Sony Admits Private PSN Info Has Been Stolen - All Of It

[xx19kilosoldier]

Im going go ahead and assume this is 30 pages of straight whining, wait while I check...yep

Well, I guess you did not change the trend then..eh?

Oh, my bad, let me just buck this thing

Nice !

 

[babinro]

It only does....Offline Gaming.

I really don't like having to renew my credit card information, but things like this are inevitable with online transactions. Still, the convenience is worth the risk.

 

[stuhacking]

I notice anonymous isn't even mentioned in this article... funny that.

Not really. Anonymous have not claimed responsibility or involvement in this episode. In fact they have denied it. http://www.escapistmagazine.com/news/view/109475-Anonymous-on-PSN-Outage-For-Once-We-Didnt-Do-It

Now, you can speculate on whether a subset of Anon are to blame, but the fact that Anonymous aren't taking credit, gloating, and sticking it to the man seems proof enough that they aren't behind it. (i.e. They aren't supporting it.)

Secondly, it doesn't feel like Anon's M.O. No reports of social engineering, no libel or slander against people within Sony, No defacement of public facing information. Classic symptoms of Anonymous attacks seem to be missing.

And thirdly, the victims of this attack are users of the service, not a corporation or person who has set themselves up as a target. Anonymous may have denied service in order to send a message to a company but I can't recall an instance where they have put innocent people in the line of fire. At the end of the day, Anonymous paint themselves as a righteous group of activists.

So, I don't find it strange that anonymous aren't mentioned, since, at this juncture, very few signs point down that road.

 

[Mumorpuger]

I notice anonymous isn't even mentioned in this article... funny that.

Not really. Anonymous have not claimed responsibility or involvement in this episode. In fact they have denied it. http://www.escapistmagazine.com/news/view/109475-Anonymous-on-PSN-Outage-For-Once-We-Didnt-Do-It

Now, you can speculate on whether a subset of Anon are to blame, but the fact that Anonymous aren't taking credit, gloating, and sticking it to the man seems proof enough that they aren't behind it. (i.e. They aren't supporting it.)

Secondly, it doesn't feel like Anon's M.O. No reports of social engineering, no libel or slander against people within Sony, No defacement of public facing information. Classic symptoms of Anonymous attacks seem to be missing.

And thirdly, the victims of this attack are users of the service, not a corporation or person who has set themselves up as a target. Anonymous may have denied service in order to send a message to a company but I can't recall an instance where they have put innocent people in the line of fire. At the end of the day, Anonymous paint themselves as a righteous group of activists.

So, I don't find it strange that anonymous aren't mentioned, since, at this juncture, very few signs point down that road.

That's the thing about Anonymous... just because a majority of /b/ isn't behind this, doesn't mean that the person who did it isn't one of them. In fact I find it quite likely. I wonder how many anonymous people there need to be before they become Anonymous.

It only does....Offline Gaming.

That made me chuckle.

 

[Seijaku]

I have only ever bought one thing from PSN and that was the day before it went down. Fuck sake.

 

[Sentox6]

Its easy to blame the massive company, but in this case I think almost all the blame rests at the feet of the hacker(s).

I'm of two minds about it.

The hackers are the wrongdoers, of course. Still, if I give Sony my personal details, I expect them to be safeguarded appropriately. When I give a bank my money, I expect them to protect it from thieves, digital or otherwise. Yes, if someone robs the bank the primary blame falls on them, but the functional blame falls upon the bank, for not fulfilling their responsibilities and safeguarding my funds. I didn't enter into a contract with the robbers not to steal from me, after all.

I'm not insensitive to the immense difficulty of building a secure internet-connected network (although if they did indeed store the passwords in plain text every atom of sympathy will evaporate). Still, Sony insisted on having my details, so they put themselves in that position.

They certainly didn't extend any goodwill to me when they were busy stripping features out of the product I bought on the basis I might be a pirate or a hacker :|

 

[JourneyThroughHell]

I'd like to see you do better.

That's a sarcastic response, right?

Please, tell me it is.

 

[Antonidious]

Its easy to blame the massive company, but in this case I think almost all the blame rests at the feet of the hacker(s).

I'm of two minds about it.

The hackers are the wrongdoers, of course. Still, if I give Sony my personal details, I expect them to be safeguarded appropriately. When I give a bank my money, I expect them to protect it from thieves, digital or otherwise. Yes, if someone robs the bank the primary blame falls on them, but the functional blame falls upon the bank, for not fulfilling their responsibilities and safeguarding my funds. I didn't enter into a contract with the robbers not to steal from me, after all.

I'm not insensitive to the immense difficulty of building a secure internet-connected network (although if they did indeed store the passwords in plain text every atom of sympathy will evaporate). Still, Sony insisted on having my details, so they put themselves in that position.

They certainly didn't extend any goodwill to me when they were busy stripping features out of the product I bought on the basis I might be a pirate or a hacker :|

And I thought I was the only sane person on the internet. Very well worded sir!

 

[DVS Storm]

First of all I'm happy that this didn't happen to Microsoft and second I feel so sorry for PSN users. This is presicely why I hate hackers and all that BS.

 

[Temah]

This is probably someoe in Anonymous, though not a planned out attack for a purpose, its caused far too much trouble for the people they apparently work to help.

 

[marcooos]

I din't think Sony will pull though this if it is found liable for damages even at a $50-$200 dollar per claimant in damages we are looking at close to 24million people effected. While it will have to go via each contrys courts (as my understanding of such claims is) just the USA's claimants will dent Sony's finances. 12-480 million dollars isn't a small amount and thats no including legal fees and the money spent to reinstate the infrastructure. Again the $50-$200 per claimant is looking small I mean this could do $1000 in damages per person.

My guess is this was a hack by an organised criminal group aiming to use Annon's recent attacks as a cover. They will then likely use and/or sell on the data they have got to interested parties maybe even in chunks not as a whole. I'm telling you smaller hacks have been sold on for millions. With 24 million peoples data who knows what will happen. It is a very high profile list but if an organised group they have likely had clients in mind prior to the hit.

All I can say is Sony better have been hit GOOD if this was lacking on their part they are screwed for at least a while.


What this means for the console market is yet to be seen but with Nintendo looking at a 2012 date for the next gen. Sony looking to be crippled in trust if not also finances and Microsoft unlikely to pull a competing console out till 2013 or later. I can say one thing interesting turn of events. Though games wise the 1st party own dev's might be looking to ditch Sony and there exclusivity rights after this train wreak or go down with the ship for a while at best.

Yeah ummm I hate to say this but it's 77 million accounts that have been compromised globally

 

[FireFoxGamer]

I don't understand why some people say they have a Xbox for this reason.
This also could've happened to Microsoft.
It's not like because you pay for Xbox live it has a better security.

 

[Mxrz]

This happened because of custom firmware, and just who made custom firmware possible? Yeah, keep trying to pin it on someone else. Go on, it is working so well.

Secondly, this isn't "Horrible news!" for every PSN user. No one I know uses a credit card for PSN purchases (or live) while PSN/XBL cards can be bought at a discount. So even if credit card info was obtained, it isn't going to hit the majority people who likely either never buy stuff or use the cards.

Lastly, fuck the hacker idiots and their defense force.

 

[Fledge]

Thanks Geohot you massive prick.

 

[Ian Caronia]

*SNIP*
At this point, the situation appears to have shifted from a dispassionately amusing debacle to an absolute balls-out train wreck, certainly not helped by the fact that Sony may have sat on this information for nearly a full week before letting the public know just how badly it was compromised.
*SNIP*

Train wreck indeed, mate! I just found this article on Sankaku Complex (website not entirely safe for work):

http://www.sankakucomplex.com/2011/04/27/sony-leaks-75000000-accounts-worst-in-history/

Hope it helps with your article!

 

[9Darksoul6]

"Anonymous style"... lol.

 

[loogie]

is it even possible for a worldwide company to be have 100% security? Especially in the digital world...

Yes, with great difficulty and expense

are you kidding me? you actually think its possible? people are easily getting away with pretending to be others in real life... how do you think anonamous person A can securely connect to a anonamous place B remotely with 100% security? your dreaming man.

Forget 100% security, Sony's own admittances indicate they aren't even following the basics.

The whole notion that password details have been taken defies belief. There's a reason that most internet sites can't tell you what your own password is and can only reset it - it's because the server itself doesn't actually store it at all. Your chosen password is hashed when it's first transmitted, and only this checksum is stored. When you enter your login, the password is hashed again and compared to what is on the system - if we have a match, you are granted access.

In short, there is no actual need whatsoever for your password to be stored server-side at all. Sony's statement suggests that it was actually storing sensitive information in plain text format, which defies belief. The only other explanation is that hackers only got access to the hashes and may have compromised a small minority of passwords by brute-forcing this data using something like a dictionary look-up. However, from the tone of Sony's apology this does not appear to be the case.

I surprised more isn't being made of this. The implication that Sony was using plain-text storage instead of cryptographic hashing is just mind-boggling.

It is easy to see some escapist writers bias towards Anonymous. They just love 'em, and won't stop reporting their actions, until suddenly, their actions lead to one of the greater upsets of this generation. I notice anonymous isn't even mentioned in this article... funny that.

I'm grateful you aren't writing the news reports then. I prefer something other than complete speculation stated as fact, personally.

BAHAHA I states something earlier like "what do you think they are using plain text or something!? well put my foot in my mouth there.. hahah

and yes.. please do try to learn a little before you place the blame jebussaves88...

hackers target those who believe themselves untouchable.. more often then not they take advantage of people who like to pretend they are untouchable, just to see them put down a few pegs... if you think sony isn't to blame here, you might as well just go put all your personal info up on the web in plain text on a public site, because that's pretty much what sony just did for you.

this is just all out hilarious... and I am one of the victims... so don't try to say it's cause my info isn't at stake. I'd like to see Sony burn for this, and I'll be toasting marshmellows the whole time.

 

[TokenRupee]

And this is why I'm glad I use about five or more passwords randomly for any and every site.