Sony Claims It Told Users of PSN Info Breach Immediately

[Jumplion]

So is this just the PS3, or does it affect PSP as well? These are things we need to know.

it will only affect them if you have and use a PSN account on them

(so it's probably going to get yet 20+ page thread war)

its already begun..

Didn't spread as far or as quickly as I thought it would, so that's something to be happy over

 

[naam]

I read about the 'intruders' possibly having acces to personal data before I saw anything Sony said themselves. Not really buying it.

 

[Kingsnake661]

Lets see... I have 3 credit cards. (visa, MC, Discover.) I've already, as of this morning reported the MC, and Discover as "compermised", reviewed my statements, and locked them down. New cards issued. I'll be doing the same when i get home for my Visa, it's a gold card, i rarely use it, and keep it at home, so it's not on me here at work. (I'm pretty sure i only used the MC for the psn, but i can't rememeber, so, better safe then sorry.)

NOW i just have to remember to update all my reacurring charges to the new cards when i get them... the gym...city of heros, my creditidenity service...blah. I also have a credit/idenitiy service, (assuming i remember to update my payment info...LOL) so, I think i've weathered this storm... what a pain in the butt...

Oh, i'll need to change my PSN pasword and user name... whenever it gets up and running.

What a PITA.......

 

[Sixties Spidey]

Are you telling me that you sat on the information of 70 million users while the PSN was down for seven days and you're telling us NOW that they're in jeopardy?! AND you have the balls to tell us that you told us immediately?! I don't buy that, Sony. If you even cared about this issue in the slightest, then you'd have made damn sure that our identities and information aren't in the hands of hackers.

It would not be immediately obvious what an infiltrator stole.

It's not like stealing jewels from a bank vault where it's totally obvious they are gone, The original files are copied and remain there. Most file operating systems do not record how many times or when or where a file is copied, it may indicate where a file has been copied FROM but not if the original file had a copy mad from it.

It would take a while just to figure out WHERE they had accessed and WHAT data had moved, a very VERY tricky task that basically relies on tricks and traces in the code, deducting movements within the system.

So its entirely likely they did not know the breach was this bad until now.

Please, brush up on computer literacy before making accusations of deception.

It would be irresponsible to say personal data HAD been compromised unless they actually determined that, and determining that takes time.

I understand that identity theft isn't a completely obvious thing, but considering how long PSN has been down for and when Sony said that it was an external intrusion, the hackers could've done anything with the info that they obtained. The least Sony could've done was said "Change your passwords and look over your credit reports in case anything happened." before they found out that information was stolen. That being said, I'm happy I use unique passwords and that I use pre-paid PSN cards...

 

[Irriduccibilli]

Yep, I havent recieved any mail from Sony yet. First they are the reason my credit card info might have been stolen and now they are lying about informing me about it. Seriously, i'm beginning to dislike Sony now

 

[Saltyk]

Now, why would you think Sony would be giving out all the information that they have about this perpetrator(s)? As I've already stated, they are likely working with authorities to catch this attacker. Whatever information they might have uncovered is probably being withheld until they manage to catch this crook. If they managed to trace the ISP or anything concrete, they probably don't want to alert the crook(s) to it. I'm giving Sony the benefit of the doubt. As I've stated before, Sony is a victim here, too. And, assuming they are working with legal authorities, they are probably being told what they can and can not say.

To be honest, this whole thing has made me disgusted with gamers. All the stupid fan boys, the trolls, and the blind anger at a company for "not doing enough" is ridiculous. And I'm also angry at the Escapist writers for the way they wrote this up. At first, I too had thought that Sony knew of the information that might have been stolen for over a week. It was only after I actually read the article that I realized that wasn't necessarily the case.

Hell, it was only after I went to half a dozen other sites to confirm that the blatant lies here at the Escapist were just that (it normally isn't my first instinct to think a "news" article is literally a falsification, so I guess I gave Any Chalk here too much benefit of the doubt) that I really got on the soapbox here.

As to why I think Sony should give information about the perpetrators... uh, I don't? I said if they have evidence that credit card information was stolen they have an obligation to present that to their customers immediately, and not in vague terms such as "we believe there might be an intrusion". If they don't have evidence of such a thing... what's this all about, again?

Well, someone earlier posted that it would be very difficult to find any evidence that anything was "taken". It's not like someone stole the Mona Lisa. It's likely difficult, if not outright impossible, to prove that anything was taken. At least, early on. There is probably very good evidence that someone took the information, but nothing you can look at and say, "Hey, this is missing!" Obviously, Sony doesn't want to panic their customers, but nor can they afford to let them think this is routine maintenance if their personal information, money, and credit are at risk. This is a delicate balancing act.

 

[PettingZOOPONY]

Would care but why in the world would you actually have your real CC info instead of a pre paid card? Go get Pre Paid cards and get your fucking real CC info off of any account on the internet.

 

[Shadowtek]

What is it with these companies and there full and complete willingness to rape/allow to be raped attitudes towards their customers?

 

[PettingZOOPONY]

What is it with these companies and there full and complete willingness to rape/allow to be raped attitudes towards their customers?

As consumers we really have not rights especially with SONY, this has been the normal behavior from SONY since they created the company.

 

[Jumplion]

We learned there was an intrusion April 19th and subsequently shut the services down,"

What? Sorry I thought you said "Anonymous" shut down your servers? Oh thats right, you merely led us to believe that through select wording. Sony, you're garbage. With all this BS you keep spewing out, I almost feel like I should be compinsated in some way... And I don't even have my payment info on PSN!

They had never once stated it was Anonymous or any other specific group/hacktivists or whatever, the media picked up on that. All they have ever said so far is "anal external intrusion" from an outside force or whatever.

 

[PettingZOOPONY]

I was actually notified by my pre paid card provider Greendot yesterday and SONY today.

 

[MightyMole]

We learned there was an intrusion April 19th and subsequently shut the services down,"

What? Sorry I thought you said "Anonymous" shut down your servers? Oh thats right, you merely led us to believe that through select wording. Sony, you're garbage. With all this BS you keep spewing out, I almost feel like I should be compinsated in some way... And I don't even have my payment info on PSN!

They had never once stated it was Anonymous or any other specific group/hacktivists or whatever, the media picked up on that. All they have ever said so far is "anal external intrusion" from an outside force or whatever.

Yeah, I already went over this and apologized for saying anonymous in a previous post following this one.

 

[Treblaine]

But one thing I wouldn't expect is for them to get any large amount of data. That should be segmented, encrypted and obscured so that any novice who gets into the network would take a long time finding the data, a long time extracting it and even longer trying to decrypt it. Long enough for them to be discovered then traced or cut-off.

Well if chat logs are genuine, it would mean that they didn't even bother encrypting credit card info. Also I think this is worth reading as a potential explanation of why- http://www.megagames.com/news/our-experts-explain-likely-reason-psn-outage

"Based on the info released so far, our experts believe that the PSN security was designed with the assumption that the PlayStation 3 is unhackable"

"... assumed the Playstation 3 is unhackable"

"...assumed unhackable..."

[HEADING=1]"UNHACKABLE"[/HEADING]

"WHYYYYY!"

Sony needs to take a lesson from the Cylons when it comes to network security as in never assume it will be secure. Jesus, how could sony possibly assume the PS3 remain unhackable when there are TENS OF MILLIONS of the units out in the open with people tinkering with them. And good reason to try hacking them as each PS3 contains awesome processing power that many people would like to use for things other than just licensed games.

I am officially changing my stance on this, Sony has royally fucked up here and IMO largely culpable. They fucked up for reasons they should have learned from: their flawed ideology of assuming control of products they don't even physically possess like items they have sold. I thought these hackers must have been pros hired by some very powerful agency but it's pretty clear this is wide open.

Microsoft is benefiting from experience here (this is me speaking not with expertise, but hindsight). They have a much longer history with networked systems and systems where the end device is unreliable i.e. a Personal Computer. So their network security comes from internal. Of course they always liked the business idea of a more locked-down end device like Xbox but they are not affected by the millions of modded 360s on the market.

 

[Saltyk]

Now, why would you think Sony would be giving out all the information that they have about this perpetrator(s)? As I've already stated, they are likely working with authorities to catch this attacker. Whatever information they might have uncovered is probably being withheld until they manage to catch this crook. If they managed to trace the ISP or anything concrete, they probably don't want to alert the crook(s) to it. I'm giving Sony the benefit of the doubt. As I've stated before, Sony is a victim here, too. And, assuming they are working with legal authorities, they are probably being told what they can and can not say.

To be honest, this whole thing has made me disgusted with gamers. All the stupid fan boys, the trolls, and the blind anger at a company for "not doing enough" is ridiculous. And I'm also angry at the Escapist writers for the way they wrote this up. At first, I too had thought that Sony knew of the information that might have been stolen for over a week. It was only after I actually read the article that I realized that wasn't necessarily the case.

Hell, it was only after I went to half a dozen other sites to confirm that the blatant lies here at the Escapist were just that (it normally isn't my first instinct to think a "news" article is literally a falsification, so I guess I gave Any Chalk here too much benefit of the doubt) that I really got on the soapbox here.

As to why I think Sony should give information about the perpetrators... uh, I don't? I said if they have evidence that credit card information was stolen they have an obligation to present that to their customers immediately, and not in vague terms such as "we believe there might be an intrusion". If they don't have evidence of such a thing... what's this all about, again?

Well, someone earlier posted that it would be very difficult to find any evidence that anything was "taken". It's not like someone stole the Mona Lisa. It's likely difficult, if not outright impossible, to prove that anything was taken. At least, early on. There is probably very good evidence that someone took the information, but nothing you can look at and say, "Hey, this is missing!" Obviously, Sony doesn't want to panic their customers, but nor can they afford to let them think this is routine maintenance if their personal information, money, and credit are at risk. This is a delicate balancing act.

that does not relieve them of the responsibility of protecting their customers.

If they had even the slightest hint that whoever did this was able to get a hold of customer information, then they should of immediately went to worst case scenario and told their customers, that instant, that their info might of been compromised, not wait six days after the fact and finally say that customer info was compromised.


But you want to know two scary things about all of this?

Rebug, the CFW that caused this mess, allowed consoles to become developer ones... so if it was apparently this easy to get customer info with a developer PS3, imagine how long people were able to view the information before now.

And, April 7th is approximately when Rebug was used to start getting free games, so it was roughly 20 days worth of time that whoever did it was able to look at the info uninterrupted, an additional six days before $ony announced that customer info was stolen.

I wasn't trying to absolve Sony of their responsibility. Merely trying to inject some sanity into this discussion. Keep in mind that we know nothing of what has happened. This is mostly speculation. Perhaps Sony didn't realize the extent of this until 6 days had passed. They may have originally only thought that this was a case of someone abusing the system to get free games. And only realized when they started investigating that there was an information loss. For all we know, they DID tell us as soon as they knew. Isn't that scary?

I'm not saying you are not 100% correct. But that's just one possibility. And the truth is probably somewhere in the middle.

 

[Jumplion]

We learned there was an intrusion April 19th and subsequently shut the services down,"

What? Sorry I thought you said "Anonymous" shut down your servers? Oh thats right, you merely led us to believe that through select wording. Sony, you're garbage. With all this BS you keep spewing out, I almost feel like I should be compinsated in some way... And I don't even have my payment info on PSN!

They had never once stated it was Anonymous or any other specific group/hacktivists or whatever, the media picked up on that. All they have ever said so far is "anal external intrusion" from an outside force or whatever.

Yeah, I already went over this and apologized for saying anonymous in a previous post following this one.

My mistake, didn't read far enough.

 

[cynicalsaint1]

I'm sorry - but this just doesn't fly with me. They didn't say word one about an "external intrusion" until April 23rd. They said they learned about it on the 19th - which is exactly when they should have said something about it. Instead they've been being tight lipped and evasive about things the whole time.

They needed to be openly communicating with customers from day one about what had happened and what they knew. Instead they decided to hide the truth for several days, which really doesn't instill much faith that what they're saying now, after the fact is anything but utter BS.

 

[wooty]

It is a major screw up I fully admit, but (and I know I'll definately recieve an awful lot of abuse and "lololololo fanboi!!!" from people here), the blame cant really all be placed at Sonys door can it?

Its fairly half and half, Sony for not having the nowse to keep the security tight and up to date, and the intruder(s) for being so selfish as to go about with this "hack".

I'm only thinking of rationailty here. I mean, if your house gets burgled or your car gets broken into, you dont go about screaming at the locksmith or Volkswagon do you?