Jump to content
Awoo.

Sony's PSN Attacked Again! 93,000 Accounts Compromised!


LunarEdge

Recommended Posts

Still, Sony is not blameless in all this, to say their security for this is terrible would be right. For God's sake, concerning the personal information and credit card details, not only is it stored unencrypted locally, it's transmitted unencrypted over the Internet. No matter how you spin it, it's simply inexcusable. When it comes to network security, encryption is a first and a must. Whoever Sony got to design their security for both the PS3 itself and their online service are IDIOTS.

As Gerbilsoft said on Retro, this is a lawsuit waiting to happen.

Edited by Masaru Daimon
Link to comment
Share on other sites

Hey see that not all hackers are this type of idiots. Some of them only want to make the console better than it is, like the mayority of Wii hackers where they make things for example for Movie DVD play and customizing the Menu.

^What he said. You can't just lump all hackers in with these idiots who wanted to do criminal misdeeds. Thats just being narrow minded.

I'm pretty sure Hogfather was just talking about the people who hacked the PSN, not hackers in general (especially considering what I was saying in the post he was responding to). In which case, yes, criminals would be a very appropriate term for them. I'm REALLY hoping that he/she/they get(s) caught. That would really help restore any respect I lost for Sony because of this whole thing.

Link to comment
Share on other sites

Uh oh.

After the shock announcement regarding Sony saying that every single PlayStation Network account may have been compromised, reports are starting to come in pointing towards the fact that PSN users are having hundreds of dollars stolen from their account this past weekend.

One PlayStation Network user, Josh Webb, emailed us after seeing the news regarding a user having $600 taken from him, stating:

"A total of $300 was taken from my debit card on Saturday. However, my bank called me to notify me of a suspicious transaction and they confirmed it was indeed a fraudulent withdrawal. I’ve had to cancel my card and order a new one which the bank will transfer my previous account’s money into. The thing isI worry that many users who linked their bank accounts with their PSN account are in serious danger; I hope they all call their banks to immediately take action and prevent any fraudulent withdrawals."

Here’s the email in picture form where Josh requested us to report on so others were notified and took action:

Click on image to enlarge:

Josh.jpg

Of course, there’s the story which many believed to be fake that VGN365 reported recently; a PSN user had $600 taken from their account. In the same story, Mike said he was also a victim of fraud:

"I had $200 taken out my debit card as well. This occurred in Florida and I live in MN. Luckily my bank’s fraud dept caught it right away and I have since cancelled my card. This just sucks."

Sony had today announced via the PlayStation Blog that every single person’s PSN credit card details may have been and is at risk of being compromised.

VGN365 requests every PSN user that reads this story to take action regarding their bank details. We wish you all – including Josh – the best; good luck.

Link to comment
Share on other sites

It is sad that people's account details are being compromised, yes. This sort of thing is just plain low - anyone who steals anyone else's personal information and bank/credit card details is nothing but a low-life criminal.

On the other hand, I must state once again, Sony deserve any bad heat that comes their way, as they don't encrypt this kind of information. If you cut corners and don't give a shit about the consumer, you deserve a class-action lawsuit up your ass.

Edited by Masaru Daimon
  • Thumbs Up 1
Link to comment
Share on other sites

This made the front page of the Daily Telegraph, this morning's edition. Scary stuff.

I don't believe I ever purchased anything from the PlayStation Network, but did have to create an account. That was over a year ago, though, and I haven't used it since. I haven't had an email from Sony, the PlayStation Network or anything since activation. Is there a time limit to accounts? Do they deactivate after not being used?

Also, people saying they'll never purchase a Sony product again? Surely, in the wake of this, Sony will be the only videogame company to have adequate security to block these hackers? Rebuilding the PlayStation Network specifically to counter this breach sounds pretty effective and secure to me.

I'll be buying a new PlayStation Portable soon. Always wanted one, but I want to show support for Sony, now more than ever.

I hope they'll be alright.

Link to comment
Share on other sites

Also, people saying they'll never purchase a Sony product again? Surely, in the wake of this, Sony will be the only videogame company to have adequate security to block these hackers? Rebuilding the PlayStation Network specifically to counter this breach sounds pretty effective and secure to me.

You ARE talking about the same company that didn't do something as essential (as in, a first and a must for any network security) as encrypt their customers' account details, right?

  • Thumbs Up 3
Link to comment
Share on other sites

I agree with Masaru Daimon and how Sony is just as wrong for having a pretty weaksauce security system. They might as well left the keys under the mat on the porch, and put a note over the keyhole directing to the key.

I also definitely agree that not all hackers are bad. There are legitimate jobs where your mission is to break into networks to test its security, then there are those who hack as a hobby (like say... ROM dump and analyze all its insides).

I am curious about whether or not Sony will recover from this onslaught. While I think they deserve it for having a lazy security system, its consumers definitely didn't have to suffer like this. I'm sure most of them were not aware about how strong Sony's security is.

It is more fitting to call whoever is responsible as criminals, rather than simple hackers. Jacking money is super low and I wouldn't want to grant low lives the title of "hacker".

Link to comment
Share on other sites

Why they store credit card information server side instead of client side is beyond me...

Because they're required by law to keep a record on all transactions like every commerce ever?

You ARE talking about the same company that didn't do something as essential (as in, a first and a must for any network security) as encrypt their customers' account details, right?

You keep saying this and I'd ask for a source but I'm not sure I want to see a picture of your butt ):

  • Thumbs Up 3
Link to comment
Share on other sites

Hey see that not all hackers are this type of idiots. Some of them only want to make the console better than it is, like the mayority of Wii hackers where they make things for example for Movie DVD play and customizing the Menu.

^What he said. You can't just lump all hackers in with these idiots who wanted to do criminal misdeeds. Thats just being narrow minded.

Let's review...

Breaking into a network...

Stealing personal details...

Stealing credit card details...

Distributing those details...

Using those details...

Anyone who doesn't think that these people are criminals have no brain.

  • Thumbs Up 2
  • Bad Quality Post 1
Link to comment
Share on other sites

Anyone who doesn't think that these people are criminals have no brain.

They never said that.

You keep saying this and I'd ask for a source but I'm not sure I want to see a picture of your butt ):

While I can't answer for him, you're exposed to phishing the moment you implement CFW on a console. It is however a case of tempting fate though.

Edited by Carbo
Link to comment
Share on other sites

You keep saying this and I'd ask for a source but I'm not sure I want to see a picture of your butt ):

I've been getting my info on this mostly from Retro, who have been getting said info from actual Playstation hacking sites, who have confirmed that not only is the data stored unencrypted locally, it's transmitted unencrypted over the Internet. In plain text.

But, really, after hackers got the freaking master keys for both the PS3 and PSP, this isn't terribly surprising.

Edited by Masaru Daimon
Link to comment
Share on other sites

I've been getting my info on this mostly from Retro, who have been getting said info from actual Playstation hacking sites, who have confirmed that not only is the data stored unencrypted locally, it's transmitted unencrypted over the Internet. In plain text.

Oh, you mean this article?

Because if this is the one perhaps people should stop jumping into conclusions and take note of the article update

...that was made 2 months ago.

Link to comment
Share on other sites

Oh, you mean this article?

Because if this is the one perhaps people should stop jumping into conclusions and take note of the article update

...that was made 2 months ago.

That wasn't actually the one I was talking about. I don't want to post the actual article, as it's from a Playstation hacking site, which may well be skirting dangerously close against one of this particular forum's rules.

In other news...

UK Information Commissioner To Question Sony Over PSN Intrusion.n

Link to comment
Share on other sites

That wasn't actually the one I was talking about. I don't want to post the actual article, as it's from a Playstation hacking site, which may well be skirting dangerously close against one of this particular forum's rules.

Yeah, I'm pretty sure we can trust random unconfirmed articles from random hackers on everything they say. I mean, it's not like they've ever done anything despicable to legit users.

  • Thumbs Up 1
Link to comment
Share on other sites

Yeah, I'm pretty sure we can trust random unconfirmed articles from random hackers on everything they say. I mean, it's not like they've ever done anything despicable to legit users.

At this point it's an entirely well known fact. I'm personally hearing it mentioned everywhere.

Someone hacked Sony's network, and took everything. They should not be able to do this. That's all there is to it. They did do it, therefore, Sony is lacking on a very large amount of security.

And honestly? I would trust the hacking community on this one. You would figure, oh, hey, the group who, however unknowingly, helped this guy/guys do this, would know something about it.

  • Thumbs Up 5
Link to comment
Share on other sites

At this point it's an entirely well known fact. I'm personally hearing it mentioned everywhere.

Someone hacked Sony's network, and took everything. They should not be able to do this. That's all there is to it. They did do it, therefore, Sony is lacking on a very large amount of security.

And honestly? I would trust the hacking community on this one. You would figure, oh, hey, the group who, however unknowingly, helped this guy/guys do this, would know something about it.

Link to comment
Share on other sites

So last night I sent an email to Sonys tech support regarding if the system stores information entered previously...

I just got a reply and it was simply a copy and paste of the playstation blog entry....

Epic.

Also the information/dada minsiter in the UK is now getting involved... wow thats going to do... nothing.

Link to comment
Share on other sites

UPDATE:

I just called Sony's tech support line. Amazingly I got put through right away (thumbs up I guess?)

I asked them the following question.

* If I entered genuine details when I first signed up, but following all the threats to the network at the start of April this year, if then changed those details to utter nonsense, e.g. John Kimble, of Arnold Schawrtsnegger land. etc etc. Would the system still have on file my original details? Or would it only store the new 'fake details.'

The advisor put me on hold for a short time whilst he spoke to the systems specialist.

When he came back the answer was as follows.

* The data thats stored on the system at the time would have been the data that was taken, the system only has a record of the data that was last entered, so in your/my case, if you changed your data for whatever reason prior to when the system went down, then that would be the data that they had on file, the system does not keep old/previous data.

This advice seems to follow/match what the moderator of the playstation forums said last night regarding bank details. That being, if the details were on the system, but removed, then they would not still be on there.

Second question I asked.

* If all the account information has been compromised, when it comes to our Playstation Network ID's how do we keep them secure? As that information would include the security question and answer, if thats the case, then regardless as to if we change our passwords, they'll never be secure unless that Security question can be changed, but this has never been an option for a PSN user even when the system was last up.

To this one he didn't know, it sounded like I was the first person to ask him that question all day, he said that he would imagine that they (the people trying to decide what to do next) would be considering that and they would release an FAQ later on which would likely have that answer on it.

But for the dude in the general enquiories office, I'm not that suprised that he had the answer for the second question.

So there you have it.

Edited by Hogfather
  • Thumbs Up 1
Link to comment
Share on other sites

Oh, you mean this article?

Because if this is the one perhaps people should stop jumping into conclusions and take note of the article update

...that was made 2 months ago.

I'm really curious what your point is with all this.

Link to comment
Share on other sites

At this point it's an entirely well known fact. I'm personally hearing it mentioned everywhere.

Someone hacked Sony's network, and took everything. They should not be able to do this. That's all there is to it. They did do it, therefore, Sony is lacking on a very large amount of security.

And honestly? I would trust the hacking community on this one. You would figure, oh, hey, the group who, however unknowingly, helped this guy/guys do this, would know something about it.

To be fair, Sony managed to remain unhacked until very recently.

Whether that is because nobody wanted to hack PSN, or because nobody could until the recent PS3 Jailbreak is forever going to be unknown.

Whatever the case may be, it is impossible for any network to remain unhackable, because some hacker will eventually hack it, simply for the sake of his/her ego.

Link to comment
Share on other sites

I'm really curious what your point is with all this.

That... people see something somewhere and instantly jump to conclusions, taking it at face value?

Link to comment
Share on other sites

Just got my email from Sony regarding the 'external intrusion' (can someone make a gif with that in it, idealy with something from the movie Airplane or indiana jones when they open up the arc and the words "External intrusion!" jumps out of the screen. or the bit in

Edited by Hogfather
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

You must read and accept our Terms of Use and Privacy Policy to continue using this website. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.