• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

PSN Hack Update: FAQs in OP, Read before posting

Status
Not open for further replies.
P

plagiarize

Banned
gcubed said:
i believe one of the latest blog posts mentioned that they will have some kind of password reset in place when its back up and you can't just log back in. Its going to cause some issues with invalid emails, and its going to clear out a lot of multiple accounts. Sony's PSN number is going to go down by a few million
Click to expand...
good news. hopefully not too many people had their attached e-mail accounts compromised.
 
Zoe

Zoe

Member
gcubed said:
i believe one of the latest blog posts mentioned that they will have some kind of password reset in place when its back up and you can't just log back in. Its going to cause some issues with invalid emails, and its going to clear out a lot of multiple accounts. Sony's PSN number is going to go down by a few million
Click to expand...

Nah, don't worry, those accounts still exist so they'll still count them.
 
I

itxaka

Defeatist
NegativeZero said:
And you know how much card dumps go for how?
Click to expand...


Studying for security. Penetration and such. Linux administration is dead on Spain. I need a change of career ASAP! :(

You wouldn't believe the kind of shit there is out there. I know I didn't until recently.


I think it's ridiculous to assume that the hackers were able to download all the 77 million rows of data from PSN database. We don't know how many rows of data CC table had (because not every user account is tied to CC#). Assuming generously that the CC table had say 20 million rows of data, it would still take a fuck load of time to download that, considering the fact the entire CC table was encrypted. If it was encrypted on row-by-row basis, the database size would be even more big.
Click to expand...

Actually not that big. Going by the databases I have seen at work, a 90Million rows with 5 or 6 fields each goes around 18Gb. And I don't think they download it by hand but they do from server to server. 20Gb at 10Mbps should take around 5 hours. Im sure that for profit hackers got a few 100Mb boxes around.
 
D

Dreams-Visions

Member
itxaka said:
Yeah, actually after writing it I remembered that is accounts, not users. And not every user has a card attached or used one to buy.

Let's see with extrapolated numbers. NOTE: This are NOT REAL figures. Only extrapolated from real ones which means they can be exactly right or incredibly wrong (almost sure wrong)

Spain: 3 million PSN accounts - 300.000 had a CC attached. (Source: Sony Spain)
All accounts: 77 million / 3 accounts per person (for 3 regions) = 25 Million "real" accounts.
25 million accounts - 2.5 million that had a CC attached.


A potential of 2.5 million cards selling for 14$ a dump? Hell, even if it was just 500K "only" is a lot of money.

Which takes me to my point of it being a for profit attack. It's a high profile company and we are not longer in the golden hacktivist era.
Click to expand...
agreed.
 
R

railGUN

Banned
gcubed said:
right? whats your point? i stated that in my post.
Click to expand...

gcubed said:
i am just making jokes on all the insanity around someone finding out someones name, address and phone number. Sony needs to better secure your information, the biggest issue is the password and security questions response.
Click to expand...

They stole more than name, address and phone number - and phone number isn't even one of the things the list... Why exclude the other details that were stolen? Or is your point that if only those three things were obtained, then there's nothing to worry about?
 
D

Dedication Through Light

Member
jhawk6 said:
Do we know who Sony hired to do the investigation? Sony keeps saying its a "well known firm" but they never said who. Any particular reason they wouldn't disclose that?
Click to expand...

I dont even think we know what country this even happened in, or would that even matter. I cant recall any company ever revealing security firm unless it was in court, though.
 
G

gl0w

Member
i wonder where the hell is my email ? they say it was supposed everyone receive their email until today. am i right ?
 
G

gcubed

Member
railGUN said:
They stole more than name, address and phone number - and phone number isn't even one of the things the list... Why exclude the other details that were stolen? Or is your point that if only those three things were obtained, then there's nothing to worry about?
Click to expand...

the next sentence ...


The first sentence i was only extrapolating on an ongoing conversation
 
O

obonicus

Member
itxaka said:
Spain: 3 million PSN accounts - 300.000 had a CC attached. (Source: Sony Spain)
All accounts: 77 million / 3 accounts per person (for 3 regions) = 25 Million "real" accounts.
25 million accounts - 2.5 million that had a CC attached.
Click to expand...

Thing is, it's not just fake accounts that don't have a CC attached. Since you don't have to pay to play online, it could just be dudes who want nothing more than to play Blops or Fifa online and never ever spent a cent on their store. These guys might still have real info in their accounts, just no CCs.
 
B

brentech

Member
plagiarize said:
i don't want anyone running around in a panic, but we really should be aware of what we need to look out for.
Click to expand...
And that's the key. With or without this attack, people should have been on the watch and always should be on the watch for their private info and financial details, especially when using them on any network.

I would imagine a lot of my posts here have people thinking I don't care, but I do - just in a different grace. It's bad that a entry was found and that data was stolen, I don't think anyone would deny that. It's a pie in the face.

What I disagree on is that this is some sort of new thing that made people more at risk. All details that we know (until proven otherwise by FBI, Sony, or some other firm/government source) show that fairly basic details were taken.
Bad on Sony, yes.
Still, the fact remains that this data is available in other places...many of them freely available. I don't buy the "but this is so many accounts and all in one place" claim because the people that are going to do something illegal with it will always be trying to do so. Whether it was Sony or some other company, or details they found on the open web. It just doesn't matter. Hackers going to Hack.

Statistics prove that this is a daily/hourly issue for thousands of people - and those stats are from 2003, just imagine the current ones. This breach DOES NOT CHANGE THAT. If anything, you have have some warning that your details *might* be in the wind (don't re-write that as me saying "it's for the better").

The real issue I have is: how bad was Sony's security (might have been pretty normal, or totally sucked). If passwords were really un-hashed, that's just horrible.

Barring that they didn't lie and totally FUBAR CC data, hopefully Sony moves on from this knowing that it is a serious concern for many people and puts a fortress up. That doesn't mean that the strongest fortress is impenetrable though. Nothing is, and that's just something everyone has to know.

So what do consumers do. Be pro-active.
Bad that it happened this way, no doubt, but learn not to use the same passwords where you value your information. Always keep tabs on your accounts. This day and age, it's all you can do.
 
K

Krakatoa

Member
plagiarize said:
Sony noticed the intrusion two days after it began. that'd be plenty of time even for downloading the whole table (not saying thats how it might have been done).
Click to expand...

True, but there's no need to have the whole table. If you hacked in you already know what you want and it's not the database it's the info within it.

So SQL query would be perfect. You could even exclude all user without CC info.

Also If it was a hacker/hackers getting back at Sony then we could assume our data is safe, but any of the Big boys at Sony might want to do a credit check.......
 
P

plagiarize

Banned
brentech said:
And that's the key. With or without this attack, people should have been on the watch and always should be on the watch for their private info and financial details, especially when using them on any network.

I would imagine a lot of my posts here have people thinking I don't care, but I do - just in a different grace. It's bad that a entry was found and that data was stolen, I don't think anyone would deny that. It's a pie in the face.

What I disagree on is that this is some sort of new thing that made people more at risk. All details that we know (until proven otherwise by FBI, Sony, or some other firm/government source) show that fairly basic details were taken.
Bad on Sony, yes.
Still, the fact remains that this data is available in other places...many of them freely available. I don't buy the "but this is so many accounts and all in one place" claim because the people that are going to do something illegal with it will always be trying to do so. Whether it was Sony or some other company, or details they found on the open web. It just doesn't matter. Hackers going to Hack.

Statistics prove that this is a daily/hourly issue for thousands of people - and those stats are from 2003, just imagine the current ones. This breach DOES NOT CHANGE THAT. If anything, you have have some warning that your details *might* be in the wind (don't re-write that as me saying "it's for the better").

The real issue I have is: how bad was Sony's security (might have been pretty normal, or totally sucked). If passwords were really un-hashed, that's just horrible.

Barring that they didn't lie and totally FUBAR CC data, hopefully Sony moves on from this knowing that it is a serious concern for many people and puts a fortress up. That doesn't mean that the strongest fortress is impenetrable though. Nothing is, and that's just something everyone has to know.

So what do consumers do. Be pro-active.
Bad that it happened this way, no doubt, but learn not to use the same passwords where you value your information. Always keep tabs on your accounts. This day and age, it's all you can do.
Click to expand...
i don't disagree with the majority of the above, but people absolutely were posting to the effect of 'there is very little anyone can or would do with this information'. that kind of misinformation doesn't do anyone any good.
 
R

railGUN

Banned
gcubed said:
the next sentence ...


The first sentence i was only extrapolating on an ongoing conversation
Click to expand...

I guess I just find it rather smug to laugh at the "insanity" that a massive theft of personal information has caused, and listing only 3 of at least 7 of the details stolen is a bit disingenuous.
 
P

Professor Beef

Banned
Penny Arcade's newest t-shirt:

zayBu.jpg
 
L

Loudninja

Member
Btw I not sure why people were surprise the media was picking the story up
A: In addition to alerting the media and posting information about it on this blog, we have also been sending emails directly to all 77 million registered accounts. It takes a bit of time to send that many emails, and recognize that not every email will still be active, but this process has been underway since yesterday.
Click to expand...
 
G

gcubed

Member
railGUN said:
I guess I just find it rather smug to laugh at the "insanity" that a massive theft of personal information has caused, and listing only 3 of at least 7 of the details stolen is a bit disingenuous.
Click to expand...

i find it insane when a poster says they can go get a state issued id with the personal information leaked. saying things like that does no one any good. I wasn't the one who started the line of conversation that used those 3 items, i just continued it. Like I said in the previous post the worst information that was leaked was the password and security question (assuming the CC info was not compromised).

Sony has a duty to keep your personal information secure, and they should be held accountable for it, but it should also be a learning experience for some users as well. If you use the internet and buy things online, this WILL happen to you again, so its a good time to investigate safe guards and better practices around your own security... and to understand how much information about you is on the internet, as it appears some people are unaware.
 
L

lupinko

Member
Loudninja said:
Btw I not sure why people were surprise the media was picking the story up
A: In addition to alerting the media and posting information about it on this blog, we have also been sending emails directly to all 77 million registered accounts. It takes a bit of time to send that many emails, and recognize that not every email will still be active, but this process has been underway since yesterday.
Click to expand...
Click to expand...

Quiet, $ony has dun fucked up and are doomed. Time to sell off those first party studios!!!!
 
H

Haliela

Member
Called and cancelled my debit card ($7.50 charge) and credit card I potentially used.

Changed my secret questions for my bank account.

Added 2 step authentication and downloaded authenticator app for my Android tied to my gmail.

Changed my passwords.

Called one of the fraud alert agencies outlined in the email and had a 90 day fraud alert issued for my identity.

This ate up my entire morning. I'm never buying Sony again. They've fucked too severely this time, and I'm not giving them any more of my money or time.
 
I

itxaka

Defeatist
obonicus said:
Thing is, it's not just fake accounts that don't have a CC attached. Since you don't have to pay to play online, it could just be dudes who want nothing more than to play Blops or Fifa online and never ever spent a cent on their store. These guys might still have real info in their accounts, just no CCs.
Click to expand...


That is why I went with actual numbers and extrapolated from it. Is the only confirmed thing we got. Still I posted lower numbers as well (500k) and not everyone has an account for each region so the number could be higher.

I just tried not to go too high or go too low, but as I said it is a stupid exercise. For all we know all 77 million accounts could have a CC or just 10. And if they were encrypted...unless they used easily crackable they won't be able to use any of it. Im not too much into it so I can't comment on that as I have no idea of sql encryption at all.

On the back of the shirt does it have all your personal information printed?
Click to expand...

Good one :D
 
A

A.R.K

Member
Haliela said:
Called and cancelled my debit card ($7.50 charge) and credit card I potentially used.

Changed my secret questions for my bank account.

Added 2 step authentication and downloaded authenticator app for my Android tied to my gmail.

Changed my passwords.

Called one of the fraud alert agencies outlined in the email and had a 90 day fraud alert issued for my identity.

This ate up my entire morning. I'm never buying Sony again. They've fucked too severely this time, and I'm not giving them any more of my money or time.
Click to expand...

man wtf is up these juniors all selling their PS3s and never touching Sony again lol...
when else they have been fucking so bad btw that this was the last nail? jeez some of you guys
 
GTP_Daverytimes

GTP_Daverytimes

Member
Haliela said:
Called and cancelled my debit card ($7.50 charge) and credit card I potentially used.

Changed my secret questions for my bank account.

Added 2 step authentication and downloaded authenticator app for my Android tied to my gmail.

Changed my passwords.

Called one of the fraud alert agencies outlined in the email and had a 90 day fraud alert issued for my identity.

This ate up my entire morning. I'm never buying Sony again. They've fucked too severely this time, and I'm not giving them any more of my money or time.
Click to expand...


Your Loss.
 
E

Evlar

Banned
Haliela said:
Called and cancelled my debit card ($7.50 charge) and credit card I potentially used.

Changed my secret questions for my bank account.

Added 2 step authentication and downloaded authenticator app for my Android tied to my gmail.

Changed my passwords.

Called one of the fraud alert agencies outlined in the email and had a 90 day fraud alert issued for my identity.

This ate up my entire morning. I'm never buying Sony again. They've fucked too severely this time, and I'm not giving them any more of my money or time.
Click to expand...
Not an unreasonable decision.
 
JetBlackPanda

JetBlackPanda

Member
A.R.K said:
man wtf is up these juniors all selling their PS3s and never touching Sony again lol...
when else they have been fucking so bad btw that this was the last nail? jeez some of you guys
Click to expand...

I agree, selling your PS3?? that's crazy we have uncharted 3 coming down the pipe.. however I will think twice about buying anything on PSN ever again.

I will just use the free online with games that are obviously better on PS3 and everything else goes XBLA where I have switched to pre-paid cards.
 
H

Hex

Banned
JetBlackPanda said:
I agree, selling your PS3?? that's crazy we have uncharted 3 coming down the pipe.. however I will think twice about buying anything on PSN ever again.

I will just use the free online with games that are obviously better on PS3 and everything else goes XBLA where I have switched to pre-paid cards.
Click to expand...

You do realize that you can buy pretty much anything from the PSN over Amazon if the paranoia really grips you that tight.
Though what if they get hacked????
 
Status
Not open for further replies.

Similar threads

PSN Down, Sony Acknowledges Outage (Update: All Services Are Up and Running)
2 3
144
11K
awwr999999 replied
Helldivers 2 will soon require all Steam players to sign in with a PlayStation Network account
7 8 9 10 11
538
28K
ArtHands replied
Sony CFO: "We don't have enough original IP", will also look to drive growth via crunchyroll
9
1K
Killjoy-NL replied
Satya Nadella: Annual letter to stockholders. Content on new platforms will continue
4 5 6 7 8
352
19K
noob smokes replied
Ubisoft is being sued for allegedly sharing Ubisoft Store and Ubisoft+ user data with Meta
News 2
54
3K
Shin-Ra replied
Top Bottom