The W
Views: 135529547
Main | FAQ | Search: Y! / G | Color chart | Log in for more!
20.8.11 0039
The 7 - Video Games - PSN hacked?
This thread has 35 referrals leading to it
Register and log in to post!
Pages: Prev 1 2 3 4 5 6 Next(68 newer) Next thread | Previous thread
User
Post (106 total)
Mr. Boffo
Scrapple
Level: 119

Posts: 3456/3844
EXP: 18448763
For next: 480583

Since: 24.3.02
From: Oshkosh, WI

Since last post: 1848 days
Last activity: 1809 days
#21 Posted on 28.4.11 1259.50
Reposted on: 28.4.18 1302.19
I'm going to guess "stolen laptop that stupidly had all customer data on it".
wmatistic
Andouille
Level: 92

Posts: 2017/2190
EXP: 7469965
For next: 287002

Since: 2.2.04
From: Austin, TX

Since last post: 514 days
Last activity: 398 days
AIM:  
#22 Posted on 28.4.11 1352.49
Reposted on: 28.4.18 1357.09
    Originally posted by Mr. Boffo
    I'm going to guess "stolen laptop that stupidly had all customer data on it".


I dunno, you would think a company as big as Sony would have policy in place to have all laptop drives encrypted to prevent such issues.

Then again it is Sony.
Mike Zeidler
Pepperoni
Level: 69

Posts: 611/1117
EXP: 2867029
For next: 2729

Since: 27.6.02

Since last post: 1468 days
Last activity: 121 days
#23 Posted on 28.4.11 1422.44
Reposted on: 28.4.18 1422.57
Like the Dept. of Veterans' Affairs?

http://www.govexec.com/dailyfed/0506/052206d1.htm


dMp
Knackwurst
Level: 106

Posts: 2195/2961
EXP: 12554722
For next: 117262

Since: 4.1.02
From: The Hague, Netherlands (Europe)

Since last post: 7 hours
Last activity: 7 hours
#24 Posted on 29.4.11 0406.47
Reposted on: 29.4.18 0407.08
http://bits.blogs.nytimes.com/2011/04/28/hackers-claim-to-have-playstation-users-card-data/

from the article:
“Sony is saying the credit cards were encrypted, but we are hearing that the hackers made it into the main database, which would have given them access to everything, including credit card numbers,” said Mathew Solnik, a security consultant with iSEC Partners


Btw, the 'moving to a better secured location' sounds to me like someone just walked into the building and just sat down behind a terminal with possibly less security like you'd hope there to be. Or an inside job.

Oliver
Scrapple
Level: 133

Posts: 4165/5007
EXP: 27224475
For next: 628265

Since: 20.6.02

Since last post: 1267 days
Last activity: 1261 days
#25 Posted on 1.5.11 0233.21
Reposted on: 1.5.18 0233.39
Sony is suggesting that PSN will be back in some form by Tuesday...providing it's secure. (playstationlifestyle.net)

Fingers crossed...
yamcharulez
Mettwurst
Level: 30

Posts: 26/165
EXP: 165120
For next: 751

Since: 6.1.02
From: chicago

Since last post: 111 days
Last activity: 5 days
#26 Posted on 1.5.11 1030.09
Reposted on: 1.5.18 1030.11
they held a press conference this morning the short of it is

* Still no evidence that PSN credit card data was obtained but cannot be ruled out
* Sony to provide free selected software downloads in “Welcome Back” program. 30 days of free PlayStation Plus access to new and existing members, and 30 days of free Qriocity service
* Sony will appoint Chief Information Security Officer
* PSN back up “this week”, PS3 to have forced system update that requires password change before login

So we get 30 days of ps+ something that if we dont have anything we get from it is gone at the end of that 30 days?
thecubsfan
Scrapple
Moderator
Level: 146

Posts: 3633/6181
EXP: 37942283
For next: 571103

Since: 10.12.01
From: Aurora, IL

Since last post: 5 hours
Last activity: 5 hours
#27 Posted on 1.5.11 1141.46
Reposted on: 1.5.18 1141.52
They suggested there will be free downloads in addition to the free Plus service.


    Because the freebie content will be different by region, Sony was hesitant to put a price on it, but Hirai estimated "a few thousand yen" worth of free downloads. So like $20-25 or so?


Though I'd rather cash (or even credit) rather than free avatars and backgrounds, or add ons to specific games I don't own.

Other stuff I found interesting:


    Sony guesses that hackers got into the network through an "application server," through which they were then able to get into the database servers and grab data.

    ...

    The vulnerability in the web server was a vulnerability known about that particular type of server, one of the execs on stage said.



    A reporter asked what the purpose of the "intrusion" was. Hirai: "For the past month and a half, we've experienced attacks on various Sony systems. We have yet to identify a direct relationship with a group." Speculation about the objective: "We are not in a position to say one way or the other." That same reporter asked if passwords were encrypted. I believe (translation not being perfect) that Hirai said they were not.


Quite dumb. Hopefully a ripple effect is everyone else gettign scared and increasing their security before they're hit themselves.
El Nastio
Banger
Level: 99

Posts: 1631/2501
EXP: 9737931
For next: 262104

Since: 14.1.02
From: Ottawa Ontario, by way of Walkerton

Since last post: 3 days
Last activity: 22 hours
ICQ:  
#28 Posted on 2.5.11 1026.20
Reposted on: 2.5.18 1026.51
It gets better. Click Here (joystiq.com) Sony Online Entertainment shuts down their service temporarily after finding "an issue". For those who don't know, this is what they use for DCU Online.

The hubris of Sony is amazing. After the debacle listed above, SOE goes up and says "oh, we're totally fine and weren't affected.

Oops.

"SCEA PR director Patrick Seybold states in the FAQ that the company is "moving our network infrastructure and data center to a new, more secure location, which is already underway."

The implication is was physical security that caused the PSN hacks. So unless SOE and PSN share the same location, they lied. Again.

Unless they're repealing that and going with the Application Server and poor encryption schemes.


(edited by El Nastio on 2.5.11 1133)
It's False
Scrapple
Level: 145

Posts: 4464/6155
EXP: 37104470
For next: 499702

Since: 20.6.02
From: I am the Tag Team Champions!

Since last post: 152 days
Last activity: 89 days
#29 Posted on 2.5.11 1711.49
Reposted on: 2.5.18 1711.57
    Originally posted by El Nastio
    It gets better. Click Here (joystiq.com) Sony Online Entertainment shuts down their service temporarily after finding "an issue". For those who don't know, this is what they use for DCU Online.

    The hubris of Sony is amazing. After the debacle listed above, SOE goes up and says "oh, we're totally fine and weren't affected.

    Oops.

    "SCEA PR director Patrick Seybold states in the FAQ that the company is "moving our network infrastructure and data center to a new, more secure location, which is already underway."

    The implication is was physical security that caused the PSN hacks. So unless SOE and PSN share the same location, they lied. Again.

    Unless they're repealing that and going with the Application Server and poor encryption schemes.


The follow-up word is that Sony's been hit again through these servers and EVEN MORE credit card numbers have been stolen!


    Following up on this morning's news that Sony Online Entertainment servers were offline across the board, Japanese newspaper Nikkei reports (via BGR) that the company has lost 12,700 customer credit card numbers as the result of an attack. The company apparently took SOE servers offline after learning of the attack last evening, but has yet to issue a statement confirming that customer information has been lost.

    Of the 12,700 total, 4,300 are alleged to be from Japan, while the remainder's origins are unknown. The report also notes that most of the numbers are said to be from expired cards, which Engadget posits could mean this was simply stolen data from an old backup.


Expired cards or not, this is still a pretty big deal. The FBI needs to move faster, because a lot of people stand to get their lives wrecked if their credit card numbers get sold to the highest bidder.
thecubsfan
Scrapple
Moderator
Level: 146

Posts: 3640/6181
EXP: 37942283
For next: 571103

Since: 10.12.01
From: Aurora, IL

Since last post: 5 hours
Last activity: 5 hours
#30 Posted on 4.5.11 1108.56
Reposted on: 4.5.18 1110.04
Headlines that are always a bad sign for you (and your stockholders)



The new bit here:


    Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack.

    We discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named “Anonymous” with the words “We are Legion.”


That somewhat explains the sequence of events: someone notices that file on the server -> sirens go off, someone hits a big red button to turn off the servers -> logs are analyzed for days -> uh oh.

Though, I could've sworn both Sony and Anonymous said they weren't responsible prior.

Edit: the actual letter is worth reading. They clarify that the Anonymous file was actually found on one of the SOE servers - the more recent breach. The actual triggering event was computers rebooting on their own, which led them to look at logs and find out data was being transferred out.

The letter makes it very clear that Sony believes Anonymous is responsible. Their denial of service attacks were a diversion from the data theft; Sony's not sure if Anonymous was part or aware of the theft, but emphasizes them as part of the problem and pushes for stronger laws against these sorts of groups (above and beyond their own data protection.)

(edited by thecubsfan on 4.5.11 1119)
Reverend J Shaft
Toulouse
Level: 72

Posts: 955/1229
EXP: 3205315
For next: 118463

Since: 25.6.03
From: Home of The Big House

Since last post: 132 days
Last activity: 3 days
#31 Posted on 4.5.11 1359.16
Reposted on: 4.5.18 1359.23

Thanks for the link - it was worth reading. It says in one part:
    Originally posted by the letter
    Sony Network Entertainment America is committed to helping its customers protect their personal data and will offer its U.S. account holders complimentary identity theft protection services.

WTF does this mean? You're gonna compensate me if someone has stolen my card number and cleaned out my account? You're gonna offer enhanced security measures to make sure no one steals my info going forward? If they're anything like your previous security measures, I'll pass, thanks.

I'd settle for just knowing if I've stored my card number with PSN or not because I can't recall if I've used it on there before, but all of my various e-mails have gone without a response. Maybe I'll just log on to PSN and see if my info is....OH WAIT!

    Originally posted by the letter
    Central components of the "Welcome Back" program will include:

    -All consumers coming back to the PlayStation Network will be provided with 30 days of free membership in the PlayStation Plus premium subscription service.


Wow! 30 days! They must be really apologetic about this.
/sarcasm
BoromirMark
Potato korv
Level: 57

Posts: 656/691
EXP: 1400780
For next: 85157

Since: 8.5.02
From: Milan-Ann Arbor, MI

Since last post: 1224 days
Last activity: 1224 days
AIM:  
#32 Posted on 4.5.11 1434.10
Reposted on: 4.5.18 1434.23
Not to divert any of the deserved criticism about Sony's incompetence, but I'd like to see this level of vitriol and cynicism focused on the hackers and pirates who are the ones who committed the crime and now hold many people's financial information hostage.
Scottyflamingo
Bratwurst
Level: 70

Posts: 441/1423
EXP: 2929944
For next: 85882

Since: 23.6.10
From: Auburn, AL

Since last post: 1858 days
Last activity: 1587 days
#33 Posted on 4.5.11 1532.06
Reposted on: 4.5.18 1532.27
    Originally posted by BoromirMark
    Not to divert any of the deserved criticism about Sony's incompetence, but I'd like to see this level of vitriol and cynicism focused on the hackers and pirates who are the ones who committed the crime and now hold many people's financial information hostage.


This.
wmatistic
Andouille
Level: 92

Posts: 2021/2190
EXP: 7469965
For next: 287002

Since: 2.2.04
From: Austin, TX

Since last post: 514 days
Last activity: 398 days
AIM:  
#34 Posted on 4.5.11 1619.16
Reposted on: 4.5.18 1620.14
Sure I blame the hackers, but right now I've got no clue who they were. All I do know is that Sony SHOULD have had security in place to prevent this from ever happening. Not to mention the fact that they still haven't been able to figure out what was taken or correct the problem and get the systems back up. That tells me there are some seriously incompetant people I've been trusting my info with in the first place. No way in the world they should still be so confused about what took place or how to fix it.
thecubsfan
Scrapple
Moderator
Level: 146

Posts: 3645/6181
EXP: 37942283
For next: 571103

Since: 10.12.01
From: Aurora, IL

Since last post: 5 hours
Last activity: 5 hours
#35 Posted on 5.5.11 1012.56
Reposted on: 5.5.18 1013.09
Anonymous (or someone claiming to be) responds, says they've got no history of stealing credit card information and corporate/government officials have been trying frame them for a while.

Essentially, it boils down to "maybe they hacked themselves so they could get us out of the way".
Leroy
Boudin blanc
Level: 96

Posts: 1941/2334
EXP: 8761561
For next: 227258

Since: 7.2.02

Since last post: 1025 days
Last activity: 1025 days
#36 Posted on 5.5.11 1151.28
Reposted on: 5.5.18 1151.35
    Originally posted by wmatistic
    All I do know is that Sony SHOULD have had security in place to prevent this from ever happening.


Yeah - given that the security hole was something already known about, it's akin to driving into a bad neighborhood and leaving your car parked with the keys in the ignition. It's kind of amazing this didn't happen sooner.

    Originally posted by wmatistic
    Not to mention the fact that they still haven't been able to figure out what was taken or correct the problem and get the systems back up.


I don't think this is the case. If they're moving their entire facility and rebuilding everything from scratch (or a close proximity thereto), I think it's safe to say they're not taking any chances with regards to security and thoroughly testing all of their systems.

You know... doing everything they should've done BEFORE taking and storing credit card numbers.

Edit: And just to hammer the point home...

Purdue University's Dr. Gene Spafford tells Congressional Subcommittee that the PlayStation Network's security was outdated--and Sony was aware of it. (gamespot.com)


    "On a few of the security mailing lists that I read, there were discussions that individuals who work in security and participate in the Sony Network had discovered several months ago, while they were examining the protocols on the Sony Network to examine how the games worked, they had discovered that the [PlayStation] Network servers were hosted on Apache Web servers--that's that form of software. But they were running on very old versions of Apache software that were unpatched and had no firewall installed, and so these were potentially vulnerable. They had reported these in an open forum that was monitored by Sony employees, but had seen no response and no change or update to the software. … [And] that was two to three months from when the break-ins occurred."



(edited by Leroy on 5.5.11 1445)
thecubsfan
Scrapple
Moderator
Level: 146

Posts: 3651/6181
EXP: 37942283
For next: 571103

Since: 10.12.01
From: Aurora, IL

Since last post: 5 hours
Last activity: 5 hours
#37 Posted on 6.5.11 1457.55
Reposted on: 6.5.18 1458.06
Day 16(?)

People in the US will be offered one free year of Allclear ID Plus identity monitoring. Codes are being sent out (hope your PSN email is correct) and you'll have until June 18th to sign up. That probably means they're not expecting the codes to be all out for another couple weeks. They're still working on it for elsewhere.

There's also another official apology, explaining their side


    I know some believe we should have notified our customers earlier than we did. It’s a fair question. As soon as we discovered the potential scope of the intrusion, we shut down the PlayStation Network and Qriocity services and hired some of the best technical experts in the field to determine what happened. I wish we could have gotten the answers we needed sooner, but forensic analysis is a complex, time-consuming process. Hackers, after all, do their best to cover their tracks, and it took some time for our experts to find those tracks and begin to identify what personal information had — or had not — been taken.

    ..

    In the last few months, Sony has faced a terrible earthquake and tsunami in Japan. But now we are facing a very man-made event – a criminal attack on us — and on you — and we are working with the FBI and other law enforcement agencies around the world to apprehend those responsible.
Mr. Boffo
Scrapple
Level: 119

Posts: 3460/3844
EXP: 18448763
For next: 480583

Since: 24.3.02
From: Oshkosh, WI

Since last post: 1848 days
Last activity: 1809 days
#38 Posted on 6.5.11 1521.50
Reposted on: 6.5.18 1521.55
Comparing an earthquake that killed at least 18,000 people to releasing a product with poor security that got hacked takes real balls. Congratulations Sony on continuing to say the wrong thing.
thecubsfan
Scrapple
Moderator
Level: 146

Posts: 3654/6181
EXP: 37942283
For next: 571103

Since: 10.12.01
From: Aurora, IL

Since last post: 5 hours
Last activity: 5 hours
#39 Posted on 8.5.11 1629.22
Reposted on: 8.5.18 1629.23
Some Anonymous members say "yea, some of us probably did it." I suspect there will be multiple new groups representing the true intents of Anonymous by the end of the month.

ETA on a PSN return has gone from Tuesday to this week to uh we don't know.
thecubsfan
Scrapple
Moderator
Level: 146

Posts: 3667/6181
EXP: 37942283
For next: 571103

Since: 10.12.01
From: Aurora, IL

Since last post: 5 hours
Last activity: 5 hours
#40 Posted on 14.5.11 1835.51
Reposted on: 14.5.18 1835.53
Progress? 3.61 is up for mandatory update. All it appears to be is the promised forced password change.

The network is not up, but this is a smart move: even with all the trouble and wariness of using the service, the first day the PSN is back on will blow away any bandwidth record they have. People will be grabbing weeks of delayed game updates, DLC, and whatever else all at once. Best to stagger what they can.
Pages: Prev 1 2 3 4 5 6 NextThread ahead: 2011
Next thread: Wii releases: week of June 6, 2011
Previous thread: E3 '11: Sony Press Conference
(68 newer) Next thread | Previous thread
Related threads: PS3 Releases: week of April 18, 2011 - PS3 Releases: week of April 11, 2011 - PS3 Releases: week of April 4, 2011 - More...
The 7 - Video Games - PSN hacked?Register and log in to post!

The W™ message board - 7 year recycle

ZimBoard
©2001-2018 Brothers Zim
This old hunk of junk rendered your page in 0.576 seconds.