Sony Admits Private PSN Info Has Been Stolen - All Of It

[Tony2077]

I mostly paid for stuff on PSN through those cards you can buy in shops, but have made a couple of transactions with my debit card. So yeah, I'll have to check that out definitely. I usually check my bank details a couple of times a day though and after reading this article and checking my bank details again, everything seems to be fine at the moment and no suspicious transactions have taken place. Not that there is usually much money in there but that is besides the point, of course I'll take necessary procedures like changing passwords etc.

Are debit cards in risk too, that's what i wanna know.

Debit cards are linked to some file in your bank account, most likely checking. (Like mine is.) They can be denied though if funds are lacking. What you can do is transfer all the funds from your checking into savings or some other account you may have. But I would tell your bank to keep an eye out for suspicious charges to your debit card.

Yes, definitely do this. I'm planning to visit my bank soon anyway so I'll bring the situation up then.

The one thing that has always baffled me about hackers is the reason why they do it. It sounds stupid I know, yes some hackers play the game just for this kind of reason, to screw innocent people over and potentially create a horrible situation for them. Surely they have something better to do with their lives rather than try and ruin everyone else's. Then again looking at the current situation, maybe not.

as far as i know without the pin number your debit card is ok. not sure about the debit chip cards

 

[Marlun_42]

Look, both parties (hackers and Sony) are to blame for this debacle. Hackers because they exploited a loophole in the system (regardless of who, if anyone gave them the key *cough Geohotz cough*) and stole information that did not belong to them. Sony because they apparently designed the system so poorly as to allow this sort of thing happening. Even worse, they continued to have the loophole for a long time after Geohotz posted the code everywhere. No competent IT manager should leave a publicized security flaw open for that long. They should have been working of a fix from day 1. At least patch the system to try and prevent this sort of thing; then they might have been able to deploy a new infrastructure and have the PSN down for maybe a day while all the bugs got sorted out.

 

[Romidude]

This is why I hate people: WORSHIP THE HACKERS. WHOOOO!

What, they did the fucking obvious, and stole my information? FUCK HACKERS ADOGHADGHIGHUGUHDGS.

Seriously, people.

 

[newdarkcloud]

I'm suddenly extremely relieved that I deleted my credit card info from PSN months ago.

 

[faefrost]

Online criminals who wouldn't have been able to do this without the help of Geohotz. And "hackers" those hackers are the criminals. They are one and the same. Period.

haha, seriously? Just because the verb describing what Geohot has done is the same used to describe infomation theft now he's responsible for this?

he distributed private commercial network security information for the purpose of circumventing the owner and operators security policies procedures and controls. what we see here today was a clearly foreseeable outcome of his reckless actions. even if he did not steal any data or penetrate the secure networks himself, if so much as one perpetrator of this activity indicates that "yeah they got the security keys used as part of Geohotz's little broadcast", then good ole GH has himself a rather large problem. Much larger than the lawsuit he settled with SONY. And his settlement agreement with SONY will not protect him when state and federal attorney generals get involved looking for someone to nail.

 

[Stabby Joe]

Well, I haven't used my card on PSN, probably because of this sort of thing. So I suppose that's a plus. As for the rest... *sigh* Looks like I'll have to change my password now.

 

[Owyn_Merrilin]

Ha, way

Good ol' hackers. Fighting for your consumer rights against the evil corporation that takes away your rights...

Oh wait they have been douchebags the whole time in this case. Nevermind. Fuck you Geohotz for probably causing all this by releasing that code. If not then you certainly encouraged it.

You mind explaining how a hack to run homebrew code on your PS3 enabled the entire security of the PSN to be compromised? Sony's horrendous security is at fault here, not hackers playing homebrew code.

The PSN was obviously prepared for stuff like this to happen before hence no massive issues like this yet.

It wasn't prepared to deal with hackers potentially having the end all be all code that jailbreaks the PS3.

PS3 owners deserve to treat their system like their PC without getting dragged into court

No, they don't get to. Deal with it.

Because a few bad apples spoils the bunch. A sad truth but look what happened here. Blame the people who would exploit it if Sony opened the doors to everyone, not Sony for trying to protect everyone's security.

You do realize that the entire reason people are blaming Sony is that, assuming the code Geohot published really did cause this, Sony effectively had no network security, right? It shouldn't even have been possible for people using modded PS3s to do this at all. Note that people using PCs as PCs have yet to get the entire set of Steam's user information, nor have jailbroken iphones been used to take down the App store.

It wasn't possible to do this until the code was released. And obviously looks like hackers beat Sony to the punch to try and fix what their whole network had been succeeding at for years.

I don't blame Sony for not having a solution to a problem that shouldn't have happened.

Maybe the next solution will be only one designated IP address will be allowed to access a PSN account without going through a long process to change it. That the kind of freedom you wanted Geohotz? eh?

Absolute basic rule of security when it comes to walled gardens like the PSN: Eventually, one of your single use devices will be jailbroken and made capable of running unsigned code. Design your system in a way that does not instantly destroy it when this happens. Yes, when, not if. Like I said, jailbroken iPhones haven't caused this sort of trouble, nor have PCs, which are jailbroken right out the gate, caused one on this scale. I've been saying since the whole thing started that the console developers were going to have to implement standard PC things like anti-cheat next gen, because as this mess has demonstrated, it's necessary in an age when consoles are just PCs waiting for someone to figure out how to run unsigned code.

 

[RA92]

It's funny how Sony fanboys are still defending Sony even though they have been potentially fucked over by not getting this info at least a week earlier when it was available to Sony.

And God help you if you think Geohotz's firmware hacking has anything to do with Sony's network hacking. Even if - if - by some outlandish circumstances this is all Geohotz's fault, the fact that one compromise on the client side can take down an entire network only goes further to show Sony's utter incompetence.

And seriously people, there's a difference between 'hacking' and 'DDOS'ing', so stop blaming Anon without any evidence.

Way to generalize, buddy. I own a 360, not a PS3. When I purchase non-exclusive games, I would buy the 360 version anyway. I happen to own a PSP though and rarely use PSN for PSOne classics and Dissidia 012 DLC.

Yet, I still despise the bastard hacker/s and understand completely how much Sony would be scrambling and toiling away at finding the cause/s. They're human beings. They can't just instantly KNOW what happens to anything. If your PC gets maliciously attacked, you're finding the cause and solution for a loooooooooooooooooooong-ass time. Sony has over SEVEN MILLION (or there abouts, maybe more?) accounts to manage. It's going to take time to find out the cause and solution. They want their facts straight BEFORE reporting anything drastic.

I did not refer to the entire Sony customer base as 'fanboys' - only the ones who are defending Sony regardless of Sony's actions. Hell, they didn't even notify the banks about the breach, which, once again, put the customer base at risk. While I feel sorry for Sony's state right now (there has been a drastic drop in Sony's share prices), people should blame Sony for it's lack of action (customers and banks should've been notified way earlier since they've known about the breach since the 20th), instead of irrationally blaming GeoHotz and Anon.

Saying all that, I share your feelings about malicious hackers. But the fact is, they are always at large, and you should be prepared for them. Especially if you're running a multi-billion dollar industry.

 

[Pyrokinesis]

Guess they want their facts straight before pulling the plug too right? Compromise just isnt as colorful unless they have their facts straight. Or maybe they didnt know right? I mean who keeps an eye on all that important personal data... ha.. its only important data that could be used for malicious purposes on our customers, why keep an extra eye on it?

Again, you're assuming that it's as simple as pulling a plug. Hackers CAN get into systems undetected. They've uncovered government documents, have they not? Classified documents that are made certain are secure? Hackers can bypass whatever they want to bypass, if they really put the effort into it. Your assumptions are laughable.

Soooo what your telling me is Im right because sony failed to keep an eye on the important parts of the server and their server was so easy to bypass that they did it undetected? Maybe you forgot to read the later part of the post? Last I checked you were telling me that it was an assumption that it was easy to hack their server. So is it an assumption that they did it undetected? I guess you like assuming too huh?

 

[JackRyan64]

Wow, thank god I haven't bought anything on PSN. I hope the fucker who did this gets locked away for a looooooooooooooooooooooooooooooong time.

 

[Zizak]

I need to ignore Twitter right now... there are tons of people (and site feeds) spewing ignorance galore...

I work at a company that deals with data security... we wish everyone that lost a laptop or left data unencrypted had used our product(s) first. The fact is, NOBODY is impervious to being hacked. It happens all the time to tons of companies. It happens at a much larger scale than the 75M PSN users.

By data breach standards, what Sony has done here is the absolute text book implementation of what to do correctly. They didn't put protocol aside to keep selling PSN content. They didn't put protocol aside to let gamers keep gaming, potentially muddying up the systems being scoured for clues. They didn't try to hide that this happened. They didn't try to analyze it themselves but instead brought in experts.

The people and sites that are faulting Sony on how they've handled this so far as simply, and I mean no disrespect by the use of the very most accurate word I can think of... "ignorant" as to what they're talking about.

If you think Sony should've battened down the hatched and never gotten hacked... talk to the HUNDREDS of other companies/brands/organizations out there that have endured the exact same fate. If you think Sony shouldn't have been storing credit card information (at all or in a certain way) you should know that all there are not are recommendations or guidelines, there are no LAWS yet that force companies to certain degrees of protection and even if they were adequately protected, depending on the extent and nature of the hack, having them protected to PCI DSS guidelines STILL might not prevent people from getting to our credit card information...

That said, Sony said there was no evidence that our credit cards were compromised. They recommended (and to be honest, this was worded well) that "While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained." How can they be faulted for that? Would you rather them lie and say "you're safe" or "they were compromised"?

This was a text book reaction to a large scale data breach and unlike MOST companies where we'd simply get an unexpected letter in the mail, we were somewhat kept in the look but the raised awareness than PSN being down leading them to say something. You don't spill details during an investigation and these things take time. Hell, try checking out your computer after you've had a trojan installed and activated... now amplify that work by about a bajillion. Going through that stuff takes time.

http://wikibon.org/blog/the-11-largest-data-breaches-in-recent-history/
http://www.databreaches.net/?p=17374
http://www.joystiq.com/2011/04/04/xbox-live-hacker-all-accounts-are-open-to-attacks/
http://insightxbox.com/?p=1079

We have discovered that between April 17 and April 19, 2011

PlayStationEU PlayStation Blog EU
Please read this important information regarding the current PSN outage: http://bit.ly/e2wMUN
3 hours ago

-

unforeseeable
-adj
not able to be foreseen or known beforehand

From my understanding of certain peoples comments, Sony has been withholding this information for a week? a week? For what? An attempt to make it go away simply by ignoring it? Sweep it all under the rug an such, I suppose? 75 million user credentials don't go 'missing' easily, not through a console crack. I doubt many, if any will fall under the category of "unlucky souls" to be the victim of this 'hacker', I mean come on 75 million users? I'd love to see this guys server room.

 

[FrancoDHorse]

This is why I go with prepaid cards. It's such a hassle dealing with giving out credit card information to a company.

 

[Stabby Joe]

Wait a second. How am I supposed to change my details when PSN is out on the console and website?

 

[Gitty101]

Oh sweet Jesus! Well, this is what I build the shelter for ^^

But in all seriousness, this is bullcrap. Hope they're happy, whoever's doing this, cause if I find them I'm gonna go Akuma on their assess!

 

[Kadoodle]

Good going, Sony.

Your system is about as stable and secure as... something instable and insecure.

It was secure and stable until Hotz decided to stick his dick into the mechanism. Fucker makes me mad.

 

[Owlslayer]

Holy balls.
This is just terrible. Everything got taken.
Holy balls indeed.
I don't really know what to say. I just hope that the harm done by the hacker(s) won't be too massive, and no-one will suffer greatly from this ( i mean, the PSN users. The hackers, on the other hand...)
But Jesus, keeping it under the lid for a whole week? That gave them time to try some of that info out..

 

[Frostbite3789]

And I really hope the person that did this, knows this only hurts the game playing population.

Whether it be sensationalist news stories that make it sound like this is an everyday occurance where your information is stolen if you play online games.

Or game companies locking down their games/consoles even harder.

It just helps nobody.

And to those saying this had nothing to do with GeoHotz, it might not have had anything to do with him jailbreaking it, but I can almost guarantee it had something to do with that situation. Clearly they have the ability to do it, and just needed the motivation. Boy, they sure showed Sony, eh?

While forcefully giving it to every future gamer in the bum, because we're all screwed now.

 

[Yokai]

Cripes. I would say I'm happy I'm a PC gamer, but if PSN got steamrolled this badly, who's to say the same thing couldn't happen to Steam?