Support NeoGAF

[Evlar]

So since I deleted my CC info on my PSN account a couple weeks before all this shit happened, could the info still be compromised?

We don't know when the breach occurred.

 

[Jerk]

How do we even know if Sony had a poor security system in place for PSN? Maybe the whole Geohot thing provoked hackers to hack their network?

Not really informed enough to point rage at anyone. But yeah, fuck hackers and fuck those who support them.

Because barring 0-days, if you are hacked, it is you own damn fault for not making sure that your shit was set up correctly.

 

[dream]

The melt downs in this thread sound like no one has ever gotten a letter from their bank or other corporation saying there has been a security breach. Shit happens a lot, not on this scale. But whoever did this, did a fantastic job, no security in the world can stop a determined group of people. Sony will bite the bullet, on this one sadly, even though it could happen to a lot of services.

That says it all, doesn't it?

Poor Sony. It's just not fair to them.

 

[Kud Dukan]

LOL!

When you are put in charge of millions and millions of accounts of your CUSTOMERS, it is your DUTY to protect their information.

And if you do suspect that you have a leak of personal information, then you don't wait a week to tell your customers what the hell is going on.

 

[Four_Chamber]

The idiocy of comments like " most people post this on your facebook page" and "just change you CC number"... A lot of peoples identities are going to get stolen over this.

This thread has proven that there are some people who will defend ANYTHING when its near and dear to their heart. Its the worst excuse I've seen in a long time.

I'm disgusted that people are defending this as "not a big deal". I'm happy Senator Blumenthal is looking into this.

 

[alr1ght]

CC numbers being stolen shouldn't concern anyone (Debit C numbers too, but a little bigger hassle.) You should be worried about identity theft. I would sign up for one of those credit report sites ASAP.

 

[commish]

Serious question; do you think Sony actually has enough insurance to cover this? I can only imagine the penalties are higher in the EU than in the US.

I mean, are we talking hundreds of millions of dollars? This is catastrophically bad for Sony, right?

Yeah, it's bad. Each state has certain requirements when a data breach such as this happens, as well as each country. The thing is is that this breach is potentially so large, the regulations simply can't be met. I wouldn't even know where to begin if Sony came to me with this. At my firm we joke that when a data breach happens, it "blocks out the sun" for us for a few weeks, and those are for data breaches that are FAR, FAR, FAR smaller than this. This is going to be a nightmare.

This will prove to be an interesting case study, at the very least, and without question, laws and regulations will have to be drafted and/or amended because of this. I'm very curious as to what they do...

 

[MThanded]

Expooosed!
<Spooky/>

this made me lol

 

[RomanticHeroX]

April 17 and April 19, and we learn of this April 26. That's just fucking ridiculous.

 

[MidgarBlowedUp]

The correct term is Cracker not Hacker but, that's because I'm old school.

 

[BeeDog]

Maybe this will be seen as a poor way of coping with the situation, but seeing as how they've waited for so long without anything PSN-related happening (e.g. someone losing their PSN accounts etc.), maybe they're just pre-empting.

/hope

 

[CAW]

Visa and Mastercard gift credit cards ($25, $50 and $100 variations). Been using them since the start. Totally worth it for this kind of thing. Total peace of mind right now.

 

[FINALBOSS]

Bullshit. The problem is that Sony's security was completely incapable and incompetent. The reason why shit doesn't happen on this scale is because no other such breech has been caused by a totally inept developer.

You don't know shit about what you're talking about.


Stuff like this happens ALL THE TIME.


See: Mastercard, Visa, Microsoft, etc.

 

[btkadams]

So since I deleted my CC info on my PSN account a couple weeks before all this shit happened, could the info still be compromised?

i doubt it. that kind of info would be a waste of space if they kept it.

 

[Fantasmo]

This probably won't drop off page 1, but I feel this deserves a sticky.

 

[spons]

Why the diddly fuck are passwords stored in plain text on their servers? Holy hell.

 

[Trevelyon]

A lot of rage over people simply having to monitor their bank accounts a bit closer.

President Ubuto of Swaziland is now logging into your facebook and unfriend'ing every one 'cause he got yo PSN pass that you use everywhere.

 

[Ark]

It's ok Valve, I don't mind you hacking Sony for my money, TAKE IT ANYWAY!

 

[SolidusDave]

They didn't specify, but are we talking the full data of every single of the 70(+) million PSN accounts?
Obviously a lot will have fake information in them, but anyone could now lose access to his account(s) (purchases, trophies, savegames, friendlist)?

At least so far there is no evidence of cc theft, so I guess that's something. (even though that would be a small problem as the banks would be all alarmed and swap your cards before you could even call them).


I wonder if it was some criminal hacker of anonymous acting on his own using their knowledge of the last PSN attack or a CFW hacker that found a way in with the newest PS3 CFW "feature", connecting to the dev PSN. (or both are true)


edit: oh wow, it's all accounts Oo How can you even pull this kind of data undetected.

 

[RPGCrazied]

Did I say PS1 classic? Oh no, I think everyone should get a games on demand of their choosing.

 

[Zenith]

Q.5 How many were affected? How many per each region? What is the latest status of PlayStation Network registered account/ operating countries.

Our investigation indicates that all PlayStation Network/ Qriocity accounts may have been affected.

All of them? All? Weren't there huge fines levied at companies that lost clients' home address details due to data protection failure?

 

[lowrider007]

The fact that they didn't tell sooner is what's so annoying. I couldn't care less who has my name and address.

 

[Neuromancer]

Only a matter of time before my dad finds reads this story somewhere and emails it to me, and says "Too bad for you!" or something like that. That's when I know it's gotten big.

 

[Z_Y]

Good they know where I live... so if they show up I can actually play some MvC3 with someone.

Omg...i just lol'd in real life. Kudos.

 

[test_account]

False. There are over 75 million PSN accounts. That puts this up there with the recent Epsilon leak.

I wonder if there are any links between them. Kinda strange that those 2 things happeneds almost at the same time (relatively speaking), but it might just be a coincidence though.

 

[Cruzader]

What? What was that? Cfw wont affect honest users? Hmm? Its only for otherOS?

We are freaking out? Making a big deal? Whats that, your mkv is more important? Hmmm. No proof this will disrupt psn and online? Yea...

 

[Instro]

Hope they catch all the fuckers responsible and send them to a real pound me in the ass prison. Ill definitely be watching my CC.

 

[Jerk]

The fact that they didn't tell sooner is what's so annoying. I couldn't care less who has my name and address.

Yeah, this is my main reason for any outrage, I can sorta understand everything else.

But not telling us...

All of them? All? Weren't there huge fines levied at companies that lost clients' home address details due to data protection failure?

Yup.

 

[bob page]

Just hit the front page of Wall Street Journal...

 

[Goldrusher]

They better reset the passwords automatically.

 

[slider]

I can change my password on the PS Blog can't I? Although that says "under maintenance" too at the minute.

 

[KJTB]

The fact that they didn't tell sooner is what's so annoying. I couldn't care less who has my name and address.

Exactly. As if some hacker is going to be like "Oh, Dipindots! I'm going to target this one insignificant PSN user and fuck with his billing address!

I'm more worried about the CC info and I have no idea what the fuck Sony was thinking waiting this long to tell their customers that their shit is compromised.

 

[alr1ght]

They didn't specify, but are we talking the full data of every single of the 70(+) million PSN accounts?
Obviously a lot will have fake information in them, but anyone could now loose access to his account(s) (purchases, trophies, savegames, friendlist)?

Q.5 How many were affected? How many per each region? What is the latest status of PlayStation Network registered account/ operating countries.

Our investigation indicates that all PlayStation Network/ Qriocity accounts may have been affected.

 

[darkwing]

don't think Sony can ever recover from this , its going to be on major headlines

 

[Synless]

Is this any credit card data ever entered, or just credit card information that was stored?

 

[punkypine]

Until there are confirmed reports that people's ccs were stolen and used, I'm not worried

 

[Man]

Why the diddly fuck are passwords stored in plain text on their servers? Holy hell.

Have anyone actually said this? (That the leaked password data wasn't hashed I mean)

 

[RPGCrazied]

Just hit the front page of Wall Street Journal...

Good. I hope Sony gets fried.

 

[sixteen-bit]

Expooosed!
<Spooky/>

yo ugh, PSN on blast
</Arturo>

 

[phosphor112]

This is all Nintendo's fault.

This wouldn't have happened if Geo/FailOverflow didn't leak that shit like idiots.
But that wouldn't have happened if the SDK never got leaked to expose the security flaw.
That wouldn't have happened if Sony never made the PS3.
Sony would never have made the PS franchise without Nintendo fucking them over.

Problem solved.

 

[obonicus]

Maybe if this was a one-time, thing, but it's not. Their failure to properly implement a fucking random number generator is the root cause of this whole thing,

No, not necessarily. This may have nothing to do with the PS3 being hacked. It may 'merely' have to do with being unable to protect their servers, period.

 

[WaltJay]

I'm in the same boat as him but the security code is different. Is that more secure?

It is, but that only matters if a merchant website requests the security code; most, but not all websites ask for CC#, expiration date, and security code, but I'm sure there are ones out there that only ask for the CC# and expiration date.

Guessing a new expiration date isn't that difficult, especially if you have the old date since most of the time, the new date is the old date plus 3-5 years; but security codes are only 3 or in AMEX's case 4 digit codes. I'm sure whoever was smart enough to get the info would be able to figure out a 3 or 4 digit code too.

One other point: while it's true that a bank will reverse fraud charges, keep in mind that it might take a day or two (or more); if it's your credit card, then losing buying power for a few days isn't a big deal, but if it's your debit card that was compromised, losing the cash in your checking account for even a day could be a big deal.

Long story short: just request a new CC#.

 

[daffy]

Hello. Damage control made sense in the other thread when we didn't know anything and optimistic people could hope for the best because they think Sony are comprised of a bunch of nice people who, gosh darnit, really want the best for us because they're super awesome and they wouldn't take the network down unless there was a really, really good reason for it that was in our best interest not to be privy to, but that was the other thread. There's no need for damage control now. Whatever the lasting impact of this, they deserve to take their beating for this, because they fucked up.

Bye. I'm not damage controlling, just giving my opinion that was already posted by someone else here. I don't freak out when stuff like this happens because I know how to watch my gosh darn credit info.

 

[CadetMahoney]

I love it. Sony admits to quite possibly the biggest data breach of ALL TIME and yet the defenders are still manning those posts. Incredible.

Yeah, fuck those people. Every single person with an account on that network has a right to be pissed as hell.

This thread is now survival mode on hardest difficulty. Crazy shit all around like someone called the hoard in L4D.

 

[Trevelyon]

What? What was that? Cfw wont affect honest users? Hmm? Its only for otherOS?

We are freaking out? Making a big deal? Whats that, your mkv is more important? Hmmm. No proof this will disrupt psn and online? Yea...

Doomsday scenario, doomsday. Sucks for Mama and his ilk.

 

[Jerk]

don't think Sony can ever recover from this , its going to be on major headlines

They will be fine. Shit like this is not uncommon.

Still infuriating though.

 

[LiK]

They better reset the passwords automatically.

Indeed.

 

[dLMN8R]

You don't know shit about what you're talking about.


Stuff like this happens ALL THE TIME.


See: Mastercard, Visa, Microsoft, etc.

Again: not to this scale

If I'm missing some massive milestone in history where stuff had been compromised to this scale, then feel free to inform me of specific instances.

And in that case, they deserve just as much blame for total incompetence as Sony does for this instance.


For now, I'm not aware of any such total failures, and Sony now has a proven track record of totally inept security infrastructure.

 

[TheFatOne]

I still don't understand why Sony took 6 fucking days before saying anything. As soon as they suspected something was up they should have notified everyone. Absolutely ridiculous

 

[DECK'ARD]

I'm guessing BlimBlim's theory may turn out to be correct.

That most of the focus with PSN was on the client-side security and not the server-side. When the PS3 security imploded, it meant security through invisibility was broken and led to the discovery of exploits through brute-force.

They did their best to lock compromised PS3's out of the network, but didn't shore-up the network itself. Hench all the 'rebuilding' going on now.