Sony Claims It Told Users of PSN Info Breach Immediately

[mysecondlife]

I didn't get an email so, maybe I didn't put email account in my PSaccount? I forget since I CANNOT access my account.

and wow, once this is all over... PSN is back to not making money again.

 

[MattAn24]

I'm sorry what? I'm a PSN user and I wasn't informed. At all. In any way shape or form. Not even warned about the possibility. I mean....I'd have loved to have been told. I mean...An email would have been nice. So I call LIES! Or at least not the full truth.

Learn to read the blog (both EU AND US blogs posted about it several times) AND their Twitter accounts. It was made well aware, and members of those blogs knew about it because they READ IT WHEN IT HAPPENED.

You know some people could care less about developer blogs or Twitter feeds.

OT: You think they would have this kind of thing fixed, but I guess all of Sony's money went into lawyers and couldn't afford to have PSN fixed

Simple. You don't get any sympathy from me~ I was well-informed and knew about this FROM Sony, not The Escapist. If anything, The Escapist posted about it AFTER Sony had posted on their homepage/blog.

That's the outlet you have. If you don't check it for news, your problem. Others knew about it just fine, because they weren't immensely stupid. As others in this thread have stated, they have the blog bookmarked AND regularly check it through various news feeds. Surely you could add their RSS feed like any other news site. You would have known about all this earlier!

Now all the rest of us are just laughing at you ill-informed folk..

1. Parents who don't use the PS3 but who have kids who do.
2. People who only use the PS3 occasionally, the 'casual' gamers.
3. PSP users.

Just because everyone doesn't religiously follow blogs and news feeds does not make everyone "immensely stupid", just as following them apparently doesn't make one a decent person.

That's a massive over-generalization there. Now, are you saying those 3 don't check the blog or they do? Because I am solely a PSP user and I know for a fact that "hardcore" PS3 users frequent the blog, because it's not JUST updates on games/firmware. Your obvious close-minded attitude really doesn't bode well in your favour..

 

[blind_dead_mcjones]

And when something like this happens, you send out a notice to all of your customers, wether they provided credit card information or not. This way you don't waste time going through each user to find the ones that did use their credit cards, and you eliminate the possibility of missing anyone. And I'm sure no-one would be pissed that they received an e-mail that gives the latest updates on the situation, and has that special little "what to do if you used a credit card on our network" section. Worst case is you don't have to read that section.

i'm only going to say this one more time

The. Only. Time. An. E-mail. Is. Sent. By. A. Company. To. A. Customer. In. Regards. To. An. Issue. Or. Situation. With. A. Product. Is. When. The. Product. In. Question. Is. A. Motor. Vehicle.

 

[Atheist.]

Getting taken down doesn't necessarily mean an external force.

Yeah, that's exactly what it means.

I was simply saying that the attacks on them caused Sony to take things down so quickly and easily.

No, you weren't. If you wanted to say that the attacks on them caused Sony to take things down, you would have said "The attacks on them caused Sony to take things down." Instead, you posted "I actually find it amusing they can be taken down for so long, and apparently so easily."

There is a clear difference between the statements "I took down my service" and "Someone took my service down." Well, maybe not to you I guess.

Sorry mate, but getting taken down doesn't always mean an external force. It can mean your boss decided it for you. It could mean your power went out. It could mean a coworker tanked your system.

But thanks for telling me what I meant. It really means a lot.

Alright, I'm done being baited. Thanks for the enlightenment, bud.

Anyways, on topic.

You would think Sony would have at least warned people about the potential of their CC's being stolen originally. Though I suppose they wanted to hold off on compromising their integrity.

 

[JDKJ]

There's no way someone could get away with breaching Sony utterly scott-free. Sony has a lot of money they can throw into finding them. Either they have no foresight, they are some damn cocky bastards, or they are actually that good. My bet is one of the first two... or both.

It may be more difficult than you think -- no matter the available financial resources. If Sony follows the trail and it ends up at some ISP, what are they gonna do? Kick in the door and start rummaging through records? Unless the hacker's sitting down the hallway from the server he hacked (which does happen sometimes), hack jobs don't usually get solved unless law enforcement gets involved -- they have the authority to kick in doors and nosy around file cabinets.

First, do you or did you ever post on Gamepolitics? Does JDKJ stand for Jack Don't Know Jack? If so, I think I remember reading many of your comments during the whole JT Disbarment coverage.

Anyway, I'm pretty sure Sony will take this the the authorities assuming they have not already. This is no minor situation. Its an attempt at Identity Theft on a rather grand scale. I'd actually be surprised to learn that Sony hasn't been working closely with some government investigative authority, like the FBI or even Interpol, from early on. It would also explain some of the lack of information. They wouldn't want to give too much away and complicate the investigation.

To quote George Washington, "Father, I Can Not Tell a Lie; I Cut the Tree." Yes, JDKJ and JackDon'tKnowJack are one and the same. Very observant and smart of you to have figured that one out. Bravo.

Yes, I'm sure that there's all kindas 5-0 on the case already, kicking in doors and turning over file cabinets.

 

[-Samurai-]

And when something like this happens, you send out a notice to all of your customers, wether they provided credit card information or not. This way you don't waste time going through each user to find the ones that did use their credit cards, and you eliminate the possibility of missing anyone. And I'm sure no-one would be pissed that they received an e-mail that gives the latest updates on the situation, and has that special little "what to do if you used a credit card on our network" section. Worst case is you don't have to read that section.

i'm only going to say this one more time

The. Only. Time. An. E-mail. Is. Sent. By. A. Company. To. A. Customer. In. Regards. To. An. Issue. Or. Situation. With. A. Product. Is. When. The. Product. In. Question. Is. A. Motor. Vehicle.

Which is why recalls are sent out for other product, correct? It's also why when 5/3rd Bank had some accounts compromised, they sent out e-mails to every customer that provided them with an e-mail address upon account creation, or through account updates.

Personal experience says you're wrong.

 

[Saltyk]

Anyway, I'm pretty sure Sony will take this the the authorities assuming they have not already. This is no minor situation. Its an attempt at Identity Theft on a rather grand scale.

Is it? How do you know that? Has anyone told you that? If so, who?

Oh, I don't know. I'd go with the fact that someone hacked PSN and apparently stole all the customer information. Possibly even credit/debit card information. The Network was not taken down by an attack, but rather was shut down by Sony itself to protect it's information from further exposure. I'm just reading between the lines here. Maybe it wasn't an attempt at Identity Theft. But the only other alternative is that it was done for... the lulz?

I really doubt anyone would go to so much trouble unless they thought there was some finical gain to be made.

 

[Emergent]

Sorry mate, but getting taken down doesn't always mean an external force. It can mean your boss decided it for you. It could mean your power went out. It could mean a coworker tanked your system.

But thanks for telling me what I meant. It really means a lot.

Alright, I'm done being baited. Thanks for the enlightenment, bud.

Anyways, on topic.

You would think Sony would have at least warned people about the potential of their CC's being stolen originally. Though I suppose they wanted to hold off on compromising their integrity.

I'm not telling you what you meant. I'm quoting what you said.

Anyway, since you've just restated your original point rather than provide evidence to back it up, I'll let my original argument stand as well: No it's not.

If your boss or coworker takes down your service, your boss or coworker took it down, you didn't. That's external. If your power went out, you 'had a power outage' you did not 'have your service taken down by the power.'

You are welcome, though, for the enlightentment, matebudbrofriendpal.

 

[witness51]

I guess paying for your account doesn't seem that bad after all.

 

[blind_dead_mcjones]

Which is why recalls are sent out for other product, correct? It's also why when 5/3rd Bank had some accounts compromised, they sent out e-mails to every customer that provided them with an e-mail address upon account creation, or through account updates.

Personal experience says you're wrong.

because you are actually able to track each individual person down due to their information being registered, but in this instance the registered info is on the network that has been shut down so they can fix it, and there is so much info in this instance that sending out e-mails to each and every person is inefficient and time consuming, taking time away from fixing the problem so they can get the network back on line

therefore they use the public domain instead as you can reach a much broader audience much more quickly, its not a perfect system buts its all they have to work with at the moment

 

[Tony2077]

well it been fun watching this shit storm or what ever it is but I'm out of popcorn and its getting late

 

[Emergent]

Oh, I don't know. I'd go with the fact that someone hacked PSN and apparently stole all the customer information. Possibly even credit/debit card information. The Network was not taken down by an attack, but rather was shut down by Sony itself to protect it's information from further exposure. I'm just reading between the lines here. Maybe it wasn't an attempt at Identity Theft. But the only other alternative is that it was done for... the lulz?

I really doubt anyone would go to so much trouble unless they thought there was some finical gain to be made.

Emphasis mine. When you say "apparently stole all the customer information" what is it that makes you think it is apparent that customer information was stolen?

 

[JDKJ]

Anyway, I'm pretty sure Sony will take this the the authorities assuming they have not already. This is no minor situation. Its an attempt at Identity Theft on a rather grand scale.

Is it? How do you know that? Has anyone told you that? If so, who?

Oh, I don't know. I'd go with the fact that someone hacked PSN and apparently stole all the customer information. Possibly even credit/debit card information. The Network was not taken down by an attack, but rather was shut down by Sony itself to protect it's information from further exposure. I'm just reading between the lines here. Maybe it wasn't an attempt at Identity Theft. But the only other alternative is that it was done for... the lulz?

I really doubt anyone would go to so much trouble unless they thought there was some finical gain to be made.

It may be nothing more than an assumption and speculation, but it ain't exactly far-fetched in my opinion. Beats the Hell outta the "Sony and GeoHot conspired to do it as part of the settlement" argument posted here the other day. That's some far-fetched shit.

 

[Saltyk]

There's no way someone could get away with breaching Sony utterly scott-free. Sony has a lot of money they can throw into finding them. Either they have no foresight, they are some damn cocky bastards, or they are actually that good. My bet is one of the first two... or both.

It may be more difficult than you think -- no matter the available financial resources. If Sony follows the trail and it ends up at some ISP, what are they gonna do? Kick in the door and start rummaging through records? Unless the hacker's sitting down the hallway from the server he hacked (which does happen sometimes), hack jobs don't usually get solved unless law enforcement gets involved -- they have the authority to kick in doors and nosy around file cabinets.

First, do you or did you ever post on Gamepolitics? Does JDKJ stand for Jack Don't Know Jack? If so, I think I remember reading many of your comments during the whole JT Disbarment coverage.

Anyway, I'm pretty sure Sony will take this the the authorities assuming they have not already. This is no minor situation. Its an attempt at Identity Theft on a rather grand scale. I'd actually be surprised to learn that Sony hasn't been working closely with some government investigative authority, like the FBI or even Interpol, from early on. It would also explain some of the lack of information. They wouldn't want to give too much away and complicate the investigation.

To quote George Washington, "Father, I Can Not Tell a Lie; I Cut the Tree." Yes, JDKJ and JackDon'tKnowJack are one and the same. Very observant and smart of you to have figured that one out. Bravo.

Yes, I'm sure that there's all kindas 5-0 on the case already, kicking in doors and turning over file cabinets.

Minor problem with that quote. It was never uttered. It probably never even happened. But, I get your point. I just remembered the name from reading the previously mentioned disbarment trial coverage of he-who-shall-not-named on Gamepolitics. Your posts always caught my attention as you seemed to have a good deal more knowledge of the legal system than you average internet dweller, and thus had a bit of weight in my mind on such subjects.

I doubt there are any door kicking or file dumping, but I do expect some agency is working with Sony as we speak to trace and identify the perpetrator(s). I expect this story will be ongoing for quite a while. Even after PSN is back up.

 

[-Samurai-]

Still no notification here.

If they can spam their newsletters to millions of e-mails at once, they can certainly send out a warning for something like this.

And as far as the whole "You should be constantly checking the blog and Twitter for information" bullshit, does anyone do that for every product they own? Ever swipe your card at a store? Do you constantly check that stores blog to see if your information was compromised on their end? Hell no.

I expect identity theft protection paid for by Sony for the next 5 years. The state of Ohio did it for me when a local politician just happened to be carrying around a disk of names and social security numbers belonging to over half the population of this city, and had the disk stolen from his car. I see no reason why Sony can't protect me from their screw up.

That's an absurd comparison. Your PS3 is in your home. You use it regularly. If you have the time to check a "news site" for information about gaming, you can check direct updates from the source too. Your own problem~

Not my problem, Sonys.

As the consumer, it isn't my responsibility to be on constant alert for Sony screw ups. It is, however, their responsibility to notify their paying customers of any problems that could effect them or the product they paid for. Especially something as large as a massive increase in the chance of having your identity stolen due to a failure in their security system.

Should I also be checking the iTunes or Apple blog to make sure the information I provided to make purchases on iTunes wasn't stolen from them? Should I be watching the Netflix page 24/7 to make sure my information wasn't taken from them? Shit, I bought things from various online stores. Should I be watching their sites to make sure my information is ok? No? Then why the hell would I watch Sony?

Why are you assuming that they have all the capabilities they had before they got hacked? Perhaps they no longer have their e-mail addresses handily available for use. Maybe they have to regather that information. Or identify from among it the account holders who gave them credit card information. Why should I receive an e-mail blast from Sony about compromised credit card information when I don't even own a credit card? That is truly "spam."

You're going to say that a multi-billion dollar corporation that is responsible for all forms of computer technology, that is one of the largest manufacturers of electronics in the world, loses all capability to send out e-mails when one of their networks goes down? How many office e-mails do you think have been sent out between the time the PSN went down and now? How many e-mails do you think were sent from Sony Japan to SCEA?

And when something like this happens, you send out a notice to all of your customers, wether they provided credit card information or not. This way you don't waste time going through each user to find the ones that did use their credit cards, and you eliminate the possibility of missing anyone. And I'm sure no-one would be pissed that they received an e-mail that gives the latest updates on the situation, and has that special little "what to do if you used a credit card on our network" section. Worst case is you don't have to read that section.

No. I'm saying that they may well not be able to immediately turn their attention to that task nor to have it accomplished immediately. It's standard corporate operating procedure that in times like this before you rush off all half-cocked and do something to worsen the situation, you first assess the damage and methodically plan your response to it. Your expectations of immediate gratification really aren't realistic. It just don't work like that at a huge corporation. It's not a Mom 'n' Pop.

Sony knew what the hacker(s) wanted from the get go. It's the only damned thing the PSN had that would be useful to anyone.

So you send out a warning e-mail before you confirm that information was stolen. There. Everyone is warned. Then, if you later find that no information was taken, you send out another e-mail saying that the investigation has revealed that no personal information was taken. You can't lose in that situation.

I wasn't looking for instant gratification at all. Just some common sense and a bit of a warning that didn't come from an unexpected news post on a site I frequent that has nothing to do directly with Sony. I wouldn't have been angry if they said that there was a chance that some personal information was taken, and then later said that they found that it wasn't the case. I would have been thankful for their concern and relieved that there were no problems.

 

[MattAn24]

And when something like this happens, you send out a notice to all of your customers, wether they provided credit card information or not. This way you don't waste time going through each user to find the ones that did use their credit cards, and you eliminate the possibility of missing anyone. And I'm sure no-one would be pissed that they received an e-mail that gives the latest updates on the situation, and has that special little "what to do if you used a credit card on our network" section. Worst case is you don't have to read that section.

i'm only going to say this one more time

The. Only. Time. An. E-mail. Is. Sent. By. A. Company. To. A. Customer. In. Regards. To. An. Issue. Or. Situation. With. A. Product. Is. When. The. Product. In. Question. Is. A. Motor. Vehicle.

Anyway, I'm pretty sure Sony will take this the the authorities assuming they have not already. This is no minor situation. Its an attempt at Identity Theft on a rather grand scale.

Is it? How do you know that? Has anyone told you that? If so, who?

Oh, I don't know. I'd go with the fact that someone hacked PSN and apparently stole all the customer information. Possibly even credit/debit card information. The Network was not taken down by an attack, but rather was shut down by Sony itself to protect it's information from further exposure. I'm just reading between the lines here. Maybe it wasn't an attempt at Identity Theft. But the only other alternative is that it was done for... the lulz?

I really doubt anyone would go to so much trouble unless they thought there was some finical gain to be made.

There's no end to their constant wave of stupid. They'll hate on Sony because they've always hated on Sony. This is really nothing new. Haters gonna hate. I'm completely indifferent, except towards the REAL CULPRITS WHO STOLE THE INFORMATION. I can play Gears 3 beta, my PSP games offline, wait for PSN to come back, change password and finally grab the DLC costume for Cecil for Dissidia 012. My bank isn't stupid. If they see a suspicious transaction, my card is blocked. Immediately. They call me for confirmation. It's win-win for me, because I was well-informed of the situation, rather than just selected snippets of over-exaggerated biased article titles on a gaming "news" site.

I'm not here for the "news", I'm here for the video content (read: LRR content)

 

[JDKJ]

There's no way someone could get away with breaching Sony utterly scott-free. Sony has a lot of money they can throw into finding them. Either they have no foresight, they are some damn cocky bastards, or they are actually that good. My bet is one of the first two... or both.

It may be more difficult than you think -- no matter the available financial resources. If Sony follows the trail and it ends up at some ISP, what are they gonna do? Kick in the door and start rummaging through records? Unless the hacker's sitting down the hallway from the server he hacked (which does happen sometimes), hack jobs don't usually get solved unless law enforcement gets involved -- they have the authority to kick in doors and nosy around file cabinets.

First, do you or did you ever post on Gamepolitics? Does JDKJ stand for Jack Don't Know Jack? If so, I think I remember reading many of your comments during the whole JT Disbarment coverage.

Anyway, I'm pretty sure Sony will take this the the authorities assuming they have not already. This is no minor situation. Its an attempt at Identity Theft on a rather grand scale. I'd actually be surprised to learn that Sony hasn't been working closely with some government investigative authority, like the FBI or even Interpol, from early on. It would also explain some of the lack of information. They wouldn't want to give too much away and complicate the investigation.

To quote George Washington, "Father, I Can Not Tell a Lie; I Cut the Tree." Yes, JDKJ and JackDon'tKnowJack are one and the same. Very observant and smart of you to have figured that one out. Bravo.

Yes, I'm sure that there's all kindas 5-0 on the case already, kicking in doors and turning over file cabinets.

Minor problem with that quote. It was never uttered. It probably never even happened. But, I get your point. I just remembered the name from reading the previously mentioned disbarment trial coverage of he-who-shall-not-named on Gamepolitics. Your posts always caught my attention as you seemed to have a good deal more knowledge of the legal system than you average internet dweller, and thus had a bit of weight in my mind on such subjects.

I doubt there are any door kicking or file dumping, but I do expect some agency is working with Sony as we speak to trace and identify the perpetrator(s). I expect this story will be ongoing for quite a while. Even after PSN is back up.

It's actually more accurately attributed to John McRae, who did any engraving of Washington, his father, and the chopped up tree. But, yes, that Washington ever actually chopped up any trees or said those words is most likely a huge myth. But it's a good myth, so let's run with it, huh? : P

Cops that don't kick in doors and fling file cabinet drawers around the room ain't shit. : P

 

[Vrach]

yeah I haven't been sent an e-mail either. I'm pretty sure that's some serious business to not be told of.

E-MAILS. COMPROMISED. Does this not compute? Read their damn official blog! They've been keeping people updated on both EU AND NA sites since it started! Even when they couldn't really report much, they updated people. Comments on the blog sites are rather contrary to what's been said here. People THANKING Sony for keeping them updated. Learn to read.

Except that people ARE getting emails about the fact, they're just late and sporadic (in fact, considering this information is available in a post above the one I'm quoting, perhaps you're the one who should l2r? )

Also heads up rock star. Not everyone spends their time on official blogs and following their Twitter accounts. If you do, that's your business, doesn't mean everyone's required to in order to get information. News about something like this needs to get directly to the consumer and the most direct way for that in this case is an email. Blogs and Twitter accounts = extra information. Not something any user is required to keep track of, especially not for information of this kind.

Besides, it doesn't matter that the emails might've been compromised. Emails are available 90% of the time, compromised or not, you have sites that scoop up these things all the time. And there is not a single reason a hacker would take the time to write a long ass email telling you "y'know what, our whole network is completely and utterly fucked and all your info might be public". Ok, maybe you could write that as a hacker to put a black eye on Sony, but a single link within the article to the Sony's official site where that information is verified takes care of any concern that the email could be fake.

 

[-Samurai-]

Which is why recalls are sent out for other product, correct? It's also why when 5/3rd Bank had some accounts compromised, they sent out e-mails to every customer that provided them with an e-mail address upon account creation, or through account updates.

Personal experience says you're wrong.

because you are actually able to track each individual person down due to their information being registered, but in this instance the registered info is on the network that has been shut down so they can fix it, and there is so much info in this instance that sending out e-mails to each and every person is inefficient and time consuming, taking time away from fixing the problem so they can get the network back on line

therefore they use the public domain instead as you can reach a much broader audience much more quickly, its not a perfect system buts its all they have to work with at the moment

They obviously have access to their own network, or they wouldn't be able to use it to fix it. It's just not available for public use at this time. And they have enough information to fill multiple blog posts, I'd say that's enough for an e-mail.

There's no end to their constant wave of stupid. They'll hate on Sony because they've always hated on Sony.

Yep. I hate Sony. I hate them so much that I bought every one of their consoles, every model of every handheld they've made(including the PSP-Go), and various other products with their name on it. It's not because they usually make quality product, it's because I hate them with a passion.

And you were saying something about a "constant wave of stupid"? Get over yourself.

 

[MattAn24]

Oh, I don't know. I'd go with the fact that someone hacked PSN and apparently stole all the customer information. Possibly even credit/debit card information. The Network was not taken down by an attack, but rather was shut down by Sony itself to protect it's information from further exposure. I'm just reading between the lines here. Maybe it wasn't an attempt at Identity Theft. But the only other alternative is that it was done for... the lulz?

I really doubt anyone would go to so much trouble unless they thought there was some finical gain to be made.

Emphasis mine. When you say "apparently stole all the customer information" what is it that makes you think it is apparent that customer information was stolen?

Oh, let's see. PlayStation's Blog, the site that The Escapist neglected to report about~

Sony themselves reported it as a "possible compromised account attack" several days ago. You're too oblivious to read official updates because you expect to be force-fed information that they can't do without PSN being online to SEE ALL THE E-MAIL ADDRESSES. The blog is THE most central site for official news from Sony, regarding ANYTHING. Hell, I frequent the SquareEnix Members Europe site as well because they update regularly with information on upcoming games and DLC/updates to current games AND actively read all the comments from the community.