Support NeoGAF

[The_Darkest_Red]

Seriously guys, I just got a $100 charge on my AmEx card for gas from a few states away. I've only had this card for a year or so and I don't use it much. I honestly think the CC info has been leaked.

 

[polg]

for those with gmail, turn on 2 step authentication... it's pretty secure/awesome.

 

[Fallout-NL]

http://www.youtube.com/watch?v=Cwn4R_GexLM&feature=youtu.be&hd=1 lol

Pretty awesome.

 

[marc^o^]

I hope it won't scare Nintendo, now they are finally starting to try online a bit more seriously.

 

[Zeliard]

If any of you guys used a gmail account as your PSN login, log into that gmail account and double-check who has accessed it (even if you have diff PW, it doesn't hurt to look).

For those who aren't aware, Google, in a hugely useful touch, logs the IP addresses of everyone who logs into your gmail account within the past 48-72 or so hours. At the bottom you can see the IP of the person who last accessed it, and if you hit "Details" it takes you to a list of recent IP logs. If it isn't matching up with the IPs you recently accessed the account from, you know something could be up.

 

[anonymousAversa]

In the meantime... No reports of CC misuse, am I right? After more than a week it really smells like a demonstration of strength from the hackers.

See below:

It's happening guys. I just got a $100 charge to my AmEx card that was linked to my PSN from somewhere in Illinois. I live in Tennessee. I've only had this card for about a year and I've never had anything like this happen with any of my other accounts.

Also, some other posters have pointed out that it may take a while before the CC information can be sold on the black market and then used. Damn.

 

[Jburton]

Yeah I too am not going to take that Ars article as truth. They were compromised for over a week if they were at all, and after Sony announced this now all of a sudden everyone's got foreign charges? It's like the hackers needed sony's confirmation to realize they had CC info!

Indeed, timing seems suspicious.

Although a lot of people will be over sensitive at this time, which is to be expected.

 

[hooligan]

This will turn out to be a sh*tshow. I don't think this is overblown in the media at all. Quite the opposite. In fact, the consequences of users' COMPLETE personal information being stolen will probably be felt for years. Honestly, the only possible worse scenario would have been if our social security numbers were also stolen. That would basically mean endless nuisance for the rest of your life. For now, you can fully expect about 1000x more spam and phishing in your email accounts, as well as identity theft attempts. See below. Again, from the WSJ:

"Credit card numbers on their own currently trade for as little as 5¢-12¢ on the black market, but complete data including billing address, email addresses and personal information like dates of birth, represent the rich data that allow highly targeted attacks against individuals. This sort of data commands much higher prices—and is much sought after by cyber criminals.

Sony has warned that hackers have been able to access a variety of personal information belonging to users including:

Name
Address (city, state, zip code)
Country
Email address
Date of birth
PlayStation Network/Qriocity password and login
Handle/PSN online ID
In addition, Sony warns that profile information—such as history of past purchases and billing addresses, as well as “secret answers” given to Sony for password security may also have been obtained. Sony also admits that it cannot rule out the possibility that credit card information may also have been compromised."

Hmm ok..that sounds great. Fine I'll just change all my passwords. But umm...well what's all this about identity theft?

"Other measures

With the sort of data compromised it is possible for criminals to commit identity theft and use your details to open bank accounts, take out mobile phone contracts, and even re-direct your mail. Security professionals suggest obtaining a copy of your credit report which should give a complete account of your status as well as any searches against your credit history. U.K. residents can obtain a copy of their credit file from companies such as Equifax, Experian or Callcredit."

So basically, I'm an infinite amount more likely to have my identity stolen and have fraudsters open bank accounts, cable service, apply for mortgages, etc.. in my name. Changing your passwords and cancelling credit cards doesn't help. My only comfort, is the fact that since 70 MILLION accounts were stolen, I only hope my ticket doesn't get punched by the hackers since they have so many to choose from.

Thanks Sony!

 

[darkhunger]

A spare gmail account which was associated with my PSN account that shared the same password was compromised today.

Nothing of value on that account, thankfully google alerted me to the intrusion.


A good reminder to not use one password on every site. I personally use lastpass with random strongpasses for anything important.

Yup... I got an alert this morning on the Yahoo mail account that I use with PSN that they "suspected my email account was compromised".

Was using it last night with no problems, and didn't do anything unusual. And its not an account I usually use either, so its too much of a coincidence.

 

[No45]

Also I recommend enabling 2-step verification if you have a cellphone and use gmail.

Trying to find out if I can expect a charge for this. If it's a standard SMS then it should be covered under contract, but I very much doubt that's the case. :/

EDIT: Just noticed they have an authenticator app.

According to my bank I have to report it as "stolen" to the police to have a new one issued?

That seems crazy. I phoned my bank late last night (~23:00), told them the details, they put me through to the lost and stolen department and they cancelled my current card and issued a new one there and then - expecting the replacement to come tomorrow.

 

[FINALBOSS]

So it took this for Sony to add such features to PSN? Oh Sony.....

...Well they are rebuilding the fucking thing. What better time than now?

 

[Zutroy]

Seriously guys, I just got a $100 charge on my AmEx card for gas from a few states away. I've only had this card for a year or so and I don't use it much. I honestly think the CC info has been leaked.

That seems unlikely to be associated with PSN. If they're got your card details, they're going to use them online, not physically in a store.

 

[Treefingers]

Not sure if it's due to this but I've had my Hotmail account blocked due to suspicious activity or whatever. But I haven't checked it for a few weeks so I can't say it's related.

 

[MoneyLaunderer]

...Well they are rebuilding the fucking thing. What better time than now?

I agree. At least it would give all of us something to "look forward to" when PSN does relaunch. And it would be a nice surprise.

 

[Outtrigger888]

Fuck I forgot what password I used for PSN, I dont think it was my main one. Did psn passwords require numbers?

 

[Captain Tuttle]

Yeah I too am not going to take that Ars article as truth. They were compromised for over a week if they were at all, and after Sony announced this now all of a sudden everyone's got foreign charges? It's like the hackers needed sony's confirmation to realize they had CC info!

Maybe the numbers were compromised weeks ago and now that this story has gone public the criminals are using as many as they can before the cards get turned off.

 

[-Pyromaniac-]

That seems unlikely to be associated with PSN. If they're got your card details, they're going to use them online, not physically in a store.

How do you even use it at a gas station with only the number? lol what kind of weird ass gas stations do you guys have in America. Unless that story is BS.

 

[Professor Beef]

Sony has warned that hackers have been able to access a variety of personal information belonging to users including:

Name
Address (city, state, zip code)
Country
Email address
Date of birth
PlayStation Network/Qriocity password and login
Handle/PSN online ID

If a hacker got me a birthday present, all will be forgiven.

 

[Kyoufu]

Until Sony confirms they're adding new features to the new PSN build, I won't believe some random comment on a site.

 

[kodt]

This is another reason why it is a good idea to use virtual account numbers. I know Discover and Citibank offer this. It will generate a one time use virtual credit card number for you. You make the purchase and then the number is no longer valid.

If it get's stolen, who cares.

 

[UberTag]

<looks at thread>
<sees 10 people all reiterate that anecdotal reports of credit card fraud cases are all fictitious/untrue/result of previous customer incompetence>
<same thing with instances of E-Mail hijacking>
<it's only a coincidence that it's the same PII involved>

Carry on folks.

 

[MoneyLaunderer]

If a hacker got me a birthday present, all will be forgiven.

They'll buy you a PSN card.

 

[RustyNails]

Looks to me like Ars is trying to field an angry mob of sorts.

 

[Spectral Glider]

I changed my card this morning, easy to do and figure it's better than waiting for a bogus charge on it.

Not sure what to do about the other personal info, guess there's not much you can do really.

 

[Vamphuntr]

How do you even use it at a gas station with only the number? lol what kind of weird ass gas stations do you guys have in America. Unless that story is BS.

Well they probably have the machine used to print cards. If they sold the info to experts these guys have the equipment. How do you think cards are cloned?

 

[warpaint]

Question what's the email Sony is sending look like ?

 

[Zutroy]

How do you even use it at a gas station with only the number? lol what kind of weird ass gas stations do you guys have in America. Unless that story is BS.

Exactly. The only way that would be possible is if they had a card writer. And if it was the PSN hacker then they would have just very quickly given themselves away.

 

[KennyLinder]

Question what's the email Sony is sending look like ?

Its the press release BBC had pretty much:



Valued PlayStation Network/Qriocity Customer:

We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:

1) Temporarily turned off PlayStation Network and Qriocity services;

2) Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and

3) Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence that credit card data was taken at this time, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, to be on the safe side we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security, tax identification or similar number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your account statements and to monitor your credit or similar types of reports.

We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at www.eu.playstation.com/psnoutage should you have any additional questions.

Sincerely,
Sony Network Entertainment and Sony Computer Entertainment Teams

Sony Network Entertainment Europe Limited (formerly known as PlayStation Network Europe Limited) is a subsidiary of Sony Computer Entertainment Europe Limited the data controller for PlayStation Network/Qriocity personal data

 

[Professor Beef]

They'll buy you a PSN card.

That would be swell, especially since I have no payment options available to them online.

 

[Psychotext]

I want to compliment FINALBOSS on all of his PR efforts over the last 24 hours. There was a point where he looked like he'd lost it (quoting himself to agree with himself) but he recovered and since then he's been doing his best to spin this all into glorious sunshine and rainbows.

I salute you.

 

[Kyoufu]

Question what's the email Sony is sending look like ?

Same as the announcement on their blog site.

edit: beaten like sony's defences.

 

[mariachi507]

Fuck I forgot what password I used for PSN, I dont think it was my main one. Did psn passwords require numbers?

Yes. Which means I didn't use my usual password.

 

[-Pyromaniac-]

Well they probably have the machine used to print cards. If they sold the info to experts these guys have the equipment. How do you think cards are cloned?

I think that's a bit conspiracy theory-ish in this case but hey anything is possible. Just doesn't sound connected to this incident.

 

[The Lamonster]

Is there a way to see what password I used when I originally set up my PSN account?

 

[pantyhelmet]

It is timely and it only has four panels. I'm calling fake on this one.

i agree, too farfetched!

 

[Adamm]

Yes. Which means I didn't use my usual password.

You dont use numbers in your password? =/

 

[blazinglazers]

That seems unlikely to be associated with PSN. If they're got your card details, they're going to use them online, not physically in a store.

Completely untrue. The easiest way to use your personal information & incomplete credit card info is at remote places with little security. Most online retailers require ALL of your data, including the security code, the one thing that Sony claims wasn't stolen so far. It's easier to use spoofed cards at gas stations, small stores, out of the way business that either don't immediately verify charges, or run charges with limited info.

How do you even use it at a gas station with only the number? lol what kind of weird ass gas stations do you guys have in America. Unless that story is BS.

I don't know how it's done, I just know that it happens. Identity theft is pretty fascinating actually, if you have some of the info and know what you're doing, apparently you can take it pretty far. If you like novels, you should check out Await Your Reply by Dan Chaon; it's an awesome thriller & it details a lot of the scams & techniques.

 

[lol51]

They'll buy you a PSN card.

With your own money.

 

[Kud Dukan]

Seriously guys, I just got a $100 charge on my AmEx card for gas from a few states away. I've only had this card for a year or so and I don't use it much. I honestly think the CC info has been leaked.

I find it hard to believe that the first thing these hackers would do with all these stolen credit card numbers is purchase some gas.

 

[FunnyBunny]

How do you even use it at a gas station with only the number? lol what kind of weird ass gas stations do you guys have in America. Unless that story is BS.

It's incredibly easy and cheap to clone cards as long as you have the account number.

 

[FINALBOSS]

I want to compliment FINALBOSS on all of his PR efforts over the last 24 hours. There was a point where he looked like he'd lost it (quoting himself to agree with himself) but he recovered and since then he's been doing his best to spin this all into glorious sunshine and rainbows.

I salute you.

 

[-Pyromaniac-]

I find it hard to believe that the first thing these hackers would do with all these stolen credit card numbers is purchase some gas.

lol true as well.

 

[Az]

People arleady made a Humble Bundle $0.01 joke?

Ok ok, I won't.

 

[Oozinator]

Looks to me like Ars is trying to field an angry mob of sorts.

you mean preparing an army of class action lawsuit claimants ? That's good for me, I need some cash.

 

[iNvid02]

Completely untrue. The easiest way to use your personal information & incomplete credit card info is at remote places with little security. Most online retailers require ALL of your data, including the security code, the one thing that Sony claims wasn't stolen so far. It's easier to use spoofed cards at gas stations, small stores, out of the way business that either don't immediately verify charges, or run charges with limited info.

yep, there are very few places online which dont need the security code. i think amazon UK dont ask for it for some reason.

 

[Zutroy]

Completely untrue. The easiest way to use your personal information & incomplete credit card info is at remote places with little security. Most online retailers require ALL of your data, including the security code, the one thing that Sony claims wasn't stolen so far. It's easier to use spoofed cards at gas stations, small stores, out of the way business that either don't immediately verify charges, or run charges with limited info.

They'd still need your PIN number.

Spoiler

I realised I've effectively said number twice

 

[Zoibie]

Hmm, so according to the BBC, 'off the record' Sony are saying CC info probably not compromised.

http://www.bbc.co.uk/news/business-13193891

40 seconds in.

 

[-Pyromaniac-]

It's incredibly easy and cheap to clone cards as long as you have the account number.

you seem to know too much about this, sony/fbi contacted. See you in 10-15.

 

[Zeliard]

<looks at thread>
<sees 10 people all reiterate that anecdotal reports of credit card fraud cases are all fictitious/untrue/result of previous customer incompetence>
<same thing with instances of E-Mail hijacking>
<it's only a coincidence that it's the same PII involved>

Carry on folks.

Yes, stick your head in the sand. Web-based e-mail accounts are well-known for their ability to withstand hijacking.

 

[FINALBOSS]

Completely untrue. The easiest way to use your personal information & incomplete credit card info is at remote places with little security. Most online retailers require ALL of your data, including the security code, the one thing that Sony claims wasn't stolen so far. It's easier to use spoofed cards at gas stations, small stores, out of the way business that either don't immediately verify charges, or run charges with limited info.

The top-tier security team they hired have found no evidence that CC info was stolen. What more do you guys want.