Support NeoGAF

[BocoDragon]

Same here, christ in the UK you need photo id, proof of address, electoral register among other things.

Really? Most places, you can sign up for CCs online, not in person.. The only info you really need is name, address, SSN.

If someone gains access to email, they could possibly obtain the SSN (online T4s, etc)

 

[kamorra]

Has this been posted already?

Hacker runs up debt for Aussie PSN user

There's no way to confirm the link between the PSN breach and the credit card fraud, but there is likelyhood of it being connected.

An Adelaide PlayStation user whose private details were held by the Sony Corporation has had $2,000 of unauthorised charges run up on his credit card in recent days.

held by the Sony Corporation
Sounds like a evil corporation in a James Bond movie.

 

[TTP]

Geez at ppl asking if trophies were stolen (in the blog comments). They are on your PS3 ffs! Even if they were deleted server side, a sync is all you need to do to get them back.

 

[distantmantra]

Same, which okay sure. You can find people's address info on google.

That still doesn't excuse Sony.

 

[butter_stick]

rofl... wow. There will be no reimbursement.

Wouldn't harm Sony to try and win some goodwill by giving away a shitty PS1 game.

 

[Rewrite]

lol why wouldn't they encrypt your personal data? Seriously.

 

[Infinite Justice]

I find this curious, are they suggesting someone gained physical access to their servers, or are they just doing it as an additional ass-covering step?

There was a rumor from a poster here that it might have been an inside job.

But grain of salt, etc

 

[DrForester]

Well go me.

http://ps3.ign.com/articles/116/1164340p1.html

 

[zomgbbqftw]

Probably will have cross-game chat too IMO.

If true, worth it?

Spoiler

not true, and not worth it D:

 

[Psychotext]

Well go me.

http://ps3.ign.com/articles/116/1164340p1.html

/thumbs up

 

[Dead Prince]

Well go me.

http://ps3.ign.com/articles/116/1164340p1.html

+1

 

[TTP]

Well no, because they would need access to your email account. Unless they can change the data tables and upload them to Sony servers I can't see how they can get your emails from Sony.

Well, that's assuming your PSN pass is not the same as you email one.

 

[Rebel Leader]

Q: When or how can I change my PlayStation Network password?
A: We are working on a new system software update that will require all users to change their password once PlayStation Network is restored. We will provide more details about the new update shortly.

New firmware incoming.

Must... resist.... ... can't....

 

[Metalmurphy]

How are people leaving comments on that Playstation blog post when the login page is down? oO

Wanted to ask if the Password field was part of the "personal data table, which is a separate data set, was not encrypted". It's normal for personal data not to be encrypted but the password field always is... Or is supposed to be.


Also, HURRAY new firmware. Hopefully it'll come with new stuff.

 

[Rewrite]

Well go me.

http://ps3.ign.com/articles/116/1164340p1.html

hahaha.

 

[Majine]

I hope this doesn't put a too big blow to the Playstation brand. Out of the big three, I feel most comfortable with Sony's business practices, so I hope they get well soon.

 

[Narag]

Well go me.

http://ps3.ign.com/articles/116/1164340p1.html

I'm more amused they didn't rehost it.

 

[RPGCrazied]

Wouldn't harm Sony to try and win some goodwill by giving away a shitty PS1 game.

This. Plus the +subscribers, PSN has been down for almost *half a month*. I know that doesn't add to a lot, but its still something.

 

[Trevelyon]

Geez at ppl asking if trophies were stolen (in the blog comments). They are on your PS3 ffs! Even if they were deleted server side, a sync is all you need to do to get them back.

They dun stole my ZONE ZUES!

 

[RustyNails]

Q: Was my personal data encrypted?

A: All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.

They were following the rulebook of creating a relatively secure database which is also efficient. If you encrypt personal information table as well, you will probably have the most inefficient database in the world. Encryption takes a huge toll on performance so it's true that you cannot realistically encrypt the entire tables that have more than 3 or 4 fields which have 75m+ rows of data. I don't see them committing something offensive here and keeping user table hidden behind "sophisticated security system" is a better decision.

Q: What steps is Sony taking to protect my personal data in the future?

A: We’ve taken several immediate steps to add protections for your personal data. First, we temporarily turned off PlayStation Network and Qriocity services and, second, we are enhancing security and strengthening our network infrastructure. Moving forward, we are initiating several measures that will significantly enhance all aspects of PlayStation Network’s security and your personal data, including moving our network infrastructure and data center to a new, more secure location, which is already underway.

Ah, so that's what's going on. They're moving their servers to a new secure database facility. So were their servers stored in-house or in a database facility prior to the breach?

 

[Metalmurphy]

I'm more amused they didn't rehost it.

Quick, change it to something embarrassing!

 

[DrForester]

I'm more amused they didn't rehost it.

It's a photo bucket pro account. Can't wait till the stats update on it.

 

[QuantumBro]

Geez at ppl asking if trophies were stolen (in the blog comments). They are on your PS3 ffs! Even if they were deleted server side, a sync is all you need to do to get them back.

I wanted to facepalm myself when I was reading about comments asking if trophies were safe or if Black Ops would still be working.

 

[BannedEpisode]

Never thought I'd say it but if it turns out that credit info was stolen I might have to jump ship. I dont think I could continue to trust a company that would let something like that happen on such a scale.

Hopefully they dedicate a TON to making this up to the customers. I know its not entirely their fault that this happened but I cant help but feel a bit betrayed.

 

[careksims]

Well go me.

http://ps3.ign.com/articles/116/1164340p1.html

Ahaha! Go you!!

 

[Kagari]

How are people leaving comments on that Playstation blog post when the login page is down? oO

Wanted to ask if the Password field was part of the "personal data table, which is a separate data set, was not encrypted". It's normal for personal data not to be encrypted but the password field always is... Or is supposed to be.


Also, HURRAY new firmware. Hopefully it'll come with new stuff.

I assume they were auto logged in on their browser before the service went down.

 

[harriet the spy]

Has this been posted already?

Hacker runs up debt for Aussie PSN user

There's no way to confirm the link between the PSN breach and the credit card fraud, but there is likelyhood of it being connected.

I am not saying that it's unrelated to the playstation scandal, but this is stupid fear mongering which does not prove anything.

There were 77 millions accounts hacked.

Let's say that 2 million of those were american accounts with a credit card info stored in it - i think most would agree is a conservative estimate ( i don't care to look for a better number).

The state with the lowest rate of id theft in the US is about 50 id theft per year, per 100 000 people. So for those 2 million psn users, we would expect at the very least 1000 id thefts for this year.

Assuming this was not a particularly low week for id thefts, and that psn users are not more or less likely to get id thefts, in this last week, of those american people that had a american credit, we should expect roughtly 20 people who had had id thefts.

The fact that the PSN was hacked would have nothing to do with those 20 poor chaps.

And again, I am being quite conservative, unless some of those estimates are off.

 

[Dead Prince]

Quick, change it to something embarrassing!

!
MLP gif.

 

[iNvid02]

i wonder who the hackers are, i place $20 on the chinese

 

[Zoe]

lol why wouldn't they encrypt your personal data? Seriously.

Honestly, many companies don't see that as vital information worth encrypting. Especially back when all of this was set up in 2006.

 

[Fersis]

Its neat that we will have to reset our passwords... since i forgot mine :3

 

[Fernando Rocker]

Thanks for the FAQ, OP... it was very helpful.

 

[DrForester]

!
MLP gif.

Saving that for E3

 

[criesofthepast]

This would probably be a good time if you've gone over your 5 activation limit to call sony up and say "I was hacccckeeeeed because of you. Reset my activations."

They couldn't really say no, could they?

I'm at 4 activations and always fear running out one day.

 

[PsychoJecht]

Never thought I'd say it but if it turns out that credit info was stolen I might have to jump ship. I dont think I could continue to trust a company that would let something like that happen on such a scale.

Hopefully they dedicate a TON to making this up to the customers. I know its not entirely their fault that this happened but I cant help but feel a bit betrayed.

You think they just stood there and watched the guy hack it or something?

 

[Metalmurphy]

Honestly, many companies don't see that as vital information worth encrypting.

It's true. No one does it, but the password field is always encrypted, the fact they didn't mention it specifically is what's troubling me.

 

[Huevos de Oro]

Well go me.

http://ps3.ign.com/articles/116/1164340p1.html

Lol. Awesome.

 

[lol51]

Honestly, many companies don't see that as vital information worth encrypting.

If any personal data should have been encrypted it should have been the security answers and password. The other stuff is normally public information.

 

[zomgbbqftw]

Well, that's assuming your PSN pass is not the same as you email one.

Sure, but even then the hackers would have to physically log into your account and change the password manually, which I find unlikely. Also, you should never have the same password for anything sensitive.

 

[phosphor112]

Any worth mentioning? What's the next biggest after the current debacle?

Amazon, RSA, and another security company that works for the US government, I don't remember what department. There is also a significant increase in credit card fraud and identity theft.

 

[harriet the spy]

Ehh, I don't read that that means passwords were unencrypted. I read that that means your address info was unencrypted.

Ah, sorry, I misread then. I thought they meant personal info also included password info (as opposed to CC info). I hope it's not the case, but in which case they really ought to have mentioned that as well - it could be important for people who use the same password and login for more important stuff (banking, paypal, ebay, amazon..),

Spoiler

the fools

.

 

[Majine]

Its neat that we will have to reset our passwords... since i forgot mine :3

You don't think you have to type that in aswell?

 

[Luckyman]

Only Sony could outdo Sony rootkit scandal

unencrypted passes. Now they feel the need to move to another datacenter and enhance security. Tell how shitty it has been for years.

 

[JonathanEx]

It's true. No one does it, but the password field is always encrypted, the fact they didn't mention it specifically is what's troubling me.

Exactly. The question there was "Was my personal data encrypted?". And if it were that both CC and passwords were, you'd hope they'd say that, rather than... only one of them.

 

[yoopoo]

Ok I still haven't received no email yet. Also prior the intrusion I removed CC from my PSN account, I wouldn't need to worry about anything, would I?

 

[BannedEpisode]

You think they just stood there and watched the guy hack it or something?

Uh... I dont think thats what I intended to be taken from my post but no.

Lets be honest here, it seems like Sony did very little to protect its customers information beyond the most vital.

 

[OneMoreQuestion]

It's a photo bucket pro account. Can't wait till the stats update on it.

Quick change it to some IGN <-> IGNorant gif

 

[BocoDragon]

i wonder who the hackers are, i place $20 on the chinese

The only problem is that you are right, and your $20 has now been stolen... by the chinese.

 

[Choc]

lol why wouldn't they encrypt your personal data? Seriously.

In the UK at least and Australia sony is going to get hammered if thats true. The governments will say you didnt do the most you could to protect customer data

finetime

 

[Rebel Leader]

I say we have a Gafdance party in PShome. Just like a gafer suggested in a previous thread.