The first two posts made me laugh.
But yeah, damn you Sony, and damn you self-entitled hackers.
The first two posts made me laugh.
But yeah, damn you Sony, and damn you self-entitled hackers.
I'm pretty sure I never entered my CC info into PSN, because I have never bought anything. Lets hope not..
It's been so long since I used PSN that I don't even remember what information I have on there. Since I can't even log into the site to check, now I have to change every goddamn password and keep an even closer eye on my statements.
Thanks Sony, thanks a lot.
If it's coming from Kotaku users, then it's more than likely bullshit, I haven't heard anything like that anywhere else.
Blame the hackers, not Sony. It was a complete dick move for Sony to hold the information for however long, but it's not their fault that people decided to hack them over whatever bullshit vendetta they have against them.
@kaedesdisciple Your location made me laugh
Phew! That was a close one. Good thing this'll only affect the 3 or 4 people who actually use PSN.
Hey Geohot, ARE YOU STILL FEELING SMUG, YOU ASSHOLE?
(I know he's not behind this - but I can't help but feel his stupid exploits had a hand in this.)
I really fail to see the problem with a company executing the appropriate due diligence and bringing in a security firm to investigate a breach before disclosing anything to the public.
Where is the evidence that Sony held off on reporting this news to us any longer than protocol dictated? Do we have a point of reference where a company as big as Sony with as many consumers affected immediately reported a security breach to all that were affected?
My health insurance company suffered a similar hack last year. Hundreds of thousands users' sensitive information was compromised - and from what I understand in the paperwork that they sent me they didn't alert members the exact day that the compromise was detected, it was at least a week before an official statement was issued to members in that case. This just seems to be the way these things go down.
We wait, when presented with the opportunity we change our passwords, we keep track of our credit card records/bank accounts, if necessary we contact our bank and request a card with a new number, we stay smart and we move on.
Whether you like Sony or not, whether you're opposed to their corporate culture or not, you simply can not lose sight of the fact that hackers are the people specifically responsible for doing this to us.
Last edited by Frankie_Says_Relax; 04-26-2011 at 09:57 PM.
"And the book says: 'We may be through with the past, but the past ain't through with us.'"
While I'm completely paranoid about this sort of thing, I have been reminding myself about the fact that the hackers probably have a ton of data and it is unlikely that all of it will be used, I'm still taking precautions.
One thing I do hope is that Sony actually deletes billing information once you delete it from your profile. I had been doing this for a while now so I can only hope it paid off. Due to my pessimism and distrust for Sony after this though, I'm thinking this is not true.
Sadly, the only way to know for sure what data was stolen is if and when it gets posted somewhere.
While the hackers definitely deserve some blame, Sony is not completely blameless. From a security standpoint, Sony has the responsibility to protect your data. If they really need to know so much about you, they better keep it as private as possible and protect it from theft.Blame the hackers, not Sony. It was a complete dick move for Sony to hold the information for however long, but it's not their fault that people decided to hack them over whatever bullshit vendetta they have against them.
I have a sig?
I think the card I had on file expired a year or so ago. I could be wrong though.
They've admitted that their customer info has been accessed, excluding street address and credit card. That means whoever compromised the system accessed names, general address information, birth dates, and other useful marketing data.
Forget Nintendo and their mystery box, I can't wait to hear what Sony has to say at this year's E3!!!
From a security standpoint, this could happen to just about any company and even banks. As much as people would like to believe, our information isn't nearly as safe and confidential as we'd all like to think. Identity theft, credit card fraud, unauthorized transactions...all of this and more could happen to you at your local Wal-Mart with just the swipe of a credit card,
Hell, your credit card can be copied when using the ATM right outside your Bank, these crooks have been putting their own cameras in them to get your pin number and put their own card readers right over the ATM's so it reads it as you're sliding it into what should be the most secure place to get your money.
I'm not saying Sony isn't completely blameless, but people are acting like this is the first time that anything like this has ever happened, when in reality it probably just happened to them at the drive thru at BK.
I've just spent about 2 hours changing every online account password I've got that I can think of - more than 40 accounts I've remembered and changed so far. (After almost 20 years of ignoring the universal security advice to not use the same login/password for every account, I'm finally bitten in the ass.)
I've only ever made one purchase on PSN so far, but it was recent. I chose to have the network NOT remember my credit card info. IF the system disregarded that and stored my CC info anyway I suppose I might be in trouble, but hopefully not.
This is certainly a pain, but life happens.
And now, to bed.
Saw this on SonicRetro and figured I'd pass it on here.
Originally posted by GerbilSoft of SonicRetro:
SOURCEAs mentioned in IRC: http://psx-scene.com/forums/f177/sony-has-...s-spying-81093/
So not only is it stored unencrypted locally, it's *transmitted* unencrypted over the Internet. This is a lawsuit waiting to happen.*Credit card sent as plain text, example: creditCard.paymentMethodId=VISA&creditCard.holderN ame=Max&creditCard.cardNumber=4558254723658741&cre ditCard.expireYear=2012&creditCard.expireMonth=2&c reditCard.securityCode=214&creditCard.address.addr ess1=example street%2024%20&creditCard.address.city=city1%20&cr editCard.address.province=abc%20&creditCard.addres s.postalCode=12345%20
*Insert Facepalm Image Here*
Wait, I thought all the hacking stopped a week or so ago because the hackers realized they were hurting the users instead of solely Sony. Or is this simething else?
Like free stuff? I have earned hundreds of dollars in free Amazon gift cards through Swagbucks. Check it out here! Earn 3000 points and I will give you FREE shipping the next time you buy from me!
http://www.swagbucks.com/refer/Porksta
We'll probably never know. Anonymous (the group that publicly attacked Sony) denies responsibility for this current clusterfuck, and they have a proud history of screaming their "achievements" to the world. On the other hand, Anon doesn't have any kind of hierarchy or actual structure (OR DO THEY?!?!?), so maybe they did do it. Either way, unless someone gets publicly arrested for this, it'll probably remain a mystery.
It takes SERIOUS BALLS to hack a company as big and as willing to level the Legal Big Guns as Sony though. I was thinking about that. There are thousands and thousands of other, smaller, less public companies out there that make far better targets for someone just after personal data for sale or use. Hitting Sony like this is robbing the biggest public bank in New York City in broad daylight and only taking the stamps.
Unless the person(s) who hacked Sony is much dumber or crazier than is likely, and keep in mind I engineer stuff for a living instead of solving crimes and need a FAQ when playing adventure games, I'd bet that the hack itself is still to make a point.
Or it was someone in China and they just don't care.
I believe Anon started the attack before the Geohot case was settled. They backed off though when they figured it was just hurting users and not Sony.
Like you said though I doubt Anon has any real structure, so once the exploit found all the Anon members probably started poking around and then it just spread.....
According to Sony they didn't really out till yesterday also:
source: http://ps3.ign.com/articles/116/1164186p1.htmlThere's a difference in timing between when we identified there was an intrusion and when we learned of consumers' data being compromised. We learned there was an intrusion April 19th and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident.
It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon.
While I strongly disagree that anybody other than registered PSN members and Sony should be counted as "victims" in this scenario, please don't put words in my mouth, I'm not saying anything in this situation is "okay".
For the record, I think it's fucked up, that all affected are currently suffering and inconvenienced until it is resolved, but ultimately that this shit happens - and my personal experience says that it is not the end of the world.
Many of us probably send sensitive personal and financial information through FAR less secure chanels that have simply never been the target of a focused attack by a hacker.
What I am doing is questioning people's expectations of protocol in a situation like this.
Everybody seems to be specifically "outraged" that Sony allegedly waited a week to make a public statement about compromised data.
Again, for all of those who have expressed frustration that a week is an inappropriate amount of time to wait, what do you have as a point of reference?
What says that Sony should have publicly reported compromised data the moment that there was any evidence of it (regardless of confirmation or official research)?
Is there a law on the books? If there is, can we see it?
Have we all universally experienced something like this as s community that was more swiftly reported on?
I don't think that this is nearly as simple as people are making it out to be, there are MILLIONS of members on the PSN, and likely BILLIONS of total points of data that need to be examined in a scenario like this ... to preemptively report on anything before a thorough investigation has been completed would to me seem just as irresponsible as waiting an inappropriate amount of time to do so.
"And the book says: 'We may be through with the past, but the past ain't through with us.'"