Playstation Speculation

[-Dragmire-]

While I've heard the term 'compromised' a little more often than what's comfortable recently, I've been thinking on what that means. From little bits of not-always-facts floating around, a person with a dev system was able to log into the restricted access portion of Sony's network. 'Compromised' doesn't necessarily mean data was copied, but I suppose we'll get better info on that later once Sony is comfortable enough to trust us with information on our... information.

The thing I'm trying to get my head around is how the personal info was stored. I mean, first thing that comes to my mind when I think of non encrypted user data is a gigantic 77 million user info .txt file... fine, that would be impractical and moronic, but if the hacker got a copy of all 77 million users info, how much space do you think that takes up?

On a side note, Sony shut down once it was sure it had someone unwanted in the network so maybe a couple people have semi-secure data.

 

[jack583]

well frick....
glad i wasn't able to find half-life2 for the playstation.

 

[Proteus214]

The thing I'm trying to get my head around is how the personal info was stored. I mean, first thing that comes to my mind when I think of non encrypted user data is a gigantic 77 million user info .txt file... fine, that would be impractical and moronic, but if the hacker got a copy of all 77 million users info, how much space do you think that takes up?

I highly doubt it would be something that simple, but nonetheless it is alarming. Just saying that the info was "compromised" is incredibly vague. It could mean anything from someone just gaining access to the network to someone stealing all of the information for their own exploitation. It gives no indication of how long they had access, what they took, how much they took, or if they even took anything at all.

I think the chances of being truly victimized by this will be very slim for the vast majority of users, but that doesn't change the fact that I'm replacing my credit card and changing my passwords.

 

[More Fun To Compute]

Volume of data and what sort of database they use to store it is one thing. The main thing for me is what sort of data they are store and how they store it. It is not good practice to store passwords in an unencrypted way so that they can be decoded. They could store them using one way encryption method, a cryptographic hash, so that when a user enters a password the encryption is repeated and compared against the already encrypted password. Banks also issue rules for how card details are allowed to be stored in companies databases. The check code is not allowed to be stored and they normally have some rule like only allowing certain digits of the card number to be stored. I suspect that they waive these rules for large companies like Sony on the trust that their systems are secure or just because they have more bargaining power...

 

[-Dragmire-]

Volume of data and what sort of database they use to store it is one thing. The main thing for me is what sort of data they are store and how they store it. It is not good practice to store passwords in an unencrypted way so that they can be decoded. They could store them using one way encryption method, a cryptographic hash, so that when a user enters a password the encryption is repeated and compared against the already encrypted password. Banks also issue rules for how card details are allowed to be stored in companies databases. The check code is not allowed to be stored and they normally have some rule like only allowing certain digits of the card number to be stored. I suspect that they waive these rules for large companies like Sony on the trust that their systems are secure or just because they have more bargaining power...

I agree that the content and security method they use are far more important than the amount of it. I just found myself curious with the total size due to the vast quantity of information that might be contained there.

When we agreed to the new EULA when SCEA transferred our accounts to SNEA, we agreed to let Sony collect more info than before, including anything connected to the PS3(tv model, peripherals, I'm not sure if they collect info stored in usb keys but its possible). So with all that extra info that may or may not have been stored in the same area, I'm curious as to how many gigs of data they've stored.

It's the same kind of curiosity that I feel when I see a jar of jellybeans and wonder how many are inside.