Support NeoGAF

[benny_a]

Patrick Klepek from Giant Bomb:

"For those who were asking, Sony has just confirmed to me there is currently no way to determine what password you were/are using on PSN. If you're worried at all, you should probably change your password used across the Internet."

If that is true, which for any Software company in 2011 ought to be true that at least dampens it a little bit.

Still: Change your passwords if you re-use them in several services.

 

[SlipperySlope]

How the hell can they get your password? PSN should be MD5'ing that shit. No reason a password should be unencryptable.

 

[JudgeN]

Well this does suck alot, don't really care about my information and I will just watch my CC like I do everyday. But if this does hurt Sony really bad then i'm stuck with crappy Microsoft and Nintendo for console choices. Maybe Naughty Dog/Sucker punch/FROM will start making PC games then everything will be all good again.

 

[Wazzim]

Well.. fuck this. I can see why they shut it down now but crap, couldn't they have a better security?

No wonder Anon is denying responsibility. They probably did it and knowing the damage they did...how can they keep saying that DDoS is "peaceful" and "harmless". If they accepted responsibility then they couldnt take that stance at all. Anon isn't just a bunch of script kiddies doing DDoS attacks....

I think it's too big of a coincidence.

Oh come the fuck on, Anonymous isn't there to do this shit.

 

[MThanded]

If you want a credit report you should always get it from
https://www.annualcreditreport.com/

Be forewarned.

AnnualCreditReport.com is the ONLY authorized source for the free annual credit report that's yours by law. The Fair Credit Reporting Act guarantees you access to your credit report for free from each of the three nationwide credit reporting companies — Experian, Equifax, and TransUnion — every 12 months. The Federal Trade Commission has received complaints from consumers who thought they were ordering their free annual credit report, and yet couldn't get it without paying fees or buying other services. TV ads, email offers, or online search results may tout "free" credit reports, but there is only one authorized source for a truly free credit report.

http://www.ftc.gov/bcp/edu/microsites/freereports/index.shtml

US only I assume.

 

[darkwing]

How much is this hurting the new SOCOM that just came out?

I feel bad for them too.

its going to hurt all PS3 games now and in the future

 

[spindashing]

Sorry for my bluntness, but:

Are there any reports of anyone's Credit Card/Debit Card being utilized as a result of this hack?

 

[Trevelyon]

So.....your PSN password was the same as the password on all of these accounts??

Yeah, kinda, sorta. is it really that far fetched?

 

[Rebel Leader]

It's on Reuters now

http://www.reuters.com/article/2011/04/26/us-sony-stoldendata-idUSTRE73P6WB20110426

maybe mad money is next?

 

[SmithnCo]

But seriously GAF, what's Qriocity? I own a PS3, feel like I know a fair bit about video gaming, I literally have no idea.

I know you can deactivate PS3s or PSPs tied to your account with it. I have literally not used it for anything else or know what it does, lol.

 

[FunkyPajamas]

Ami wasn't being serious though, was he?

 

[Jinfash]

Worst thing about this is that I have PSN password saved and I can't remember which of my 4 passwords I've used, and there's no way of confirming it at the moment. Changing every account attached to all four will probably take me days :-\

 

[Averon]

You can still contest charges at your bank but the money is still out of your account until they rule in your favor which can take a while.

I hope it doesn't come to that. I used the card on PSN once over a year ago. And deleted the info off of the PS3 (the fact that it saved the info on the PS3 is what spooked me to delete it). Hopefully I'm in the clear.

 

[heyf00L]

No they werent. The passwords on gawker were all encrypted, you can go download the list from torrent sites if you want.

Actually with some more research we're both wrong. They weren't plaintext nor encrypted (which would be nearly as bad as plaintext). They were salted and hashed with a really old method that was easily reversed.

Sony is saying that passwords were compromised. So they were either stored as plaintext, encrypted, or used an old hashing method.

 

[daffy]

The fact that we will continue after this incident to revel and enjoy the hacker culture is pretty embarrassing to me. You can say Sony brought this on yourselves if you want, but you will also continue to let hackers have their way for the sake of fun as well.

 

[Wizeguy21]

with 75 million users.. there is no way they took everyones info right?

 

[jett]

You can change it. You can't change the PSN ID (handle) however.

I mean for all the other places I use my e-mail for. Wish I had known I could change my PSN username before though...

 

[brucewaynegretzky]

Times' writeup.

http://www.nytimes.com/2011/04/27/technology/27playstation.html?hp

 

[Vagabundo]

ahahahah that one never gets old. There's a similar one for another mod, also about Final Fantasy XIII, that's also very funny. I love these crow eating pictures. Hahaha. (Seriously, I'm not being facetious)

Is it not bad taste to laugh at your fellow mods?

 

[Evlar]

Patrick Klepek from Giant Bomb:

"For those who were asking, Sony has just confirmed to me there is currently no way to determine what password you were/are using on PSN. If you're worried at all, you should probably change your password used across the Internet."

If that is true, which for any Software company in 2011 ought to be true that at least dampens it a little bit.

Still: Change your passwords if you re-use them in several services.

Yeah, that's a little good news.

 

[lupinko]

I also refuse to believe that nobody has ever attempted something with this on XBL with the target MS has on there backs.

Nah, MS has that shit on lock.

Yeah, this really sucks, I'll just leave it at that.

 

[Doc Evils]

WHAT THE FUCK SONY. WHAT THE FUCK

My details have been stolen?????

GAAAAAAH.

 

[ultron87]

So what site do you recommend I sign up on for a credit report?

Go to any of the three linked in the press release and put out a fraud alert for your account.

Everyone should do this at the very least.

 

[Stumpokapow]

How the hell can they get your password? PSN should be MD5'ing that shit. No reason a password should be unencryptable.

MD5ing is not acceptable given the proliferation of MD5 rainbow tables and its weak cryptographic strength to begin with. SHA-1 would be considered a minimum standard for password encryption and enterprise-level stuff serving large groups of users should be beyond that.

 

[lunarworks]

Oh, Sony. Why so many fuck-ups lately?

I still have faith in you.

But not much.

 

[Rebel Leader]

Sorry for my bluntness, but:

Are there any reports of anyone's Credit Card/Debit Card being utilized as a result of this hack?

Not at this moment. Checked my account, nothing shady.

 

[dude]

No wonder Anon is denying responsibility. They probably did it and knowing the damage they did...how can they keep saying that DDoS is "peaceful" and "harmless". If they accepted responsibility then they couldnt take that stance at all. Anon isn't just a bunch of script kiddies doing DDoS attacks....

I think it's too big of a coincidence.

There no way it's Anon.
But you should hope that it is, at least then you know your data is not going to be sold to some Russian criminal ring who'll steal your identity.

 

[Tron 2.0]

Sorry for my bluntness, but:

Are there any reports of anyone's Credit Card/Debit Card being utilized as a result of this hack?

Anecdotal, some in this thread, but it's impossible to tell if they are related to the PSN crack.

 

[alphaNoid]

long live the always-on, always-connected, microtransaction and pay-to-play future, right? :\

so precisely how screwed is sony now?

I would say for the short term they are still fucked, I mean PSN is still down and they probably have a fraction of the details unveiled. The process is going to be long and slow, extremely bogged down with legalities for many years. Law suits, criminal cases and the biggest thing here (IMO) is the tarnished Playstation name.

I don't think its just PSN, because it was widely known that the PS3 has been 'hacked' not long ago. That started the whole Sony vs GeoHotz legal run, which probably lead to where we are today. The timeline of it all will be remembered as one... PS3 and PSN both got hacked badly... about as bad as it can get.

So ultimately the real question is can Sony repair the Playstation brand? Think about E3 for instance, its like 6 weeks out... how on earth is Sony going to stand on a stage, face the world and try to pretend everything is ok and convince people to get excited about anything? I can tell you right now, if even enthusiasts here on GAF are pissed at Sony you can bet the average Joe consumer is probably furious.

People will eventually forget, but it will take a long ... long time to recover the brand (I think). Its been a bad generation for Sony.. it certainly doesn't resemble the PS2 days.

 

[Jinfash]

ahahahah that one never gets old. There's a similar one for another mod, also about Final Fantasy XIII, that's also very funny. I love these crow eating pictures. Hahaha. (Seriously, I'm not being facetious)

I bet it's Kagari's :lol

 

[NullPointer]

In situations like this its much better to assume the worst and take steps to secure your billing info imo.

 

[darkwing]

with 75 million users.. there is no way they took everyones info right?

even if its just 1% its still a huge number

 

[MThanded]

How the hell can they get your password? PSN should be MD5'ing that shit. No reason a password should be unencryptable.

rainbow tables.

 

[Data West]

So I have a debit card in there, what should I do Gaf?

Call your credit union and tell them you need a new debit card. You technically don't have to let them know what happened, but I would. Mine charges 5 dollars for a new card, but that's about it. It took me like 5 minutes to set up a new pin, get a new card ordered, and have them cancel the current one

 

[Sblargh]

Dude last week when it starting i said to you guys that personal information was stolen but credit card information not, because SONY did an extensive investigation about the credit card info LINK to users PSN, and they didn´t found nothing, that was what my source told me, and i put it on gaf, some believe me some didn´t.

Right now my source is telling me that is only as a matter of precaution that SONY is mandating to users to be cautious with their CC STATEMENTS, but as of now SONY hasn´t found any confirm evidence that CC info was stolen, but personal data of users have been retrieve.

Oh and another thing the personal data of users is not as big as some of here think it is.

This is also what it sounds like from their statement. It doesn't seem they honestly think CC info was stolent, but since they can't be 100% sure, they have to tell people to put the cards on alert.
I won't judge people's precaution and a security breach *is* something to be pissed about, but it don't seem really that awful. Password is really the big thing they got, the rest, as someone said, is already on your facebook.

 

[Vagabundo]

How do I find out what info I have on PSN?

I cannot really remember what I put there.

 

[MMaRsu]

Wow what the fuck, Sony is so incompetent.

I need to change my passwords again..fuck.

 

[devildog820]

So what site do you recommend I sign up on for a credit report?

annualcreditreport.com

Don't pay for their BS score, just get the report from one of the big three (doesn't matter which).

Why were passwords not hashed? Am I to believe Sony security engineers were as stupid as Gawker security engineers? Or is Sony not explaining the nuance that hashed passwords were taken and people are stupid and use easily hackable passwords (password, 123456, etc.)?

edit: at least hashed with SHA-2 or something.

 

[Uno Venova]

with 75 million users.. there is no way they took everyones info right?

I believe Sony shut it down before it could get that bad.

 

[gcubed]

Sorry for my bluntness, but:

Are there any reports of anyone's Credit Card/Debit Card being utilized as a result of this hack?

there is no reports of anything being utilized (username/passwords or CC). The data could have been encrypted, but if the encrypted files are outside of Sony's control its best to assume it is tainted.

 

[Aquavelvaman]

So we need a guide to wtf to do about this right now. Obviously I'm changing all of my passwords across the board. I'll get on canceling my debit card and getting a new one tomorrow (a huge hassle considering how many things I have tied to that card already).

What is the purpose of signing up for credit report websites? Just to make sure someone isn't opening new credit accounts in my name? Is that what I'm looking for? Holy fuck this is such a pain.

 

[DenogginizerOS]

Are they going to reset all account passwords and email users a new temporary password?

 

[Beer Monkey]

MD5ing is not acceptable given the proliferation of MD5 rainbow tables and its weak cryptographic strength to begin with. SHA-1 would be considered a minimum standard for password encryption and enterprise-level stuff serving large groups of users should be beyond that.

Of course, knowing Sony, if they encrypted the passwords there would be a file called c:\keys.txt on the authentication cluster.

 

[Qaz Kwaz]

Just canceled my credit card. Thanks, Sony, you fucking morons.

For password management, KeePass is great. Luckily my passwords aren't affected, since I use a different one for most sites these days.

 

[IonicSnake]

Not going to cancel my CC but I will keep my eye on my account to see if something wierd happens. Changed all my passwords though.

 

[V_Ben]

I believe Sony shut it down before it could get that bad.

I seriously hope so.

 

[godhandiscen]

http://www.youtube.com/watch?v=bV-hSgL1R74

 

[Kusagari]

How do I find out what info I have on PSN?

I cannot really remember what I put there.

Guess what, YOU CAN'T!

 

[RyanDG]

I believe Sony shut it down before it could get that bad.

In their FAQs, they specifically state they think everyone's was compromised.

 

[Barrett2]

So how bout that Sony / Steam partnership, ehh??? :/