Jump to content
Awoo.

Sony's PSN Attacked Again! 93,000 Accounts Compromised!


LunarEdge

Recommended Posts

I should mention to people that are nervous of using their debit cards again. Bolt7 from Retro linked me this:

https://www.gamepointsnow.com/

I also looked up some things on Amazon and it appears that they e-mail 20 dollar card codes instantly, so it shouldn't be that hard to get our hands on such things.

Can personally vouch for GamerPointsNow, once you've verified your Paypal the codes are sent instantly to your email and have always worked for me : ) I use them for Xbox Live Subs and Microsoft Points, they sell US versions of the cards too.

Much as I'm not a fan of Sony personally, people should chill juuuust a little. Yes it's a terrible blunder on Sony's part but Hogfather is right, this could happen to anyone, it's just unfortunate that Sony had caught a large amount of ire from the hacking community, which may or may not have lead to this. IMO by all means be angry with them for taking their time and being outright lousy with their PR handling of the situation (Microsoft have a team of vocal admins that generally keep people up to date with things - Sony should of had the same for PSN) and not encrypting personal data. I'm sure they are as shame-faced as people are mad

Incidentally speak of the devil: http://www.eurogamer.net/articles/2011-04-28-sony-expects-psn-will-be-back-by-3rd-may

Manditory Password changes for all, improved security and a vow to track down the hacker. Much better response though rather late

Link to comment
Share on other sites

Yeah I posted that earlier in the thread.

At some point in that Sony Q&A I smell massively reeking bullshit. Security can impossibly be that uptight if it's exposed 77 million users and I doubt that even a fraction of those who've got their credit cards extorted are even into homebrewing, because any person who's into the scene would know how obnoxiously stupid using a credit card on a hacked console would be.

Anyway we got ourselves our first lawsuit.

That's the thing. There are people in this world who can be using a credit card on a hacked console. Geohot's jailbreak brought in some newbies in to the hacking world. But yeah, they would be obviously shitting themselves right now. =P

Link to comment
Share on other sites

Much as I'm not a fan of Sony personally, people should chill juuuust a little. Yes it's a terrible blunder on Sony's part but Hogfather is right, this could happen to anyone, it's just unfortunate that Sony had caught a large amount of ire from the hacking community, which may or may not have lead to this. IMO by all means be angry with them for taking their time and being outright lousy with their PR handling of the situation (Microsoft have a team of vocal admins that generally keep people up to date with things - Sony should of had the same for PSN) and not encrypting personal data. I'm sure they are as shame-faced as people are mad

While it would have been better if they could have stayed in touch with the community a bit more often, they did give daily updates with any info they did have to pass on, and they did tell us about the personal data breach soon after they found out. They said the company they got in to look into it didn't find that out until Monday.

Anyway, I'm happy to hear about all of the improvements they're going to be making. I'll be glad when this whole thing is over with.

Link to comment
Share on other sites

It's sad to say but it happens. Sony got hacked, there's no way to sugar-coat it. I just love it when something like this happens people love to turn it into a console war and bash sony. Given, the information should have been encrypted, but any online service be it PSN, Live, Steam and etc. can get hacked, it's just a matter of how dedicated the hackers are. People also like to bring up that "Live is better," but they had a 10 day outage during the release of Halo 3 and the holiday season. For a service you pay for, that should have been easily avoidable and expected.

We use a free service, a courtesy from Sony, and we are bound by their TOS. If they feel they have to rebuild the infrastructure then we have to sit and wait. If people are complaining that they can't play online and are truly pissed about this than they obviously need more hobbies than just games. Get outside and do something.

As for the Credit card issue, if you are that paranoid about hackers using your info, cancel your card and get a new number... problem solved. Also, not only credit card info is tied to people's accounts, there's also debit cards, which you can do the same shit too (cancel > get new number > problem solved).

The console isn't totally rendered useless like the time clock issue, games can still be played with the exception of PSN

Kinda sucks that they waited to tell us, but what done is done, all we can do now is wait.

Edited by LunarEdge
  • Thumbs Up 2
Link to comment
Share on other sites

It's sad to say but it happens. Sony got hacked, there's no way to sugar-coat it. I just love it when something like this happens people love to turn it into a console war and bash sony. Given, the information should have been encrypted, but any online service be it PSN, Live, Steam and etc. can get hacked, it's just a matter of how dedicated the hackers are. People also like to bring up that "Live is better," but they had a 10 day outage during the release of Halo 3 and the holiday season. For a service you pay for, that should have been easily avoidable and expected.

We use a free service, a courtesy from Sony, and we are bound by their TOS. If they feel they have to rebuild the infrastructure then we have to sit and wait. If people are complaining that they can't play online and are truly pissed about this than they obviously need more hobbies than just games. Get outside and do something.

As for the Credit card issue, if you are that paranoid about hackers using your info, cancel your card and get a new number... problem solved. Also, not only credit card info is tied to people's accounts, there's also debit cards, which you can do the same shit too (cancel > get new number > problem solved).

Kinda sucks that they waited to tell us, but what done is done, all we can do now is wait.

Completely agree with everything you said, but the last sentence. Yes, we had to wait for about a week until we found out that our details were breached, but they said they didn't wait to tell us, they just didn't know about that until Monday. They hired a company to come in and investigate, they discovered the breach of our info and then Sony told us soon after.

Link to comment
Share on other sites

Sony themselves said that the credit card data was encrypted in their Q&A and that the personal data, while not encrypted, was still behind a significant amount of security.

If you don't want to believe them, then that's you, but that is what was said. People need to stop harping on all these misconceptions and inaccurate pieces of information.

Edited by Chooch
  • Thumbs Up 1
Link to comment
Share on other sites

Sony themselves said that the credit card data was encrypted in their Q&A and that the personal data, while not encrypted, was still behind a significant amount of security.

If you don't want to believe them, then that's you, but that is what was said. People need to stop harping on all these misconceptions and inaccurate pieces of information.

I know about that, I'm just saying if you feel that paranoid over the fact than change your card number and etc.

Completely agree with everything you said, but the last sentence. Yes, we had to wait for about a week until we found out that our details were breached, but they said they didn't wait to tell us, they just didn't know about that until Monday. They hired a company to come in and investigate, they discovered the breach of our info and then Sony told us soon after.

That I also know. Personally, I don't blame Sony for not telling us ASAP. I would imagine they were trying to fix things before getting us worried, which is fine. I don't blame those whom are mad about the hold of information

Edited by LunarEdge
Link to comment
Share on other sites

Doubting that CC info is encrypted is just silly. If it wasn't I'd question how Sony even had the chance to run a 77 million userbase with more than half of those indulging in credit card business. "Encryption" however doesn't say much at all. Even during a worst case scenario I wouldn't expect Sony to divulge the complete facts on the table as that's just how business works, and from what I've read, CC info that Sony utilizes isn't double-encrypted, something which is sort of an industry standard.

Either way I've seen at least three users on GAF report that they've had fraudulent charges reported, all taking place around the beginning of this week. It'd have to be a damn scary coincidence.

Link to comment
Share on other sites

It's only encrypted once through HTTPS as its sent online. Though not as tight as it could, the hackers from forever ago mentioned is that it's unlikely someone could get your data unless they intercepted it during that encryption process, which is more likely with malicious CFW you downloaded than standard firmware. Also, it probably IS a coincidence. Identity Theft happens all the time, and it's hard to determine what caused it. Correlation does not equal causation.

Edited by Hero Of Fate
  • Thumbs Up 2
Link to comment
Share on other sites

Supposedly though here was this one guy who was actually informed so through his bank. Then there's another who hasn't had his credit info logged elsewhere beyond XBL and PSN.

I could buy one or two coincidences. But couple those with various reports that have actually made it into news sites all during the same time frame, I'd be hard pressed to call it just a coincidence. CC scamming isn't exactly a cake walk.

EDIT: Everyone's favorite jailbreaker GeoHot has expressed his comments and opinions on the matter.

Edited by Carbo
Link to comment
Share on other sites

So two people out of how many million people had fradulant transactions on their card.

And people think that this is proof that their details came from the Sony hack?

  • Thumbs Up 2
Link to comment
Share on other sites

So two people out of how many million people had fradulant transactions on their card.

And people think that this is proof that their details came from the Sony hack?

Yeah, exactly.

Fraud can happen from anywhere. Someone could have physically stolen their credit cards....

Link to comment
Share on other sites

And aside from that, isn't most of NeoGaf an advocate of homebrew? Who's to say they didn't have CFW installed in their system?

Link to comment
Share on other sites

So two people out of how many million people had fradulant transactions on their card.

And people think that this is proof that their details came from the Sony hack?

Try above two dozen people. I didn't say "made it into news sites all during the same time frame" for nothing.

I'm not discounting any possibilities here though. If it was a coincidence, then I'll be happy to stand proven wrong.

Edited by Carbo
Link to comment
Share on other sites

Well, I finally made it to the topic. Would have probably found this topic sooner if I actually looked for it, but anyways, time I chime in my 2 cents.

I had a bit of a feeling when myself and several PSN users couldn't get to PSN (before Sony made any statement on it, but instead as "Your connection has timed out", though after Anon's attack had ended. Some people that had this problem were PS3, some,myself included, were PSP, though fewer in number. And others had no trouble. I thought my PSP had a problem, so since I wanted some Duodecim DLC, I kept checking to see if I could finally sign in. A day or 2 before Sony made the statement, I got a message saying I got signed out. Then I learned about the hack. Oh goody. One benefit to this all (for me at least) is that I never once used a credit card on PSN, just those Playstation Store cards. Granted my home address and E-mail are at risk, jeopardizing my parent's credit score is something I'd never want done, so that not being an issue is a weight lifted off my shoulders. Granted I never wanted this to happen to my home address either, but unfortunately, nothing works perfectly as wanted.

As for who to blame, I have to pick on both sides. In Sony's case, it's their fault for not being entirely secure about this. Whenever someone or something gets into the system that doesn't add into the equation, that's a sign you need to "step your game up" as that annoying kid from the PSP commercials would say. Also, there's the fact that they kept the credit card info IN PLAIN TEXT. Now think about this for a second, if YOU were to head a company where people can make transactions with a credit card, wouldn't you want it kept safe with some form of security method? Also, I feel it's worth mentioning that they waited to tell us about this crap. Why wait to inform the customers of a giant security breach? In the computer cracker's case, well, it's just their actions, stealing information and inconveniencing everyone who uses the service. Face it, people's credit is now at stake here. While our little buddy won't give two shits of the common people's credit scores most likely, to those who own those credit scores, it means a lot. You need a lease? It gets harder with poor credit. How about the bills that could come from this heist? No one should have to pay for that except the hacker him/her/their selves. While I want to blame the hacker the most, I do have to through some salt on Sony's wound a little too.

Though in all seriousness, despite all of this, I do plan on getting another Playstation Card for when the network is back up ad running. I'm tempted by FFVIII. Guess that I just can't be shaken from this, can I?

Edited by GameFarnsworth940
  • Thumbs Up 1
  • Bad Quality Post 1
Link to comment
Share on other sites

Well, I finally made it to the topic. Would have probably found this topic sooner if I actually looked for it, but anyways, time I chime in my 2 cents.

I had a bit of a feeling when myself and several PSN users couldn't get to PSN (before Sony made any statement on it, but instead as "Your connection has timed out", though after Anon's attack had ended. Some people that had this problem were PS3, some,myself included, were PSP, though fewer in number. And others had no trouble. I thought my PSP had a problem, so since I wanted some Duodecim DLC, I kept checking to see if I could finally sign in. A day or 2 before Sony made the statement, I got a message saying I got signed out. Then I learned about the hack. Oh goody. One benefit to this all (for me at least) is that I never once used a credit card on PSN, just those Playstation Store cards. Granted my home address and E-mail are at risk, jeopardizing my parent's credit score is something I'd never want done, so that not being an issue is a weight lifted off my shoulders. Granted I never wanted this to happen to my home address either, but unfortunately, nothing works perfectly as wanted.

As for who to blame, I have to pick on both sides. In Sony's case, it's their fault for not being entirely secure about this. Whenever someone or something gets into the system that doesn't add into the equation, that's a sign you need to "step your game up" as that annoying kid from the PSP commercials would say. Also, there's the fact that they kept the credit card info IN PLAIN TEXT. Now think about this for a second, if YOU were to head a company where people can make transactions with a credit card, wouldn't you want it kept safe with some form of security method? Also, I feel it's worth mentioning that they waited to tell us about this crap. Why wait to inform the customers of a giant security breach? In the computer cracker's case, well, it's just their actions, stealing information and inconveniencing everyone who uses the service. Face it, people's credit is now at stake here. While our little buddy won't give two shits of the common people's credit scores most likely, to those who own those credit scores, it means a lot. You need a lease? It gets harder with poor credit. How about the bills that could come from this heist? No one should have to pay for that except the hacker him/her/their selves. While I want to blame the hacker the most, I do have to through some salt on Sony's wound a little too.

Though in all seriousness, despite all of this, I do plan on getting another Playstation Card for when the network is back up ad running. I'm tempted by FFVIII. Guess that I just can't be shaken from this, can I?

I could have sworn someone said earlier that the Credit/Debit card info was encrypted to a certain extent?

Link to comment
Share on other sites

I could have sworn someone said earlier that the Credit/Debit card info was encrypted to a certain extent?

It is, it's only not encrypted if you use CFW.

  • Thumbs Up 1
Link to comment
Share on other sites

Huh, did not know that. I thought it was plain text on all. Well, better start eating my own words on that part of my little rant then. Thanks for the clarification on that part, guys.

Link to comment
Share on other sites

Well, I finally got my email from Sony today. I'd already called my credit card company this morning, to get their advice. They said they're in contact with Sony, and have upped their own account monitoring systems, so they didn't advice mass re-carding at the moment (this was before Sony announced that the credit card info was encrypted). They also reminded me that I am not responsible for any fraudulent charges, but recommended I watch out for phishing emails. So I'll watch my account for odd charges, but their monitors are pretty reliable - they called me once to see if I'd really gone to Ireland!

Link to comment
Share on other sites

...err, hey guys! I just got this e-mail! I take it that everybody with a PSN account received one of these only as a precautionary measure, right?

From: PlayStation Network (PlayStation_Network@playstation-email.com)

To: Hunter Shaughnessy (huntertsf@*****.com)

Subject: Important information regarding PlayStation Network and Qriocity services

===================================

PlayStation®Network

===================================

Valued PlayStation®Network/Qriocity Customer:

We have discovered that between April 17 and April 19, 2011,

certain PlayStation Network and Qriocity service user account

information was compromised in connection with an illegal and

unauthorized intrusion into our network. In response to this

intrusion, we have:

1) Temporarily turned off PlayStation Network and Qriocity services;

2) Engaged an outside, recognized security firm to conduct a full

and complete investigation into what happened; and

3) Quickly taken steps to enhance security and strengthen our

network infrastructure by rebuilding our system to provide you

with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill

as we do whatever it takes to resolve these issues as quickly and

efficiently as practicable.

Although we are still investigating the details of this incident,

we believe that an unauthorized person has obtained the following

information that you provided: name, address (city, state, zip), country,

email address, birthdate, PlayStation Network/Qriocity password and login,

and handle/PSN online ID. It is also possible that your profile data,

including purchase history and billing address (city, state, zip),

and your PlayStation Network/Qriocity password security answers may

have been obtained. If you have authorized a sub-account for your

dependent, the same data with respect to your dependent may have

been obtained. While there is no evidence at this time that credit

card data was taken, we cannot rule out the possibility. If you have

provided your credit card data through PlayStation Network or Qriocity,

out of an abundance of caution we are advising you that your credit

card number (excluding security code) and expiration date may have

been obtained.

For your security, we encourage you to be especially aware of email,

telephone and postal mail scams that ask for personal or sensitive

information. Sony will not contact you in any way, including by email,

asking for your credit card number, social security number or other

personally identifiable information. If you are asked for this information,

you can be confident Sony is not the entity asking. When the PlayStation

Network and Qriocity services are fully restored, we strongly recommend that

you log on and change your password. Additionally, if you use your PlayStation

Network or Qriocity user name or password for other unrelated services or

accounts, we strongly recommend that you change them as well.

To protect against possible identity theft or other financial loss, we

encourage you to remain vigilant, to review your account statements and

to monitor your credit reports. We are providing the following information

for those who wish to consider it:

- U.S. residents are entitled under U.S. law to one free credit report annually

from each of the three major credit bureaus. To order your free credit report,

visit www.annualcreditreport.com or call toll-free (877) 322-8228.

- We have also provided names and contact information for the three major U.S.

credit bureaus below. At no charge, U.S. residents can have these credit bureaus

place a "fraud alert" on your file that alerts creditors to take additional steps

to verify your identity prior to granting credit in your name. This service can

make it more difficult for someone to get credit in your name. Note, however,

that because it tells creditors to follow certain procedures to protect you,

it also may delay your ability to obtain credit while the agency verifies your

identity. As soon as one credit bureau confirms your fraud alert, the others

are notified to place fraud alerts on your file. Should you wish to place a

fraud alert, or should you have any questions regarding your credit report,

please contact any one of the agencies listed below:

Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013

Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241

TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division,

P.O. Box 6790, Fullerton, CA 92834-6790

- You may wish to visit the website of the U.S. Federal Trade Commission at

www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania

Avenue, NW, Washington, DC 20580 for further information about how to protect

yourself from identity theft. Your state Attorney General may also have advice

on preventing identity theft, and you should report instances of known or

suspected identity theft to law enforcement, your State Attorney General,

and the FTC. For North Carolina residents, the Attorney General can be

contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone

(877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney

General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202;

telephone: (888) 743-0023; or www.oag.state.md.us.

We thank you for your patience as we complete our investigation of this

incident, and we regret any inconvenience. Our teams are working around the

clock on this, and services will be restored as soon as possible. Sony takes

information protection very seriously and will continue to work to ensure that

additional measures are taken to protect personally identifiable information.

Providing quality and secure entertainment services to our customers is

our utmost priority. Please contact us at 1-800-345-7669 should you have any

additional questions.

Sincerely,

Sony Computer Entertainment and Sony Network Entertainment

...right?

Link to comment
Share on other sites

Apparently the FBI is on this as well...

http://apps.facebook.com/upitone/?controller=news&op=view-news&news_id=78346

The Federal Bureau of Investigations today confirmed to Kotaku that it is looking into the security breach that brought the Playstation Network down and exposed millions of users' personal data to cybercriminals. The FBI is joined by nearly two dozen state attorneys general and possibly the Federal Trade Commission who are looking into this month's Playstation Network hack attack which forced Sony to take their PS3 online service offline for more than a week. Sony told Kotaku that they reported the security breach to the FBI's cybercrimes unit in San Diego. Contacted Thursday, an FBI spokesman confirmed that they were looking into the reports. "The FBI is aware of the reports concerning the alleged intrusion into the Sony on line game server and we have been in contact with Sony concerning this matter," said FBI special agent Darrell Foxworth. "We are presently reviewing the available information in an effort to determine the facts and circumstances concerning this alleged criminal activity." Meanwhile attorneys general from 22 states are demanding answers from Sony over the breach, asking why it took the company so long to alert customers to the attack. That group of state attorneys general are sharing information with one another about their individual inquiries, Susan Kinsman, communications director for the Connecticut Office of the Attorney General told Kotaku. The collection of attorneys general have also contacted the Federal Trade Commission to see if they have launched their own federal investigation, she said. The Federal Trade Commission could have jurisdiction in a case involving loss of customer data through a security breach, FTC spokeswoman Claudia Bourne Farrell told Kotaku. But the FTC does not discuss or confirm ongoing investigations. Kinsman also declined to say whether the FTC has launched their own investigation. "A call has been made to the FTC and there will be discussions, but I can't comment on whether the FTC is investigating," she said. While Kinsman was able to confirm that attorneys general from at least 22 states were looking into the Sony breach and how it might affect consumers in their states, she declined to say which states that included. Connecticut's own attorney general sent a letter to Sony Computer Entertainment of America President and CEO Jack Tretton on Wednesday. The letter demanded answers to a number of questions including what data was stolen, who was responsible, how long the company knew and what was being done to make sure it doesn't happen again. "The fact that sensitive information was apparently accessed without authorization makes me especially concerned about the possibility of financial fraud and targeted phishing scams," Connecticut Attorney General George Jepsen wrote. "What is more troubling is Sony's apparent failure to promptly and adequately notify affected individuals of this large-scale breach." The letter goes on to outline a baker's dozen questions. Kinsman said the letter was sent out Wednesday and that the office has not yet heard anything back from SCEA. Sony officials told Kotaku that it wasn't until Monday, after an outside security group conducted an extensive investigation, that they realized customer data had been stolen. That data included names, passwords and other identifying information. Sony doesn't believe credit card numbers were stolen. If it was, that data is also encrypted when it is stored, they said. Anyone with information concerning the breach is asked to contact the FBI at 858-565-1255 or 1-877-EZ-2-TELL

Link to comment
Share on other sites

...err, hey guys! I just got this e-mail! I take it that everybody with a PSN account received one of these only as a precautionary measure, right?

...right?

A handsome nigerian prince is about to call you so you can help him take out his millions from the country ;D

(If you had any passwords identical to that of your PSN ID I'd go change them right fucking now. Also tell your bank to give you another credit card just in case. But yeah, everyone's getting that email, more or less)

Link to comment
Share on other sites

...err, hey guys! I just got this e-mail! I take it that everybody with a PSN account received one of these only as a precautionary measure, right?

...right?

Everyone with a PSN account got sent one.

handsome nigerian prince is about to call you so you can help him take out his millions from the country ;D

You know that prince doesn't have a very good banking system does he? He's always contacting me asking for help transfering his money.

Apparently the FBI is on this as well...

Awww.... I was hoping that the would hire one of these guys.

http://www.youtube.com/watch?v=vn1-y6SA4t8

Is it only a matter of time before someone uploads a PSN version of this?

Edited by Hogfather
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

You must read and accept our Terms of Use and Privacy Policy to continue using this website. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.