TOM f'N CRUISE
Member
ill be waitingProdigal said:
-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
PSN Hack Update: FAQs in OP, Read before posting
- Thread starter Killthee
- Start date
- Status
VisanidethDM
Banned
Quasar said:
For example, I didn't cancel my card. I've got quite a few security systems on it, and it's rather new, and my bank gave me quite a few reassurances. If someone uses my card for 50+ operations, I know it instantly.
However, if a dude starts buying a dozen 0.99 apps on the iTunes store, I need to monitor that myself.
It's very unlikely to happen, but it's the stuff that flies under the radar.
DoctorButt
Member
TOM f'N CRUISE said:
*avatar quote*
because I'm a lazy ass
also, inb4 there's a south park episode about this
Seraphis Cain
bad gameplay lol
What does everyone think "partially up" even means? I mean, it's hard to imagine PSN without both online play and the store (and I'm sure getting the store up is one of Sony's top priorities).
VisanidethDM said:
Those things I have listed are real results of ID theft. You might not believe ID theft is possible, but it happens quite a lot and people find it very difficult to prove that they did not run up these debts or have criminal charges.
Having said that I doubt that most of the information in the database would be of much additional use to an fraudster. SSNs appear in court documents and it is a easiest way to get them, if you've been in court in the US: speeding tickets, divorces, ... But there are other ways. Also there could be some less easily obtainable information in the secret question, but that varies.
I myself do not have any information on my profile. As usual, with all online database, if they don't really really need it I fill in garbage as a rule.
Anyway I was responding to Sony Defenders who were saying that personal information loss at Sony was not that big a deal. There is the potential for abuse with this data apart from the CC and password issues, and that is why there are strict rules about how it is stored.
Sony were extremely negligent with storing the PSN password, poor at keeping our personal information secure and possibly allowed CC information to get out.
Hexadecimalt
Banned
If the opposite happened people would flip their shit, lawlQuasar said:
Seraphis Cain
bad gameplay lol
I wouldn't mind if there were no financial transactions possible for a little while, but I at least hope the store is up and functional for free stuff, like demos and such.
And whatever free shit Sony decides to give us. :lol
Well you could be right of course. But stills sounds like a targeted attack to me.VisanidethDM said:
They don't need to sell anything right now and I'm sure that in the event of a cc steal probably a low percentage takes preventing measures as canceling their cards or changing passwords which means that an attacker could sit on the data enough time.
Agreed. Even if our CC details remain safe, it's a cold comfort. CC fraud is easy to detect and stamp out on a case by case basis. Identity theft is much more insidious, and may not become apparent for months or years.Vagabundo said:
I suspect some social engineering or phishing would be required to fill in the gaps in the data they have, before any real harm could be done. The purchase histories are a bit of a worry though.
supermackem
Banned
szaromir said:
No not really, they havent even said if cc data has been took yet and they said in one of there first messages on it that they didnt know the full breach until the security teasm they brought in told them on monday.
Kccitystar
Member
I know I might get clowned for this but anyone think that it could have been an inside job than someone packet sniffing and having a field day with Sony's security?
Christ, did you not read the thread before posting? This has been a topic addressed more than once, the whole "Sony knew but didn't say anything" fiasco.
TLDR Sony was aware of an intrusion (they said so themselves and subsequently shut down PSN to see if these hackers left any trail to go by), but couldn't determine the extent of the intrusion. After PSN was shut down, they contracted a third party security firm to investigate and find out just what these hackers got away with.
Analyzing a ton of servers to check for breaches/potential holes takes a lot of time, especially servers that hold information on 70+ million PSN users. Not saying this is the reason but think realistically here, had they known CC info could have been compromised from the detection of intrusion, they would have said something from the jump, otherwise we would have had a class action lawsuit by now.
Oh wait.
szaromir said:
Christ, did you not read the thread before posting? This has been a topic addressed more than once, the whole "Sony knew but didn't say anything" fiasco.
TLDR Sony was aware of an intrusion (they said so themselves and subsequently shut down PSN to see if these hackers left any trail to go by), but couldn't determine the extent of the intrusion. After PSN was shut down, they contracted a third party security firm to investigate and find out just what these hackers got away with.
Analyzing a ton of servers to check for breaches/potential holes takes a lot of time, especially servers that hold information on 70+ million PSN users. Not saying this is the reason but think realistically here, had they known CC info could have been compromised from the detection of intrusion, they would have said something from the jump, otherwise we would have had a class action lawsuit by now.
Oh wait.
Read some of the FAQs that SCEI has been pumping out and it looks like there are some serious contradictions in them.
SCEI claims that CC information in the user database was encrypted, although regular user data was not.
A multitude of CFW sites and random news snippets around the world claim the opposite - that CC information was not encrypted and was instead provided in the DB table along with all other user data in simple text form.
Sad if true.
SCEI claims that CC information in the user database was encrypted, although regular user data was not.
A multitude of CFW sites and random news snippets around the world claim the opposite - that CC information was not encrypted and was instead provided in the DB table along with all other user data in simple text form.
Sad if true.
Dreamgazer
Member
Ushojax said:
As a general rule it's probably best to take the word of certain communities, who wishes for a certain mega-corporation to lose, with a grain of salt.
Dreamgazer
Member
Sew said:
Trust your credit card statements.
endlessflood
Member
Sony aren't going to put out an official statement especially in a case that's going to get this sort of public scrutiny unless everything they say is true, or they have a good and demonstrable reason to believe is true, at the time of the statement. Not to mention that a third party security firm is involved here and isn't going to damage their own reputation by lying for Sony.
The whole "credit card data isn't encrypted" rumour started because some people misread a hacker chat log and totally misunderstood what was being said about the SSL transfer process for credit card data, which is completely separate to how that data is stored in a database.
As other people have mentioned, to me the issue isn't the credit card data anyway getting a new credit card is a fairly quick and easy process. The personal info is the infuriating part of this theft, since getting a new name, address, and date of birth is a little fucking harder...
The whole "credit card data isn't encrypted" rumour started because some people misread a hacker chat log and totally misunderstood what was being said about the SSL transfer process for credit card data, which is completely separate to how that data is stored in a database.
As other people have mentioned, to me the issue isn't the credit card data anyway getting a new credit card is a fairly quick and easy process. The personal info is the infuriating part of this theft, since getting a new name, address, and date of birth is a little fucking harder...
VisanidethDM
Banned
Vagabundo said:
The nonbold part I won't comment, as it's rational and respectable customer disappointment.
However, I'd clarify on the bolded. Identity theft does exist, and for the most part it's a white/victimless crime; the kind of operations you can do through identity theft are limited, and the consequence on the actual person being victim of the theft are generally null. I'm talking about Europe here, but opening a loan through identity theft isn't possible; the kind of data required and the controls the loaning firm will perform are too extensive.
As I said, the case of someone using your card ONCE to buy something expensive in a shop is frequent, and it's also the kind of case covered by insurances. But here we're talking about CC scams.
Let's focus on identity theft: once again, I can't easily picture anyone getting anything serious out of it. Sure, let's assume someone steals enough of my data to buy a car. On my end, proving it's not me is gonna be quite easy (guy bought a car in a town that isn't my town of residence? I don't actually own the car, I didn't stipulate the insurance on it and so on).
Let's look at the guy now. He's giving the people he's buying the car from a phone address, an address and a ton of personal data he can't counterfect. He's also driving the car, so he needs an insurance, and the insurance won't be in my name, but his, so he's easily spottable once I denounce the issue. But wait, he's actually stipulating the insurance in my name! Cool, but he needs to be mailed his ticket, so he needs to give an address. And if he's stopped by the police? He's also producing a forged driving license with my name and his picture on?
Are you assuming someone will use your facebook/PSN data to start impersonating you 24/7? Do you have any real-life example you can link of something similar happening, where the victims were faced with consequences they couldn't clear themselves from?
As for the "crimes in your name" problem... I don't know what country you're from, but if in your country a person can commit a crime, and go through arrest, trail and bail without a picture being taken and his identity verified, the problem isn't identity theft. Even a simple speeding fine would be sent at your address. Or you'd see the bills coming in your bank account. You'd protest, you'd have an investigation, and unless the guy is impersonating you 24/7 while having no residence and traveling the country without staying in the same town for more than a week, he's be caught.
I'd be extremely intrigued with some real life examples of identity theft-based crimes, because my theoretical experience (based on my studies and limited court expertise) leads me to doubt there's any sensible criminal trying to pull them off with success.
Captain Tuttle
Member
Nah, be proactive. Call your bank/credit card company and do what they advise. If they aren't worried then I wouldn't be.Dreamgazer said:
They just have to assume everything was stolen once they knew there were intruders. Everything else is naive. You can come out and say you think everything was stolen and revoke that statement later. Many companies have done that in the past and there even was an article posted about how this is better than waiting before telling anything.Kccitystar said:
BeeDog said:Yay, just got the PSN mail in broken Babelfish-Swedish. Cool to see 1) I still exist in their records, and 2) that I can still receive PS-related mails.
if your theory about the password recovery system should turn out to be right .. (that we will get an activation email).. then you should be worried, because it took 3 days from the blog about the mails, untill you had the email.,. imagine that happening to activation mails..
test_account
XP-39C²
Indeed. One person might end up getting like $100 if he/she has 5 accountsSpeevy said:
Ah ok, i see. I didnt know about this rating system on Xbox Live, thanks for the info =)snap0212 said:
supermackem
Banned
megateto said:
What?.
fistwell_old
Member
Link or it didnt happen.megateto said:
Yes, a list with 4000 PSN ids, with their email accounts and their PSN passwords. I tried to log into two of the linked email accounts to see if the stuff was legit (you know, to see if the PSN and email passwords were the same). The first one didn't work, but the second one did. Got scared to death, posted in gaf.
Zoe
Member
Killthee said:
That's the list that contains CVV's which we know makes the claim false.
glaurung said:
IF that chat log isn't just two guys fooling around, that is only talking about the dangers of sending your credit card information across CFW. The example they gave of an "unencrypted" CC function is the way all web credit card functions are initiated.
test_account
XP-39C²
How can you check that they are legit when PSN is down? Unless your PSN ID was on that list?megateto said:
EDIT: Nevermind, i see now that you have replied to this =)
fistwell_old
Member
Yes, here for a start. Alternatively, email these people one by one.megateto said:
- Status