Last edited by a moderator:
*ren* PSN Down, Customer Info Compromised
- Thread starter Cheezdoodles
- Start date
You have no idea how much the Manager/PR speak kills us. OTOH, I can sort of sympathize considering how ignorant the general public can be at times...
deathindustrial
Regular
Just noticed the site that Sony links to from their blog post to explain what a "hash" is:
http://blog.us.playstation.com/2011/05/02/playstation-network-security-update/
On the front page of the infocellar.com site linked to by Sony we have at the top:
That link goes to a page promoting the Pirate Bay. Thanks for the tips Sony!
Cue Nelson Muntz quote. . .
Cheers
http://blog.us.playstation.com/2011/05/02/playstation-network-security-update/
On the front page of the infocellar.com site linked to by Sony we have at the top:
That link goes to a page promoting the Pirate Bay. Thanks for the tips Sony!
Cue Nelson Muntz quote. . .
Cheers
Whoops, would be "great" if a SOE admin had a PSN account and the user info gained from there was used in the SOE hack... Next up Sony banks?
Well, the credit card stuff was actually an old outdated database from 2007. Obviously they should have taken that offline and it is still pretty sad, plus of course the 2.5 million 'regular' details that were apparently accessed.
But yeah, when it rains ... hopefully when its back up it'll be actually secure, because if it gets hacked again, oh boy.
At least now they made sure they'll have someone responsible that they can then fire or something.
But yeah, when it rains ... hopefully when its back up it'll be actually secure, because if it gets hacked again, oh boy.
At least now they made sure they'll have someone responsible that they can then fire or something.
Why have they even got a store of credit card numbers?! Doesn't matter that it's outdated; they shouldn't be keeping that info on record AFAIK. Also 4 years is enough time that some may still be valid.
makaveli87
Newcomer
http://www.japan-guide.com/e/e2282.html
This is another reason PSN is taking so long to get back up. Golden week is the longest consecutive string of holidays in Japan. Four national holidays within a week.
This is another reason PSN is taking so long to get back up. Golden week is the longest consecutive string of holidays in Japan. Four national holidays within a week.
I'm afraid this is likely just a continuation of situations where non-IT experts apply their expertise in specific areas to IT matters that cross over into their domain. Having accountants and physical security experts set operating rules results in situations like this. Perhaps there was a vague requirement my accountants to have "5 years worth of financial information stored..." and this resulted in a poor architectural design where they didn't bother with an offline archival setup. Of course, the engineers are also at fault for not investigating that option, but... I find you really need to start at the top... and need more specifics when you're the one writing the specifications.
Doh! I forgot all about golden week, no wonder the anime schedule is all goofed up...thanks!
But yeah, when it rains ... hopefully when its back up it'll be actually secure, because if it gets hacked again, oh boy.
At least now they made sure they'll have someone responsible that they can then fire or something.
I'd rather they fired someone irresponsible, and kept the responsible ones.
Let's hope the summer chase away the rain, but it's not easy I guess..
Atleast we seemingly know about it much sooner than normal, and can look up on our bank-accounts, I read about several cases where the police adviced companies to not inform the customers before they've finnished investigating, so the criminals wouldn't remove the evidence..
And they're adding more security, wich is normal after cases like this, most companies says they will build a fort knox around the information they collect.
And they shut down the service pretty quick due to data-theft, so hopefully not anyone lost any money.
This stuff is interesting, so I've looked for more information on similar incidents.
Found a few really good websites on:
http://www.privacyrights.org/data-breach/new (searchegine)
databreaches.net (Telling more about individual cases)
Lot's of cases wich I didn't have a clue about.
Just listing a few of computer-related incidents, based on hacking this year, wich is probably affecting people here.
Didn't bother about goverment-, carmanufacturer-, city's, banks and organizations wich have been hacked. - Just computer-buisnesses related to hacking. (Not leaks or physical entry)
Collapsing it, to make message smaller.
April 14, 2011
WordPress
21 million people - mainly a forum and blog tool.
April 2, 2011
Epsilon
Unknown # of people (Handles lots of huge-companies online-marketing, i.e. Target, Best Buy, Walgreens and City Group) - says they didn't loose CC. Only e-mail, and personal info).
Best Buy has also lost customer information another time in a seperate incident this year, Wallgreens last year - where CC might have been lost.
April 1, 2011
iTunes (Apple)
Hack, Unknown # of people affected
(People shop on hacked accounts with other peoples accounts, unkown reason)
February 4, 2011
Twitter, Facebook and PayPal
Unknown # of people affected
(Same Person charged with hacking all three, logging into peoples accounts, and shopping, blackmailing and also charged with cyber-stalking, since many of the victims where celebrities)
January 18, 2011
Discovered the chat logs of 2 people charged of last years hack on Apple I tunes - they used an "account slurper" to conduct a "brute force" attack that lasted five days and extracted data from iPad users who accessed the Internet through AT&T's 3G network.
WordPress
21 million people - mainly a forum and blog tool.
April 2, 2011
Epsilon
Unknown # of people (Handles lots of huge-companies online-marketing, i.e. Target, Best Buy, Walgreens and City Group) - says they didn't loose CC. Only e-mail, and personal info).
Best Buy has also lost customer information another time in a seperate incident this year, Wallgreens last year - where CC might have been lost.
April 1, 2011
iTunes (Apple)
Hack, Unknown # of people affected
(People shop on hacked accounts with other peoples accounts, unkown reason)
February 4, 2011
Twitter, Facebook and PayPal
Unknown # of people affected
(Same Person charged with hacking all three, logging into peoples accounts, and shopping, blackmailing and also charged with cyber-stalking, since many of the victims where celebrities)
January 18, 2011
Discovered the chat logs of 2 people charged of last years hack on Apple I tunes - they used an "account slurper" to conduct a "brute force" attack that lasted five days and extracted data from iPad users who accessed the Internet through AT&T's 3G network.
Last edited by a moderator:
It's only fairly recently that PCI requirements meant that, unless you are a licensed body, you were no longer allowed to store CC numbers either electronically or on paper. You'd be horrified to learn how many 'trusted' institutions store highly personal data such as cc numbers in plain text db files and on public facing servers. I have been doing a lot of pen testing recently on various servers to track code injection exploits and even I was a little shocked by some of the things I found!
Gosh, that helps put things (worryingly) into perspective. Just saw the SOE situation mentioned on the news, where they said 77 million people's account had been hacked. Reality is possibly half that given duplicate accounts and such. No-one was reporting any of these other hacks.
Many media say that the accounts of 77 million members have been compromised which is misleading.. There arent even 77 million PS3's out there. Many of us have multiple accounts. 77 million accounts may be out there but certainly not members. Also is it completely certain that all 77 million account information have been compromised?
How would you rather them count it? They probably went through a very simple check along the lines of how many entries there are in some database instead of doing some kind of manual work to count how many customers there actually are that would be pointless and time consuming.
Similar threads
