myself why I still haven't bought a PS3, and balance is restored to the universe.

The only stupid thing I recall them doing was......well......this...

[Carbo]

The Rothken law firm has filed a federal class action lawsuit against SCEA on behalf of the 77 million PSN customers it says were harmed by "one of the largest data breaches in the history of the internet."

The complaint [PDF], filed in California district court on behalf of one Kristopher Johns and other PSN members, accuses Sony of "failure to maintain adequate computer data security of consumer personal data and financial data," with tools such as firewalls and encryption.

This security failure puts the company in violation of the Payment Card Industry Data Security Standard meant to protect credit card data, as well as legal security requirements for protection of customer records, the suit alleges.

The 22-page suit also accuses Sony of failing to warn customers of the possibility that such a breach was possible, and of "false advertising and unfair business practices" surrounding previous statements about account security.

The firm is seeking compensation for the "extra time, effort, and costs" customers spent for credit monitoring and card replacement in the wake of yesterday's revelation that their data might be compromised, as well as compensation for the inability to access PSN and Qriocity services since last week.

"Sony’s breach of its customers’ trust is staggering," said Rothken co-counsel J.R. Parker, in a statement. "Sony promised its customers that their information would be kept private. One would think that a large multinational corporation like Sony has strong protective measures in place to prevent the unauthorized disclosure of personal information, including credit card information. Apparently, Sony doesn't."

Affected parties can sign on to the case or provide information regarding the investigation by contacting the law firm through a web form or by phone.

Apparently as a worst case scenario Sony could possibly be indebted 24 billion dollars.

Holy shit.

Edited April 27, 2011 by Carbo

[Tornado]

Nothing will ever come of that. There isn't a judge on the planet that won't see that lawsuit for what it is.

That isn't to say that Sony won't get sued. They almost certainly will, and they will probably lose. But I imagine a lawsuit will be brought up by people who were actually affected by this. Not by an amublance chaser law firm with 9-digit $ signs in its eyes.

[Conando]

That's a lot of fucking money to lose. So is this just going to be given to whoever the goof that started this is, or will every member of the PSN be entitled to some sort of compensation? Yeah, I'm terrible for thinking "Well, at least I might make off with something", but Sony is making it hard to care about them right now.

[Badnik Mechanic]

I know you're not retarded Hoggy, so how the fuck you're using this excuse for logic I have no clue.

How exactly did you want people to reply to that? I thought it was appropriate given it was a reply to a claim that they didn't care at all about their customers personal security.

"I can enter false details to use PSN therefore Sony cares about me and the security of my personal details as a customer"; best non-sequitur I've ever read - and you're very lucky they don't seem to care about your false details which congratulations, proves my point exactly -

No it doesn't prove your point, it proves your naieve along with everyone else who thinks that this will only ever happen to Sony. In case you've not realised it, this kind of thing is going to happen again and again in the future, frankly I'm amazed it's not happened sooner, as I said earlier, how many news stories have their been about X admin of Y company having their account hacked. One day it'll happen to Microsoft and Nintendo, if it'll be as big as this one remains to be seen, but it will happen. How many people when signing upto websites or certain services don't give their real details unless it's absolutely nessesary, ask yourself why you do that, then ask 'well why should I treat my console any differently?'

After yesterdays revelation, I wonder how many non PS3 owners that go online and bought stuff either from the Wii Market Place or XBL havn't even bothered to check what they put on their online profiles and what information they've got floating around that they might not like falling into the wrong hands. Doesn't even have to be an external thing, it can be internal too.

I see people quoting Amazon a lot here and how we should all look to that as an example...

Well pardon me for pointing this out, was it not last month, and I know Shadzter got one as I did, that play.com told it's customers that it's details got compromised due to the company who it passes on the details to in order for your shipment to be sent out. This is the same thing that Amazon does! They have to pass on personal details to mailing companies in order for your stuff to get to you.

Doesn't matter what the company is, or what the company does, how 'secure' their service is, the fact is sooner or later everybody is going to experience something like this, unless they decide that they're never going to use any form of online transaction.

This entire attitude of 'oh well this company is better because their site is secure, look they do this!' is not a good attitude to take at all, because they're all in some way vulnreable.

How many people here have actually looked at their accounts/profiles for their other consoles if you use the online services and checked to see what you do or don't need on there?

The Rothken law firm has filed a federal class action lawsuit against SCEA on behalf of the 77 million PSN customers it says were harmed by "one of the largest data breaches in the history of the internet.

Oh goody more people who I don't know or have ever met filing lawsuits and actions on my behalf... why do I have this thing called a mind when theres all these other people out there making decisions for me.

Edited April 27, 2011 by Hogfather

[Scar]

Nothing will ever come of that. There isn't a judge on the planet that won't see that lawsuit for what it is.

That isn't to say that Sony won't get sued. They almost certainly will, and they will probably lose. But I imagine a lawsuit will be brought up by people who were actually affected by this. Not by an amublance chaser law firm with 9-digit $ signs in its eyes.

Actually 10-digit.

This lawsuit is way too conveniant for this company. I wonder how many other companies who may get hacked will be sued by these people.

C'mon Sony, fix this and provide some decent compensation.

EDIT:

Hold on a second, Sony's getting sued and is being batted into the dirt....but what about the people who actually hacked the PSN?

Those fuckers need to be found and be permanently removed from any electronic device, because the whole internet is at risk from them.

Edited April 27, 2011 by Scar