Support NeoGAF

[Psychotext]

Also, I hope you annihilate your Facebook account into orbit. Right now. If you have been using FB for the past few years, then hahahahaha!

You do realise that some of us don't enter competitions online and don't use facebook etc right? Some of us really do care about our personal data.

 

[aristotle]

There is no question thay they are at fault. They are collecting personal data so the burden falls on them to secure it properly. What is still unknown is whether there was negligence on their end (i.e. storing pw data in clear text) or did they have things secured as well as could be reasonably expected and the hackers were still able to obtain access.

They can't be at fault if they aren't negligent. If someone found a new security hole that they had no idea about, Sony protected their information as best as they could. That would make them not at fault or negligent.

You can't blame a car maker for producing a car that has a faulty airbag only after 20 years of use when that said car company only tested the car for 5 years based on federal regulations. That would mean if any company or product has a fault 10, 20, 50 years down the road the company would be at fault. It would outside their area to test.

As I've said before, no one knows the facts. People who act like they do are only spreading more FUD, assumptions, and uncertainty. Wait for outside investigations (which are coming) before you say who is at fault. The truth will come out. Until then, I for one will not be calling for Sony's fault unless it's proven they were actually at fault. I don't see why that is so hard to understand.

 

[Oozinator]

oh please, changing your credit card # is not a big deal and it's better to be safe than sorry..

all the cc plastic that is going to the trash is bad for the environment

 

[Wrestlemania]

Last year in the UK, there were 89,000 incidents of identity theft. That is roughly the same number that died from heart disease, the biggest killer.

Incredible.

 

[ghst]

To those who are worried over 'identity theft', please kill yourself now.

If you have ever entered in a free competition of some kind or to simply get some 'free shit' by online referrals, then your details are already compromised. These companies are more interested with your details than to give you away products. Then there are also sites which can scan your browser history, the sites you have been to. They can figure out a lot about you - What bank you use, your birthday, you even your dogs name. And thus your 'secret question' answer can quickly be compromised.

A lot of web services are not well protected against intrusion. There are heaps of tools which can be utilised. Keyloggers, trojans, rootkits.

So some people have your name, address, and date of birth. Big fucking deal. I know the names, addresses and dates of birth of many people. It's so easy for me to commit 'identity fraud'.



Also, I hope you annihilate your Facebook account into orbit. Right now. If you have been using FB for the past few years, then hahahahaha!

you should go ahead and post all your personal details, including your mother's maiden name and credit card details on here as a mark of confidence.

 

[expy]

it's a pretty insane speculation

99.9% of this thread is pretty much that too.

Damn, I knew it. It's my own fault that my data got stolen from Sony.

Not totally but partially.

 

[Linkified]

Right re-read the blog post, the way they make it sound is that 'The Entity' went back to the user account databases multiple times, so one would think that:

1)'The Entity' gained access and compromised some accounts to make sure various cc numbers were valid.
2)Then went to see how much he would be paid for a few million, sold their details.
3)When they went back for a third time, Sony had pulled PSN UA Servers.

Maybe I'm in denial that my details have been stolen, even though I've taken the necessary precautions.

 

[borghe]

How else did the hackers get the passwords and data?

of course the data was likely clear text.. obtaining passwords could mean anything. they got one way hashes. they got encrypted passwords and a private key, etc. This whole speculation that "sony wouldn't say passwords unless they were clear text" is asinine. If someone downloaded my user database I would have to say they got usernames and passwords, even though they were hashed. likewise, I had credit cards triple encrypted, but if I knew for a fact that the hackers got the three private keys and the encrypted credit cards, obviously I have to say they got the credit cards. Hell, if they even just got the final encryption text, I would STILL probably say they got the credit cards.

 

[offshore]

Release the FACTS when you have them. Not baseless speculation. If Sony didn't have factual knowledge that the systems containing personal information had been breached, it would have been irresponsible to speculate to the consumer that they might have been. Plain and simple.

Well what are Sony doing now? They're speculating right now aren't they?

Sony can't say for sure if CC data was compromised...and can't even say for sure if personal data has been hacked...they only "believe" it has.

So what is the difference between saying that today, and last week, which is what they should have done?

 

[Cheech]

You do realise that some of us don't enter competitions online and don't use facebook etc right? Some of us really do care about our personal data.

Not just that, but typically when you enter a random online contest, you aren't entering every single little piece of info about yourself such as home address and phone number.

One other thing I just remembered, when you sign up for the PSN, you give them your DOB to make sure you're old enough to use the service.

So... yeah. I do not think signing up for a credit monitoring service is an overreaction for anyone who has a PSN account.

 

[expy]

Well what are Sony doing now? They're speculating right now aren't they?

Sony can't say for sure if CC data was compromised...and can't even say for sure if personal data has been hacked...they only "believe" it has.

So what is the difference between saying that today, and last week, which is what they should have done?

They haven't... They're making sure everyone knows what to do in case it did.

 

[chubigans]

I'm gonna laugh if "some services restored in a week" end up being Qrirocity. XD

 

[KAL2006]

To folks who use the same password for PSN as their email address, I suggest you change your password for your email login right now. If hackers know your email login they can view tons of shit like login details for PayPal, other sites like Amazon, hell they would even know your NeoGAF login details (lol).

 

[Chris R]

The card linked to my psn account had fraudulent activity last Thursday to the tune of nearly $1000. Bank corrected everything and sent me a new card. No idea if it is related.

But nothing official yet about what exactly was taken from the maybe column they provided yesterday right?

Hope they get a yea/nay out pretty quick in regards to that

 

[Vorg]

To those who are worried over 'identity theft', please kill yourself now.

If you have ever entered in a free competition of some kind or to simply get some 'free shit' by online referrals, then your details are already compromised. These companies are more interested with your details than to give you away products. Then there are also sites which can scan your browser history, the sites you have been to. They can figure out a lot about you - What bank you use, your birthday, you even your dogs name. And thus your 'secret question' answer can quickly be compromised.

A lot of web services are not well protected against intrusion. There are heaps of tools which can be utilised. Keyloggers, trojans, rootkits.

So some people have your name, address, and date of birth. Big fucking deal. I know the names, addresses and dates of birth of many people. It's so easy for me to commit 'identity fraud'.



Also, I hope you annihilate your Facebook account into orbit. Right now. If you have been using FB for the past few years, then hahahahaha!

omg! :lol I´m still not sure if this is joke post or not but in any case, BRAVO!

 

[mrklaw]

You do realise that some of us don't enter competitions online and don't use facebook etc right? Some of us really do care about our personal data.

in which case you would have different passwords for all your websites, and you wouldn't store CC data online. So you have nothing to worry about.

 

[darkwing]

I'm gonna laugh if "some services restored in a week" end up being Qrirocity. XD

does anyone even uses it??

 

[neorej]

oh please, changing your credit card # is not a big deal and it's better to be safe than sorry..

I don't know where you live, but with my bank it comes down to this:
1) Fill out form to close CC-account
2) send in form
3) get written confirmation about received form about 7 to 9 days later
4) get written confirmation about starting to process request about 3 to 5 days later

--up untill this point any fraud with the CC-info is still very possible--

5) get written confirmation about closed CC-account about 3 to 5 days later
6) fill out and send in form to get new CC-account
7) get written confirmation about received form about 7 to 9 days later
8) get written confirmation about starting to process request about 3 to 5 days later
9) receive confirmation that your request has been processed about 14 to 19 days later
10) receive the new credit card about 4 to 8 days later


Yeah, no hassle at all. Especially when taking into consideration that your old card is useless during this process.

 

[Hanmik]

I'm gonna laugh if "some services restored in a week" end up being Qrirocity. XD

I don´t care.. as long as I get to know what happened to Kratos..

 

[Darren870]

The card linked to my psn account had fraudulent activity last Thursday to the tune of nearly $1000. Bank corrected everything and sent me a new card. No idea if it is related.

On some other boards I go to 2 established members have had their CC also used. They don't know if it was related..

One was a sony store and one was an airline ticket...

 

[gcubed]

The $350 price point is unofficial, but it's clearly being kicked around at Sony HQ.

At any rate, the point is, I stopped doing business with Monoprice once they got hacked and I had to screw around with Amex's fraud department because some asshole charged an airline ticket to the UAE. Then, having to change that card number on a number of bill payment services (including PSN, ironically), which is an even bigger pain in the ass.

This is not one of things things you just blow off and say, "Hey, I'm sure they learned their lesson, here's my new CC#!" and keep going. Having a credit card stolen is a major pain in the ass. Even worse, Sony stores enough info about you so that somebody could take that info and open new charge accounts in your name, essentially stealing your identity.

This is not a fun, breezy troll topic where I say that Black Ops has horrible AA on PS3, and 360 is the definitive platform. Then, you come back and say that the shadows on the 360 are shit, and the PS3's online is free so it's the better platform to buy the game on.

No, this is serious shit, and keeping your personal info away from Sony going forward is the prudent thing to do for at least the next year. And that precludes my purchase of a PSP2, plus any PSN games/DLC. I will do business with game merchants that actually spend money to secure their shit such as Valve, Microsoft, and Amazon.

are you in the US? have you ever tried opening any kind of line of credit without a social security number?

the hysteria and idiocy seeping from this is fun to watch.

 

[darkwing]

I don´t care.. as long as I get to know what happened to Kratos..

woah, Kratos is online??

 

[jmdajr]

To folks who use the same password for PSN as their email address, I suggest you change your password for your email login right now. If hackers know your email login they can view tons of shit like login details for PayPal, other sites like Amazon, hell they would even know your NeoGAF login details (lol).

My email, bank account, and Amazon all have different passwords. Same thing will my computer, router, and wifi encryption.

I do have bullshit passwords for forums and what not.

I also advise having a bank account just for online purchases. I set one up after I was a victim of fraud. Looks like it paid off now that this bullshit happened.

 

[Manmademan]

does anyone even uses it??

I was on my free trial. I like it, its not bad.

 

[BeeDog]

When the Gawker leak occurred, how long did it take before the stuff was leaked on torrent sites (that is, the time between the intrusion and the leak)?

 

[Zoibie]

Right re-read the blog post, the way they make it sound is that 'The Entity' went back to the user account databases multiple times, so one would think that:

1)'The Entity' gained access and compromised some accounts to make sure various cc numbers were valid.
2)Then went to see how much he would be paid for a few million, sold their details.
3)When they went back for a third time, Sony had pulled PSN UA Servers.

Maybe I'm in denial that my details have been stolen, even though I've taken the necessary precautions.

Where in the blog post does it suggest this?

 

[WilyRook]

I also got my email about 12 hours ago. For what it's worth I live in New Yorrr-I mean-Nowhere, Interesting...and I had removed my cc info from psn a while ago. I hope this ends easily enough for all involved 'cept for the hackers or whoever-the-fuck they are; I hope they're stricken blind.

 

[Shao Kahn Brewing a Stew]

When the Gawker leak occurred, how long did it take before the stuff was leaked on torrent sites (that is, the time between the intrusion and the leak)?

Instant. Gawker leak was more of scriptkiddies having fun when they got challenged to prove their hacking worth. This is more organized and preplanned.

 

[jax (old)]

SONY can't win it seems from the way this thread is still going. I'm out. Wake me when PSN is up.

Plus I thought it was big no no to throw out phrases like SDF/defenders etc. Basically, you're dismissing someone else's posts POV by well, throwing around a banned meme; something that is detrimental to discussion

 

[Data West]

US here. Still haven't received an Email...

 

[Philthy]

For mine, you call the 800 # on the back, they verify a few questions, cancel it and send you a new one within a few days. Total of 5 minutes if that.

US here. Still haven't received an Email...

Me either, not in my SPAM either.

 

[Kosmo]

US here. Still haven't received an Email...

i have received 2, so they are going out.

 

[jobber]

When I signed up with XBL back in the last generation I had to have a hotmail account to finish my registration.

this is true.




I gave up on Sony after my console ylod despite me fixing it over and over. I had fun putting the ssf4 ps3 users on blast. I went the homebrew route in order to play a game longer than 2 minutes. I was able to play MvC3 for the first time in over a month longer than 1 match.

 

[snap0212]

And you act like they knew exactly what happened the second it happened. Have you ever worked in IT or are you basing your opinion off of what someone else is saying?

Since you've worked in IT you could probably answer some questions: If Sony took down the whole PSN, how was any hacker supposed to be still on there? That's the only reason why any law enforcement would tell Sony to not tell anyone anything – to make sure they can get more information about the hacker or what's happening. Sony shut down the network completely so no one was able to leave any traces anymore. Why would any law enforcement force Sony to not say anything? That doesn't make any sense at all.

 

[CadetMahoney]

When the Gawker leak occurred, how long did it take before the stuff was leaked on torrent sites (that is, the time between the intrusion and the leak)?

Is that where they leaked personal details in a torrent file for everyone to download?

 

[BeeDog]

Instant.

Really? Wow. Well then, let's hope the PSN stuff won't leak then, seeing as several days have passed and no truly verified breaches have occurred (well, aside from anecdotal card fraud attempts).

 

[iAmMaximus]

Just blocked the 2 cards that were on my PSN account.

This is fucking ridiculous. Ugh...

 

[Mr. B Natural]

You're making the assumption that Sony immediately knew that personal data had been compromised. Perhaps it took them a few days of research before they could conclusively determine whether or not that was the case.

That scenario is even more embarrassing for Sony and scary for the customer. Sony not knowing exactly what's happening to their own network service is what is wowing me more than anything else in this tragedy, even the silence. The silence, while crappy is harmless. Sony losing control this badly that it's taken this long just to figure out what happened?....yeesh.

 

[iapetus]

Really? Wow. Well then, let's hope the PSN stuff won't leak then, seeing as several days have passed and no truly verified breaches have occurred (well, aside from anecdotal card fraud attempts).

If you're doing identity theft properly, then you don't want it to be obvious.

 

[Gaogaogao]

back when the kotaku/ gawker leak happened, I switched to lastpass, I think its seriously the best move Ive ever made

 

[Shao Kahn Brewing a Stew]

Really? Wow. Well then, let's hope the PSN stuff won't leak then, seeing as several days have passed and no truly verified breaches have occurred (well, aside from anecdotal card fraud attempts).

You will never see a leak of this on torrent cause there is money to be earned here while Gawker stuff was just for lulz.

 

[gcubed]

Really? Wow. Well then, let's hope the PSN stuff won't leak then, seeing as several days have passed and no truly verified breaches have occurred (well, aside from anecdotal card fraud attempts).

most times the data doesnt leak to the internet, if the data is valuable its sold. The Gawker data wasn't valuable

 

[darkwing]

Is that where they leaked personal details in a torrent file for everyone to download?

yup

 

[chubigans]

are you in the US? have you ever tried opening any kind of line of credit without a social security number?

the hysteria and idiocy seeping from this is fun to watch.

I know my friends bday and address...I should see if I can get that $10k line of credit I've been wanting.

Yes it's bad that this data leaked out, yes you should take all the precautions necessary including getting new cards, but man are there some crazy theories floating around in here. I don't think a lot of people know what taking out a loan/identity theft/credit card applications really entails.

 

[Wrestlemania]

I don't know where you live, but with my bank it comes down to this:
1) Fill out form to close CC-account
2) send in form
3) get written confirmation about received form about 7 to 9 days later
4) get written confirmation about starting to process request about 3 to 5 days later

--up untill this point any fraud with the CC-info is still very possible--

5) get written confirmation about closed CC-account about 3 to 5 days later
6) fill out and send in form to get new CC-account
7) get written confirmation about received form about 7 to 9 days later
8) get written confirmation about starting to process request about 3 to 5 days later
9) receive confirmation that your request has been processed about 14 to 19 days later
10) receive the new credit card about 4 to 8 days later


Yeah, no hassle at all. Especially when taking into consideration that your old card is useless during this process.

Wow. Get a better bank.

 

[dude]

To those who are worried over 'identity theft', please kill yourself now.

If you have ever entered in a free competition of some kind or to simply get some 'free shit' by online referrals, then your details are already compromised. These companies are more interested with your details than to give you away products. Then there are also sites which can scan your browser history, the sites you have been to. They can figure out a lot about you - What bank you use, your birthday, you even your dogs name. And thus your 'secret question' answer can quickly be compromised.

A lot of web services are not well protected against intrusion. There are heaps of tools which can be utilised. Keyloggers, trojans, rootkits.

So some people have your name, address, and date of birth. Big fucking deal. I know the names, addresses and dates of birth of many people. It's so easy for me to commit 'identity fraud'.



Also, I hope you annihilate your Facebook account into orbit. Right now. If you have been using FB for the past few years, then hahahahaha!

I'm a little ashamed that my sarcastic post wasn't as good as the real thing.

 

[Cheech]

are you in the US? have you ever tried opening any kind of line of credit without a social security number?

the hysteria and idiocy seeping from this is fun to watch.

If I have your name, address, and DOB, I have all I need to make a state ID (driver's) which a bank will take in lieu of a SSN.

Sorry chief. This is no bullshit.

I know my friends bday and address...I should see if I can get that $10k line of credit I've been wanting.

Yes it's bad that this data leaked out, yes you should take all the precautions necessary including getting new cards, but man are there some crazy theories floating around in here. I don't think a lot of people know what taking out a loan/identity theft/credit card applications really entails.

I have bought many cars, several houses, had dozens of credit cards, and many bank accounts. Your SSN makes these things easier, but you can do them without, with the exception of a mortgage.

 

[borghe]

Well what are Sony doing now? They're speculating right now aren't they?

Sony can't say for sure if CC data was compromised...and can't even say for sure if personal data has been hacked...they only "believe" it has.

no, they said that the hackers had access to this data. they didn't say it was stolen or sold or any such. they said that the hackers had access to it. they also did say that they had no reason to believe hackers had access to cc data, but just to be safe.

So what is the difference between saying that today, and last week, which is what they should have done?

because last week they didn't have a security audit showing the path the hackers took while wandering around their systems.

 

[lol51]

I don't know where you live, but with my bank it comes down to this:
1) Fill out form to close CC-account
2) send in form
3) get written confirmation about received form about 7 to 9 days later
4) get written confirmation about starting to process request about 3 to 5 days later

--up untill this point any fraud with the CC-info is still very possible--

5) get written confirmation about closed CC-account about 3 to 5 days later
6) fill out and send in form to get new CC-account
7) get written confirmation about received form about 7 to 9 days later
8) get written confirmation about starting to process request about 3 to 5 days later
9) receive confirmation that your request has been processed about 14 to 19 days later
10) receive the new credit card about 4 to 8 days later


Yeah, no hassle at all. Especially when taking into consideration that your old card is useless during this process.

or you could

1) Call number on back of card
2) Explain card info has been compromised
Your old card will be deactivated... A new card will be issued free with a new number
3) Wait 5 to 7 business days for new card.

The way you explained actually has an impact on your credit score.

 

[Psychotext]

in which case you would have different passwords for all your websites, and you wouldn't store CC data online. So you have nothing to worry about.

Except for the fact that someone now has pretty much all they need to have a good go at identity theft?

It wouldn't even be so bad, but they have one my security questions / responses ffs.