• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

PSN Hack Update: FAQs in OP, Read before posting

Status
Not open for further replies.
-COOLIO-

-COOLIO-

The Everyman
i was going to check my cc balance for the hell of it and i got this message:

"Your account has been locked out due to numerous invalid login attempts. Please contact Customer Service to unlock your account."

probably unrelated to the psn thing but THE FUCK?
 
C

Commanche Raisin Toast

Member
-COOLIO- said:
so if i never entered any credit card info on psn am i 100% totally safe?

are people who did even worried at all?
Click to expand...

-no computer based system or network is 100% secure. ever. no bank, no credit agency, no government, and no video game company. doesn't matter if you pay for the service or not.

-some people are worried but worrying doesn't fix anything. the latest update told us that CC info MAY OR MAY NOT have been accessed, but they are still investigating to make absolute sure the data is okay before making an announcement to cancel your cards and move into a cave in the mountains.
 
Z

zomgbbqftw

Banned
http://blog.us.playstation.com/2011/...city-services/

Q: Are you working with law enforcement on this matter?
A: Yes, we are currently working with law enforcement on this matter as well as a recognized technology security firm to conduct a complete investigation. This malicious attack against our system and against our customers is a criminal act and we are proceeding aggressively to find those responsible.

Q: Was my personal data encrypted?
A: All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.

Q: Was my credit card data taken?
A: While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained. Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network or Qriocity, and is therefore not stored anywhere in our system.

Q: What steps should I take at this point to help protect my personal data?
A: For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well. To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports.

Q: What if I don’t know which credit card I’ve got attached to my PlayStation Network account?
A: If you’ve added funds to your PlayStation Network wallet in the past, you should have received a confirmation email from “DoNotReply@ac.playstation.net” at the email address associated with your account. This email would have been sent to you immediately after you added the funds, and will contain the first 4 digits and last 4 digits of your credit card number. You can also check your previous credit card statements to determine which card was attached to your PlayStation Network or Qriocity accounts.

Q: When or how can I change my PlayStation Network password?
A: We are working on a new system software update that will require all users to change their password once PlayStation Network is restored. We will provide more details about the new update shortly.

Q: Have all PlayStation Network and Qriocity users been notified of the situation?
A: In addition to alerting the media and posting information about it on this blog, we have also been sending emails directly to all 77 million registered accounts. It takes a bit of time to send that many emails, and recognize that not every email will still be active, but this process has been underway since yesterday. At this time, the majority of emails have been sent and we anticipate that all registered accounts will have received notifications by April 28th. Consumers may also visit http://www.us.playstation.com/support and http://www.qriocity.com/us/en/ for notices regarding this issue. In addition, we have taken steps to disseminate information regarding this issue to media outlets so that consumers are informed.

Q: What steps is Sony taking to protect my personal data in the future?
A: We’ve taken several immediate steps to add protections for your personal data. First, we temporarily turned off PlayStation Network and Qriocity services and, second, we are enhancing security and strengthening our network infrastructure. Moving forward, we are initiating several measures that will significantly enhance all aspects of PlayStation Network’s security and your personal data, including moving our network infrastructure and data center to a new, more secure location, which is already underway. We will provide additional information on these measures shortly.

Q: Has Sony identified the party or parties responsible for the PlayStation Network hack and subsequent theft of personal information?
A: We are currently conducting a thorough investigation of the situation and are working closely with a recognized technology security firm and law enforcement in order to find those responsible for this criminal act no matter where in the world they might be located.

Q: When will the PlayStation Network and Qriocity be back online?
A: Our employees have been working day and night to restore operations as quickly as possible, and we expect to have some services up and running within a week from yesterday. However, we want to be very clear that we will only restore operations when we are confident that the network is secure.
Click to expand...

Copied for those at work.
 
B

BocoDragon

or, How I Learned to Stop Worrying and Realize This Assgrab is Delicious
Sato Koiji said:
People can change their CC infos immediately. The withdrawal of your account can be tracked back and even booked back if it was unwanted.
Click to expand...

At best, If I'm on the ball enough, I can cancel my CC number, they will send me a new one in a few weeks. Inconvenience. If you report theft/faud on your account you will receive fraud warnings for months and years whenever you use your card.

But many people will not cancel their card and they could easily recieve charges.

Some aren't using credit cards either, they're using Visa debit cards or whatever... and in that case, the scammers might steal money from your account and no compensation is guaranteed.

Some low level credit cards will compensate you only over $50... meaning some people could be on the hook for $50 scams.

This could be VERY serious for certain people. The only reason I'm not worried is because so many numbers were stolen, I consider it statistically unlikely it will affect me.

Sato Koiji said:
As for the identity part...what really can these "hackers" do with them? Visit you personally because they know where you live?.
Click to expand...

Mail scams, email scams, spam.

They can sign you up for any sort of prgram they want. They can give fake addresses to governments, corporations.

They might be able to use this information to obtain social security numbers. Once they have that, they can sign up for credit cards, ID cards, passports.

Identity theft is a BIG deal.

Sato Koiji said:
Sell your data to companies which try to sell you crap? Come on...you are smarter than that.
Click to expand...

Yeah. That's exactly what would happen.

And not nice Fortune 500 comapnies, most likely.. but spammers, Russian mobsters, Chinese hackers.... even Al Qaida (I doubt it.. but ya never know).

And yeah, I know a few American companies are sleazy enough to have obtained addresses in shady ways (Capital One). A giant list of real confirmed people to spam with mail? That's a goldmine for business.

The database they stole is worth money to the right people, who will use it to make money for themselves.

Even if none of this happens: A good percentage of people freak out over identity theft issues like throwing out junk mail with addresses on it, or having their name show up on a store receipt. Data outright being maliciously stolen is a PR disaster at best.
 
A

Akuosa

Member
JonathanEx said:
Tomorrow's front page...

15980693.jpg
Click to expand...
That's nothing, my mother called me this morning to ask/warn me about this thing she heard in the news, that "Sony fraud", and wasn't it about that console of mine? And yes, aparently that's literaly what they called it, "a huge fraud", I asked.
Have fun explaining this to your mother.
 
R

Relaxed Muscle

Member
The entire credit card table was encrypted and we have no evidence that credit card data was taken.The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.
Click to expand...

...wait, the PSN password wasn't encrypted?....WTF?
 
C

chubigans

y'all should be ashamed
Moving the data center? Huh.

Interesting to hear that we'll have a new firmware update, as well as sticking to the one week timeline. That's good.
 
K

Kagari

Crystal Bearer
Q: When or how can I change my PlayStation Network password?
A: We are working on a new system software update that will require all users to change their password once PlayStation Network is restored. We will provide more details about the new update shortly.

New firmware incoming.
 
L

Lince

Banned
The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack
Click to expand...

oh please God let this be a joke. Was it really that hard to encrypt such data just in case? those "sophisticated security systems" were not that state-of-the-art after all.
 
H

harriet the spy

Member
Kagari said:
Q: When or how can I change my PlayStation Network password?
A: We are working on a new system software update that will require all users to change their password once PlayStation Network is restored. We will provide more details about the new update shortly.

New firmware incoming.
Click to expand...
I still don't understand, if the passwords were unencrypted, how they are going to get legit users to change their passwords before hackers might. Unless they have a way of forcing the last console to login with the password to reset it.
 
R

Relaxed Muscle

Member
Kagari said:
Q: When or how can I change my PlayStation Network password?
A: We are working on a new system software update that will require all users to change their password once PlayStation Network is restored. We will provide more details about the new update shortly.

New firmware incoming.
Click to expand...

So better be quick before someone with your e-mail asn password logs before you?...nice.
 
I

Ickman3400

Banned
Sony said:
: Q. When or how can I change my PlayStation Network password?

A: We are working on a new system software update that will require all users to change their password once PlayStation Network is restored. We will provide more details about the new update shortly.
Click to expand...

I hope they still let me change it on the website since my ps3 is dead. I don't want to have to sit with an exposed account until I can grab a new ps3. I don't mind changing it again when I do get one and get the new update though.
 
Z

zomgbbqftw

Banned
harriet the spy said:
I still don't understand, if the passwords were unencrypted, how they are going to get legit users to change their passwords before hackers might. Unless they have a way of forcing the last console to login with the password to reset it.
Click to expand...

Unique link to the registered email account which will ask you for a new password. Link expires once it is used.

New data centre encrypts everything I hope.
 
K

Karma

Banned
Sato Koiji said:
People can change their CC infos immediately. The withdrawal of your account can be tracked back and even booked back if it was unwanted.

As for the identity part...what really can these "hackers" do with them? Visit you personally because they know where you live?

Sell your data to companies which try to sell you crap? Come on...you are smarter than that.

The only prob is that more companies probably got your infos if in fact the hackers dealt them away. Thats basically it.
Click to expand...

What if the hackers take those emails, passwords and security answers and go to amazon or paypal? Many people might use the same passwords or security answers on those sites.
 
T

TTP

Have a fun! Enjoy!
harriet the spy said:
I still don't understand, if the passwords were unencrypted, how they are going to get legit users to change their passwords before hackers might. Unless they have a way of forcing the last console to login with the password to reset it.
Click to expand...

The new FW will probably ask to submit a new password without asking for the old one and crosscheck it with either the IP or the PS3 ID or something associated with the old password.
 
G

gl0w

Member
harriet the spy said:
I still don't understand, if the passwords were unencrypted, how they are going to get legit users to change their passwords before hackers might. Unless they have a way of forcing the last console to login with the password to reset it.
Click to expand...
Good point. I hope they already have some idea how to prevent that.
 
U

Uno Venova

Banned
harriet the spy said:
I still don't understand, if the passwords were unencrypted, how they are going to get legit users to change their passwords before hackers might. Unless they have a way of forcing the last console to login with the password to reset it.
Click to expand...
I hope this is the case.
 
T

TTP

Have a fun! Enjoy!
zomgbbqftw said:
Unique link to the registered email account which will ask you for a new password. Link expires once it is used.

New data centre encrypts everything I hope.
Click to expand...

I don't think they can rely on email. If that's stolen, someone else can get the link I guess?
 
Zoe

Zoe

Member
Stumpokapow said:
Ehh, I don't read that that means passwords were unencrypted. I read that that means your address info was unencrypted.
Click to expand...

That was my first thought. I'd be disappointed in their DB guys if they kept the login info in the same table as the personal data info.
 
B

backbreaker65

Banned
I have a feeling the Japanese Part of Sony will be kicked to the curb and those firmware updates and PSN will be handled by either Europe or the USA.
 
J

JonathanEx

Member
Stumpokapow said:
Ehh, I don't read that that means passwords were unencrypted. I read that that means your address info was unencrypted.
Click to expand...
Again, Sony manage to make a mess of communication by not making things clear.

Right now they've only confirmed that CC details were encrypted. But passwords were on the list of things that were taken, so I think it's not far off to guess they may have been with the details in the unencrypted world. Not impossible.
 
P

pigeon interrupted

Member
Compare the UK version:
===================================

PlayStation(R)Network

===================================

Valued PlayStation(R)Network/Qriocity Customer:

We have discovered that between April 17 and April 19, 2011,
certain PlayStation Network and Qriocity service user account
information was compromised in connection with an illegal and
unauthorized intrusion into our network. In response to this
intrusion, we have:

1) Temporarily turned off PlayStation Network and Qriocity services;

2) Engaged an outside, recognized security firm to conduct a full
and complete investigation into what happened; and

3) Quickly taken steps to enhance security and strengthen our
network infrastructure by rebuilding our system to provide you
with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill
as we do whatever it takes to resolve these issues as quickly and
efficiently as practicable.

Although we are still investigating the details of this incident, we
believe that an unauthorized person has obtained the following information
that you provided: name, address (city, state/province, zip or postal code),
country, email address, birthdate, PlayStation Network/Qriocity password
and login, and handle/PSN online ID. It is also possible that your profile data,
including purchase history and billing address (city, state, zip), and
your PlayStation Network/Qriocity password security answers may have
been obtained. If you have authorized a sub-account for your dependent,
the same data with respect to your dependent may have been obtained.
While there is no evidence that credit card data was taken at this time,
we cannot rule out the possibility. If you have provided your credit card
data through PlayStation Network or Qriocity, to be on the safe side we are
advising you that your credit card number (excluding security code) and
expiration date may have been obtained.

For your security, we encourage you to be especially aware of email,
telephone, and postal mail scams that ask for personal or sensitive information.
Sony will not contact you in any way, including by email, asking for your
credit card number, social security, tax identification or similar
number or other personally identifiable information.
If you are asked for this information, you can be confident
Sony is not the entity asking. When the PlayStation Network and
Qriocity services are fully restored, we strongly recommend that you log on
and change your password. Additionally, if you use your PlayStation Network
or Qriocity user name or password for other unrelated services or accounts,
we strongly recommend that you change them, as well.

To protect against possible identity theft or other financial loss, we
encourage you to remain vigilant to review your account statements and to
monitor your credit or similar types of reports.

We thank you for your patience as we complete our investigation of this incident,
and we regret any inconvenience. Our teams are working around the clock on this,
and services will be restored as soon as possible. Sony takes information protection
very seriously and will continue to work to ensure that additional measures are
taken to protect personally identifiable information. Providing quality
and secure entertainment services to our customers
is our utmost priority. Please contact
us at www.eu.playstation.com/psnoutage should you have any
additional questions.

Sincerely,
Sony Network Entertainment and Sony Computer Entertainment Teams

===================================

Sony Network Entertainment Europe Limited (formerly known as PlayStation Network Europe Limited)
is a subsidiary of Sony Computer Entertainment Europe Limited
the data controller for PlayStation Network/Qriocity personal data
Click to expand...

To the US version:
MrBelmontvedere said:
just got this email:
Click to expand...

===================================

PlayStation(R)Network

===================================

Valued PlayStation(R)Network/Qriocity Customer:

We have discovered that between April 17 and April 19, 2011,
certain PlayStation Network and Qriocity service user account
information was compromised in connection with an illegal and
unauthorized intrusion into our network. In response to this
intrusion, we have:

1) Temporarily turned off PlayStation Network and Qriocity services;

2) Engaged an outside, recognized security firm to conduct a full
and complete investigation into what happened; and

3) Quickly taken steps to enhance security and strengthen our
network infrastructure by rebuilding our system to provide you
with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill
as we do whatever it takes to resolve these issues as quickly and
efficiently as practicable.

Although we are still investigating the details of this incident,
we believe that an unauthorized person has obtained the following
information that you provided: name, address (city, state, zip), country,
email address, birthdate, PlayStation Network/Qriocity password and login,
and handle/PSN online ID. It is also possible that your profile data,
including purchase history and billing address (city, state, zip),
and your PlayStation Network/Qriocity password security answers may
have been obtained. If you have authorized a sub-account for your
dependent, the same data with respect to your dependent may have
been obtained. While there is no evidence at this time that credit
card data was taken, we cannot rule out the possibility. If you have
provided your credit card data through PlayStation Network or Qriocity,
out of an abundance of caution we are advising you that your credit
card number (excluding security code) and expiration date may have
been obtained.

For your security, we encourage you to be especially aware of email,
telephone and postal mail scams that ask for personal or sensitive
information. Sony will not contact you in any way, including by email,
asking for your credit card number, social security number or other
personally identifiable information. If you are asked for this information,
you can be confident Sony is not the entity asking. When the PlayStation
Network and Qriocity services are fully restored, we strongly recommend that
you log on and change your password. Additionally, if you use your PlayStation
Network or Qriocity user name or password for other unrelated services or
accounts, we strongly recommend that you change them as well.

To protect against possible identity theft or other financial loss, we
encourage you to remain vigilant, to review your account statements and
to monitor your credit reports. We are providing the following information
for those who wish to consider it:
- U.S. residents are entitled under U.S. law to one free credit report annually
from each of the three major credit bureaus. To order your free credit report,
visit www.annualcreditreport.com or call toll-free (877) 322-8228.

- We have also provided names and contact information for the three major U.S.
credit bureaus below. At no charge, U.S. residents can have these credit bureaus
place a "fraud alert" on your file that alerts creditors to take additional steps
to verify your identity prior to granting credit in your name. This service can
make it more difficult for someone to get credit in your name. Note, however,
that because it tells creditors to follow certain procedures to protect you,
it also may delay your ability to obtain credit while the agency verifies your
identity. As soon as one credit bureau confirms your fraud alert, the others
are notified to place fraud alerts on your file. Should you wish to place a
fraud alert, or should you have any questions regarding your credit report,
please contact any one of the agencies listed below:

Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division,
P.O. Box 6790, Fullerton, CA 92834-6790

- You may wish to visit the website of the U.S. Federal Trade Commission at
www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania
Avenue, NW, Washington, DC 20580 for further information about how to protect
yourself from identity theft. Your state Attorney General may also have advice
on preventing identity theft, and you should report instances of known or
suspected identity theft to law enforcement, your State Attorney General,
and the FTC. For North Carolina residents, the Attorney General can be
contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone
(877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney
General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202;
telephone: (888) 743-0023; or www.oag.state.md.us.

We thank you for your patience as we complete our investigation of this
incident, and we regret any inconvenience. Our teams are working around the
clock on this, and services will be restored as soon as possible. Sony takes
information protection very seriously and will continue to work to ensure that
additional measures are taken to protect personally identifiable information.
Providing quality and secure entertainment services to our customers is
our utmost priority. Please contact us at 1-800-345-7669 should you have any
additional questions.

Sincerely,

Sony Computer Entertainment and Sony Network Entertainment

===================================

LEGAL
"PlayStation" and the "PS" Family logo are registered
trademarks and "PS3" and "PlayStation Network" are
trademarks of Sony Computer Entertainment Inc.
(C) 2011 Sony Computer Entertainment America LLC.

Sony Computer Entertainment America LLC
919 E. Hillsdale Blvd., Foster City, CA 94404
Click to expand...

Thanks for all the useful info, SCEE. You really go the extra mile :')
 
Z

zomgbbqftw

Banned
JonathanEx said:
So when you can't trust them to ENCRYPT A PASSWORD


Hold faith when they say there's no evidence yet that card details were taken :p
Click to expand...

Well they said the whole CC table was encrypted, I just hope they used a high level encryption so the thieves can't brute force it.
 
R

Relaxed Muscle

Member
Stumpokapow said:
Ehh, I don't read that that means passwords were unencrypted. I read that that means your address info was unencrypted.
Click to expand...

Well, I read it as the credit card info table was the only encrypted, if it included the PSN password they would say so....


The entire credit card table was encrypted and we have no evidence that credit card data was taken.The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.
Click to expand...

They're intentionally vague or they just suck at making FAQs
 
S

snackman

Banned
Well at the very least any ad company's now has your data if they talk to right hackers that is. I guess they can mail you junk and call you now. The more data they got on you the more they can do.
 
P

Psychotext

Member
Jburton said:
Same here, christ in the UK you need photo id, proof of address, electoral register among other things.
Click to expand...
I've opened numerous credit cards without any of that stuff in the UK.

Online that is.

I did need proper ID / proof of address for my (bricks and mortar) bank account. Not for my online account though.
 
L

lol51

Member
CC being encrypted is good news.

If the PSN password not being encrypted is true, its no big deal. Serves me right for picking a similar password to my other ones.

They are on the right track forcing a password reset via email.
 
A

androvsky

Member
Q: What steps is Sony taking to protect my personal data in the future?
A: We’ve taken several immediate steps to add protections for your personal data. First, we temporarily turned off PlayStation Network and Qriocity services and, second, we are enhancing security and strengthening our network infrastructure. Moving forward, we are initiating several measures that will significantly enhance all aspects of PlayStation Network’s security and your personal data, including moving our network infrastructure and data center to a new, more secure location, which is already underway. We will provide additional information on these measures shortly.
Click to expand...

I find this curious, are they suggesting someone gained physical access to their servers, or are they just doing it as an additional ass-covering step?
 
K

Kagari

Crystal Bearer
Stumpokapow said:
Ehh, I don't read that that means passwords were unencrypted. I read that that means your address info was unencrypted.
Click to expand...

Same, which okay sure. You can find people's address info on google.
 
Z

zomgbbqftw

Banned
TTP said:
I don't think they can rely on email. If that's stolen, someone else can get the link I guess?
Click to expand...

Well no, because they would need access to your email account. Unless they can change the data tables and upload them to Sony servers I can't see how they can get your emails from Sony.
 
Status
Not open for further replies.

Similar threads

Helldivers 2 will soon require all Steam players to sign in with a PlayStation Network account
7 8 9 10 11
538
25K
ArtHands replied
Sony CFO: "We don't have enough original IP", will also look to drive growth via crunchyroll
9
782
Killjoy-NL replied
2.7 billion records with socials recently hacked
22
2K
CuckooBananaNuts replied
  • Locked
PS5 Firmware - customize widgets/backgrounds on home screen, party share, 3D audio profiles, more.
4
598
Kururu replied
New PlayStation Portal remote player system software update releases tomorrow
News
47
3K
N30RYU replied
Top Bottom