Support NeoGAF

[gofreak]

the amount of damage control going on in this topic is nothing short of staggering.

people are telling legit sounding stories about their bank/cc company dealings, and 2 posts later someone will jump on their ass calling it out as BS!

There's much more subtlety here than that.

No one is calling out what he said about his bank/cc as BS. I'm sure he was told what he said he was told.

People are just questioning whether Sony is admitting to banks that individual cards had been cloned. It's impossible for Sony to know whether individual cards have been cloned or not. All Sony can do is put out a blanket warning that card data may have been compromised and then let the banks monitor and determine if a card has been abused or not. Sony cannot pinpoint - and thus admit - if that happened. It's also impossible to definitively link card abuse to one cause until we see a pattern - although it is of course quite believable that it would be linked to this breach.

Maybe that seems pedantic, but some of us are pedantic

 

[Metalmurphy]

so this is a real threat and everyone should take action or they might be fucked.

small inconvenience my ass

I meant, requesting a new card, even though there's no actual evidence they were taken, is a small inconvenience.

 

[fistwell_old]

I laughed at this:
(from gametrailers)

I don't get it. Gametrailer's becoming too highbrow for me.

 

[Equus Bellator Apex]

So have those Scarlett Johansen nude pics leak yet?

 

[statham]

I meant, requesting a new card, even though there's no actual evidence they were taken, is a small inconvenience.

so every psn user should request a new card since its a small inconvenience, which it is not.

 

[The_Darkest_Red]

There's much more subtlety here than that.

No one is calling out what he said about his bank/cc as BS. I'm sure he was told what he said he was told.

People are just questioning whether Sony is admitting to banks that individual cards had been cloned. It's impossible for Sony to know whether individual cards have been cloned or not. All Sony can do is put out a blanket warning that card data may have been compromised and then let the banks monitor and determine if a card has been abused or not. Sony cannot pinpoint - and thus admit - if that happened. It's also impossible to definitively link card abuse to one cause until we see a pattern - although it is of course quite believable that it would be linked to this breach.

Maybe that seems pedantic, but some of us are pedantic

It's hard not to get pedantic when a topic has already been discussed for 200+ pages.

 

[theDeeDubs]

Hmmm my credit card shows that I've bought $40 worth of x-rated anime, a rebecca black poster and two gallons of k-y jelly. PSN hack?

Waiting for pics in the april pickup thread.

 

[Metalmurphy]

so every psn user should request a new card since its a small inconvenience, which it is not.

If they don't want to risk the small chance, yes. Not exactly sure what your trying to get at...

 

[Linkified]

so every psn user should request a new card since its a small inconvenience, which it is not.

Honestly if you have fraud protection on your dc or cc then roll with the punches. If you think there may be sliver of chance phone up and gety it done.

I phoned up a few days ago, have a feeling they didn't block the old card or are reissuing me with the same number, its beautiful and sony and I feel as though I'm gonna die until I know for certain.

If anyone can confirm whether or not they block and old card automatically when they reissue you a knew card would be most appreciative.

 

[Zoe]

so every psn user should request a new card since its a small inconvenience, which it is not.

To some people, it is.

 

[Rebel Leader]

To some people, it is.

Luckily for my mom, the bank is down the road

 

[statham]

To some people, it is.

to most its not.

 

[Zoe]

Anybody still waiting for an email for their JP account? I don't have proper hosting for that domain anymore, and I suspect some emails are getting bounced :\

to most its not.

Doesn't sound that way for most in this thread who have gotten it done.

 

[Metalmurphy]

Anybody still waiting for an email for their JP account? I don't have proper hosting for that domain anymore, and I suspect some emails are getting bounced :\

I got 3 PT accounts, 1 UK, 1 JP and I've only gotten 1 email, on my US account.

 

[BeeDog]

Anybody still waiting for an email for their JP account? I don't have proper hosting for that domain anymore, and I suspect some emails are getting bounced :\

Eh, if it helps, I'm still waiting for an e-mail for my Swedish/European PSN account.

 

[TTP]

I have 3 accounts (US/EU/JP) and got an email for each one of them.

 

[KenOD]

Why exactly are people waiting for the emails? Are the directions on where to go for the cavity search in them?

 

[Scenester]

Dealing with a bank or CC company is ALWAYS a pain in the ass.

What's also a pain in the ass is not being able to game online if you only have a PS3.

People have every right to bitch and moan to high heaven about this debacle, because it sucks

 

[test_account]

Today finally Sony admitted it's because the hacker managed to clone several credit cards (including mine).

Where did Sony admit this? (i havnt followed this thread that much the last few days).

 

[borghe]

the amount of damage control going on in this topic is nothing short of staggering.

people are telling legit sounding stories about their bank/cc company dealings, and 2 posts later someone will jump on their ass calling it out as BS!

we're not calling what he was told BS. We are asking that he doesn't state with authority that cards were cloned and numbers blocked because that's what a telephone operator at his bank told him.

Damage control? No, just asking to not spread secondhand misinformation (and before you start, yes.. it's second hand information.. he heard from the bank who heard it from visa who heard it from sony.. etc)

Now had he had a $1000 fraudulent charge on his bank.. sure, go ahead and blame it on this... (though without a pattern of reports/usage it would/will be impossible to actually blame it on this). but short of that it's nothing more than "so I don't know if it's worth believing, but here's what happened at my bank". anything more than that is speculation or spreading of FUD.

 

[Rebel Leader]

Someone should turn this in to "Who In The World Hacked Sony Playstation Network" song

 

[teruterubozu]

Looks like Sony stock is gonna get a sound beating today, judging from the opening bell.

 

[gofreak]

Dunno why people are making a big deal over getting an email or not. These aren't going out selectively to people Sony thinks have been affected. They're going out to everyone. Everyone was potentially affected.

If it's taking some time to get to every inbox it may simply be that mailing 77m email addresses takes some time (or perhaps that Sony's mailing software isn't necessarily the most robust - would that surprise anyone?).

 

[angelfly]

Anybody still waiting for an email for their JP account? I don't have proper hosting for that domain anymore, and I suspect some emails are getting bounced :\

I got mine for yesterday for the JP account.

 

[statham]

If they don't want to risk the small chance, yes. Not exactly sure what your trying to get at...

identity theft can ruin a person, and this can open up a chance for your that to happen, you can downplay it all you want, but crooks now have easy access of your info without having to search facebook, myspace or stuff. they have 25 million accounts listed with all the info they need without hunting you down by friending you on facebook,mylife,myspace or ect... it just made their job 1000 times more easy. one fail? scroll down to the next line. I can't believe how some of you don't understand how huge this is. yes the info is out there, but never this easy to get.

edit : ever sign up for something and they say we will never sell your info? well sony just sold your info plus detailed stuff about you without getting paid.

 

[BeeDog]

Dunno why people are making a big deal over getting an email or not. These aren't going out selectively to people Sony thinks have been affected. They're going out to everyone. Everyone was potentially affected.

If it's taking some time to get to every inbox it may simply be that mailing 77m email addresses takes some time (or perhaps that Sony's mailing software isn't necessarily the most robust - would that surprise anyone?).

Eh, it's not about being affected or so, it's just about putting my mind at ease by getting some acknowledgement that me/my mail still exists in their records in one form or another.

 

[teruterubozu]

identity theft can ruin a person, and this can open up a chance for your that to happen, you can downplay it all you want, but crooks now have easy access of your info without having to search facebook, myspace or stuff. they have 25 million accounts listed with all the info they need without hunting you down by friending you on facebook,mylife,myspace or ect... it just made their job 1000 times more easy. one fail? scroll down to the next line. I can't believe how some of you don't understand how huge this is. yes the info is out there, but never this easy to get.

People look at pictures of hackers like Geohot and say, "awwww, no way can hackers can be all that bad!"

 

[Zoe]

Why exactly are people waiting for the emails? Are the directions on where to go for the cavity search in them?

In my specific case, I need to know whether I need to get proper hosting for that domain or not (probably should) because I don't want to miss any e-mails if they go the route of sending out a reset link.

identity theft can ruin a person, and this can open up a chance for your that to happen, you can downplay it all you want, but crooks now have easy access of your info without having to search facebook, myspace or stuff. they have 25 million accounts listed with all the info they need without hunting you down by friending you on facebook,mylife,myspace or ect... it just made their job 1000 times more easy. one fail? scroll down to the next line. I can't believe how some of you don't understand how huge this is. yes the info is out there, but never this easy to get.

http://www.whitepages.com/

 

[VisanidethDM]

People should also realize that CC scamming isn't THAT easy.

Your CC generally requires an address; the scammer can enter a different address for deliveries (while still inputting your data, card number and security code), but who would actually do that? You'd get instantly refunded if that's not your address and you have no ties to the address used, and the person would be quite easy to find given he's made his address public in the scam. If he delivers at someone else's address... once again, transaction canceled, no real harm done.

Online transactions (digital goods, etc) are easier, but often even easier to spot.

The statement that obtaining CC info from the net, even from high security networks, is always possible is true; if it doesn't happen, it's because using that CC info for personal gain and getting away with it is an absolute pain in the arse.

As I said above, I don't expect much harm to come from this to consumer; it's incredibly hard to get something real out of these data, and if they manage, they'll have the entire world against them. It's simply not worth it.
My impression is that the entire point of the operation is damaging Sony as much as possible while making them look as bad as possible.

 

[teruterubozu]

http://www.whitepages.com/

People keep posting this as a straw argument, but whitepages doesn't really tell you a whole lot.

 

[Kyoufu]

No JP email here either, Zoe.

 

[Metalmurphy]

identity theft can ruin a person, and this can open up a chance for your that to happen, you can downplay it all you want, but crooks now have easy access of your info without having to search facebook, myspace or stuff. they have 25 million accounts listed with all the info they need without hunting you down by friending you on facebook,mylife,myspace or ect... it just made their job 1000 times more easy. one fail? scroll down to the next line. I can't believe how some of you don't understand how huge this is. yes the info is out there, but never this easy to get.

edit : ever sign up for something and they say we will never sell your info? well sony just sold your info plus detailed stuff about you without getting paid.

Yes, all that is true... but I didn't downplay any of that. I was merely talking about the CC stuff, when there's been no evidence that CC data was taken.

 

[borghe]

identity theft can ruin a person, and this can open up a chance for your that to happen, you can downplay it all you want, but crooks now have easy access of your info without having to search facebook, myspace or stuff. they have 25 million accounts listed with all the info they need without hunting you down by friending you on facebook,mylife,myspace or ect... it just made their job 1000 times more easy. one fail? scroll down to the next line. I can't believe how some of you don't understand how huge this is. yes the info is out there, but never this easy to get.

FUD FUD FUD

they have your name, address, telephone number, DOB, username, and maybe some other trending data or something. Nothing they couldn't have gotten with 5 minutes of searching and a couple of basic socially engineered phone calls. Does it suck? A little. But unless you live in a country where such information can open lines of credit or something, you are safe. If you live in a country with a single personally identifiable registration ID (SSN, etc) this data being available won't do a whole lot aside from aid phishing schemes and other scams.

you said it right at the end. this info is already out there for the vast majority of users.... so what if this just made it easier.. the info is already out there because aside from cons, there's not much else that can be done with it in most cases without substantial extra work.

so really, stop spreading FUD (fear, uncertainty, doubt). If you want to be chicken little about this, have a blast, but don't get irate when other people call you out on it and don't join in on the panic.

edit - and sorry, I don't find phishing/scamming a "horrible" threat. yeah it sucks for the suckers who fall for it... but people need to be better educated and unfortunately that education isn't going to happen until it happens to "someone they know". However, in most first world countries, you cannot perform actual identity theft with the information stolen from sony. you still need the national id number issued which will not be gotten without considerable (and lucky) social networking.

 

[Steve Youngblood]

Doesn't sound that way for most in this thread who have gotten it done.

I don't understand an attempt to quantify a subjective term like "inconvenience." Now, mind you, I'm not terribly worried about this, and I'm lazy, and I don't think the card on file was even valid anymore, and thus I'm not getting a new card, but I don't understand dismissals of claims of inconvenience based on other people's thresholds. "You just call the bank and they send you a new card. Easy!" Okay, that's great for that individual, honestly, but that would certainly be inconvenient to me. If I'm actually worried about that card being stolen, I would currently not have my debit card. I use my debit card a lot. Furthermore, I have several bills being paid via that card number which will have to be edited again for the new card. Should I forget to do that since I just forget about this kind of stuff after a while, I might even get a late fee (this has happened to me before, but has nothing to do with PSN, just an example). This is all just notwithstanding that I don't like having to call 1-800 numbers, getting put on hold, and having to talk to customer service reps unless I absolutely have to.

So, no, it's not necessarily a minor inconvenience. It may seem that way to you, but it's perfectly reasonable to disagree.

 

[statham]

In my specific case, I need to know whether I need to get proper hosting for that domain or not (probably should) because I don't want to miss any e-mails if they go the route of sending out a reset link.



http://www.whitepages.com/

just searched my name and zip code, I'm not listed.

 

[darkwing]

In my specific case, I need to know whether I need to get proper hosting for that domain or not (probably should) because I don't want to miss any e-mails if they go the route of sending out a reset link.



http://www.whitepages.com/

woah thanks for the link, i found out where my relatives exactly are in another country lols

 

[DMeisterJ]

the amount of damage control going on in this topic is nothing short of staggering.

people are telling legit sounding stories about their bank/cc company dealings, and 2 posts later someone will jump on their ass calling it out as BS!

No one is calling someone's cc info being used bs, it's moreso that we have Sony saying that there is no evidence of a breach on our cc info, and it was encrypted, so if something is happening, it doesn't mean that it was caused by this hack.

basically

causation =/= correlation

http://www.whitepages.com/

Holy crapple! Found a bunch of relatives on there. Creepy.

 

[brentech]

identity theft can ruin a person, and this can open up a chance for your that to happen, you can downplay it all you want, but crooks now have easy access of your info without having to search facebook, myspace or stuff. they have 25 million accounts listed with all the info they need without hunting you down by friending you on facebook,mylife,myspace or ect... it just made their job 1000 times more easy. one fail? scroll down to the next line. I can't believe how some of you don't understand how huge this is. yes the info is out there, but never this easy to get.

Cause no other data center, retail store, online service has ever been hacked. Keep riding that boat. It's huge, no doubt, but that also means law enforcement is well aware and probably monitoring huge data swaps.

Personally, I'm the opposite of MM. I don't think there has been enough time since the intrusion for these supposed uses of cards to be related directly. No way that it'd be one person doing it all --- and I don't think they could sell the info so soon without being caught.
It's way more likely that the info was obtained somewhere else and due to Sony's breach, the ID theft type (no cases of full ID theft talked about, just CC usage), would use this window to do stuff as people would feel like they have one easy target to blame instead of securing their entire online financial footprint.

 

[teruterubozu]

Yes, all that is true... but I didn't downplay any of that. I was merely talking about the CC stuff, when there's been no evidence that CC data was taken.

No evidence according to Sony. We really don't know a damn thing.

 

[Mithos]

Anybody still waiting for an email for their JP account? I don't have proper hosting for that domain anymore, and I suspect some emails are getting bounced :\

Waiting for mail on ALL accounts, no mail on Euro, US, or Japan account so far.

 

[fistwell_old]

In my specific case, I need to know whether I need to get proper hosting for that domain or not (probably should) because I don't want to miss any e-mails if they go the route of sending out a reset link.

Yeah that's a good point. If that's the case i'm never recovering my account tied to chuck.fucking.norris@up.yours.com.

 

[Metalmurphy]

No evidence according to Sony. We really don't know a damn thing.

They have the authorities, FBI, and a third party security firm working on it. You think they'd just flat out lie to the public?

I mean... it's possible, but...

 

[VisanidethDM]

Yes, all that is true... but I didn't downplay any of that. I was merely talking about the CC stuff, when there's been no evidence that CC data was taken.

Even the identity theft issue is probably blown out of proportion.

What could these people realistically do with that? Find out where you live? Ok, but why? Picking up a name from a list? May as well ring at a random doorbell. What kind of sensible info does our PSN accounts give? Address? It's obtainable freely by knowing someone's name and town. Phone number? Same (one could argue pervs can get the cellphone number of teenagers). Age? Sex?

I mean really, what kind of info did you give Sony that isn't readily available to anyone who knows you or that has any sensible chance or interest in interacting with you?

 

[statham]

FUD FUD FUD

they have your name, address, telephone number, DOB, username, and maybe some other trending data or something. Nothing they couldn't have gotten with 5 minutes of searching and a couple of basic socially engineered phone calls. Does it suck? A little. But unless you live in a country where such information can open lines of credit or something, you are safe. If you live in a country with a single personally identifiable registration ID (SSN, etc) this data being available won't do a whole lot aside from aid phishing schemes and other scams.

you said it right at the end. this info is already out there for the vast majority of users.... so what if this just made it easier.. the info is already out there because aside from cons, there's not much else that can be done with it in most cases without substantial extra work.

so really, stop spreading FUD (fear, uncertainty, doubt). If you want to be chicken little about this, have a blast, but don't get irate when other people call you out on it and don't join in on the panic.

edit - and sorry, I don't find phishing/scamming a "horrible" threat. yeah it sucks for the suckers who fall for it... but people need to be better educated and unfortunately that education isn't going to happen until it happens to "someone they know". However, in most first world countries, you cannot perform actual identity theft with the information stolen from sony. you still need the national id number issued which will not be gotten without considerable (and lucky) social networking.

* shoots self* five minutes of searching for someone who is phishing is life long, and it doesn't take five minutes, and DOB is very important and not that easy to find. if it didn't matter the why the big hoopla? go ahead give me you name, DOB, address last buys, last employment, phone number, ect if its no big deal. why do people black out their names and addresses when posting things they received. you have to intentional search for a person to find it. whats your real name? can we find it yes? do you want it out there? what is it?

sony just made jobs in Nigeria whole lot easier

 

[Blimblim]

Anybody still waiting for an email for their JP account? I don't have proper hosting for that domain anymore, and I suspect some emails are getting bounced :\

I've got my JP email yesterday evening.

 

[teruterubozu]

They have the authorities, FBI, and a third party security firm working on it. You think they'd just flat out lie to the public?

No, I think they really don't know at this point. Like I said, to some degree the uncertainty is even more frightening than "knowing and hiding". I mean, just like you said they wouldn't know if a card was cloned or not - they just wouldn't know.

 

[darkwing]

supposing they got the cc info, whats the minimum encryption would it have, 128bit? seems low?

 

[JudgeN]

Hmmm my credit card shows that I've bought $40 worth of x-rated anime, a rebecca black poster and two gallons of k-y jelly. PSN hack?

I find this odd, normal credit card transactions display the name of a store like best buy. Not 2 gallons of k-y jelly and Rebecca black poster.

I also haven't got a single email from Sony, nothing charged to my card either.

 

[VisanidethDM]

No one is calling someone's cc info being used bs, it's moreso that we have Sony saying that there is no evidence of a breach on our cc info, and it was encrypted, so if something is happening, it doesn't mean that it was caused by this hack.

basically

causation =/= correlation

It's not simply damage control; the point is that CC scamming is extremely hard to pull off.
Users have way to know instantly (SMS) when their card is used; you have until the end of the month to cancel unwanted operations; services have insurance for this kind of situation; and even attempting to pull off a CC scam is insanely hard, as acquiring digital goods makes you traceable and having to give away an address is even more dangerous.

The actual risk of harm, here, is minimal. Scamming CC's is generally done surgically, targeting several cards at a time with microtransactions or pulling a one time big buy - for which the user is generally refunded.

It's happened at least 3 times now to my parents. They were completely unware their card had been cloned (in shops, as they didn't use it online at the time), they got contacted by the credict card service ("Hello sir, where you in another continent yesterday buying 3 IPods?") and 100% refunded.

Don't panic. Call your credit card customer service (99% of the time, it's NOT your bank), trigger your SMS warning on operations and monitor your microtransactions daily for a few weeks.

 

[Princess Skittles]

Welp, I got my bank card changed, my credit union rocks, they issued a new card right there, shredded the old one and put a watch on the number, all in about five minutes.

Now the fun process of seeing which important sites/accounts I have the same password on (it's a common one I use, but not one I tend to use for things involving money/privacy).