Sony says PSN 'intrusion' compromised personal info

[BongoBob]

Update: For those who were asking, Sony has just confirmed to me there is currently no way to determine what password you were/are using on PSN. If you're worried at all, you should probably change your password used across the Internet.

 

Update 2: Regarding rumors Sony may have notified banks days ahead of disclosing today's revelations to the public, I have since contacted customer service representatives at both Bank of America and Chase. I personally have accounts at both financial firms and the representatives claimed to have received no information from Sony about a mass breach of credit information.

 

Update 3: Valve has just told me that anyone who connected their PlayStation Network account to Steam via Portal 2 should not be worried, either.

 

Source: Giant Bomb - Good News: PSN Back (Maybe) Within a Week, Bad News: Everything Else [updated]

 

Sony says PSN 'intrusion' compromised personal info; hopes to have 'some services' back 'within a week'

 

[PSA for PSN users, from your pals at Joystiq: Before you start reading this informative news post, go change every internet password you've ever had. Done? Okay, read on!]

 

Nearly six days in, and Sony has finally sent out an email to the millions of affected PSN users explaining the prolonged downtime, and elaborating on the security implications of the "external intrusion" of the PlayStation Network. The most important new detail: Sony has determined that there has been "a compromise of personal information" as a result of the attack. The second most important new detail: "We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week."

 

So, what did the bad guys manage to steal? Uhh ... just about everything, it seems. Here's what's in the definitely jacked column: "name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID." Our takeaway: you'd better start changing passwords if you use the same one frequently. We'll leave the decision on whether or not to pack your bags and move away up to you.

 

In the possibly jacked column: "profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers." That leaves your credit card information, which ... well, we'll let Sony tell you itself: "If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained." Yikes.

 

Sony provides a bunch of links for consumers to keep an eye on their data. Most important is probably the free credit report services. It also cautions PSN users to change their password when the service is back online. Lastly, while they never directly say as much, we're going to suggest making PSN purchases through other retailers instead of directly on Sony's service. Well, when it works again. But after that, stock up on some PSN points cards from anywhere else.

 

I gotta say, I think Sony is now royally boned at this point.

[Boba Rhett]

Wooooooooow.

 

So Sony online is basically dead at this point, right?

 

 

but hey, it's free, amirite?

 

[Lynk Former]

 

 

EDIT:

 

It gets worse: http://www.joystiq.com/2011/04/26/sonys-failure-to-report-data-breach-incurs-ct-senator-blumentha/

[BongoBob]

Couple updates added thanks to Hermie's retweets.

[RoxStar]

I seriously only signed up for that ****ing thing to get demos. I'm pretty sure I used my most generic internet password for it too. Ugh. Good thing I use different bank passwords.

[Char Ell]

Bad juju for Sony. Bad juju indeed.

[Boba Rhett]

I just heard a rumor that Microsoft just unbanned all of the perma-banned consoles. Ingenious if true. Anyone else hear about this?

[BongoBob]

No news of anything like that on Xbox-Scene, where I occasionally still check up on the 360 homebrew stuff. Sounds like bulls*** to me.

[Darth Groovy]

Rumor around the campfire says It will be up by Wednesday. Hope it is true. I am beyond ready to throw down some action on Mortal Kombat and Socom 4!

[BongoBob]

Rhett, looks like that rumor was semi-correct.

 

Reports: Banned Xbox 360s briefly allowed back on Xbox Live, promptly banned again

 

Reports began swirling Tuesday evening that Xbox Live users with banned Xbox 360 consoles were able to reconnect to Microsoft's online service. Forum users across Xbox.com, Xbox-Scene and NeoGAF claimed to have reconnected banned consoles, though said consoles were unable to download content from Xbox Live, including Marketplace purchases and game updates. As of early this morning, however, Xbox-Scene users are reporting that previously banned consoles have been totally barred from Xbox Live once again.

 

It's unclear just what happened, though Xbox-Scene user DUBiSM noticed Tuesday afternoon that the Xbox Live status page (image above) noted that users could experience problems "creating new Xbox Live accounts, managing those accounts, or recovering an account on a different console." The message has since been changed to warn of Modern Warfare 2 phishing scams.

 

On Twitter, Xbox Live director of policy and enforcement Stephen Toulouse said that all banned consoles are still banned, adding, "you can't trust message boards." For the moment, it would appear that the alleged reconnections were a fluke, though still a fluke that deserves attention given the ongoing drama surrounding the recent attack on Sony's PlayStation Network. We've contacted Microsoft for further comment.

[Lynk Former]

Very interesting...

 

I've heard some people say that Microsoft was testing the security on their own network, others say this may be an attack on Xbox Live.

[Char Ell]

I'm sure y'all fully expected the suits at Sony to get sued and sho' nuff...

Sony Hit With Class Action Lawsuit Over PSN Breach

The Rothken law firm filed the suit in a California district court (the proper place to sue Sony) on behalf of one Kristopher Johns and the other 76,999,999-ish PSN users in the world. It attacks Sony for failing to put proper safeguards in place, which is possibly a breach of the Payment Card Industry Data Security Standard, a set of rules designed to protect consumers from credit card fraud.The suit specifically asks for compensation for the "extra time, effort, and costs" that might have to go into credit monitoring services and replacement.

Whatever happens this PSN security breach will dearly cost Sony.

[BongoBob]

Rumor and facts tonight.

 

Rumor: Sony distributing new security-enhancing SDK to PS3 devs

 

Sony is reportedly making the most of the PlayStation Network's hacker-triggered downtime by providing developers with new security tools to integrate into their games. Gamasutra cites development sources who say that they are being asked to begin using a new version of the PS3 SDK prior to PSN going back online, something that's supposed to happen within the next seven days.

 

Joystiq has reached out to its own development sources in an attempt to confirm this report. If you're a developer with insight into the steps Sony is taking to secure PSN against future security breaches, we'd love to hear from you at tips@joystiq.com.

 

Sony: New PS3 firmware to accompany PSN relaunch, network being physically rebuilt

 

Sony has posted an updated PSN outage FAQ on the PlayStation Blog, and while some information it contains seems to reiterate things we already know -- "some services" will return within a week, you should monitor your credit card(s) -- new details have been brought to light.

 

First off, Sony is "working on a new system software update that will require all users to change their password once PlayStation Network is restored." It's also been confirmed that PSN is being physically rebuilt as a result of last week's intrusion. SCEA PR director Patrick Seybold states in the FAQ that the company is "moving our network infrastructure and data center to a new, more secure location, which is already underway."

 

Also revealed: While "the entire credit card table was encrypted" and there remains "no evidence that credit card data was taken," PSN's personal data table "was not encrypted, but was, of course, behind a very sophisticated security system." Not sophisticated enough, apparently.

[swphreak]

I'm just glad I didn't have a credit card on file with PSN. I did change my password on various important sites (banking, etc), but I still need to change the passwords on everything else.

 

It looks like PSN users will get one free month of Plus, and there should be an email soon with one year free of some kind of identity theft protection, among other things.

 

I hope there's a huge investigation into whether or not Sony was negligent with its security.

[Pho3nix]

I'm just glad I didn't have a credit card on file with PSN.

Yep, same here.

[BongoBob]

I hope there's a huge investigation into whether or not Sony was negligent with its security.

 

Supposedly, PSN was running on unpatched Apache server with no firewall.

 

If this is true, then holy s*** Sony's boned.

[Lynk Former]

This is going to haunt Sony into E3... which makes E3 2011 even more interesting for me. Nintendo revealing their new console to be released in 2012, Sony's PSN crisis and Microsoft keeping quiet...

[leXX]

Sony has pledged to give PlayStation Network subscribers two free games when PSN's down time finally comes to an end.

[Lynk Former]

First it was one, now it's two... I'm taking bets here, who thinks it's three? Or will it be four? Come on, place your bets!

 

I really hope they can get it together before that happens though...

[Kjølen]

Sony's video game department should go bankrupt and get bought by Nintendo.

[Lynk Former]

No, that'd be too disturbing.

[Kjølen]

Final Fantasy games all back on Nintendo. Imagine it.

[Lynk Former]

What difference would it make? Other than having Square Enix releasing FF games on Nintendo's home consoles instead of just their handhelds.

 

Already a lot of FF games on DS, and Dragon Quest has jumped ship to the Nintendo platforms with IX on DS and X said to be on a Nintendo home console (on Wii 2 at this stage).

[Darth Avlectus]

Some words of advice and I wish luck to anyone who may be in some kind of predicament. Some of you here probably know all this stuff I'm about to say; I'm speaking more to others who may not know or who forgot about it.

 

I'm glad I use aliases and different passwords for all my banking but I don't have PSN or XBL. Still, I'd say use a re-loadable student credit card to do this stuff though--soundsl ike an excellent strategy (thank you bob lion54). Fraud by itself might be (relatively) easy enough to stamp out on credit cards but ID theft is a real can of worms. I'm fortunate I have never had it happen but still you gotta watch it like a hawk.

 

Keeping passwords written on paper and hidden is a strategy I use so nothing is stored on my computer. Plus changing passwords and account info is good to keep things moving. A moving target is harder to hit. Oh and do change credit card acct. numbers too.

 

That and make sure other cards and bank acct.s are not opened in your name. By law it is required that you are allowed one free credit report with no obligations per year and I suggest you take advantage of that.

 

Anyway I do hope nobody here on LF has had/will have any ID theft or fraud happen to them. Stay protected and good luck.