Support NeoGAF

[Trevelyon]

I just nudged by PS3 with my big toe.

You take it bitch, there's a lot more where that came from.

 

[Barrett2]

Take a deep breath. A lot of people are over-reacting.

I love it. Sony admits to quite possibly the biggest data breach of ALL TIME and yet the defenders are still manning those posts. Incredible.

 

[slaughterking]

What a fucking disaster. It's past the point of being an inconvenience to make fun of and turned into a serious nightmare for Sony and whoever may be affected by the data theft.

 

[Evolved1]

You have to be kidding... wtf... what a pain in the ass this is going to be.

 

[Marty Chinn]

Again.. I ask. How hard is to delete a CC on the PS3? I have one, but its not even mine, its my Mothers!

Ugh, so mad. If I *EVER* buy anything from PSN again, its PSN cards from now on.

It's super easy.

 

[dralla]

Q.5 How many were affected? How many per each region? What is the latest status of PlayStation Network registered account/ operating countries.

Our investigation indicates that all PlayStation Network/ Qriocity accounts may have been affected


:\

 

[commish]

This is going to cost Sony so much money...

 

[Plinko]

Did I see someone say Sony are done in the console business? Really?

No--I said I personally am done with Sony consoles.

 

[Karram]

What a bunch of amateurs. And it will fuck'n take them a week to restore system ? Seriously fuck you Sony.

 

[The Faceless Master]

At least we know now and we can all take the necessary steps to protect ourselves. Still, pretty slow response there Sony!

 

[Black Republican]

wow, just wow.....

luckily i only used most my psn purchases using the prepaid cards on my usa account, got no money on that account, i remember i had my debit details on the uk version tho.

then again with hsbc uk bank, we're given a calculator like code tool that randomly gives u a new pin to type in everytime u want to online bank, so hopefully thats alright ...... :/

 

[dream]

Yeah, seriously. People overreacting.

If all of you guys are so paranoid, you should never have credit cards because it's never safe. Next thing you know, all web browsers are breached and entering your CC anywhere is compromised.

Seriously?

Are you really implicitly defending Sony here? It's great that they gave us games like Uncharted and Ratchet and Clank but that does not make up for this colossal failure in trust and security.

 

[The Elite]

Seeing as a total of zero people have reported odd charges on their credit cards over these past fews days, you would have to assume they didn't get them, right?

Consider how many people have credit cards on PSN, just because no one in the gaming community has had their card used doesn't mean that it hasn't happened.

Also, whoever took the information will most likely try to sell it.

 

[Trevelyon]

Ugh. At least my credit card info I have up there has expired and I haven't updated it yet.

They know where you live and they ARE coming to get you.

 

[DMeisterJ]

Mother Fuck.

*insert the Wire 'fuck' investigation scene clip*

 

[Grecco]

Its an incredible fuck up. Absolutely insane it took them this long to post this information.

 

[ShdwDrake]

Fucking hacker man, fuck you Geohot.

 

[BeeDog]

The funny thing is, I still haven't received any mail about this. Has anyone in this topic been contacted by Sony in any shape?

Either way, as said, if I lose my PSN account stuff, Sony can go fuck themselves hard.

 

[Ezalc]

Well considering that I didn't have much on my PSN account and I bought all like five things I have on it with a PSN points card. I'm not really worried besides that password thing, but even then the password is unique to PSN now that I think about it so everything went better than expected. I wasn't using my PS3 right now either since I've been busy with God Hand.

 

[Man]

Q.15 Seems like SOE service was also not available/ suffering outage. Is this true? Is this due to the same reason as the PSN/Qriocity outage?

SOE's service is available although a service interruption due to an external attack did occur. A thorough investigation is ongoing.

 

[Ferrio]

I love it. Sony admits to quite possibly the biggest data breach of ALL TIME ...

SONY #1!

 

[ZedIndyLil]

They can't be, or they would have to be saved with the decryption key.

The industry standard is that the passwords are hashed with individual salts.
This means that there is a secret saved a long with the password. On login you get that secret, combine with your password. Send them a computated value based on that and if it matches the computation on the server you are granted access.

Many companies don't use this. And it always gets known whenever such a leak occurs.
Now we can only hope that Sony does.

The next best thing is a secret that is saved a long with all users, which means finding the password of users is one big computation for all, instead of one big computation for each individual user.

All in total: Change your passwords if you use the same for other services.

The password theft is what bothers me. I honestly don't remember what I used when I set up the account 4 years ago, and who knows if I've used it elsewhere. Combined with all my personal coordinates, it seems that anything I use with a password online could be compromised...

 

[Diablos]

So, let me get this straight: they believe that names, addresses, zipcodes, emails, birthdays, logins, passwords, handles, profile data, purchase history and billing address have been obtained, but they're claiming there is no evidence that credit card info has been obtained?! THERE IS NOT A LOL ICON BIG ENOUGH FOR YOU, SONY.

Are you kidding me? Whoever broke into the network had to get CC info. I can't say I trust Sony with my data after this.

What a PR nightmare, and as previously mentioned this is going to haunt them for years.

I'm gonna have to call my bank tomorrow and get a new card #. And from now on I'll be purchasing PSN cards through Amazon. No more card info for you, Sony. I hope getting your panties in a bunch over Geohot exploiting the PS3's security was worth something that has most likely damaged your reputation as a secure, trusted source. This is unbelievable.

 

[BriareosGAF]

dumb question but could this possibly effect your netflix, hulu and steam accounts? would it be possible for them to obtain that information?

Actually that's a very good question, and I'd be curious to know, too. Based on the fact that occasionally I have to re-login to netflix I'm hoping they just pass-through and don't persist anything on Sony's servers. You'd have to assume Netflix would insist on that sort of thing as part of their agreement with Sony to protect their own users.

 

[brandonh83]

lol @ people in this thread.

I don't really know enough to make any kind of rational comments; is it Sony's fault for not having a stable security wall?

 

[radioheadrule83]

Okay... Here's some important questions that I think people need to know:

#1 - According to the post, they noticed this between April 17th and April 19th. Is there evidence that the access was occurring prior to that time?

#2 - If your credit card information was not stored with Sony via the 'remember this card' option, was our information stored anywhere on their network in an unencrypted format for previous purchase history that may have been accessible?

#3 - How in the world were our passwords compromised? Were they encrypted when stored? Or do these 'admin' level accounts that they say were compromised have the ability to view our full passwords (which opens up an entirely different can of worms)?

#4 - How long will it be before we can log into the system so we can perform necessary password/log in changes?

If the passwords are encrypted on the server (which they should be) then I don't see what use the encrypted PSN passwords are to anyone, but billing addresses and personal information could be used for identity theft and fraud, and if credit card long numbers and expiry dates are leaked, then the reasons for that sucking all kinds of shit is obvious.

 

[Plinko]

I don't understand why people are directly blaming Sony. When it is well known that a bunch of hackers have been illegally cyber assaulting Sony with all kinds of trouble. It's pretty clear to me that these so called dumb fuckers who claim to be freedom fighters are the cause of all this malarkey.

Seriously?

 

[Dr.Palutena]

welp, i'm gonna have to change everything when i have the chance. is there even anyway to change your security answers.

 

[Vinci]

I love it. Sony admits to quite possibly the biggest data breach of ALL TIME and yet the defenders are still manning those posts. Incredible.

Yeah, fuck those people. Every single person with an account on that network has a right to be pissed as hell.

 

[blazinglazers]

So the hackers got nearly everything: logins, passwords, home and billing addresses, emails. Holy fuck.

 

[Catalix]

Ok, now I'm concerned...

 

[GodofWine]

People who are complaining they can't login to remove CC or change passwords, relax, there is nothing you can do now, either its been ganked, or it hasn't, changing whats on PSN isn't going to fix that. Hackers are in there right now, no one is...

 

[Majine]

This is a big blow to PSN. They may have lost faith in alot of customers now.

 

[offshore]

Q.5 How many were affected? How many per each region? What is the latest status of PlayStation Network registered account/ operating countries.

Our investigation indicates that all PlayStation Network/ Qriocity accounts may have been affected.

WTF

 

[GABDEG]

Good thing I never got around to buying Silent Hill and RE 1 like I wanted to. This is messed.

 

[Raide]

While I am sure some people might be laughing at PS3 owners right now, I feel really bad for you. It has taken days to get some information out of Sony and when they finally say something its not good news.

 

[FunkyPajamas]

Sony should have brought in a security company to audit their network infrastructure long before this happened to protect against this sort of thing. Completely irresponsible.

But there are no hackers in Japan because it's shameful, so Sony couldn't have predicted that somebody would try to hack them.

Do you not know anything about Japanese culture?

 

[Dunlop]

Taking over a week to inform us of this type of breach is unforgivable.

 

[Xater]

I knew that other thread will be closed. Archive that plz.

Oh well:

. . .name, address (city, state, zip), country, email address, birthdate. . .

Oh great, thx Sony for your shitty security. In b4 someone defends this and says don't blame Sony, calm down etc.

Don't forget the passwords. I had to redo a lot of them already because of the Gawker thing and now this. This is some grade A bullshit from Sony. I can't believe someone went in this easily and got all this stuff.

It also took way too long to inform us.

 

[bob page]

Just talked to my brother. Someone tried charging his CC for a plane trip to Norway last Friday and he didn't know why. His account was linked to PSN.

Hmm...

 

[-Pyromaniac-]

Fuck haxorz. Can't wait for it to be back up though. Some of you are such drama queens though.

 

[Pein]

ah fuck I use the same password on psn on other services

 

[KiKaL]

Fucking hacker man, fuck you Geohot.

I've seen this a lot, at this point does it really have anything to do with Geohot?

 

[Alts]

Am I to believe that PSN was storing passwords in plain text? the fuck?

 

[SapientWolf]

Realistically you should've had hawk eyes on your CC (virtual) statements from day one, you can't wait for these bumble fucks to get their arse in gear.

Not good enough. The crooks are smart enough to wait it over. All the CCs attached to PSN will need to be canceled to be safe, in my opinion.

 

[Morn]

This is worse than the Gawker hack.

 

[cntr]

Holy balls. I was expecting it to be something minor like the leap year bug, not this.

 

[SentientStone]

Wow, this sounds bad. Good thing VISA will protect met against any crazy illegitimate charges... I think... hope. :/

 

[chubigans]

SELL YOUR PLAYSTATIONS, CANCEL YOUR CREDIT CARDS, IT'S ALL OVER.

Seriously though, back to prepaid cards for me.

 

[I NEED SCISSORS]

Only a matter of time until it appears on torrent sites in an spreadsheet.