The W
Views: 136530369
Main | FAQ | Search: Y! / G | Color chart | Log in for more!
22.9.11 2110
The 7 - Video Games - PSN hacked?
This thread has 35 referrals leading to it
Register and log in to post!
Pages: 1 2 3 4 5 6 Next(97 newer) Next thread | Previous thread
User
Post (106 total)
Oliver
Scrapple
Level: 133

Posts: 4160/5007
EXP: 27302412
For next: 550328

Since: 20.6.02

Since last post: 1301 days
Last activity: 1295 days
#1 Posted on 23.4.11 1345.56
Reposted on: 23.4.18 1345.56
PSN has been down since Wednesday due to a hacker attack.

    Originally posted by Playstation Blog (at blog.us.playstation.com)
    An external intrusion on our system has affected our PlayStation Network and Qriocity services. In order to conduct a thorough investigation and to verify the smooth and secure operation of our network services going forward, we turned off PlayStation Network & Qriocity services on the evening of Wednesday, April 20th. Providing quality entertainment services to our customers and partners is our utmost priority. We are doing all we can to resolve this situation quickly, and we once again thank you for your patience. We will continue to update you promptly as we have additional information to share.
Man, I was really looking forward to playing Modnation Racers or my new NASCAR game online this week for a good chunk of weekend...There's a lot to do in the game outside of the online multiplayer in both games, but this is really an annoyance.

I've had more or less seamless access to PSN since I received my PS3, but I'm wondering if this happens often.

Other news: Seems some downloadable Capcom games won't work without an online PSN connection. (kotaku.co.au)
Promote this thread!
thecubsfan
Scrapple
Moderator
Level: 146

Posts: 3619/6184
EXP: 38075192
For next: 438194

Since: 10.12.01
From: Aurora, IL

Since last post: 4 hours
Last activity: 2 hours
#2 Posted on 23.4.11 1355.00
Reposted on: 23.4.18 1355.34
There has been occasional down time before - often ill timed scheduled maintenance - but this long lasting total shut down has only happened this year, since the war between Sony and the PS3 hackers has fired up.
Spank E
Bockwurst
Level: 53

Posts: 432/587
EXP: 1111434
For next: 45692

Since: 2.1.02
From: Plymouth, UK

Since last post: 31 days
Last activity: 9 hours
#3 Posted on 23.4.11 1631.53
Reposted on: 23.4.18 1631.54
Weirdly, it's let me finish downloads that had started before the downtime and it's also let me download a couple of patches too.
Leroy
Boudin blanc
Level: 96

Posts: 1932/2334
EXP: 8786091
For next: 202728

Since: 7.2.02

Since last post: 1059 days
Last activity: 1059 days
#4 Posted on 23.4.11 1658.11
Reposted on: 23.4.18 1658.25

Anonymous is denying responsibility, but who knows.

While I am generally happy with my PS3, Sony's not making the best decisions with regards to its public relations. I was pretty annoyed to have spent a weekend installing linux on my box only to have that feature removed a month later. And not being able to access Hulu or Netflix for three days isn't exactly endearing me to Sony, regardless of the cause.
Alessandro
Lap cheong
Level: 85

Posts: 1617/1741
EXP: 5677137
For next: 221427

Since: 2.1.02
From: Worcester MA

Since last post: 169 days
Last activity: 14 days
#5 Posted on 25.4.11 1227.37
Reposted on: 25.4.18 1227.38


Yeah, this has been a known "issue" for awhile now ... The really sickening part is that this can affect totally "offline" games (i.e. there is no online component to the game, like "Final Fight", but you still need to be actually connected to the internet in order to play it); horrible decision.
thecubsfan
Scrapple
Moderator
Level: 146

Posts: 3621/6184
EXP: 38075192
For next: 438194

Since: 10.12.01
From: Aurora, IL

Since last post: 4 hours
Last activity: 2 hours
#6 Posted on 26.4.11 0924.44
Reposted on: 26.4.18 0925.02
And they're still down. But perhaps now with a more definite explanation:

    Originally posted by Joystiq

    In a post on Reddit, chesh claims that a CFW known as "Codename: Rebug" had given its users the ability to log into PSN as if they were doing so from a developer console (or "debug unit").

    As a result, chesh contends, this same exploit could allow its users to add funds from "dummy" credit card accounts into their PSN wallets, ostensibly giving them the ability to "unlock" (read: steal) certain PlayStation Store content.

thecubsfan
Scrapple
Moderator
Level: 146

Posts: 3624/6184
EXP: 38075192
For next: 438194

Since: 10.12.01
From: Aurora, IL

Since last post: 4 hours
Last activity: 2 hours
#7 Posted on 26.4.11 1504.24
Reposted on: 26.4.18 1504.36
This is not good!

    Originally posted by Sony

    We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network.

    ...

    Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility.

    ..

    When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.



This is followed by many tips about how to check your credit. This is going to end up very expensively for Sony.

They've brought in an outside firm to check the system's security, which means (my guessing)

  • they suspect it was an in-house job
  • they suspect there might be a backdoor hack to get this date and need someone they trust to look for it.
  • they can't turn it back on until they're sure they're clean.
  • Leroy
    Boudin blanc
    Level: 96

    Posts: 1936/2334
    EXP: 8786091
    For next: 202728

    Since: 7.2.02

    Since last post: 1059 days
    Last activity: 1059 days
    #8 Posted on 26.4.11 1638.22
    Reposted on: 26.4.18 1638.34

    That's just mind-numbingly bad. And they waited almost a week to tell folks about it? Surely, they've known for a while. Wow.

    Sony admits utter PSN failure: your personal data has been stolen (arstechnica.com)
    Scottyflamingo
    Bratwurst
    Level: 70

    Posts: 416/1423
    EXP: 2946545
    For next: 69281

    Since: 23.6.10
    From: Auburn, AL

    Since last post: 1892 days
    Last activity: 1620 days
    #9 Posted on 26.4.11 1730.31
    Reposted on: 26.4.18 1730.39
    I think a year of free Playstation Plus and $100 of PS points will make up for this.
    El Nastio
    Banger
    Level: 99

    Posts: 1619/2502
    EXP: 9770944
    For next: 229091

    Since: 14.1.02
    From: Ottawa Ontario, by way of Walkerton

    Since last post: 6 days
    Last activity: 6 days
    ICQ:  
    #10 Posted on 26.4.11 2329.01
    Reposted on: 26.4.18 2329.01
    As someone who does IT, words cannot describe how catastrophic this is for Sony. This will be the mother of all Karma Houdini routines if they get away with this.
    Oliver
    Scrapple
    Level: 133

    Posts: 4162/5007
    EXP: 27302412
    For next: 550328

    Since: 20.6.02

    Since last post: 1301 days
    Last activity: 1295 days
    #11 Posted on 27.4.11 0802.56
    Reposted on: 27.4.18 0803.02
    Thank GOD I don't have credit card information on there.
    Leroy
    Boudin blanc
    Level: 96

    Posts: 1937/2334
    EXP: 8786091
    For next: 202728

    Since: 7.2.02

    Since last post: 1059 days
    Last activity: 1059 days
    #12 Posted on 27.4.11 1205.01
    Reposted on: 27.4.18 1205.55
      Originally posted by Oliver
      Thank GOD I don't have credit card information on there.


    The credit card isn't really an issue (unless you're using a debit card). We've had local gas stations where people's credit cards numbers were ripped off. It happens, and it's usually just a phone call and an afternoon of updating accounts. Annoying - sure, but resolvable.

    It's the personal info that has me buggered - basically making the culprit one SSN away from taking out credit in my name. It's really inexcusable. And that fact that they STILL DON'T KNOW - after a WEEK - the extent of the compromise means they might never realize the extent of the break in.

    This isn't just a matter of who wasn't minding the store - there were TEAMS of people not minding the store.

    (edited by Leroy on 27.4.11 1222)
    Scottyflamingo
    Bratwurst
    Level: 70

    Posts: 418/1423
    EXP: 2946545
    For next: 69281

    Since: 23.6.10
    From: Auburn, AL

    Since last post: 1892 days
    Last activity: 1620 days
    #13 Posted on 27.4.11 1329.01
    Reposted on: 27.4.18 1329.01
    What pisses me off is that these fucking hackers are supposedly about "freedom" of the user to mod their equipment and do what they want. But they are taking away the ability of other users to play online.
    El Nastio
    Banger
    Level: 99

    Posts: 1620/2502
    EXP: 9770944
    For next: 229091

    Since: 14.1.02
    From: Ottawa Ontario, by way of Walkerton

    Since last post: 6 days
    Last activity: 6 days
    ICQ:  
    #14 Posted on 27.4.11 1449.47
    Reposted on: 27.4.18 1449.57
      Originally posted by Scottyflamingo
      What pisses me off is that these fucking hackers are supposedly about "freedom" of the user to mod their equipment and do what they want. But they are taking away the ability of other users to play online.


    You know who as responsible and if these were their motives?
    John Orquiola
    Scrapple
    Level: 127

    Posts: 2105/4479
    EXP: 23316673
    For next: 409958

    Since: 28.2.02
    From: Boston

    Since last post: 1547 days
    Last activity: 1547 days
    #15 Posted on 27.4.11 1528.50
    Reposted on: 27.4.18 1529.01
    http://www.g4tv.com/thefeed/blog/post/712190/psn-class-action-lawsuit-filed/
    thecubsfan
    Scrapple
    Moderator
    Level: 146

    Posts: 3628/6184
    EXP: 38075192
    For next: 438194

    Since: 10.12.01
    From: Aurora, IL

    Since last post: 4 hours
    Last activity: 2 hours
    #16 Posted on 27.4.11 1825.42
    Reposted on: 27.4.18 1825.48
      Originally posted by El Nastio
        Originally posted by Scottyflamingo
        What pisses me off is that these fucking hackers are supposedly about "freedom" of the user to mod their equipment and do what they want. But they are taking away the ability of other users to play online.


      You know who as responsible and if these were their motives?


    "Anonymous" did take credit for earlier downtime on PSN, but called it off citing the same reasons as Scottyflamingo; their problem was with Sony, not the users. They say they don't have anything to do with this current problem (and it doesn't fit their aims.)

    To get the information that's Sony says has been leaked out, you'd need access to their servers. The recent bit of hacking has allowed users to change how their consoles and accounts are looked at by the server, but they're not getting privileged access to the server, and it wouldn't really make any sense for a console to ever have access to the entire user database. Either Sony did some amazingly bad job of coding (allowing something equivalent to a SQL injection attack?) or it's a different point of entry (which is what I'm still leaning towrads.)
    Leroy
    Boudin blanc
    Level: 96

    Posts: 1938/2334
    EXP: 8786091
    For next: 202728

    Since: 7.2.02

    Since last post: 1059 days
    Last activity: 1059 days
    #17 Posted on 27.4.11 1841.53
    Reposted on: 27.4.18 1842.04
      Originally posted by thecubsfan
      Either Sony did some amazingly bad job of coding (allowing something equivalent to a SQL injection attack?) or it's a different point of entry (which is what I'm still leaning towards.)


    Even so - allowing a single point of entry to have access to an entire 70 million+ user database is still a bad idea - even if they thought (gambled) that they had enough security in front of it that it would never be an issue.
    thecubsfan
    Scrapple
    Moderator
    Level: 146

    Posts: 3629/6184
    EXP: 38075192
    For next: 438194

    Since: 10.12.01
    From: Aurora, IL

    Since last post: 4 hours
    Last activity: 2 hours
    #18 Posted on 27.4.11 1927.35
    Reposted on: 27.4.18 1928.07
    They posted a new Q&A on the PSN blog.


      Q: Was my personal data encrypted?
      A: All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.

      Q: Was my credit card data taken?
      A: While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained. Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network or Qriocity, and is therefore not stored anywhere in our system.


    So it seems like they probably did not get the credit card information and they probably wouldn't be able to unencrypt it if they did, so I'm a little less worried about that. Of course, Sony probably thought getting that far was impossible a couple weeks ago and weren't exactly right about that.

    This was interesting:


      Q: What steps is Sony taking to protect my personal data in the future?
      A: We’ve taken several immediate steps to add protections for your personal data. First, we temporarily turned off PlayStation Network and Qriocity services and, second, we are enhancing security and strengthening our network infrastructure. Moving forward, we are initiating several measures that will significantly enhance all aspects of PlayStation Network’s security and your personal data, including moving our network infrastructure and data center to a new, more secure location, which is already underway. We will provide additional information on these measures shortly.


    That sure seems to put some of the blame on whatever was going on at the old location. It'll be an interesting story, whenever it gets out.

    I like the idea of turning off the system to make it more secure. I can make sure my car isn't using any gas by turning it off, but we're not really getting anywhere that way.

    Elsewhere in post
    - a software update is coming to force everyone to change their password.
    - their hope is to get "some services" up by Tuesday.
    Alessandro
    Lap cheong
    Level: 85

    Posts: 1619/1741
    EXP: 5677137
    For next: 221427

    Since: 2.1.02
    From: Worcester MA

    Since last post: 169 days
    Last activity: 14 days
    #19 Posted on 28.4.11 0814.30
    Reposted on: 28.4.18 0818.49
      Originally posted by Leroy

      It's the personal info that has me buggered - basically making the culprit one SSN away from taking out credit in my name.


    To be fair, that is still a pretty big hurdle for these hackers to overcome (I assume you never posted your SSN in your PSN profile, right?) ... It is an inexcusable breach in security, no doubt, but - from all accounts - it looks like people should be safe as long as (a) all of their PSN transactions were made with pre-paid PSN cards (amazon.com); and (b) they lied about their birthdate when filling out their account info (which is what I always do when signing up for these sorts of things ... what does Sony need to know the exact date of my birth, all they need to be aware of is that I'm over 18).

    El Nastio
    Banger
    Level: 99

    Posts: 1624/2502
    EXP: 9770944
    For next: 229091

    Since: 14.1.02
    From: Ottawa Ontario, by way of Walkerton

    Since last post: 6 days
    Last activity: 6 days
    ICQ:  
    #20 Posted on 28.4.11 1134.12
    Reposted on: 28.4.18 1134.19
    There's zero reason for them to physically change the location of the infrastructure unless there was a physical security flaw, something like re-do their security procedures once people enter the building and how they navigate through the building. Or maybe change their center to being located in the middle of nowhere-land. Or having a better security screening. But you're right Cubs, the turn of phrase they used does seem to denote that they're not blaming the network security of the infrastructure (in that quote), but they're instead blaming the physical location.
    Pages: 1 2 3 4 5 6 NextThread ahead: 2011
    Next thread: Wii releases: week of June 6, 2011
    Previous thread: E3 '11: Sony Press Conference
    (97 newer) Next thread | Previous thread
    Related threads: PS3 Releases: week of April 18, 2011 - PS3 Releases: week of April 11, 2011 - PS3 Releases: week of April 4, 2011 - More...
    The 7 - Video Games - PSN hacked?Register and log in to post!

    The W™ message board - 7 year recycle

    ZimBoard
    ©2001-2018 Brothers Zim
    This old hunk of junk rendered your page in 2.331 seconds.