Support NeoGAF

[larvi]

Yes

Do you have a link? I'm only seeing this which is $14.95/month:

http://www.experian.com/consumer-products/identity-theft-protection.html?pmidSrc=HMNU

 

[Miggytronz]

So i can play Socom by weeks end?

 

[No45]

You have to link your PSN id to your Steam ID before you can register. So no PSN == no linking.

I've been holding out from playing Portal because of this. Not sure if there's a valid reason for my doing this however.

 

[gcubed]

He's talking about creating a fake driver's license with the stolen information. That's why he's said "make" in reference to them three times now.

i apologize, if thats his standard, I can "make" about 300 fake id's just by logging onto my facebook account.

 

[alphaNoid]

I have a hard time seeing how people getting access to your DOB, name, and address is some holy grail of identity theft. I could go on facebook right now and find most peoples DOB and name then google the name to find an address in the white pages. If you're that paranoid you might as well get off the internet.

I think its more of the principal that all of our private information (important or not) was stolen from Sony.

 

[sajj316]

Do you have a link? I'm only seeing this which is $14.95/month:

http://www.experian.com/consumer-products/identity-theft-protection.html?pmidSrc=HMNU

https://www.experian.com/fraud/center.html

 

[Zoe]

Do you have a link? I'm only seeing this which is $14.95/month:

http://www.experian.com/consumer-products/identity-theft-protection.html?pmidSrc=HMNU

That's a monitoring service.

https://www.experian.com/fraud/center.html

 

[Jal]

This Lastpass/keepass business, you have a main password that keeps safe all your other passwords? So if someone hacks that then they have access to ALL your passwords for every account?

 

[Fallout-NL]

Everyone's insured for any dickery with their credit cards, right? At least here in the Netherlands it wouldn't be a real problem I think.

 

[Makoto]

It would be cool if Sony did some massive PSN sale to usher in the relaunch of PSN.

They won't.

 

[larvi]

https://www.experian.com/fraud/center.html

Thanks, seems to be overwhelemed right now. I'll check it out when I'm able to connect.

 

[MurkyZebra2417]

This Lastpass/keepass business, you have a main password that keeps safe all your other passwords? So if someone hacks that then they have access to ALL your passwords for every account?

Its locally stored on your PC, so someone would have to access your PC first, then hack the masterpassword.

 

[gcubed]

This Lastpass/keepass business, you have a main password that keeps safe all your other passwords? So if someone hacks that then they have access to ALL your passwords for every account?

yup. your master password should not be used ANYWHERE and should not be easy or short.

Its locally stored on your PC, so someone would have to access your PC first, then hack the masterpassword.

lastpass is online... which is why i use keypass with dropbox. have your db on your dropbox folder and you can always update it and have access to it from everywhere.

Lastpass you can get a 2 factor authorization if you are that worried

 

[marrec]

I think its more of the principal that all of our private information (important or not) was stolen from Sony.

Also having all that information and associating it with an e-mail address makes social engineering and phishing easier. Social Security Number is the holy grail, but if you have all the other info you can use that as a tool to do all kinds of other dirt.

And yes, a lot of people have all this information on their facebook accounts. These same people are primed for some kind of attack, be it e-mail intrusion via security questions or social engineering. Believe me, Facebook is a fantastic resource for people wanting to steal your identity.

Edit: This is also the kind of info that gets spread all over the internet via a Torrent dump after a certain amount of time, which increases the vectors of attack exponentially.

 

[Nizz]

Nor was Jeremy Clarkson.

Damn :0

 

[epmode]

This Lastpass/keepass business, you have a main password that keeps safe all your other passwords? So if someone hacks that then they have access to ALL your passwords for every account?

I can't speak for Lastpass but that's sort of how it works for KeePass.

The thing to note is that the hacker would first have to get your password database before he can try hacking into it. And there's lots of crazy additional encryption that makes a brute force approach useless (unless the hacker has a few dozen years to waste).

I use KeePass and I love it.

edit: You can even add additional layers of security on top of that master password if you want. You can make it so that the database will only open on your own computer or with a certain USB stick, etc.

 

[gcubed]

Also having all that information and associating it with an e-mail address makes social engineering and phishing easier. Social Security Number is the holy grail, but if you have all the info BUT you can use that as a tool to do all kinds of other dirt.

And yes, a lot of people have all this information on their facebook accounts. These same people are primed for some kind of attack, be it e-mail intrusion via security questions or social engineering. Believe me, Facebook is a fantastic resource for people wanting to steal your identity.

i'm not trying to downplay the leak, its still bad, just trying to clear up some info

 

[larvi]

I can't speak for Lastpass but that's sort of how it works for KeePass.

The thing to note is that the hacker would first have to get your password database before he can try hacking into it. And there's lots of crazy additional encryption that makes a brute force approach useless (unless the hacker has a few dozen years to waste).

I use KeePass and I love it.

Still have to watch out for keylogger trojans though, but I guess if you have one of those a lot of your other passwords would be compromised anyway.

 

[sajj316]

It would be cool if Sony did some massive PSN sale to usher in the relaunch of PSN.

They won't.

It would be nice to get a game or two out of this. I'm sure they will do something to recover from this PR disaster.

 

[Arnie]

I wish there was someway to know which cards were associated with my and my brothers accounts.

Has there been reports of anyone having money stolen yet?

 

[Muerte_X]

My bank (wellsfargo) recommended I just cancel my debit card.

I haven't seen any suspicious activity, but figured I'd just be safe. It only takes a few days to get a new card anyway...

 

[Edag Plata]

So if we don't get an email, we're safe all around?

 

[get2sammyb]

So if we don't get an email, we're safe all around?

If you've got a PSN account, you will get the email.

 

[Edag Plata]

Ahhh, so its only a matter of time...

 

[dreamer3kx]

So the longer nothing happens with anyone's CC info the better?

 

[Salaadin]

Still have to watch out for keylogger trojans though, but I guess if you have one of those a lot of your other passwords would be compromised anyway.

LastPass lets you use an on screen keyboard if you want to further prevent that sort of thing.

 

[The_Darkest_Red]

My bank (wellsfargo) recommended I just cancel my debit card.

I haven't seen any suspicious activity, but figured I'd just be safe. It only takes a few days to get a new card anyway...

Interesting... my Wachovia card was hooked up to my PSN. (Wells Fargo bought Wachovia awhile ago).

I ordered a replacement card about an hour ago though, so I should be fine as far as that goes.

 

[snackman]

credit card info isnt used until months after the event.

 

[dr_octagon]

I wish there was someway to know which cards were associated with my and my brothers accounts.

Has there been reports of anyone having money stolen yet?

someone mentioned this before, if you search your emails with the term DoNotReply@ac.playstation.net - it should show you the purchases and funding method (including any cards)

keep in mind, money may not be taken immediately, it might occur when the dust settles

 

[Seraphis Cain]

So i can play Socom by weeks end?

Bah, who cares? We can't have any video game talk in this thread!

But seriously, we need a separate thread for discussion on how this situation affects gaming.

 

[Jal]

Seems that keepass needs other things for the 2.0 Mac version, Lastpass looks more straightforward. I'll probably just keep them written on a piece of paper, seems to be the safest way.

 

[Sanic]

I had CC info on my account, but I removed it a few months ago. Is it still on there somewhere and just 'deactivated' or some such, or is it really gone? Or is this not known?

 

[marrec]

So the longer nothing happens with anyone's CC info the better?

Not really. It depends on what actually happened, if the CC info was obtained in an encrypted format, and who has it. If it was a small group of people or even an individual than they may be sitting on whatever was obtained until they can find a buyer. If they were smart they wouldn't just starting defrauding people CC accounts willy-nilly.

Hopefully Sony will be able to tell us definitively if our CC info was obtained or not, otherwise it's a crap shoot. They could have your specific CC info for months before selling it to an interested party.

 

[Zoe]

Interesting... my Wachovia card was hooked up to my PSN. (Wells Fargo bought Wachovia awhile ago).

I ordered a replacement card about an hour ago though, so I should be fine as far as that goes.

Did you just tell them that you want a replacement card, or did you ask for a new card?

Cause with the former you won't be getting a new account number.

 

[Cth]

Given all the comments about switching to prepaid cards..

It'll be interesting to see how much sales increase when future NPD numbers are released.

 

[RuGalz]

lastpass is online... which is why i use keypass with dropbox. have your db on your dropbox folder and you can always update it and have access to it from everywhere

Not sure if I'd use dropbox for that sort of usage knowing something like this: http://news.softpedia.com/news/Desi...dly-Discovered-in-Dropbox-Client-194427.shtml

 

[frogg609]

My wife just called me (i'm at work) and her CC called her and asked about a possible fraudulent charge. 250 bucks to Dish Network. Card cancelled, thanks Sony.

 

[The_Darkest_Red]

Did you just tell them that you want a replacement card, or did you ask for a new card?

Cause with the former you won't be getting a new account number.

I think you're right. I recently got a replacement card from AmEx because mine was damaged and it had a different number, I must have confused the two accounts. Not like it really matters anyway because I just checked my email receipts and realized that PSN had my AmEx card stored at one point as well...

Ugh.

 

[borghe]

credit card info isnt used until months after the event.

not true. my card was used within 7-14 days after the monoprice theft was reported. I know it wasn't right away, but it wasn't months either.

regardless, they specifically said that they DON'T think credit card data was accessible. People might want to reign back the hysteria a tad...

Hopefully Sony will be able to tell us definitively if our CC info was obtained or not, otherwise it's a crap shoot. They could have your specific CC info for months before selling it to an interested party.

saying that they don't have evidence that the cc data was accessible I know isn't definitive... but to make that statement AFTER the security audit at least gives me the thought that it's unlikely. I am sure they will release a definitive statement on credit cards.

 

[glow]

Has it been confirmed that all our PSN info is now circulating in a torrent on the net? I just read that on another forum and figured I'd ask the experts here. Not sure what to believe anymore...

 

[marrec]

Has it been confirmed that all our PSN info is now circulating in a torrent on the net? I just read that on another forum and figured I'd ask the experts here. Not sure what to believe anymore...

I haven't seen anything of the sort and by now it would be everywhere if it were the case.

But maybe.

 

[larvi]

LastPass lets you use an on screen keyboard if you want to further prevent that sort of thing.

Interesting, will have to check that out. It's been a while since I've used a pw keeper program, the last one I used was in Win98 and when I converted to WinXP it no longer worked and I had to install Virtual PC running Win98 just to get my pw's out, so I switched to using a pw protected word document which is encrypted.

But I'm not sure how secure a word document's pw is. One advantage to using a word document though is you can name it anything you want and put it anywhere on your hard drive you want so it wouldn't be immediately obvious to someone that pw data is in there, whereas with a dedcated pw keeper you pretty much know what's there and it would make it a target for anyone who stole your pc or hard drive data.

 

[Massa]

Has it been confirmed that all our PSN info is now circulating in a torrent on the net? I just read that on another forum and figured I'd ask the experts here. Not sure what to believe anymore...

The people who stole that information are not going to just put it up on a torrent site, they'll sell it to spammers and other scum.

 

[larvi]

Has it been confirmed that all our PSN info is now circulating in a torrent on the net? I just read that on another forum and figured I'd ask the experts here. Not sure what to believe anymore...

That would be good and bad, the good part is that at least we could see for ourselves what data was in there that was compromised.

 

[blurredvision]

regardless, they specifically said that they DON'T think credit card data was accessible. People might want to reign back the hysteria a tad...

That's not what they said at all:

"While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility."

They didn't make an opinion on whether it was taken or not. They even say:

"...out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."

 

[FirstInHell]

One positive outcome of this is maybe when this info is released people can see what the true count of users that PSN has. I know Sony made some big claims as to the count of their subscriber base.

 

[Rebel Leader]

Yes

direct link to fraud alerts ..

https://www.experian.com/fraud/center.html

should I do it even if I don't have any cards in my name?
(unemployed)

 

[aristotle]

One positive outcome of this is maybe when this info is released people can see what the true count of users that PSN has. I know Sony made some big claims as to the count of their subscriber base.

I don't see how that matters in the slightest, unless you're trolling, going to use said information to troll or trying to turn this into a sales-age thread. :smh

 

[borghe]

That's not what they said at all:

"While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility."

They didn't make an opinion on whether it was taken or not. They even say:

"...out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."

pretty much what I said. they have no evidence. Yeah they added that second part, which is purely worst case scenario... I mean maybe they felt they had to, but such speculation just causes panic.

 

[equap]

cool! my new cc will be here tomorrow thanks to Sony and asshole hackers.