Sony Admits Private PSN Info Has Been Stolen - All Of It

[008Zulu_v1legacy]

My guess is that the update they released for their network determined it was a hacked copy and bricked it. And since Sony like to hide root-kit malware in their digital products, they undoubtedly hacked themselves.

 

[Sabinfrost]

You have got to be kidding me. How many card details do they have access to now. This is beyond a joke, Sony better start planning some way to sate anger other then a little apology....

 

[Owyn_Merrilin]

PSN info would be stored on servers. You do not use a PS3 to get to those servers, this can be done via a computer. The codes release was poorly timed, however, the root key does not grant access to said server.

Please, I know its hard to understand, but i'm a bloody hacker myself (white hat, not black hat, and its awesome pointing out the flaws in there system to them, giving us all admin accounts, ugh, idiots). At the very least take my word for it that Geohot is not responsible, you're just making yourself look silly.

I am angry, very much so, at the moment so I am not exactly making sure everything I post here is 100% correct. Of course I assume the CC info is stored on servers somewhere, but you have to remember that the PSN hacking began only after the PS3 hacking had reached the point where Hotz released the root keys. One followed the other. Forgot the nick, but wasn't it Count Chocula or something who used Hotz's info to crack the PSN and post the first logs of PSN transactions?

I have no proof Hotz is directly involved in this new attack (and he'd be crazy to get involved following his settlement), but given that apparently no-one was able to crack the PSN at all before Hotz got involved I do still blame him as even if he is not directly responsible, I think that without him this new attack wouldn't have happened. Exactly how they intruded on the PSN is immaterial at the moment, that they did and that they did so only after first finding out some info on how the PSN works using cracked PS3s should be clear to everyone.

As for the term hacker, I wish that the term weren't soiled by the mass populace misapplying the term to crackers like Hotz as well, but the reality is that nobody outside of the scene itself cares about the distinction. Regardless of intent, anyone hacking into systems they are not authorized to is called a hacker by almost everyone so I follow this usage. Use the terms white hat/black hat to make a difference if you must. I know what camp I fell in when I was still doing it, and I know what camp I'd place Hotz, Chocula, and whoever is behind this attack.

If you're going to take it that far back, why not go one step further and blame it on the idiot who messed up the encryption, and made it possible for Geohot to find the code in the first place? That's not hyperbole; if you go back to the articles which first explained this, they explicitly state that he was only able to get the code because of a massive cockup in Sony's security department. Kind of like what's going on in the aftermath of his publishing it, actually.

 

[Delusibeta]

Honestly? If there's a breach of that magnitude in any company that sells products over the internet, heads must roll.

 

[Ilikemilkshake]

Nice secure system there Sony. Way to fuck up. At least RRoD only killed your system and didn't give out all your information at the same time.

Oh and I am still supporting the people who did this. How do you leave such a glaring issue in the system without fixing it? Thats asking for trouble. At least now Sony has to get their system together. If it didn't happen now, it was going to somewhere down the line and Sony still would have done nothing about it until then. Great company.

what kind of stupid argument is that... that's like saying you support the 9/11 attacks because it highlighted apparantly not up to scratch airport security.

Two different things first of all, but it did awake the country to the problem. Now Sony is awake to its problem, it failed to protect its information on a massive scale. You don't fuck up more then that.

There wouldnt have been a problem if someone didnt hack it. You cant commit a crime and then say you're the good guy because the victim was asking for it by not having a 100% foolproof countermeasure to your attacks.

 

[Tony2077]

oh sorry everyone who had there credit card info stolen i can't help but laugh at the misfortune of others

 

[killamanhunter]

Let's see the timeline

1st: Sony sues Geohotz and everyone goes against Sony
2nd: Anon attacks Sony and everyone goes against Anon
3rd: Geo drops out and Anon tries one last ditch effort to feel like they mean something in this fight no one likes anyone
4th: PSN goes down everyone hates Sony and Anon
5th PSN stays down and Anons all like "we did nothing bro!" everyone hates Sony
6th: everyone get's their stuff stolen off of PSN and we go back to everyone hates both sides in the fight

point is if we can put music on a compact disc....

 

[Flyingchciken93]

Yes, credit cards and stuff are important but really tell me what about my trophies. Will they be okay ?

 

[chinangel]

great..just great. Good thing I didn't buy anything on PSN. Srsly. >.>

 

[Thunderhorse31]

First thought:
HORY SHEET!

Second thought:
Wait, can't we change all of our ID/Password info online? Instead of waiting for PSN to be back up and running, that is?

 

[dalek sec]

Anyone still think hackers are harmless?

This is why I never got behind GeoHot. Hackers are almost never in it for the consumers.

Pretty much this as well. I never trusted that man or his ilk ever.

Well right now I'm thanking Christ, the Lords of Kobol, the God-Emperor of Mankind and alot of other gods that I wasn't hooked up the PSN network at all and didn't have an account there. I hope that anyone with a PSN account doesn't lose any money over this nightmare.

 

[FFHAuthor]

Let's see...burn email address, burn home address, 'alt name for my account, paying for purchases using Vanilla Visa cards... I think I'm good, but I will be royally pissed if this wipes all online progress and info.

 

[TemplateResponse]

That's probably the biggest security breach in gaming history. fuck me...

 

[T-Bone24]

So, Sony's stock'll be okay, right?

Err... yeah. [http://www.marketwatch.com/investing/stock/sne]

 

[Pyrokinesis]

Let's see the timeline

1st: Sony sues Geohotz and everyone goes against Sony
2nd: Anon attacks Sony and everyone goes against Anon
3rd: Geo drops out and Anon tries one last ditch effort to feel like they mean something in this fight no one likes anyone
4th: PSN goes down everyone hates Sony and Anon
5th PSN stays down and Anons all like "we did nothing bro!" everyone hates Sony
6th: everyone get's their stuff stolen off of PSN and we go back to everyone hates both sides in the fight

point is if we can put music on a compact disc....

It is a bloody song and dance and quite frankly Sony is good at it. All it takes is one specially worded excerpt of vauge words and hidden potentials to make everyone jump off the deep end and start blaming Anon. When are they gona admit that the data was "capable" of being stolen but was not downloaded. Never, that would make their case look weak. They have to paint Anon as "malicious hackers" and they did it well without saying a word. Well done sony, And well done mindless masses who believe them.

 

[Furioso]

someone tell me how to change my psn info while psn is down -_____________-

 

[Venereus]

Let's see the timeline

1st: Sony sues Geohotz and everyone goes against Sony
2nd: Anon attacks Sony and everyone goes against Anon
3rd: Geo drops out and Anon tries one last ditch effort to feel like they mean something in this fight no one likes anyone
4th: PSN goes down everyone hates Sony and Anon
5th PSN stays down and Anons all like "we did nothing bro!" everyone hates Sony
6th: everyone get's their stuff stolen off of PSN and we go back to everyone hates both sides in the fight

point is if we can put music on a compact disc....

Actually...
6th: Stuff stolen
7th: Sony plays dead for a few days
8th: Sony comes clean about what went down
9th: Somehow there's people defending Sony

 

[erbkaiser]

If you're going to take it that far back, why not go one step further and blame it on the idiot who messed up the encryption, and made it possible for Geohot to find the code in the first place? That's not hyperbole; if you go back to the articles which first explained this, they explicitly state that he was only able to get the code because of a massive cockup in Sony's security department. Kind of like what's going on in the aftermath of his publishing it, actually.

Agreed. Sony should own up to their own massive failure here as well and I've been blaming them since PSN went/was taken down as well. It's one thing to not be ready for a structured attack, it's another thing to just hand the keys to the attackers because you're too lazy to implement proper security. The PSP is insecure, the PS3 was insecure, and alas it seems so is/was the PSN.
At this point I'd almost like to see Sony face a massive lawsuit and lose it for once, so maybe they finally learn to take their customer's security serious. Not the first time Sony messed up either, anyone remember how they were trying to piggy-back insecure rootkits on PCs with music CDs? They got away with that one unfortunately and apparently haven't learned their lessons yet.

 

[Tony2077]

someone tell me how to change my psn info while psn is down -_____________-

if we only knew or maybe could

 

[cynicalsaint1]

What angers me the most is its taken Sony practically a week to tell us this.

I mean that's just outright ... you know what? I can't even think of a word strong enough to describe how irresponsible this is.

There's no way it took them this entire time to figure out what information was at risk - especially considering their whole excuse for not having the PSN back up is that they're "Upgrading" their shit. Which means they already figured out what happened, what was exploited and how. Which also means they should know what the hackers had access to.

Sony has truly outdone their selves with incompetence here.