*ren* PSN Down, Customer Info Compromised

I dont give a **** about their blog. They should contact their customers directly, not assuming that people follow their blog. They haven't exactly been keen on spreading this to the media either

I don't watch much TV but I know it was on 3 news programs as the kids called me (morning, afternoon and evening)
 
Sounds to me like someone got into his email account (dkskribbles, I hope you didn't use the same password on PSN as your email)... why else would he have a trace of that spam message in the "sent mail" container?

This is different from someone modifying a SMTP mailer header to change the reply-to and from fields to use someone elses email address.
The scary thing is, it's not the same password. I don't 100% remember my PSN password, but I'm 100% positive it's not the same as my email. If it is what I think it was, it is pretty similar though.

I've changed my password and I'm gonna monitor my sent folder to make sure this shit stops.
 
To confirm I've received the EU email, so it is just a slow communication. For the record I'm on holiday ATM and spent money on internet access with a view to buying Under Siege, so this PSN outtage actually has a monetray cost for me. Had I known PSN would remain down, I'd have spent less on internet access.

Class action lawsuit, here I come! :p

edit: As for Sony's imcompetance versus defenders, IMO Sony have been almost complete chumps this generation. I regard almost all their choices and actions since PS3's anouncement as negative or benign, with their good stuff only coming after a cock-up. They are nothing like their PS and PS2 hey-day, for whatever reason. This is just the latest of any number of massive failures.
 
I got my (UK) email yesterday and my (JPN) email on Tuesday. I'm not particularly concerned with this as my email is a throw away account fed from a proxy account on a server I manage. I've renewed my card as a precaution. Not because I'm worried about money getting spent but more because my bank will freeze my account at the slightest hint of dodgy dealings.

I find Sony's response, or rather the delay, kind of annoying but if their security has been compromised so thoroughly that they didn't know what had been accessed, and what else did Sony have on those servers? PS4 details, infrastructure records, details of their new security for the PS3?, and at the same time they appear to have suffered hardware failure of some kind or even a direct breach via a data centre staff member. It makes it kind of understandable that they were somewhat reticent about making a statement without knowing the facts.

And though Sony have some very obvious issues with the way in which they handle and store end user data (plain text db's I mean really!?) it isn't their fault this happened. Without the malicious intent of external parties the system would have functioned perfectly well as it was and we would have happily gone on our way. I can only blame the hackers concerned with the attack for the loss of my PSN access. Not Sony. And if they catch whoever did this (not very likely) and if they turn out to be some retard script kiddie running metasploit or some RFP derived code then I hope their identities are made public to the same 77 million accounts that have been deprived of the PSN. Let the gamers work out the justice for them.
 
And though Sony have some very obvious issues with the way in which they handle and store end user data (plain text db's I mean really!?) it isn't their fault this happened. Without the malicious intent of external parties the system would have functioned perfectly well as it was and we would have happily gone on our way. I can only blame the hackers concerned with the attack for the loss of my PSN access. Not Sony. And if they catch whoever did this (not very likely) and if they turn out to be some retard script kiddie running metasploit or some RFP derived code then I hope their identities are made public to the same 77 million accounts that have been deprived of the PSN. Let the gamers work out the justice for them.

That is amazingly poor reasoning. Anyone sensible is understanding of the criminal intent and activity in all walks of life. It's YOUR job to protect yourself from these elements. In respect to a global corporation that holds critical information on millions of users, it's paramount that security come before convenience, budget and functionality. You can play the victim card all day but in the end, the damage is done.

The level of ignorance displayed by Sony in maintaining passwords in clear text is mind boggling. Sony basically ended coming across with "you best to not trust us with your information."
 
It makes it kind of understandable that they were somewhat reticent about making a statement without knowing the facts.

They weren't reticent in shutting down the PSN though, that is for sure, which implies to me they knew quite clearly they were in the midsts of something serious, and something that linked back to and involved their membership. I mean I can understand some people thinking that Sony is getting the heat too hard, but actually apologizing/explaining for them? I don't know.

It's a little ironic also that in this particular case, the defense for the lack of seriousness of this situation and its handling came from someone who quite obviously takes their own net anonymity and ID protection quite seriously. That is all well and good for you and your throw away account, but I use my *real* email addresses, name, etc when I sign up for accounts like these, and I don't think I'm in any sort of minority, know what I'm saying? ;) Maybe if you were down here in 'exposed' land you would view things a little differently wrt Sony's fabulous action times. :)
 
It's a little ironic also that in this particular case, the defense for the lack of seriousness of this situation and its handling came from someone who quite obviously takes their own net anonymity and ID protection quite seriously. That is all well and good for you and your throw away account, but I use my *real* email addresses, name, etc when I sign up for accounts like these, and I don't think I'm in any sort of minority, know what I'm saying? ;) Maybe if you were down here in 'exposed' land you would view things a little differently wrt Sony's fabulous action times. :)

Pretty much this. People tend to use proper information for trusted sources and until last week, I'd assume most people considered PSN to be a trusted source. There was no reason to believe this was some hobby/enthusiast project or a shady company you would think twice about when creating a service account. This is Sony.

The full effects of this won't be immediate for compromised users. Depending on how long before this information is distributed and maliciously used, you could see ongoing reports of identity thefts and hijacks for some time. If a common source for such is prior PSN access, then it'll be an easy association for people, right or wrong.
 
RobertR1 said:
The level of ignorance displayed by Sony in maintaining passwords in clear text is mind boggling. Sony basically ended coming across with "you best to not trust us with your information."


The level of ignorance displayed by posters who believe such nonsense is equally mind-boggling... :rolleyes:

Even in the case of the Gawker breech, the passwords were encrypted (just not salted).
 
The level of ignorance displayed by posters who believe such nonsense is equally mind-boggling... :rolleyes:

Even in the case of the Gawker breech, the passwords were encrypted (just not salted).

Did you read Sony's FAQ?

"Q: Was my personal data encrypted?
A: All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack."





"
 
What happens when the PSN goes back up and they encourage everyone to go in and change their password. At this point, that data is already obtained by the hacking. What's to prevent them from going in and changing the information before you have a chance to?

Even if the people wich did this, do take a chance on doing this, after the security upgrades, it's pretty slim chance that it should be your account they did try with..
Afterall there is 77 million accounts wich might have been stolen, if worst case scenario is true, there still is safety in numbers. :)

I dont give a **** about their blog. They should contact their customers directly, not assuming that people follow their blog. They haven't exactly been keen on spreading this to the media either

Noone is going to contact 77 million people face-to-face directly, that's not realistic to expect.
Toyota didn't do that when they had floormats wich interferred with the braking system on their cars, they contacted their retailers, and media - said the car-model were recalled.

The only contact-information Sony has for you wich they are sure might be correct, is your e-mail address. You may or may not have filled in the correct address, when registering.. You did not fill in your phone number, or credit card information, with your account. So that may be false.

What Sony is doing is sending out e-mails, telling you what might have been stolen from them, and you should be carefull of what you give out, so noone gets the last remaining information.

Sony will not send you any e-mail's asking for your creditcard information, social security or similar, if that happens you are most likely beeing targetted for identity theft.

So I think it's unlikely that there is any kind of e-mail activation.
The safest thing is just to wait and see what happens when you turn on your PS3/PSP with the updated firmwares.:) As well as looking at your bank-account.
 
Just a reminder here:

1) You don't have to have a CC attached to your PSN account.

2) You don't even have to own a Playstation product to have a PSN account.

Tommy McClain
 
The level of ignorance displayed by Sony in maintaining passwords in clear text is mind boggling. Sony basically ended coming across with "you best to not trust us with your information."

The level of ignorance displayed by posters who believe such nonsense is equally mind-boggling... :rolleyes:

Even in the case of the Gawker breech, the passwords were encrypted (just not salted).

Did you read Sony's FAQ?

"Q: Was my personal data encrypted?
A: All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack."

:LOL: God I love irony.
 
Thanks for the link, I really liked this paragraph:

Now until more information is revealed on the technicals, I can only speculate, but I bet Sony's arrogance and misunderstanding of ownership put them in this position. Sony execs probably haughtily chuckled at the idea of threat modeling. Traditionally the trust boundary for a web service exists between the server and the client. But Sony believes they own the client too, so if they just put a trust boundary between the consumer and the client(can't trust those pesky consumers), everything is good. Since everyone knows the PS3 is unhackable, why waste money adding pointless security between the client and the server? This arrogance undermines a basic security principle, never trust the client. It's the same reason MW2 was covered in cheaters, Activision even admitted to the mistake of trusting Sony's client. Sony needs to accept that they no longer own and control the PS3 when they sell it to you. Notice it's only PSN that gave away all your personal data, not Xbox Live when the 360 was hacked, not iTunes when the iPhone was jailbroken, and not GMail when Android was rooted. Because other companies aren't crazy.
 
RobertR1 said:
Did you read Sony's FAQ?

Yes, and reading a PR FAQ isn't necessary for me to know how the PSN works. I'm fairly confident of my knowledge of the workings of the PSN (marketing name) vs. the information of a generalized PR release.
 
Thanks for the link, I really liked this paragraph:

I found it rather amateurish and full of poor assumption. I mean seriously, the PS3 isn't the only PSN client. In fact, considering the knowledge the hacker community has of the various platforms that access the PSN, PS3 one of the poorest ones to use as an attack vector... What happened to the critical thinking skills around here?
 
I found it rather amateurish and full of poor assumption. I mean seriously, the PS3 isn't the only PSN client. In fact, considering the knowledge the hacker community has of the various platforms that access the PSN, PS3 one of the poorest ones to use as an attack vector... What happened to the critical thinking skills around here?

Why is using the PS3 one of the poorest ways to attack PSN? If what he says is true, about PSN trusting the PS3 as a client, more than it should, then his speculation sounds reasonable.
 
Why use a PS3? The PSP does the same shit and is a lot less secure and well known... Shit, why bother with clients at all?
 
Back
Top