PSN Hacking/Return/Etc. Discussion ~ Do Not Make Anymore Threads
- Thread starter sulf
- Start date
mkray41
Well-known member
Re: PSN Downtime Discussion
I'm just going for mastery now; its kinda tedious I know, but its something to do till PSN is back up at least lol.
*sigh* im already bored with MK9 offline
I'm just going for mastery now; its kinda tedious I know, but its something to do till PSN is back up at least lol.
Young Mage
BANALITY
Re: PSN Downtime Discussion
This is so lulz gais. I'm so glad my parents neglect me, they wouldn't allow me to purchase anything online.
on a serious note---The horror! the horror!
This is so lulz gais. I'm so glad my parents neglect me, they wouldn't allow me to purchase anything online.
on a serious note---The horror! the horror!
mkray41
Well-known member
Re: PSN Downtime Discussion
He's definitely right about one thing, I wouldn't be surprised if there is a class action lawsuit heading Sony's way.
He's definitely right about one thing, I wouldn't be surprised if there is a class action lawsuit heading Sony's way.
TerryMasters
New member
Re: PSN Downtime Discussion
If it hasn't been posted already, this is going to make it a lot harder for them to win said lawsuit: http://blog.us.playstation.com/2011/04/26/clarifying-a-few-psn-points/
It's basically what I said earlier - the security firm only determined that users information was released now, so they didn't wait a week to inform everyone. I know Sony's not perfect and I actually don't agree with them on a lot of things, but I go above and beyond to be fair about stuff. I think the question is now whether or not Sony a) had a knowingly vulnerable security system in place and/or b) credit card info becomes confirmed leaked information. It doesn't look like either of those are true, but if one of them turns out to be, heads will roll off every Sony executives shoulders (three, specifically).
If it hasn't been posted already, this is going to make it a lot harder for them to win said lawsuit: http://blog.us.playstation.com/2011/04/26/clarifying-a-few-psn-points/
It's basically what I said earlier - the security firm only determined that users information was released now, so they didn't wait a week to inform everyone. I know Sony's not perfect and I actually don't agree with them on a lot of things, but I go above and beyond to be fair about stuff. I think the question is now whether or not Sony a) had a knowingly vulnerable security system in place and/or b) credit card info becomes confirmed leaked information. It doesn't look like either of those are true, but if one of them turns out to be, heads will roll off every Sony executives shoulders (three, specifically).
Re: PSN Downtime Discussion
Here is Sony's most recent blog entry with details on what was lost and information on how to protect yourself. It is fairly safe to assume some form of credit card information was taken as no company in their right mind would bring up fraud protection if they did not have a reason to suspect something was taken.
http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/
Change all passwords matching your PSN password and keep a close eye on statements. You can also apply for the heightened security with creditors as mentioned in Sony's blog post there, but just be careful as it will make it harder for you to secure legitimate lines of credit for yourself as well.
Here is Sony's most recent blog entry with details on what was lost and information on how to protect yourself. It is fairly safe to assume some form of credit card information was taken as no company in their right mind would bring up fraud protection if they did not have a reason to suspect something was taken.
http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/
Change all passwords matching your PSN password and keep a close eye on statements. You can also apply for the heightened security with creditors as mentioned in Sony's blog post there, but just be careful as it will make it harder for you to secure legitimate lines of credit for yourself as well.
Baraka_2060
New member
Re: PSN Downtime Discussion
No, it's mentioned on the European blog too http://blog.eu.playstation.com/2011/04/26/psnqriocity-service-update/
No, it's mentioned on the European blog too http://blog.eu.playstation.com/2011/04/26/psnqriocity-service-update/
Re: PSN Downtime Discussion
In regards to the above video, it is understandable that people would feel angry that their information was lost. That said, you cannot become angry with the CSIRT (Computer Security Incident Response Team) and outside investigators because it took them more than a day to fully analyze a crime scene and evidence to determine what happened, as noted in the blog posted by TerryMasters above. Given the scope of the breach, Sony is actually being quite forthcoming about this, considering what it will do to their reputation and business.
PSN is worldwide, so this affects all subscribers regardless of geographical location. I do not know how PCI compliant (a standard used to toughen IT systems that store, process, or transmit cardholder data) Sony is, but one of the requirements is that CC data must be held several years. If you have had any credit card used on PSN within the last several years, this likely affects you.
What this comes down to now is whether the data was encrypted strongly at rest in the database. An earlier Sony blog mentioned possibly compromised administrator developer accounts. What this means is even if the data were encrypted with the best algorithms in the world, a person with admin privileges (or a stolen admin account, in this case) could have been used to decrypt that data.
So, that said, I'd be keeping a close eye on statements personally. Look for small transactions, not large ones, that is how these organized crime syndicates typically keep under the radar while nickel and diming people out of money so they won't notice.
In regards to the above video, it is understandable that people would feel angry that their information was lost. That said, you cannot become angry with the CSIRT (Computer Security Incident Response Team) and outside investigators because it took them more than a day to fully analyze a crime scene and evidence to determine what happened, as noted in the blog posted by TerryMasters above. Given the scope of the breach, Sony is actually being quite forthcoming about this, considering what it will do to their reputation and business.
PSN is worldwide, so this affects all subscribers regardless of geographical location. I do not know how PCI compliant (a standard used to toughen IT systems that store, process, or transmit cardholder data) Sony is, but one of the requirements is that CC data must be held several years. If you have had any credit card used on PSN within the last several years, this likely affects you.
What this comes down to now is whether the data was encrypted strongly at rest in the database. An earlier Sony blog mentioned possibly compromised administrator developer accounts. What this means is even if the data were encrypted with the best algorithms in the world, a person with admin privileges (or a stolen admin account, in this case) could have been used to decrypt that data.
So, that said, I'd be keeping a close eye on statements personally. Look for small transactions, not large ones, that is how these organized crime syndicates typically keep under the radar while nickel and diming people out of money so they won't notice.
Jade
Well-known member
Re: PSN Downtime Discussion
Just wondering. I know PSN is all over the world but the info seems to just talk about the US (and now with your link, Europe) so I wondered if there was something specific about it.
Just wondering. I know PSN is all over the world but the info seems to just talk about the US (and now with your link, Europe) so I wondered if there was something specific about it.
Baraka_2060
New member
Re: PSN Downtime Discussion
Here is another article on the situation http://www.chron.com/disp/story.mpl/ap/top/all/7538667.html
Here is another article on the situation http://www.chron.com/disp/story.mpl/ap/top/all/7538667.html
Re: PSN Downtime Discussion
Thank you Alisa, and yes, exactly. 50 cents off each account adds up fast when you steal a couple hundred thousand accounts or in this case up to possibly 77 million.
It may not hurt to request new cards/account numbers, even. It's too early yet and not enough information is available to determine whether the stolen data has been unencrypted and is usable by the hackers or not. Typically 128 bit and 256 bit encryption takes advanced government supercomputers to crack, but that's not to say professional crime syndicates are without resources to do that sort of thing.
Edit: The article posted by Baraka_2060 is good. Aside from the loss of credit card information, the personal information gathered by the hackers can be used to learn more about people who use PSN and to social engineer them. Be very wary of any calls or e-mails you receive with offers or requests for information.
If you're not 100% sure the person calling or e-mailing you is with your bank/Sony/card company, hang up or do not respond to the e-mail, and then call the official number of that company to be sure before you hand out any personal information, ESPECIALLY if it's SSN information or bank numbers.
Thank you Alisa, and yes, exactly. 50 cents off each account adds up fast when you steal a couple hundred thousand accounts or in this case up to possibly 77 million.
It may not hurt to request new cards/account numbers, even. It's too early yet and not enough information is available to determine whether the stolen data has been unencrypted and is usable by the hackers or not. Typically 128 bit and 256 bit encryption takes advanced government supercomputers to crack, but that's not to say professional crime syndicates are without resources to do that sort of thing.
Edit: The article posted by Baraka_2060 is good. Aside from the loss of credit card information, the personal information gathered by the hackers can be used to learn more about people who use PSN and to social engineer them. Be very wary of any calls or e-mails you receive with offers or requests for information.
If you're not 100% sure the person calling or e-mailing you is with your bank/Sony/card company, hang up or do not respond to the e-mail, and then call the official number of that company to be sure before you hand out any personal information, ESPECIALLY if it's SSN information or bank numbers.
Last edited:
Zoidberg747
New member
Re: PSN Downtime Discussion
This is ******** that this is happening to you guys, personally I blame the hackers those sorry lowlife*Insert ten expletives here*. Hope this gets fixed but really Sony got caught in a bad situation and if the hackers go on a spending spree then most likely Sony will be responsible since they had everyones personal info
This is ******** that this is happening to you guys, personally I blame the hackers those sorry lowlife*Insert ten expletives here*. Hope this gets fixed but really Sony got caught in a bad situation and if the hackers go on a spending spree then most likely Sony will be responsible since they had everyones personal info
navi24
New member
Re: PSN Downtime Discussion
didnt u guys see the video above im mad at the situation but i really f*cking hate all the hackers, he said that SONY uses one of the highest securities known 128 bit encryption, the same encryption that banks use,meaning this sh*t could of happen to microsoft xbl so dont be immature saying that this will never happen to xbox because we have a paid service, this is a time for the gaming community to support eachother, i was going nuts because ive been waiting for mk for almost 2 years and now i cant even play it but f*ck that is not about that ppls lives could be ruined, ur kids college fund,ppls starter homes etc. is at risk, this is no laughin matter. IF SONY REALLY DID USE THE HIGHEST SECURITY IM NOT REALLY MAD AT THEM, DONT LET THESE FCKN HACKERS FLY UNDER THE RADAR WHEN THEY ARE THE ONES TO BLAME. I CANT BELIEVE THIS BS. THIS IS FEDERAL THEY NEED TO BE PUNISHED TO THE FULLEST EXTENT OF THE LAW!!!
didnt u guys see the video above im mad at the situation but i really f*cking hate all the hackers, he said that SONY uses one of the highest securities known 128 bit encryption, the same encryption that banks use,meaning this sh*t could of happen to microsoft xbl so dont be immature saying that this will never happen to xbox because we have a paid service, this is a time for the gaming community to support eachother, i was going nuts because ive been waiting for mk for almost 2 years and now i cant even play it but f*ck that is not about that ppls lives could be ruined, ur kids college fund,ppls starter homes etc. is at risk, this is no laughin matter. IF SONY REALLY DID USE THE HIGHEST SECURITY IM NOT REALLY MAD AT THEM, DONT LET THESE FCKN HACKERS FLY UNDER THE RADAR WHEN THEY ARE THE ONES TO BLAME. I CANT BELIEVE THIS BS. THIS IS FEDERAL THEY NEED TO BE PUNISHED TO THE FULLEST EXTENT OF THE LAW!!!
Re: PSN Downtime Discussion
How stiffly Sony is punished depends on how well they can display "Due Diligence" (In legal terms) was taken in protecting customer cardholder data. If it is found their security was carelessly negligent, then they are in for a world of hurt in financial penalties, at the least.
If they had good protection in place and were still hacked, they will be expected to do their part to fix the mess (Such as rebuilding the network like they are) but will otherwise not be punished too badly. There are things such as "Day Zero" exploits and holes in code that exist and can result in these kinds of situations despite the best efforts of the security teams involved. More simply put... build a better wall, and someone at some point finds a way to hang glide over it.
It does suck, but taking proper steps to protect yourself will make it much, much more difficult for hackers to make any use of the information they have gotten so far.
How stiffly Sony is punished depends on how well they can display "Due Diligence" (In legal terms) was taken in protecting customer cardholder data. If it is found their security was carelessly negligent, then they are in for a world of hurt in financial penalties, at the least.
If they had good protection in place and were still hacked, they will be expected to do their part to fix the mess (Such as rebuilding the network like they are) but will otherwise not be punished too badly. There are things such as "Day Zero" exploits and holes in code that exist and can result in these kinds of situations despite the best efforts of the security teams involved. More simply put... build a better wall, and someone at some point finds a way to hang glide over it.
It does suck, but taking proper steps to protect yourself will make it much, much more difficult for hackers to make any use of the information they have gotten so far.