Sony Admits Private PSN Info Has Been Stolen - All Of It

[baconfist]

I get so tired with the extreme polar-opposite mentality when anything negative happens under anyones jurisdiction by a group that is loosely affliated with a similar group. It happens all the time in politics, governments can't get anything done because people keep shifting who is in power and plans never get seen through to the conclusion and end up being a waste of money, whereupon the new government is blamed.

This is not geohotz fault, it is not homebrewers faults, this does not prove all hackers are criminals who support identity theft. That view is an extreme reaction that labels a minority for simplicity because you'd rather not understand the problem, just have a very loud opinion.

Anyway, this is irritating, quite a large failure for Sony. Whether this is indicative of weak security protocols or talented internet criminals, I don't know. Luckily, like I said previously, there isn't much information on there I haven't freely provided multiple times. Saying this, I may want to just check some of my other accounts; I use some similar passwords for things, I only have a bank of about 12 with slight differentiation for each making a total of about 48 / 60 passwords.

Well said. Also no one yet knows who is responsible and I doubt we will ever know the truth. For all we know sony did this to swing support against people like Geohot or maybe a government did to gain anti hacker support. It may just be online criminals but sony is really at fault for not securing their user data. It has already been pointed out but you don't see this happening to online services like steam, or your banks online services.

 

[Michelle Sibthorpe]

I am livid that this has happened I have already been a victim to identity theft this week and now this I am furious that Sony didn't inform us sooner two words for Sony: incompetent bastards

 

[WaysideMaze]

The card linked to my PSN account was swallowed by a cash machine a couple of weeks ago. I was furious at the time.
I am so pleased at the timing of this. From a selfish standpoint anyway.

 

[blindthrall]

Why anyone would put their real information on these things is beyond me. XBL will forever know me as Bob Kanockers.

 

[fundayz]

I hate Geohot for starting all of this.

/facepalm

Geohot's work has nothing to do with Sony's network.

 

[Rewdalf]

This is why I laugh when people tell me it's a waste of money to use Xbox live.
You've got your free PSN network, but now you've had your credit card information stolen...
Hah to YOU.

 

[winter2]

I am wondering about something.. I played DC Universe Online for about 1 month on the PC. Does that mean that I should consider whatever information I put in there as compromised?

If so, thank God I only use a prepaid card for online junk!

 

[Anchupom]

OH NO! THE HACKERS HAVE MY OUTDATED EMAIL ADDRESS AND NOW KNOW WHAT GAMES I'VE PLAYED! HOW WILL I COPE?!

So glad I didn't cave and download Castle Crashers a couple of weeks ago... I would have been piiiisssssed.

 

[VanityGirl]

Can I say PC FTW now?

Sorry to all people who lost their information it must suck.

Yes, because no PC has ever been hacked and absolutely no one has ever had their identity stolen on their PC... Oh wait.. I'm being extremely sarcastic by the way.

OT: I think if you want to point fingers, you should point them at both Sony and the hackers. On one part, this is the Hackers fault for hacking into the system. We don't know who has done it or what their motifs are, but clearly something foul is afoot.
On the other hand, as an irritated Sony customer, I think Sony is also to blame. I mean, how soon our personal information leak out? 3-4 Days ago? How about telling us as soon as it happens so we can take precautions to prevent identity theft or from having our accounts taken from us! Also, Sony, it's you, a massive corporations of presumably brilliant minds, against guys who live in their mom's basement. Either your security just sucks that much, or you have a "spy" amongst you. I'm serious, how could you NOT fix this within a span of 5 days?


About GeoHotz: If you blame him, then ... huh? He cracked the PS3's security. PSN's security is different and I would like to note that GeoHotz has never hacked or attempted to hack online services for the PS3. Don't blame him. >_>

 

[Raziel_Likes_Souls]

Well, good thing my address was H0H 0H0. Let's see them get my address now.

 

[Wintermute_]

People, seriously, this kind of shit is happening too often now. Big comapnies have to be sent a message that they MUST ABSOLUTELY GUARANTEE the privacy of any and all personal info that they store, OR THEY SHOULDN'T BE ALLOWED TO HAVE IT.

How much longer are you just going to let the companies away with this kind of thing, time and time again? They just mutter 'sorry' and walk away.... It's about time they were sued in to oblivion.

*raises hand* um... what other times are you talking about?

I can't readily remember a slew of instances where this has happened. Yes, this is a big deal, but so long as they rectify it and no one comes forward with PROOF that someone has committed credit card fraud using information taken from sony, then you can't really expect sony to be "sued into oblivion".

Be worried people, but do not rage

 

[IamGamer41]

I'm pretty sure some where in Sony's EULA there is a clause that states that if your info ever gets stolen and someone steals your identity that you can not sue Sony.

 

[dalek sec]

Hacker: Douchebag Thief
Company: Souless Money Grabber

Peronsally i don't vouch for either side, Sony fucked up big time here and put people's financial assests on the line here. Conversely the pirates and hackers are treacherous douchebags who endanger gaming simply because things don't go their entitled way.

At the end of the day i think we can safely say there are no victories here, only varying degrees of failure.

This is pretty much how I feel about the whole damn mess. There's no true hero or villian, just two sides who share blame. Sony for not letting people know about this sooner and hackers for stealing people's information.

I can see why people are pissed at Sony but trust me, the hackers aren't innocent here people.

 

[Longsight]

Aaaaand it's time for some more clarification.

-- 1) While there has been no outright confirmation that passwords were indeed stored in plaintext, the emails from Sony very specifically said passwords had been stolen en masse, and insisted users change them at the earliest convenience. If you securely hash your passwords, they cannot be stolen. It's not one of those "all it takes is one supremely talented hacker" situations - when you hash something, you're not just encrypting it; you're destroying it in such a way that the reverse encryption is entirely impossible, even if you know exactly how you did it. The hashing algorithm is designed to dump huge lumps of data, generate other lumps and produce a string of the same length regardless of the password's original length. Hashed passwords simply cannot be usefully stolen - and all you get if you try is a load of useless gibberish that can't be employed for any purpose in the real world. The very fact that Sony is insisting that passwords were in fact stolen implicitly guarantees the use of plaintext storage, which is such an elementary failure on their part that there is no way to excuse the matter. I hash my passwords, Amazon hash their passwords, you can bet your bottom dollar that the Escapist hash their passwords - but Sony didn't. There is no defence.

-- 2) People get hacked all the time, but there's hacking and there's hacking. If you believe that this could have happened to anyone, consider how often we hear about the personal details of 75m users being stolen in similar attacks. What's that? We don't? That's right, we don't, because you can do a lot more than Sony did to protect the data that was lost. You can do a lot more than Sony did to set up systems to alert you to intrusions. We're being told that it took them an entire week to know what had happened - if sufficient monitoring systems were in place, it would have taken them three hours. I'm not kidding about the timescales here - Sony simply refused to acknowledge the threat that every internet-based service is required to be fully aware of, and as such they didn't have the first clue what to do when the worst happened.

Yes, anyone can get hacked, and compromises on smaller scales do happen, but there are so many things you can do to limit the damage that can be done. The idea that it doesn't matter what you do because the hackers are always going to be better than you is a fallacy - for every brilliant black-hat hacker, there's an equally brilliant white-hat one who spends his life looking for the same security holes and then telling people how to secure them. Entire companies exist just to audit and reinforce cyber security systems, and any responsible online organisation makes use of them on a regular basis, because these companies are just as good at getting in as the bad guys are, and, if used correctly, are generally able to limit the risk to nothing more than harmless intrusion or brief service downtime. The compromises we hear about are invariably in the systems that failed to make a real security effort, but every day there are many more attempts that never get anywhere because proper precautions have been taken. Sony, by their own admission, did not make any use of external auditors before the event - it's a symptom of the fragmented and distinctly paranoid Sony mentality, and they've paid the price for it. If you employ the best in the business to secure your systems, the risk remains minimal. If you don't do anything to secure your systems, you deserve to fail to the first person that probes your network.

 

[cannonfodder666]

Thank christ the card i used to buy DLC has expired and been destroyed!

 

[TrippingBowser]

I'm so glad I never added my credit card to my psn account.

 

[Judgement101]

So he has my fake name? Oh no! They have Jim Shorts' name! In all seriousness, why did people have credit card info?

 

[SuperNova221]

Whoah boy... Am I glad that I never did put cred info in PSN and all the personal info is FAKE.

HAHAHAHAHAHAHAHAHAHAHAAAAaaaaahhhh....

Oh sweet mother of tentacle porn. I cannot describe the satisfactory feeling of being untrusting prick paying off. Like a blowjob from a anime character would propably be closest to truth.

I did the exact same. I feel the same delight as you do.

That said, what has happened, pretty bad.

 

[skywalkerlion]

Yep, this is the "cost" of your free PSN, kiddies.

[sub]I'm not sure if I'm serious or not[/sub]

 

[Rhiehn]

I'd blame the hackers(who actually stole the information) first, then Sony for being apparently less secure than Apple, since iDevices have been jailbroken for years, but iTunes remains secure, and GeoHotz last for possibly opening a security hole(admittedly, the only evidence that indicates this is that it happened in the months after it was jailbroken, its totally possible that the hackers didn't even use anything GeoHotz released) I really hate that everyone is lumping all of the "it's your device, you should be able to run what you want on it" hackers with the "gonna steal a bunch of credit cards kthxbai" hackers.