Jump to content

Home

Sony says PSN 'intrusion' compromised personal info


BongoBob

Recommended Posts

Update: For those who were asking, Sony has just confirmed to me there is currently no way to determine what password you were/are using on PSN. If you're worried at all, you should probably change your password used across the Internet.

 

Update 2: Regarding rumors Sony may have notified banks days ahead of disclosing today's revelations to the public, I have since contacted customer service representatives at both Bank of America and Chase. I personally have accounts at both financial firms and the representatives claimed to have received no information from Sony about a mass breach of credit information.

 

Update 3: Valve has just told me that anyone who connected their PlayStation Network account to Steam via Portal 2 should not be worried, either.

 

Source: Giant Bomb - Good News: PSN Back (Maybe) Within a Week, Bad News: Everything Else [updated]

 

Sony says PSN 'intrusion' compromised personal info; hopes to have 'some services' back 'within a week'

 

[PSA for PSN users, from your pals at Joystiq: Before you start reading this informative news post, go change every internet password you've ever had. Done? Okay, read on!]

 

Nearly six days in, and Sony has finally sent out an email to the millions of affected PSN users explaining the prolonged downtime, and elaborating on the security implications of the "external intrusion" of the PlayStation Network. The most important new detail: Sony has determined that there has been "a compromise of personal information" as a result of the attack. The second most important new detail: "We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week."

 

So, what did the bad guys manage to steal? Uhh ... just about everything, it seems. Here's what's in the definitely jacked column: "name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID." Our takeaway: you'd better start changing passwords if you use the same one frequently. We'll leave the decision on whether or not to pack your bags and move away up to you.

 

In the possibly jacked column: "profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers." That leaves your credit card information, which ... well, we'll let Sony tell you itself: "If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained." Yikes.

 

Sony provides a bunch of links for consumers to keep an eye on their data. Most important is probably the free credit report services. It also cautions PSN users to change their password when the service is back online. Lastly, while they never directly say as much, we're going to suggest making PSN purchases through other retailers instead of directly on Sony's service. Well, when it works again. But after that, stock up on some PSN points cards from anywhere else.

 

I gotta say, I think Sony is now royally boned at this point.

Link to comment
Share on other sites

Rhett, looks like that rumor was semi-correct.

 

Reports: Banned Xbox 360s briefly allowed back on Xbox Live, promptly banned again

 

Reports began swirling Tuesday evening that Xbox Live users with banned Xbox 360 consoles were able to reconnect to Microsoft's online service. Forum users across Xbox.com, Xbox-Scene and NeoGAF claimed to have reconnected banned consoles, though said consoles were unable to download content from Xbox Live, including Marketplace purchases and game updates. As of early this morning, however, Xbox-Scene users are reporting that previously banned consoles have been totally barred from Xbox Live once again.

 

It's unclear just what happened, though Xbox-Scene user DUBiSM noticed Tuesday afternoon that the Xbox Live status page (image above) noted that users could experience problems "creating new Xbox Live accounts, managing those accounts, or recovering an account on a different console." The message has since been changed to warn of Modern Warfare 2 phishing scams.

 

On Twitter, Xbox Live director of policy and enforcement Stephen Toulouse said that all banned consoles are still banned, adding, "you can't trust message boards." For the moment, it would appear that the alleged reconnections were a fluke, though still a fluke that deserves attention given the ongoing drama surrounding the recent attack on Sony's PlayStation Network. We've contacted Microsoft for further comment.

Link to comment
Share on other sites

I'm sure y'all fully expected the suits at Sony to get sued and sho' nuff...

Sony Hit With Class Action Lawsuit Over PSN Breach

The Rothken law firm filed the suit in a California district court (the proper place to sue Sony) on behalf of one Kristopher Johns and the other 76,999,999-ish PSN users in the world. It attacks Sony for failing to put proper safeguards in place, which is possibly a breach of the Payment Card Industry Data Security Standard, a set of rules designed to protect consumers from credit card fraud.The suit specifically asks for compensation for the "extra time, effort, and costs" that might have to go into credit monitoring services and replacement.
Whatever happens this PSN security breach will dearly cost Sony.
Link to comment
Share on other sites

Rumor and facts tonight.

 

Rumor: Sony distributing new security-enhancing SDK to PS3 devs

 

Sony is reportedly making the most of the PlayStation Network's hacker-triggered downtime by providing developers with new security tools to integrate into their games. Gamasutra cites development sources who say that they are being asked to begin using a new version of the PS3 SDK prior to PSN going back online, something that's supposed to happen within the next seven days.

 

Joystiq has reached out to its own development sources in an attempt to confirm this report. If you're a developer with insight into the steps Sony is taking to secure PSN against future security breaches, we'd love to hear from you at tips@joystiq.com.

 

Sony: New PS3 firmware to accompany PSN relaunch, network being physically rebuilt

 

Sony has posted an updated PSN outage FAQ on the PlayStation Blog, and while some information it contains seems to reiterate things we already know -- "some services" will return within a week, you should monitor your credit card(s) -- new details have been brought to light.

 

First off, Sony is "working on a new system software update that will require all users to change their password once PlayStation Network is restored." It's also been confirmed that PSN is being physically rebuilt as a result of last week's intrusion. SCEA PR director Patrick Seybold states in the FAQ that the company is "moving our network infrastructure and data center to a new, more secure location, which is already underway."

 

Also revealed: While "the entire credit card table was encrypted" and there remains "no evidence that credit card data was taken," PSN's personal data table "was not encrypted, but was, of course, behind a very sophisticated security system." Not sophisticated enough, apparently.

Link to comment
Share on other sites

  • 2 weeks later...

I'm just glad I didn't have a credit card on file with PSN. I did change my password on various important sites (banking, etc), but I still need to change the passwords on everything else.

 

It looks like PSN users will get one free month of Plus, and there should be an email soon with one year free of some kind of identity theft protection, among other things.

 

I hope there's a huge investigation into whether or not Sony was negligent with its security.

Link to comment
Share on other sites

What difference would it make? Other than having Square Enix releasing FF games on Nintendo's home consoles instead of just their handhelds.

 

Already a lot of FF games on DS, and Dragon Quest has jumped ship to the Nintendo platforms with IX on DS and X said to be on a Nintendo home console (on Wii 2 at this stage).

Link to comment
Share on other sites

  • 2 weeks later...

Some words of advice and I wish luck to anyone who may be in some kind of predicament. Some of you here probably know all this stuff I'm about to say; I'm speaking more to others who may not know or who forgot about it.

 

I'm glad I use aliases and different passwords for all my banking but I don't have PSN or XBL. Still, I'd say use a re-loadable student credit card to do this stuff though--soundsl ike an excellent strategy (thank you bob lion54). Fraud by itself might be (relatively) easy enough to stamp out on credit cards but ID theft is a real can of worms. I'm fortunate I have never had it happen but still you gotta watch it like a hawk.

 

Keeping passwords written on paper and hidden is a strategy I use so nothing is stored on my computer. Plus changing passwords and account info is good to keep things moving. A moving target is harder to hit. Oh and do change credit card acct. numbers too.

 

That and make sure other cards and bank acct.s are not opened in your name. By law it is required that you are allowed one free credit report with no obligations per year and I suggest you take advantage of that.

 

Anyway I do hope nobody here on LF has had/will have any ID theft or fraud happen to them. Stay protected and good luck.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...