Support NeoGAF

[radioheadrule83]

http://www.md5rainbow.com/

They should really be salting their hashes and I'm sure they do.. they could store another variable(s) / key for decryption on the client side, rendering hashed passwords on the server next to useless.

Its not the PSN usernames and passwords that are worrying though really, its the identify information, billing addresses, DOBs and so forth. Credit card long numbers and expiry dates. Surely they didn't store the CSC / CVV numbers of cards?

 

[GeoramA]

What about our trophies? Are they safe?

Yes. You may have to re-sync them all again, worst-case scenario of course.

 

[Garjon]

PICK YOUR POISON.....this all happened since LAST MONTH. I have never seen so many high level outages, including PSN. Scary times for us indeed....beware Skynet!!



http://www.csoonline.com/article/678846/bank-customers-warned-after-breach-at-epsilon-marketing-firm

http://www.rsa.com/node.aspx?id=3872


http://www.macworld.com/article/159447/2011/04/amazon_cloud_outage.html

Wait, what the hell? Has a prominent form of encryption been broken recently or something? Shouldn't the effects of this be more widespread?

 

[Neuromancer]

Should I change my university password? The hackers might sign me up for a bunch of art classes.

Oh man... Or interpretive dance

 

[spindashing]

Should I change my university password? The hackers might sign me up for a bunch of art classes.

They might sign you up for an English degree.

 

[daffy]

Both are to be blamed but Sony should have taken the necessary precautions to protect our information.

Hackers should be blamed for being low life losers.

But we aren't going to think about finding and suing any of them. We can clearly see Sony so they are the bigger target

 

[darkwing]

who in Sony would want to speak at E3 LOL

 

[graywolf323]

wow this has made it on Drudge Report now even

 

[sangreal]

Great... I don't even use psn and I don't care about my credit card number being leaked but the rest is a very big deal

 

[Dizzy]

So is it worth getting a new debit card? Sony said they didn't get the security numbers....but I don't know how this all works. I'm assuming since it's a 3 digit pin it could easily be found?

 

[Wazzim]

I understand the frustration. But why rage at Sony if we don't know whether they could have prevented it yet?

The fact that it didn't happen at Nintendo or Microsoft is enough proof for me that they fucked up.

 

[VALIS]

All this outrage at Sony, barely any for the hackers. This does suck, though.

Hackers try to pilfer information from most networks and customer databases. They fail most of the time. They didn't fail this time. Plus add that Sony was completely silent about this for almost a week, and they look really bungling right now.

 

[SmithnCo]

What about our trophies? Are they safe?

They are stored locally so at worst you'd have to do a big re-sync probably.

Trophies are probably the last things on Sony's mind right now.

 

[Mr. Spinnington]

THANK YOU!

I just checked and the card they have on file has since expired. This makes me feel better.

loooooooool they can enjoy my closed account and maybe $20 in PSN credit



which i hope they leave so i can pilfer to my heart's content next time P3P goes on sale

 

[LiK]

no one else used a different pw for each site? security 101 my friends.

 

[Miggytronz]

I can see it now.....


e3 Playstation reps walk on stage.
Loud BBOOOOOOOOOO's

 

[Nizz]

I've posted this before. Essentially, I do work for an online marketplace. Even if a customer chooses not to store his information, in the purchase histories, certain account level types do have the ability to still see the full credit card information. I'm not saying that this is 100% the case with Sony, but just because you don't store the information doesn't guarantee that the information wasn't available IF the other credit card #s on the network were compromised.

Thanks so much for answering. Now I'm a little worried...

 

[borghe]

How can anyone try and link this to the CFW stuff? Ever heard of packet sniffing? You don't need a PS3 to brute force yourself through to a PSN server.

all communication was SSL encrypted. Packet sniffing would have never shown anyone anything. Not even post data, etc. Query string data at best. With CFW, hackers could now see the post requests before they were encrypted, hence knowing what variables to brute force. So yes, this breach is 100% the result of CFW. Now that doesn't excuse the lack of backend security, but as long as the PS3 remained secure, hacking PSN would be like finding a needle on a planet covered in hay.

 

[RobbieNick]

Dear Playstation,

I just had $200,000 taken out of my bank account thanks to your huge fuck-up with my personal info. What are you gonna do about that?!!

Kevin Butler - Ummmmm.............................................................................shit.

PLAYSTATION: IT JUST DOES IDENTITY THEFT

 

[BeeDog]

Holy shit, I can picture Jack Tretton causing tidal waves of sweat at the E3 conference now.

 

[Neuromancer]

If I notice so much as one piece of furniture has been moved in my Home apartment when I get back, so help you Sony

 

[Vamphuntr]

who in Sony would want to speak at E3 LOL

NEW FEATURE FOR NGP

Encrypted password on the PSN Store.

 

[spindashing]

Not to be "that guy", but do you think Sony will compensate us somehow for this tragic event?

Free money?

 

[benny_a]

Surely they didn't store the CSC / CVV numbers of cards?

They said they didn't.

 

[ShortBus]

Stop crying you fucking babies, and to all the lowlifes blaming sony rather than the hackers, this could have happened to any major company, and if the 40 people the FBI are after arnt to blame, it will be some guys using the geohat scandal to cover it up.

A bit harsh.

NeoGaf has always endorsed the hacking of the PS3.
You're posting on a pro-hacking forum. Most of Gaf will always side with hackers.
those who DO put blame on the hacker(s),should be in the CFW thread,not in here.

Sony is still fucking up by not sending PSN customers an email about the breach. SERIOUSLY?! Come on man! Pathetic.

It is.

[Hacker sued] Haters: OMG Sony are evil I'm going to donate to hackers!
[PSN stopped] Haters: It's not the hackers!
[Hackers behind confirmed] Haters: Sony should have better security!
[PSN in halt to improve security] Haters: I can't believe PSN is not up yet I'm giving up on PS3!

Seriously people, you suck.

Pretty much...

 

[syoaran]

I don't know why people are saying E3 will be a circus this year. Sony's de-facto response to criticism when the mic's are on is, "no comment". This will get very buried unless the network stays down until E3, or if every member of the (non)gaming press start every interview and press briefing Sony has with, "About the PSN info stolen" for the next 7 weeks.

 

[SappYoda]

[Hacker sued] Haters: OMG Sony are evil I'm going to donate to hackers!
[Anonymous Hackers announce attacks to Sony] Haters: Fuck yeah! Sony deserves it!
[PSN stopped] Haters: It's not the hackers!
[Hackers behind confirmed] Haters: Sony should have better security!
[PSN in halt to improve security] Haters: I can't believe PSN is not up yet I'm giving up on PS3!

Seriously people, you suck.

 

[Ferrio]

all communication was SSL encrypted. Packet sniffing would have never shown anyone anything. Not even post data, etc. Query string data at best. With CFW, hackers could now see the post requests before they were encrypted, hence knowing what variables to brute force. So yes, this breach is 100% the result of CFW. Now that doesn't excuse the lack of backend security, but as long as the PS3 remained secure, hacking PSN would be like finding a needle on a planet covered in hay.

Trusting client side security/validation is one of the stupidest things you can do.

 

[sixteen-bit]

Not to be "that guy", but do you think Sony will compensate us somehow for this tragic event?

Free money?

I doubt it

 

[Rated-Rsuperstar]

What about our trophies? Are they safe?

Real talk.

 

[Crisco]

lol at the hyperbole in this thread. Did you people just get credit cards and start using the internet last week? I've been buying shit online with a credit/debit card since 1999. I have more online accounts/passwords then probably anyone else here, and most of them have my payment info. I've had my credit card info stolen 3 times, my debit card once. Hell, I had my entire WALLET (drivers license, SS card, all my cards) jacked once and nothing came of it. You call your bank, have them remove the charges, they send you new cards and you move on. It's annoying but hardly the end of the world. There are safeguards at every level against identify theft, and as long as you stay vigilant it's just not going to happen. But whatever, continue overreacting.

This does make Sony look pretty bad though, they should have just never said anything and blamed the whole outage on something else (like I'm sure most companies that this happens to do).

 

[Slayer-33]

Wow, I hadn't played on my 360 for three months and this happened. If I lose access to my account or PSN games I'll be going PC-only from then on. What a fucking travesty. Consoles, huh?

How does any of this have to do with 360? lol.

 

[SmithnCo]

I can see it now.....


e3 Playstation reps walk on stage.
Loud BBOOOOOOOOOO's

Actually, there will be a lot of attendants, and right when Sony are showing the Last Guardian trailer there will be a massive power failure, then when the lights go on everybody will find that their wallets were stolen.

But seriously, it will be very interesting to see how Sony handles this at E3.

 

[Kusagari]

Not to be "that guy", but do you think Sony will compensate us somehow for this tragic event?

Free money?

The compensation is the inevtiable class action lawsuit.

 

[Requeim]

I can see it now.....


e3 Playstation reps walk on stage.
Loud BBOOOOOOOOOO's

>walks on stage
>boos
>uncharted 3 video
>cheers
>everything went better than expected

 

[WickedLaharl]

this is fucking bullshit. i'm so pissed off at sony's complete and utter incompetence.

already went ahead and canceled my card. now i'll have to go into the bank tomorrow and request a new one. then i'll enjoy the fun of having to update my info on every fucking service i use that card for once i get it.

just fucking great.

 

[GeoramA]

Not to be "that guy", but do you think Sony will compensate us somehow for this tragic event?

Free money?

They won't because they don't have to.

 

[darkwing]

Holy shit, I can picture Jack Tretton causing tidal waves of sweat at the E3 conference now.

lol i'd imagine a low level peon manning the E3 conference now to face the boos

 

[RyanDG]

Thanks so much for answering. Now I'm a little worried...

Just be vigilant in checking your acct and credit report. I wouldn't cancel the card outright unless you see suspicious activity.

 

[lifa-cobex]

I mean, I can't predict the future, but I don't think that people are not going to buy the system because it was previously hacked. They can easily buy it and buy a card in store, or buy a PSN card or code on Amazon. But who knows.



I found out from Twitter. :/ Sony should have E Mailed us.

People that look into things might eventually feel OK with Sony sometime in the future but you're average household Mum will probably feel very different.

I dunno. I'm still shocked.

 

[test_account]

Sony is still fucking up by not sending PSN customers an email about the breach. SERIOUSLY?! Come on man! Pathetic.

Isnt it being sent out? That danish Playstation facebook account had a post about it at least, but that it could take a while before every 77 million accounts got the mail.

 

[Xenon]

Sony's PR strategy

 

[CadetMahoney]

Sony's PR strategy

lol

Holy shit, I can picture Jack Tretton causing tidal waves of sweat at the E3 conference now.

It's one of those things you can't just laugh off either. I wonder if MS/Nintendo will subtle troll this at E3.

 

[Splash Wave]

So what should I be doing right now to protect myself--just changing passwords?

 

[Evlar]

A bit harsh.

NeoGaf has always endorsed the hacking of the PS3.
You're posting on a pro-hacking forum. Most of Gaf will always side with hackers.
those who DO put blame on the hacker(s),should be in the CFW thread,not in here.


It is.

Uhhh, what?

 

[TheFLYINGManga_Ka]

How about our security question? Isn't that unchangeable?

Was that stolen also?

 

[Neuromancer]

NEW FEATURE FOR NGP

Encrypted password on the PSN Store.

For Plus members

 

[criesofthepast]

My credit card info has never been kept on my profile indefinitely. Always added/removed it with every purchase I made (thank you OCD).

If credit card #'s were compromised then I hope I am safe and sony wasn't storing my number on their end somewhere for god knows what reason. I have a feeling I am not immune to this, though, and my credit card info is still somewhere in the depths of sony's servers.

I'm more pissed about my name, home address, and email address being compromised. Fraudulent credit card charges can be taken care of with ease by any major credit card company. Not too worried about that as much.

My passwords were secured with lastpass after the gawker shit went down and they are all random so I don't really give a shit about that either.

 

[LiK]

So what should I be doing right now to protect myself--just changing passwords?

if you use the same pw for PSN and other sites. yes.

 

[AgentChris]

Sony's PR strategy

LOL
Thanks for the laugh.