*ren* PSN Down, Customer Info Compromised

[thop]

This is living.

 

[AlNom]

erm... Just a side-thought... would there be any impact regarding the Facebook integration

 

[digitalwanderer]

No, but was today really the day to launch their tablets boasting their online services?

Like I said, did they do ANYTHING right?

 

[Scott_Arm]

erm... Just a side-thought... would there be any impact regarding the Facebook integration

If you used the same email address and password, I'd be changing that ASAP. I've been scouring the millions of online accounts I have, looking for places where I used the same password.

 

[jonabbey]

I would really, really, really love to see a post-mortem on this, but I expect Sony to clam up to try to defend against legal action. ;-/

 

[AlNom]

If you used the same email address and password, I'd be changing that ASAP. I've been scouring the millions of online accounts I have, looking for places where I used the same password.

Yeah, so far I've changed e-mail and password, but I luckily don't keep the same password for facebook as the e-mail. Even then I haven't got much for personal details in Facebook.

 

[makattack]

Good grief, reading this... just simply boggles my mind how badly Sony needs some engineers/architects with just a wee bit of knowledge about sound security practices. Just even a minimal bit of knowledge.

Explains how their PKI implementation was borked from the beginning.

Most companies these days, consider it an automatic terminate offense if a release of customer information was made due to negligence. I don't even know the legal implications.

In other high profile cases, companies have had to offer their customers credit ratings watch services. Dang. This really cheeses me off.

 

[Xenus]

Guys just cause their security was comprimised doesn't mean Sony was negligent in their Security policy. Even the best systems can be broken.

The main issue for now is that they took so long to start sending out emails that the data has been comprimised and that may include CC numbers that is the issue.

 

[mrcorbo]

Guys just cause their security was comprimised doesn't mean Sony was negligent in their Security policy. Even the best systems can be broken.

The main issue for now is that they took so long to start sending out emails that the data has been comprimised and that may include CC numbers that is the issue.

I agree. But this alone is enough to have me royally pissed. I don't even know what e-mail/password/security question I used to sign up for PSN and, of course, can't log in to find out.

Edit: Well, at least I know what e-mail I used now.

 

[Cheezdoodles]

**** YOU SONY.

You should have given this information on day 1. Not a week after the fact. WORST CUSTOMER SERVICE EVER.


Oh well, gonna call the tech guys at the bank tomorrow and see if i need to change the credit card that was used or not. They say that the security code was not comprimised, however if they aren't sure wether or not they obtained our credit card information how the hell do they know if they got the security code or not? (they probably are 100% sure, they just dont want to make things even worse)

 

[JPT]

I would really, really, really love to see a post-mortem on this, but I expect Sony to clam up to try to defend against legal action. ;-/

+1

Maybe get DigitalFoundry on the case?

 

[Cheezdoodles]

I would really, really, really love to see a post-mortem on this, but I expect Sony to clam up to try to defend against legal action. ;-/

Lets do a CLASS ACTION LAWSUIT!!!
Millions of PSN users vs Sony

 

[Nesh]

I wonder if its the "anonymous". If its them, I dont know what to say? Attacking the customer information because geohot and Sony have disputes is completely unfair.

 

[Xenus]

Since the severity of the situation and such. Hoever it was they will likely find out through the FBI and such the issue is can they do anything to them. If they trace it back to China it doesn't matter a damn bit that they know who is at fault.

 

[Sinistar]

Here is a letter sent by Sen. Blumenthal of Connecticut to the CEO of SCEA.

April 26, 2011

Mr. Jack Tretton
President and CEO
Sony Computer Entertainment America
919 East Hillsdale Boulevard
Foster City, CA USA 94404

Dear Mr. Tretton:

I am writing regarding a recent data breach of Sony's PlayStation Network service. I am troubled by the failure of Sony to immediately notify affected customers of the breach and to extend adequate financial data security protections.

It has been reported that on April 20, 2011, Sony's PlayStation Network suffered an "external intrusion" and was subsequently disabled. News reports estimate that 50 million to 75 million consumers – many of them children – access the PlayStation Network for video and entertainment. I understand that the PlayStation Network allows users to store credit card information online to facilitate the purchasing of content such as games and movies through the PlayStation Network. A breach of such a widely used service immediately raises concerns of data privacy, identity theft, and other misuse of sensitive personal and financial data, such as names, email addresses, and credit and debit card information.

When a data breach occurs, it is essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised. Additionally, PlayStation Network users should be provided with financial data security services, including free access to credit reporting services, for two years, the costs of which should be borne by Sony. Affected individuals should also be provided with sufficient insurance to protect them from the possible financial consequences of identity theft.

I am concerned that PlayStation Network users' personal and financial information may have been inappropriately accessed by a third party. Compounding this concern is the troubling lack of notification from Sony about the nature of the data breach. Although the breach occurred nearly a week ago, Sony has not notified customers of the intrusion, or provided information that is vital to allowing individuals to protect themselves from identity theft, such as informing users whether their personal or financial information may have been compromised. Nor has Sony specified how it intends to protect these consumers.

PlayStation Network users deserve more complete information on the data breach, as well as the assurance that their personal and financial information will be securely maintained. I appreciate your prompt response on this important issue.

Sincerely,

/s/

Richard Blumenthal
United States Senate

 

[Scott_Arm]

I wonder if its the "anonymous". If its them, I dont know what to say? Attacking the customer information because geohot and Sony have disputes is completely unfair.

Who cares who it was, really? Sony did a shit job of protecting customer info and did a very shit job of getting on the situation and informing people that their information and finances might have been compromised.

They got the security question too? I have no idea where else I might have used it, if I had one. Not only do I have to check all of my logins and password, I have to check and change all of my security questions. And I can't even log into PSN to know what I'm looking for.

 

[mrcorbo]

I wonder if its the "anonymous". If its them, I dont know what to say? Attacking the customer information because geohot and Sony have disputes is completely unfair.

It could be someone looking to hurt Sony, or it could be someone looking to make a load of cash off of some valuable information. Which do you think is more likely?

 

[mrcorbo]

They got the security question too? I have no idea where else I might have used it, if I had one. Not only do I have to check all of my logins and password, I have to check and change all of my security questions. And I can't even log into PSN to know what I'm looking for.

Yup. Hopefully account management is the first thing they hook back up as they bring the network back online.

 

[Xenus]

If you know anything about network security and IT management all this stuff is encypted and even Sony doesn't know what the question and password is. They don't want to know all they can do when you forget a password or they think it might of been compremised is reset your password to some randomanly generated thing sent you your email. Which will be the likely course of action that when PSN comes up everybody will start getting emails to change their password it has been reset.

 

[Scott_Arm]

It could be someone looking to hurt Sony, or it could be someone looking to make a load of cash off of some valuable information. Which do you think is more likely?

Agreed. Someone is out to make some serious coin and I'm guessing it wasn't a loose collective of dicks on the Internet. More likely it is someone with much better capability of completely fucking people over with identity theft.