Support NeoGAF

[itxaka]

Did a seach but could not see and sorry if I am spewing already discussed stuff.

Have these hackers actually responded to Sony's claim that mass reams of personal data was stolen? I would have thought that any ethical hackers (there are many) would refute quickly and in public any claims of theft.

If they have not, then I fear this IS a case of malicious intent and not ethical hacking (i.e. someone trying to send a message to Sony to stop kicking kids in the balls for trying to free the hardware from the limitations of the hardware/software/API).

I fear for those on PSN (or not!) if this was truly malicious becuase that amount of information in malicious hands is up there with the banks in the world ranking of cuntish intent.

I agree with ethical hacking, but these guys need to refute Sony's claims or die painfully. I dislike Sony as a console manufacturer, but they don't deserve this, even if the hackers were making a point (and it seems not) the point was made long ago, they are just punishing innocents now.

Sorry for all affected man, it sucks.

You don't take down a 77 million users system for 2 weeks as a message. Sounds more like a real CC steal attempt. I mean, 77 million CC cards? 1 card dump can go from 14$
to 100$ a pop if it's a business card, so with 77 million numbers...there is quite the money there.

 

[StuBurns]

I believe the King to be would greatly appreciate PSN being restored so he and Ms Middleton can play some Portal 2 co-op tomorrow night. You wouldn't want to disappoint a King would you Sony?

I got my email at last. One week since PSN died, tight ship over there.

 

[RustyNails]

Posted 2 times

DAMN YOU KOJIMA

 

[Drone-Arms]

First off obviously the hackers will not come forward whether it was malicious or not.

Second I don't think there is any chance at all of them not being malicious. Especially considering they have taken information like e-mails, passwords, etc etc.

First off, they would.

Second, you are taking Sony's word that they took the information stated (which agreed, by their lack of response [the hackers] looks increasingly truthful; as much as it pains me to say).

 

[Drone-Arms]

You don't take down a 77 million users system for 2 weeks as a message. Sounds more like a real CC steal attempt. I mean, 77 million CC cards? 1 card dump can go from 14$
to 100$ a pop if it's a business card, so with 77 million numbers...there is quite the money there.

I agree.

 

[vilmer_]

What does Lord Tretton have to say about all of this.

 

[Vagabundo]

First off, they would.

Second, you are taking Sony's word that they took the information stated (which agreed, by their lack of response [the hackers] looks increasingly truthful; as much as it pains me to say).

Why do you think it was ethical hackers? The nefarious kind are more numerous.

 

[gcubed]

Nothing personal, here, as I think you're a good poster, but I think this comparison is getting a little silly. People keep bringing up how this is apparently nothing that can't be obtained via a simple White Pages search, but if that's the case, then what's the big deal? You might suggest "why, Youngblood, that's precisely my point: it isn't a big deal!" To which I say: "Well, then that's fantastic! Nothing to worry about. Why, then, is the network still down while Sony completely rebuilds it to enhance security to protect apparently meaningless data anyone with a phone book could acquire?"

That question is rhetorical. I don't actually want an answer.

i dont excuse sony from this at all, i dont think its not a big deal, i am just making jokes on all the insanity around someone finding out someones name, address and phone number. Sony needs to better secure your information, the biggest issue is the password and security questions response.

 

[Zoe]

First off, they would.

Do you realize the kind of trouble someone would get in for a breach of this magnitude?

 

[Treefingers]

First off, they would.

Second, you are taking Sony's word that they took the information stated (which agreed, by their lack of response [the hackers] looks increasingly truthful; as much as it pains me to say).

You really think a hacker would come forward saying "oh it was just to send a message!"

If the hacker comes forward they're facing a considerable amount of time in jail. Regardless of their intentions.

 

[A.R.K]

Here's how credit card company security works:

They have your entire history of items that you have purchased, they know where you live and where you have travelled, what your shopping patterns are, which websites you use to buy which type of product and what services you pay for. They know what hours you use your card, what location you've used them in, and your average transaction amount.

The moment they see an unusual activity, they block the card and give you a call to confirm
If you are the purchaser.

Not only that, a police case is generated against the culprit, if any, and you get full refund for any transaction that was not declined by them when it was used by someone else.

Paranoia in this thread is extremely hilarious. If you are still worried at their lack of incompetence, then call your bank and have the card number replaced. It only takes less than five minute for the whole process and all you do is talk on the phone.

bu...but this kind of sanity does not feed the paranoia or the trolls on GAF and the internets ... how will we survive then?

 

[Drone-Arms]

Why do you think it was ethical hackers? The nefarious kind are more numerous.

I didnt say it was ethical hackers, I asked if they had responded in any way.

Most maliciously gained personal information would be gathered via phishing rather than hacking IMO which is more a problem with individuals stupidity than corporate loopholes/weakness.

 

[The_Darkest_Red]

You don't take down a 77 million users system for 2 weeks as a message. Sounds more like a real CC steal attempt. I mean, 77 million CC cards? 1 card dump can go from 14$
to 100$ a pop if it's a business card, so with 77 million numbers...there is quite the money there.

I agree with your overall point but the 77 million number is not a good indicator of how many credit cards were linked to PSN at all. Many people have multiple accounts and not every PSN member used a credit or debit card to purchase something from the network.

 

[lupinko]

bu...but this kind of sanity does not feed the paranoia or the trolls on GAF and the internets ... how will we survive then?

We don't, dat end is nigh yo.

 

[Relaxed Muscle]

The problem for me is I don't even remember the question and musch less the answer..., I don't know if I used it more or no.

 

[FunkyPajamas]

What does Lord Tretton have to say about all of this.

RELEASE THE CRACKERS!

The problem for me is I don't even remember the question and musch less the answer..., I don't know if I used it more or no.

 

[zomgbbqftw]

BBC Watchdog have it on their show tonight. Watchdog loves taking a pop at Sony. I half expect them to tell everyone that CC details havebeen stolen. The last time they ran a report they didn't even check their facts.

Microsoft and the BBC have a very cosy arrangement according to people I know at the BBC, so it comes as no surprise that a BBC show would spread FUD about a competitor product...

 

[Winterblink]

I agree with your overall point but the 77 million number is not a good indicator of how many credit cards were linked to PSN at all. Many people have multiple accounts and not every PSN member used a credit or debit card to purchase something from the network.

Even if you cut the number by 75% and slap the word "potential" in there, that's still a hell of a haul.

 

[Drone-Arms]

You really think a hacker would come forward saying "oh it was just to send a message!"

If the hacker comes forward they're facing a considerable amount of time in jail. Regardless of their intentions.

Jesus, do you really think a hacker with this level of skill would walk out to a press conference and do it in public? If they are capable of taking down Sony's network, they are capable of a little creativity in terms of getting the word out incognito and anonymously don't you think?

 

[The_Darkest_Red]

Even if you cut the number by 75% and slap the word "potential" in there, that's still a hell of a haul.

Sure, but it's worth noting regardless.

 

[RustyNails]

You don't take down a 77 million users system for 2 weeks as a message. Sounds more like a real CC steal attempt. I mean, 77 million CC cards? 1 card dump can go from 14$
to 100$ a pop if it's a business card, so with 77 million numbers...there is quite the money there.

I think it's ridiculous to assume that the hackers were able to download all the 77 million rows of data from PSN database. We don't know how many rows of data CC table had (because not every user account is tied to CC#). Assuming generously that the CC table had say 20 million rows of data, it would still take a fuck load of time to download that, considering the fact the entire CC table was encrypted. If it was encrypted on row-by-row basis, the database size would be even more big.

 

[Steve Youngblood]

i dont excuse sony from this at all, i dont think its not a big deal, i am just making jokes on all the insanity around someone finding out someones name, address and phone number. Sony needs to better secure your information, the biggest issue is the password and security questions response.

I understand that. You're not the only one, I'm just saying that I've seen several people repeatedly mention the "why fret, this is information you'd find in a phone book" line. People may be misrepresenting their concerns, and it's fair to offer clarification for the more paranoid people out there, but clearly there is legitimate concern beyond readily accessible information, and deriding people for being too paranoid about illegitimate concerns obfuscates in my opinion that there are legitimate concerns here. If it was just phone book data, we wouldn't be in the situation we are in right now.

 

[railGUN]

i dont excuse sony from this at all, i dont think its not a big deal, i am just making jokes on all the insanity around someone finding out someones name, address and phone number. Sony needs to better secure your information, the biggest issue is the password and security questions response.

Oh, well thats not bad.

I thought they obtained my name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID.

Forget where I read that though....

 

[MalboroRed]

I understand that. You're not the only one, I'm just saying that I've seen several people repeatedly mention the "why fret, this is information you'd find in a phone book" line. People may be misrepresenting their concerns, and it's fair to offer clarification for the more paranoid people out there, but clearly there is legitimate concern beyond readily accessible information, and deriding people for being too paranoid about illegitimate concerns obfuscates in my opinion that there are legitimate concerns here. If it was just phone book data, we wouldn't be in the situation we are in right now.

What happened has already happened, they're addressing the issue, outside of apologizing, giving out some shitty downloadable game for free and improving their security what do you expect them to do?

Sony screwed up big time here, you can either stick with PSN or go elsewhere for your online gaming needs/sell multiple PS3s on ebay/shotgunning empty PS3 box.

 

[plagiarize]

bu...but this kind of sanity does not feed the paranoia or the trolls on GAF and the internets ... how will we survive then?

i'm not being paranoid. i'm telling people saying 'what possible harm could come of this information being stolen?' some of the possible things that could come of it.

that doesn't make it likely to happen to anyone and everyone. that doesn't mean it has happened, but with this information there is ample possibility for serious things beyond an easily recoverable charge on your credit card to occur.

i don't want anyone running around in a panic, but we really should be aware of what we need to look out for.

 

[Majine]

I seem to be the only one who has password protected myself whenever I buy anything on the Store.

Can't trust anyone in the house. Or myself when I'm drunk.

 

[MalboroRed]

i'm not being paranoid. i'm telling people saying 'what possible harm could come of this information being stolen?' some of the possible things that could come of it.

that doesn't make it likely to happen to anyone and everyone. that doesn't mean it has happened, but with this information there is ample possibility for serious things beyond an easily recoverable charge on your credit card to occur.

i don't want anyone running around in a panic, but we really should be aware of what we need to look out for.

People might want to monitor their credit cards for transactions to be safe but I'm not sure there's anything one can do other than having a credit monitoring service to look out for identity theft because it's not that difficult to get someone's name and address and even the date of birth.

 

[Neuromancer]

RELEASE THE CRACKERS!

I don't know what this means, yet it amused me.

 

[plagiarize]

People might want to monitor their credit cards for transactions to be safe but I'm not sure there's anything one can do other than having a credit monitoring service to look out for identity theft because it's not that difficult to get someone's name and address and even the date of birth.

people keep saying this as if the other stuff that's been stolen (and the stuff that might have been stolen) aren't significant and harder to come by.

 

[Steve Youngblood]

What happened has already happened, they're addressing the issue, outside of apologizing, giving out some shitty downloadable game for free and improving their security what do you expect them to do?

I don't know. That's for their PR and marketing departments to figure out. But this isn't my game. I'm merely asserting that I think it's disingenuous to undermine the threat posed here. I'm not fear-mongering and telling people that they're doomed, but at the same time there's no reason to deride people who are genuinely worried about the threat here. "It's nothing someone couldn't find in a phone book" is hardly a fair assessment. If that was the case, they wouldn't have taken the steps that they have. As such, I don't see the need to make light of some people's paranoia by referencing that phone books exist.

 

[FINALBOSS]

You don't take down a 77 million users system for 2 weeks as a message. Sounds more like a real CC steal attempt. I mean, 77 million CC cards? 1 card dump can go from 14$
to 100$ a pop if it's a business card, so with 77 million numbers...there is quite the money there.

I'm worried that you actually know how much cc dumps go for...

 

[Rebel Leader]

I don't know what this means, yet it amused me.

Release the kracken.

Also, crackers are the bad hackers.

 

[itxaka]

I agree with your overall point but the 77 million number is not a good indicator of how many credit cards were linked to PSN at all. Many people have multiple accounts and not every PSN member used a credit or debit card to purchase something from the network.

Yeah, actually after writing it I remembered that is accounts, not users. And not every user has a card attached or used one to buy.

Let's see with extrapolated numbers. NOTE: This are NOT REAL figures. Only extrapolated from real ones which means they can be exactly right or incredibly wrong (almost sure wrong)

Spain: 3 million PSN accounts - 300.000 had a CC attached. (Source: Sony Spain)
All accounts: 77 million / 3 accounts per person (for 3 regions) = 25 Million "real" accounts.
25 million accounts - 2.5 million that had a CC attached.


A potential of 2.5 million cards selling for 14$ a dump? Hell, even if it was just 500K "only" is a lot of money.

Which takes me to my point of it being a for profit attack. It's a high profile company and we are not longer in the golden hacktivist era.

 

[Professor Beef]

I seem to be the only one who has password protected myself whenever I buy anything on the Store.

Can't trust anyone in the house. Or myself when I'm drunk.

Ooh, I thought I was the only one who did that.

 

[NegativeZero]

You don't take down a 77 million users system for 2 weeks as a message. Sounds more like a real CC steal attempt. I mean, 77 million CC cards? 1 card dump can go from 14$
to 100$ a pop if it's a business card, so with 77 million numbers...there is quite the money there.

And you know how much card dumps go for how?

 

[Carl]

Watching Watchdog, can't wait to see them get their facts wrong as they usually do when it comes to this sort of stuff

 

[lupinko]

Ooh, I thought I was the only one who did that.

I do the same as well, actually I forgot when I enabled that and forgot how did I enable it in the first place. looool

 

[bluehat9]

There's nothing to worry about with netflix, right?

I already had a different email address and password for it before this.

 

[hikarutilmitt]

Ooh, I thought I was the only one who did that.

I did it too just in case.

 

[plagiarize]

i wonder if we'll all have to reactivate our PSN accounts through some means?

it's possible that the people that stole this information could gain access to our accounts before we have a chance to reset our passwords and security questions. i don't like the thought of being locked out of an account that i spent money on, even if they aren't taking money from me.

i hope sony has a method in place to verify that i'm me logging back in to edit everything and not someone trying to steal my account.

 

[Zoe]

There's nothing to worry about with netflix, right?

I already had a different email address and password for it before this.

Any external services should be fine.

 

[DoctorButt]

the outside digital security firm they hired is probably dog the bounty hunter

 

[jhawk6]

Do we know who Sony hired to do the investigation? Sony keeps saying its a "well known firm" but they never said who. Any particular reason they wouldn't disclose that?

 

[Krakatoa]

I think it's ridiculous to assume that the hackers were able to download all the 77 million rows of data from PSN database. We don't know how many rows of data CC table had (because not every user account is tied to CC#). Assuming generously that the CC table had say 20 million rows of data, it would still take a fuck load of time to download that, considering the fact the entire CC table was encrypted. If it was encrypted on row-by-row basis, the database size would be even more big.

I doubt they downloaded the Databse. They would have performed a SQL query against the DB pulling only the info required. Then just saved the query locally or wherever they decide.

SQL query's are lightning fast even in large tables.

 

[Prawntoast]

Microsoft and the BBC have a very cosy arrangement according to people I know at the BBC, so it comes as no surprise that a BBC show would spread FUD about a competitor product...

Pish

 

[gcubed]

Oh, well thats not bad.

I thought they obtained my name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID.

Forget where I read that though....

right? whats your point? i stated that in my post.

 

[Mooreberg]

the outside digital security firm they hired is probably dog the bounty hunter

I don't think they would make that sort of investment on the consumers behalf. My guess is the "Southern Fried Stings" crew.

 

[Raistlin]

The problem for me is I don't even remember the question and musch less the answer..., I don't know if I used it more or no.

Yeah ... that's my concern.

I hope we can check it when we go back online, and they don't simply blast it away with the expectation of a new one being created.

 

[gcubed]

i wonder if we'll all have to reactivate our PSN accounts through some means?

it's possible that the people that stole this information could gain access to our accounts before we have a chance to reset our passwords and security questions. i don't like the thought of being locked out of an account that i spent money on, even if they aren't taking money from me.

i hope sony has a method in place to verify that i'm me logging back in to edit everything and not someone trying to steal my account.

i believe one of the latest blog posts mentioned that they will have some kind of password reset in place when its back up and you can't just log back in. Its going to cause some issues with invalid emails, and its going to clear out a lot of multiple accounts. Sony's PSN number is going to go down by a few million

 

[plagiarize]

I doubt they downloaded the Databse. They would have performed a SQL query against the DB pulling only the info required. Then just saved the query locally or wherever they decide.

SQL query's are lightning fast even in large tables.

Sony noticed the intrusion two days after it began. that'd be plenty of time even for downloading the whole table (not saying thats how it might have been done).