I wonder what this will do to Xbox Live's userbase?
I wonder what this will do to Xbox Live's userbase?
Can we get PS games free from the PS store??
Yeah you know what you're right. I should have expected that when I used my credit card on their website and my email that they were going to just completely fuck up and let it be open to everyone. I guess I should have also gotten a completely seperate fucking credit card just for use on the PS network, so that in case this happened I would be protected. I mean, of course they did nothing wrong.
I'm not blaming them for me using the same password, I'm blaming them for NOT HAVING A FUCKING CLUE HOW TO PROTECT THEIR DAMN SYSTEM. They are only a multi-million dollar company, but yeah at least I'm getting 30 free days of some retarded service. We shouldn't expect anything more of them, I mean, mistakes happen. Hopefully next time they can give out my address and social security number and I get a Playtation Move! Yeah!!
Life is like a hurricane...
I mean, I just think that them trying to bribe us w/ these crappy things is just pathetic, instead of dealing with the actual problem.
Life is like a hurricane...
They already gave out your address. I've given out my name and address to plenty of people I don't know. How do you think I've bought things on here, Ebay, or other places?
You know it's also much easier to get your card stolen at places you normally go than any secure network as well. Take a fast food place for example. When you go through the drive through you can't very well see them sliding the card because it's usually out of view of the window, behind the register or elsewhere. No need to write anything down when receipt paper is perfect for making an exact copy. With cell phones now they'd just need to take a picture. Or what about people you do business with over the phone, like your cable, electric company, etc. Any time you give out your information to anyone you have the chance to get it stolen. Unless of course you only pay with prepaid cards, which isn't a bad idea in itself. Although a smaller amount of money, even prepaid cards can be stolen.
But just because it can happen anywhere doesn't make what happened okay.
Life is like a hurricane...
If we were only talking about credit cards, then I would say this is a valid point. The problem is, in the Sony hack they got more than credit cards -- they got PII and SPII. In the security world, PII means Personal Identifiable Information and the S in SPII stands for Sensitive. PII in and of itself isn't bad. For example, if I knew your name, I could get your phone number and address out of the phonebook. Those are examples of PII. But by combining certain things -- say your name, DOB, and SSN, NOW I have SPII, and that's a problem. When SPII leaks, people need to stop worrying about credit card theft and start worrying about identity theft.
Having your credit card number stolen is a pain in the ass, but banks are pretty good at identifying weird charges and notifying you pretty quick. I've had mine stolen a couple of times now and the biggest hassle was waiting for new cards to arrive in the mail and then having to switch whatever online accounts they were tied to. Losing a debit card can be worse because money can actually be withdrawn directly from your account, leaving you financially fucked for a bit until things get straightened out.
Identity theft is a whole 'nother thing. My wife got her purse stolen in 1996 and occasionally we still get weird things showing up on our credit. All a crafty individual needs is the information off your driver's license to wreak havoc not only on your credit but also your life. Many times, people don't find out their identity has been stolen until someone has either opened a line of credit or applied for insurance claims in their names and collections agencies have begun contacting them. By then your insurance and credit may have already been permanently affected. Fake identities are routinely used for cashing fake checks and giving to the police when crimes are committed. Sometimes, criminals will file for bankruptcy on your behalf, too. Whee!
There was a paper a few years ago that claimed that 87% of the US population could be uniquely identified by their zip code, gender, and date of birth. By cross referencing that information in any number of publicly available databases, you can get someone's name. Correct me if I'm wrong, but I believe all that information was in my PSN profile ... along with my name and credit card number.
Over the next few months, people are going to be talking about the credit cards that were stolen. Some of those cards are going to be used maliciously and it's going to be a pain in the ass for the owners of those cards. However, in a year or two from now, I think people will be talking about the tens of thousands of cases of identity theft that sprung from this single incident.
Flack, you make a very valid post.
From what I can remember, Sony never asked for my social security number, just my credit card number. Say hackers got my personal data, like name, address, and telephone number. Say they also got an old credit card (well, a virtual card from BoA...the shop safe one in which is only valid for a certain date, time, location, and amount...but has been cancelled as well). With this, how can hackers use this for identity theft, specially with no social security number?
I know it is still possible, so now can we protect ourselves? Freeze our credit?
Proud owner of a Neo 25 Neo Geo Candy Cab!
If you are skimming this thread or suffering from a bout of TL;DR I have an announcement: Stop what you are doing and read this post (108) above.
With ID theft, once the info is out, it's out. You just have to keep tabs on yourself. Or rather your records... Still a pain, proving negatives.
Last edited by Icarus Moonsight; 05-03-2011 at 07:15 AM.
This signature is dedicated to all those
cyberpunks who fight against injustice
and corruption every day of their lives
They didn't "let it be open to everyone".
It was compromised as in BROKEN IN TO in a focused, deliberate criminal attack by a hacker/hackers.
Remember those people? The hackers? The ones that decided that it would be a good idea to illegally intrude in a corporate system and compromise your personal information? The ones who continue to conveniently get ignored/left out of 99% of discussions surrounding this event.
And where that is concerned, Sony has repeatedly stated that the only information that was compromised was your name, address, telephone number, DOB and login information.
Stop willfully ignoring the fact that it's on the record that PSN Credit Card Details were NOT compromised.
Despite the fact that gaming news sites keep running headlines that say "X amount of credit cards MAY have been compromised" there is NO EVIDENCE of that in the PSN database. Sony has made it clear several times over that security firms have audited their system and there is no evidence whatsoever that the fully encrypted credit card data was accessed or stolen.
(Before it's posted as retaliation to this, yes, it has been reported that SOE had a 2007 credit card file containing about 13,000 non-US cards compromised. http://www.soe.com/securityupdate/ That data was NOT in the same server/location as the current PSN account data that has been the source of discussion since this fiasco began. If you're one of those affected by that outside of the United States, and that's specifically what you're bitching about - change your card number and contact Sony about assistance with enrollment in an identity theft program they've said that is a service among many others that they're offering to those affected by this.)
While you're here, why not read up on ALL of the official knowledge base Q&As while you're here. They not as sensational/divisive as all the neat gaming news blogs reporting on the events of this, and they don't have all the witty/snarky headlines, but they're OFFICIAL and they're as ACCURATE as we're going to get until somebody PROVES otherwise:
Official Sony Q&A #1
http://blog.us.playstation.com/2011/...city-services/
Official Sony Q&A #2
http://blog.us.playstation.com/2011/...city-services/
Press Release Restoration of Service / Improvement of Security / Reparations
http://blog.us.playstation.com/2011/...ble-this-week/
Network Security Update
http://blog.us.playstation.com/2011/...curity-update/
Last edited by Frankie_Says_Relax; 05-03-2011 at 07:27 AM.
"And the book says: 'We may be through with the past, but the past ain't through with us.'"
Still doesnt answer my question fully, though.
I read his post like three times, but I am wondering how can an identity be stolen if there was never a social security number that was given to Sony (as far from I can remember).
Yes, people can use your other info, but how can a particular issue or information be tagged to the correct person if there was no SS at play here? I know it's possible... I just want ot find out how. And with that, I want to find out how to prevent this, like a credit freeze, a type of identity "lock", etc. Yes, we can just monitor our accounts as many times az we want...and should, but there has to be other actions we can do to protect ourselves.
Proud owner of a Neo 25 Neo Geo Candy Cab!
Cross referencing data, social engineering... Calling different bureaus or agencies (private or public) with a certain level of personal data can open up more, especially if you are good at working people. There are many ways. It's also extremely variable how victims are effected. If you want a magic bullet, there really isn't one.
Last edited by Icarus Moonsight; 05-03-2011 at 07:37 AM.
This signature is dedicated to all those
cyberpunks who fight against injustice
and corruption every day of their lives
Damn it, I guess I have to enforce stricter scenarios on my credit monitoring as well as be extremely vigilant. Well, I always was...just need to be more anal about it.
Proud owner of a Neo 25 Neo Geo Candy Cab!
If you are really worried, you can call any of the credit agencies and have them put a fraud watch or fraud alert on your records (forgot what it is called exactly). This makes it much more difficult for credit/loans/etc to get approved, requiring many additional verification steps. This can be inconvenient if you are applying for something, but also makes it much much more difficult for your identity to be stolen. If you contact one credit agency, it automatically propagates to the other two.
These guys figured out a pretty good system of guessing people's SSN:
http://www.csmonitor.com/Innovation/...ecurity-number
The first page of Google searching returned this site: http://www.docusearch.com/locc.html
"Provided your subject is over 25 year old and has established credit (good or bad), this search is guaranteed to return their social security number. Docusearch requires a detailed explanation regarding the legal necessity for requesting this information. All clients ordering this search will be interviewed. This search will only return your subject’s social security number. It will not supply addresses, telephone numbers, and dates of birth or any financial history for determining credit worthiness."
I'm guessing there are other businesses not quite so vigilant in doing background checks on their customers. My guess is they charge $10 more.
This website (http://www.publicpeoplefinder.com/Ba...e-Search.shtml) offers, for $49:
"This service will allow you to enter some general information about the subject you are searching for such as name, last known location and then locate the subjects current address, full name, address history, social security number, date of birth, and other details. We only require a name for this people search although the more information you provide us with the better your chances are of locating this person, and receiving details about them. Please see below for more information on this people lookup."
Hackers may have obtained users' names, home addresses, email addresses, birthdates, PlayStation usernames and passwords, and answers to password security questions.
Using that information, someone could get into your email account, bank account, credit cards, and other online bills...and from there, obtain *even more* information about you (as well as tamper with your money and credit).
This isn't a simple matter of "sorry our network was down for maintenance, here's a free game." This is much more serious as Flack has pointed out.
Last edited by Rob2600; 05-03-2011 at 09:26 AM.
There's nothing wrong with being safe and smart with your personal information, and there are several steps that one can take on a regular basis to review credit reports/activity (Google will help there).
however, I will again play devil's advocate here.
I currently work for an organization that deals directly with billions and billions of points of demographic information on individuals.
Many of us are ignorant of the fact that many many many sources including but not limited to: financial organizations (ie banks, credit card companies, credit bureaus, etc.), retail companies (supermarkets, pharmacies, big box stores that offer credit cards, etc.) govt./municipalities (courts, law enforcement, postal services, etc.) telecoms (phone companies) etc. all have different/varied levels/services by which they either make certain points of our personal information (or all of it) available legally, either for free on request, or for sale in bulk data lists to organizations interested in that demographic info (name, address, telephone number, email, etc.)
Couple that with however many millions of people are ACTIVELY PROMOTING their own personal data (name, contact info, photo, education history, professional history, links to family, friends, etc.) on services like Linkedin, Facebook, MySpace, etc. and the illusion of "private, sensitive, personal data" should wash away just a BIT.
While the compromise of Sony's data is a terrible thing with instances of identity theft as a potential consequence (if that's the intent of those responsible for the criminal intrusion), the core of the information that we supplied Sony with is the same basic personal information data set that we use for practically everything that we "sign up for" and about 80% of it is typically available to any member of the general public who actively seeks it out.
SSN and Credit Card data are the sticky wickets. Those aren't data points that are trafficked in any legitimate/legal sense the same way that the above mentioned data is.
IF there was any evidence that pointed to that data being snatched up/used in the Sony data compromise I'd share people's feelings of outrage, fear and maybe even understand all the vocal panic.
That understood, being concerned that people may use your basic level personal data to contact and somehow "convince" a Credit Card company to give them access to your information without your SSN or security questions is ... well, it's a plausible scenario, but there's no reason that that couldn't happen without Sony having ever been hacked.
At this point people simply need to take whatever steps they need to to personally feel secure (change all login passwords that were identical to the PSN login, get a new CC number, look into fraud monitoring services, etc.) and then proceed to monitor their credit information with a reasonable amount of care.
My perspective says that this is all cause for alert, but by no means for panic.
AFAIK, all of the data being offered for that fee is largely public information made available via various public legal records.
That company is merely providing a service that does all the busywork for you.
However, there's an asterisk where the SSN Info is concerned -
In order to access SSN data that organization requires the appropriate legal documents (likely warrants or subpoenas served from the appropriate legal/law enforcement officials).
In other words, you and I couldn't just "pay" for that data.
*[SSN] May only be included with GLB, IRSG Reasons Under Federal/ State law) Some information such as SSN may not be given as required by law such as the GLB law, IRSG, state, federal, and local laws. To get a SSN you must have legal documents that allows you to receive such information.
GBL = http://www.ftc.gov/privacy/glbact/glbsub1.htm
IRSG = http://irsg.bcs.org/
Last edited by Frankie_Says_Relax; 05-03-2011 at 09:40 AM.
"And the book says: 'We may be through with the past, but the past ain't through with us.'"
You're right, *but* there's a difference between me posting my email address and birthday on a Facebook profile (which is pretty stupid), and posting the answers to my security questions on a Facebook profile (which would be super insanely stupid).
The Sony hackers obtained answers to security questions. Combined with the email addresses and password they also obtained, they *could* get into your email account, credit card account, bank account, and other online bills.
If you're a member of the PlayStation Network, stop what you're doing and change all of your online passwords *and* your security questions/answers.