Beyond3D Forum

Beyond3D Forum (http://forum.beyond3d.com/index.php)
-   Console Forum (http://forum.beyond3d.com/forumdisplay.php?f=37)
-   -   *ren* PSN Down, Customer Info Compromised (http://forum.beyond3d.com/showthread.php?t=60017)

bkilian 26-Apr-2011 20:27

Quote:

Originally Posted by makattack (Post 1546581)
Yah, that's a typical solution for "removing a system from direct internet connection" but you have to know that the weakness to that method of having physical security for the system is those systems that *are* connected to it... and those systems are on a network of some sort, which ultimately ends up accessible from the internet.

So, if someone were to compromise the systems with the direct serial connection to the CC Motel, they could conceivable get CC Motel to make a lot of random charges on various accounts... if they know how to craft the request properly... sure, big ifs... but there are always vulnerabilities.

Right, if someone compromises the sytem, ,they can possibly make charges to accounts, although they would not get the money. What they couldn't do, though, is steal the credit card number and then sell it/use it for their own financial gain.

mrcorbo 26-Apr-2011 21:05

Apparently the fears of users' personal information being compromised were well-founded. There is no evidence yet that Credit Card data has been compromised, but it hasn't been ruled out either.

Scott_Arm 26-Apr-2011 21:22

Quote:

Originally Posted by mrcorbo (Post 1546596)
Apparently the fears of users' personal information being compromised were well-founded. There is no evidence yet that Credit Card data has been compromised, but it hasn't been ruled out either.

Shite. Time to start changin' my passwords again.

AlNets 26-Apr-2011 21:23

:| Yikes.

mrcorbo 26-Apr-2011 21:30

They've known about this for a week (if not the extent of it) and this is the first communication to users that their personal information may have been compromised. :evil:

mrcorbo 26-Apr-2011 21:31

Quote:

Originally Posted by AlStrong (Post 1546601)
:| Yikes.

Thread title change to reflect this info? People need to know about this.

AlNets 26-Apr-2011 21:39

I've updated the first post as well.

:( Bloody awful situation. Wonder what the lashback will be against Sony from a legal standpoint.

Scott_Arm 26-Apr-2011 21:42

Quote:

Originally Posted by mrcorbo (Post 1546602)
They've known about this for a week (if not the extent of it) and this is the first communication to users that their personal information may have been compromised. :evil:

Yeah, if they had suspicion that it might have been this serious, they should have said something right away, to err on the side of caution. Dicks.

I also appreciate that they didn't even bother to send this information to their PSN subscribers in an email. I mean, putting this information on their blog is obviously the best way impart this information to their casual subscribers. I'm sure all of the subscribers read that blog every day.

I'm also trying to remember if I had my credit card number stored on my profile. I don't think so ... What a huge pain in the ass, since I can't even log in to see. Request a new credit card? Yes or no?

digitalwanderer 26-Apr-2011 21:53

Damn, did Sony do anything right in this situation? :shock:

Scott_Arm 26-Apr-2011 21:58

Seen on arstechnica:

"PlayStation: It only gives away all your information."

thop 26-Apr-2011 22:02

This is living.

AlNets 26-Apr-2011 22:03

erm... Just a side-thought... would there be any impact regarding the Facebook integration :?:

digitalwanderer 26-Apr-2011 22:05

No, but was today really the day to launch their tablets boasting their online services?

Like I said, did they do ANYTHING right? :???:

Scott_Arm 26-Apr-2011 22:08

Quote:

Originally Posted by AlStrong (Post 1546615)
erm... Just a side-thought... would there be any impact regarding the Facebook integration :?:

If you used the same email address and password, I'd be changing that ASAP. I've been scouring the millions of online accounts I have, looking for places where I used the same password.

jonabbey 26-Apr-2011 22:12

I would really, really, really love to see a post-mortem on this, but I expect Sony to clam up to try to defend against legal action. ;-/

AlNets 26-Apr-2011 22:14

Quote:

Originally Posted by Scott_Arm (Post 1546617)
If you used the same email address and password, I'd be changing that ASAP. I've been scouring the millions of online accounts I have, looking for places where I used the same password.

Yeah, so far I've changed e-mail and password, but I luckily don't keep the same password for facebook as the e-mail. Even then I haven't got much for personal details in Facebook.

makattack 26-Apr-2011 22:17

Good grief, reading this... just simply boggles my mind how badly Sony needs some engineers/architects with just a wee bit of knowledge about sound security practices. Just even a minimal bit of knowledge.

Explains how their PKI implementation was borked from the beginning.

Most companies these days, consider it an automatic terminate offense if a release of customer information was made due to negligence. I don't even know the legal implications.

In other high profile cases, companies have had to offer their customers credit ratings watch services. Dang. This really cheeses me off.

Xenus 26-Apr-2011 22:27

Guys just cause their security was comprimised doesn't mean Sony was negligent in their Security policy. Even the best systems can be broken.

The main issue for now is that they took so long to start sending out emails that the data has been comprimised and that may include CC numbers that is the issue.

mrcorbo 26-Apr-2011 22:31

Quote:

Originally Posted by Xenus (Post 1546624)
Guys just cause their security was comprimised doesn't mean Sony was negligent in their Security policy. Even the best systems can be broken.

The main issue for now is that they took so long to start sending out emails that the data has been comprimised and that may include CC numbers that is the issue.

I agree. But this alone is enough to have me royally pissed. I don't even know what e-mail/password/security question I used to sign up for PSN and, of course, can't log in to find out.

Edit: Well, at least I know what e-mail I used now.

Cheezdoodles 26-Apr-2011 22:39

**** YOU SONY.

You should have given this information on day 1. Not a week after the fact. WORST CUSTOMER SERVICE EVER.


Oh well, gonna call the tech guys at the bank tomorrow and see if i need to change the credit card that was used or not. They say that the security code was not comprimised, however if they aren't sure wether or not they obtained our credit card information how the hell do they know if they got the security code or not? (they probably are 100% sure, they just dont want to make things even worse)

JPT 26-Apr-2011 22:39

Quote:

Originally Posted by jonabbey (Post 1546619)
I would really, really, really love to see a post-mortem on this, but I expect Sony to clam up to try to defend against legal action. ;-/

+1

Maybe get DigitalFoundry on the case?

Cheezdoodles 26-Apr-2011 22:57

Quote:

Originally Posted by jonabbey (Post 1546619)
I would really, really, really love to see a post-mortem on this, but I expect Sony to clam up to try to defend against legal action. ;-/

Lets do a CLASS ACTION LAWSUIT!!!
Millions of PSN users vs Sony

Nesh 26-Apr-2011 23:11

I wonder if its the "anonymous". If its them, I dont know what to say? Attacking the customer information because geohot and Sony have disputes is completely unfair.

Xenus 26-Apr-2011 23:18

Since the severity of the situation and such. Hoever it was they will likely find out through the FBI and such the issue is can they do anything to them. If they trace it back to China it doesn't matter a damn bit that they know who is at fault.

Sinistar 26-Apr-2011 23:28

Here is a letter sent by Sen. Blumenthal of Connecticut to the CEO of SCEA.

Quote:

April 26, 2011

Mr. Jack Tretton
President and CEO
Sony Computer Entertainment America
919 East Hillsdale Boulevard
Foster City, CA USA 94404

Dear Mr. Tretton:

I am writing regarding a recent data breach of Sony's PlayStation Network service. I am troubled by the failure of Sony to immediately notify affected customers of the breach and to extend adequate financial data security protections.

It has been reported that on April 20, 2011, Sony's PlayStation Network suffered an "external intrusion" and was subsequently disabled. News reports estimate that 50 million to 75 million consumers many of them children access the PlayStation Network for video and entertainment. I understand that the PlayStation Network allows users to store credit card information online to facilitate the purchasing of content such as games and movies through the PlayStation Network. A breach of such a widely used service immediately raises concerns of data privacy, identity theft, and other misuse of sensitive personal and financial data, such as names, email addresses, and credit and debit card information.

When a data breach occurs, it is essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised. Additionally, PlayStation Network users should be provided with financial data security services, including free access to credit reporting services, for two years, the costs of which should be borne by Sony. Affected individuals should also be provided with sufficient insurance to protect them from the possible financial consequences of identity theft.

I am concerned that PlayStation Network users' personal and financial information may have been inappropriately accessed by a third party. Compounding this concern is the troubling lack of notification from Sony about the nature of the data breach. Although the breach occurred nearly a week ago, Sony has not notified customers of the intrusion, or provided information that is vital to allowing individuals to protect themselves from identity theft, such as informing users whether their personal or financial information may have been compromised. Nor has Sony specified how it intends to protect these consumers.

PlayStation Network users deserve more complete information on the data breach, as well as the assurance that their personal and financial information will be securely maintained. I appreciate your prompt response on this important issue.

Sincerely,

/s/

Richard Blumenthal
United States Senate


All times are GMT +1. The time now is 14:33.

Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.