Support NeoGAF

[The Lamp]

I knew this garbage would be a possible consequence of the hacking of the PS3...and now it's actually come to fruition....*sigh*

 

[HomerSimpson-Man]

So... I am on a password change spree and i log into my gmail account.

This account is the same account that is associated with my PSN and has a password that's very similar.

Apparently someone in china has logged in to my account.

Unknown China (122.137.22.75) Apr 8
Unknown China (119.39.77.63) Apr 8
Unknown China (114.138.195.248) Apr 17

How do you check that in gmail?

 

[mr_nothin]

[Hacker sued] Haters: OMG Sony are evil I'm going to donate to hackers!
[Anonymous Hackers announce attacks to Sony] Haters: Fuck yeah! Sony deserves it!
[PSN stopped] Haters: It's not the hackers!
[Hackers behind confirmed] Haters: Sony should have better security!
[PSN in halt to improve security] Haters: I can't believe PSN is not up yet I'm giving up on PS3!

Seriously people, you suck.

I've been pretty pro-Sony throughout the whole GeoHot fiasco but I can really take that stance for their actions in this situation:

You forgot 1 thing:
Sony: "........................................"
Haters: WTF is GOING ON?\
Sony: "..................................?"
Haters: ?????
Sony: "...............OH YEA! I forgot, ur info miiiiiight have been taken"

 

[BosSin]

Holy shit, I can picture Jack Tretton causing tidal waves of sweat at the E3 conference now.

 

[syoaran]

lol


It's one of those things you can't just laugh off either. I wonder if MS/Nintendo will subtle troll this at E3.

I hate to generalise, but if it was the other way round, Sony would definitely troll them. But you would hope that MS/Nintendo's keynote speakers have some restraint, or at least a PR department that's drilled into them what "eating your own words" feels like in the long run.

In all fairness, there is no way to spin this for MS or Nintendo. MS have Windows software, which has tons of exploits and holes in their various platforms that has allowed people to steal tons of information over the years. Nintendo have a positive rep to maintain. Besides, Iwata has never kicked a Sony as far as I can remember, he always says that whatever Sony does, he doesn't really care. By troll'ing, both companies would simply be making fun of the loss of a lot of personal data and potential theft of personal money/identify theft/fraud in the future - not smart.

 

[Vestal]

Trusting client side security/validation is one of the stupidest things you can do.

T H I S right here.

 

[BeeDog]

People should try and take solace in the fact that:

1) If you're not stupid, you didn't share the password between your PSN account and your e-mail address.
2) If 1) is satisfied, then a password reset should be viable.
3) The amount of fake PSN accounts will no doubt make filtering out valid information a pain in the ass, and if someone finds something that's remotely real, the pairing of the e-mail address and the PSN password should stop the hackers/criminals in their track.
4) Any password resetting attempts using the secret answer should bounce back to your e-mail address, making it invalid. Let's hope you didn't use Mailinator then, lulz.

The main concerns here are:

1) If CC details leaked, obviously. Though I guess it's a little bit comforting that the security number doesn't leak too.
2) If they don't have a proper password reset practice in place. Then it will be a MAJOR pain in the ass for everyone.
3) If your purchase history lists are wiped clean. This would be the ultimate humiliation, and I would never really want anything to do with Sony ever again.

 

[Slayer-33]

"So... I am on a password change spree and i log into my gmail account.

This account is the same account that is associated with my PSN and has a password that's very similar.

Apparently someone in china has logged in to my account.

Unknown China (122.137.22.75) Apr 8
Unknown China (119.39.77.63) Apr 8
Unknown China (114.138.195.248) Apr 17"

Holy shit...

 

[IrishNinja]

[Hacker sued] Haters: OMG Sony are evil I'm going to donate to hackers!
[Anonymous Hackers announce attacks to Sony] Haters: Fuck yeah! Sony deserves it!
[PSN stopped] Haters: It's not the hackers!
[Hackers behind confirmed] Haters: Sony should have better security!
[PSN in halt to improve security] Haters: I can't believe PSN is not up yet I'm giving up on PS3!

Seriously people, you suck.

yeah, geohot and all that's clearly connected here! that's totally been established!

there's enough to cry about without garbage like this, man.

 

[SolidSnakex]

Wasn´t Sony legally required to announce this earlier ? With DSW shoes and company it was announced the next day.

If they knew about it earlier. There's no indication that they sat on this for days.

 

[erlim]

well that hacker sure showed us.

 

[Evlar]

Whoa... Where is this information?

Near the bottom of your Gmail page. It shows the last IP the account was accessed from, and an option to click through and see a history of past accesses. Don't recall how far back it goes.

 

[Requeim]

I doubt it, it would be in bad taste.

So microsoft is definitely going to do it

 

[Psy-Phi]

lol


It's one of those things you can't just laugh off either. I wonder if MS/Nintendo will subtle troll this at E3.

They won't. It could happen to them too. And if it did after some subtle trolling...it'd be a lot worse for them.

 

[Zaphod]

Yeh, gotta say that I am extremely disappointed that Sony waited this long to let us know how much information has been stolen. The delay has left everyone who has a PSN account at risk for what I can only assume was a desire on Sony's part to not have to admit how bad they were compromised. If I sat on critical information like this at my job I would be fired instantly. I'll wait for the whole story but right now it looks like Sony has handled this very poorly.

 

[pakkit]

Yes, I got a phone call of the bank of a suspicious transaction of 1 eurocent to a charity fund.
The bank already blocked the card and verified it with me if it was indeed fraud.

The hackers check the card this way. If it is a positive a large transaction will be made.

Like I said before I only use my card on PSN, Amazon, Ebay and Play-Asia guess which one was hacked.

Sheeeeeeeeeeeeit.

Hopefully this is a valuable lesson learned, if customer's money is lost in these data breaches however, it's Sony's ass on the line just as much as the hacker's.

 

[Jinfash]

GAF isn't one person.

Not even when 95% of the userbase share the same opinion on a certain matter? I can edit it into "everyone" if it doesn't sit well with you, just lemme know.

 

[Zoe]

So... I am on a password change spree and i log into my gmail account.

This account is the same account that is associated with my PSN and has a password that's very similar.

Apparently someone in china has logged in to my account.

Unknown China (122.137.22.75) Apr 8
Unknown China (119.39.77.63) Apr 8
Unknown China (114.138.195.248) Apr 17

China is always hacking into gmail. You should make a habit of keeping an eye on your account activity.

 

[QuiteWhittle]

How do you check that in gmail?

Google alerts you.

 

[erpg]

This fucking sucks. I'm not harboring any hate at Sony here, but the whole ordeal is terrible. Time to change some passwords.

 

[TheAtomicPile]

My pre-paid card fanaticism finally pays off.

Needless to say, I'll be sticking with this plan without compromise until I'm dead.

As far as other info like name, address, and phone number, I'm sure that my info has already been whored around to thousands and thousands of companies across the globe. Have fun with that shit, Mr. Hacker.

 

[Maxim726X]

I don't have evidence, nor do I need to have any to support my beliefs. I believe that jail broken PS3's that had network access are what ultimately allowed "hackers" to poke and prod around the network and gain access to the necessary information they needed to steal said information.

Rebug PS3's simply strengthen this belief. If said hackers can gain access to otherwise unauthorized networks and prod around, then who's to say they can't look elsewhere and dig their way into other areas via the PS3 and homebrew?

Thank god for those emulators though.

Well, as long as you state that they are beliefs and not at all steeped in fact.

It's a pretty large leap to suggest that someone who wants to play games for free is going to mastermind the hacking of one of the biggest corporations of the world.

 

[TheSeks]

What good is changing the ID's password and passwords for thousands of places you signed up for, if there is a person with your name and address and birthdate and shit that CAN LET THEM IDENTIFY THEFT EASILY?

Jesus Hellion Christ, Sony. You should've LET US KNOWN SIX DAYS AGO.

IfuckingMad.gif

There is no goddamn excuse for this. NONE.

someone complained that sony said "a few days" and it's taken longer. would you rather them put the PSN back up and THEN figure out the damage and put up new security measures?

No. We weren't asking for them to put the service back up quickly. We were however, ASKING THEM TO BE FUCKING TRANSPARENT (like this blog post) about what they're doing, what happened (EG: the important thing) and shit like IDENTITY THEFT POSSIBILITIES days ago.

The fact it took them SIX DAYS to let people know "Oh, hey, your information may be part of our newest game: Sony vs Identity Theft 3: Fate of your information being taken for a ride (doo-doo-doo~)" is FAILURE. There is no excusing it.

 

[lol51]

For those asking "How to check that info"

To see your account activity, click the Details link next to the Last account activity line at the bottom of any Gmail page.

 

[radioheadrule83]

How do you check that in gmail?

At the bottom of the page you'll see something like:

You are currently using 270 MB (3 %) of your 7576 MB.
Last account activity: 4 hours ago at this IP (xx.xx.xx.xx).  Details

Click details.

 

[LiK]

http://faq.en.playstation.com/cgi-bin/scee_gb.cfg/php/enduser/std_adp.php?locale=en_GB&p_faqid=5593

FAQ on the breach. it has some additional info

Q.11 Since when have PSN/Qriocity become unavailable and in which region?

PSN/Qriocity services have not been available since April 20 (US time) in all regions.

Q.12 How come it is taking so much time to resume the service?

We are taking the investigation seriously. We decided to keep the service down to allow us to conduct a thorough investigation and verify smooth operation of our network services.

Q.13 How serious is this? Have the hackers broken the security on PSN/Qriocity? Are you taking necessary measures to prevent such outage happening in the future?

Since this is an overall security related issue, we will not comment further on this case but we are working to restore and maintain the services, including countermeasures against future intrusions.

Q.14 When will the service resume?

We are taking the investigation seriously. We will keep the service down to allow us to conduct a thorough investigation and verify smooth operation of our network services but are working hard to resume the services as soon as we can be reasonably assured security concerns are addressed.

Q.15 Seems like SOE service was also not available/ suffering outage. Is this true? Is this due to the same reason as the PSN/Qriocity outage?

SOE's service is available although a service interruption due to an external attack did occur. A thorough investigation is ongoing.

Q.16 I want my money back (subscription fee, content) since the PSN/Qriocity was not available.

When the full services are restored and the length of the outage is known, we will assess the correct course of action.

Q.17 There seems to be some games that cannot be played even offline?

Depending on the game titles, but mainly PSN games, some may require access to PSN for trophy sync, security check, etc.

what a terrible faq. "we dunno, we'll tell you later"

 

[test_account]

Our fake accounts are slowing the process up.

Hehe, yeah. I wonder how many 2nd/3rd/4th etc. PSN accounts there actually are out there. Personally i have 2 PSN accounts.

 

[angelfly]

How do you check that in gmail?

Last account activity: 52 minutes ago on this computer. Details
You'll find that at the bottom just click on details

 

[PepsimanVsJoe]

Changed a bunch of passwords and I have a new credit/debit card on the way.

This is great...really fucking great.

 

[IonicSnake]

For anyone looking for a good free app where you can store your passwords I found one named Codebook made by Zetetic LLC.

 

[Stumpokapow]

[Hacker sued] Haters: OMG Sony are evil I'm going to donate to hackers!
[Anonymous Hackers announce attacks to Sony] Haters: Fuck yeah! Sony deserves it!
[PSN stopped] Haters: It's not the hackers!
[Hackers behind confirmed] Haters: Sony should have better security!
[PSN in halt to improve security] Haters: I can't believe PSN is not up yet I'm giving up on PS3!

Seriously people, you suck.

I'll rewrite your transcript.

[Guy who makes PS3 custom firmware sued] Some posters: OMG Sony are evil I'm going to donate to this guy!
[Anonymous, a group that has nothing to do with the first Guy, announces DDoS attacks against Sony] Some posters, including some posters from the first group, but not all the posters from the first group: Fuck yeah! Sony deserves it!
[PSN stopped, no reason given] Some posters who may or may not include anyone who was in the first two groups: It wasn't related to the first two things, but it could still have been unrelated hackers.
[Confirmation of a hack occurred with no information about who was behind it or what their motives were besides apparently stealing account information, a motive that is inconsistent with the first two groups] Some posters who may or may not include any of the first three groups but mostly just includes people who got their passwords stolen for no reason: Sony should have better security!
[PSN continues to be down, nominally improving security] Some posters who may or may not include the first four groups: I can't believe PSN is not up yet I'm giving up on the PS3.

Let me ask you two questions;

1) Do you think your version or my version is more accurate?

2) How is your post not an exact copy of "bunch of entitled whiners fuck gaf deal with it u mad doggie weekend gaf gave hivemind says x and now they say y haters gonna hate"? I mean, you've seen the terms of service, right? You've seen this thread, right?

 

[MThanded]

china gmail hacks are common place.

 

[JWong]

Changed a bunch of passwords and I have a new credit/debit card on the way.

This is great...really fucking great.

Lol, and I ain't changing anything because I'm not paranoid.

 

[Vamphuntr]

Whoa... Where is this information?

In gmail scroll down and click on the last activity on this account link. It will show you a list of IP that has accessed your account.

 

[Evlar]

Google alerts you.

Whether they actually alert you, rather than just putting the data in a link on your gmail page, is an option on the security settings for the account. After all, some people do travel from the US and Europe to China on business.

 

[gcubed]

For anyone looking for a good free app where you can store your passwords I found one named Codebook made by Zetetic LLC.

KeePass w/ Dropbox. Life is good

 

[Steve Youngblood]

Not even when 95% of the userbase share the same opinion on a certain matter? I can edit it into "everyone" if it doesn't sit well with you, just lemme know.

Is it really 95% of the userbase? Or does that just facilitate quick "everyone but me is a hypocrite" drive-by feelgoodery?

 

[Requeim]

Hehe, yeah. I wonder how many 2nd/3rd/4th etc. PSN accounts there actually are out there. Personally i have 2 PSN accounts.

I have 4, lol.

 

[MThanded]

How do you check that in gmail?

They have it so it will automatically tell you on login to the web interface.

 

[Zoe]

Near the bottom of your Gmail page. It shows the last IP the account was accessed from, and an option to click through and see a history of past accesses. Don't recall how far back it goes.

It shows your last 10 sessions. If there's an anomaly it will notify you.

I recently printed something from a coffee shop printer that has an app for Google Docs, but because it connected through HP's servers in Atlanta (while I'm in Austin), it flagged it as abnormal activity when I logged on again later.

 

[spindashing]

what a terrible faq. "we dunno, we'll tell you later"

The impression I got from it was, "We know. It's pretty bad, but we don't want anyone to worry."

 

[Crisco]

Credit card is no big deal. That is the bank's problem. Dishing out the rest of your info including security phrases and passwords is quite serious though.

Yeah, except that isn't really possible. At all. Sony doesn't store that shit in plain text, and if they did, some Japanese kid would have been running amok with your online accounts 3 years ago.

 

[teiresias]

CC info? Meh, easy to monitor and change if you want to be proactive about it.

The password stuff isn't even really all that important, but is Sony saying they actually kept the passwords on their servers rather than the hashes?

 

[zoukka]

So... I am on a password change spree and i log into my gmail account.

This account is the same account that is associated with my PSN and has a password that's very similar.

Apparently someone in china has logged in to my account.

Unknown China (122.137.22.75) Apr 8
Unknown China (119.39.77.63) Apr 8
Unknown China (114.138.195.248) Apr 17

Shit just got real.

 

[QuiteWhittle]

Whether they actually alert you, rather than just putting the data in a link on your gmail page, is an option on the security settings for the account. After all, some people do travel from the US and Europe to China on business.

Yeah, I know. I'm just assuming from their reactions that they haven't changed the default security settings yet.

 

[Blimblim]

Looks like this is exactly what I thought had happened a few days ago. Not that I'm happy about being right, but it shows that once again you should never trust the client side in a client/server configuration. Security through obscurity always work from some time, and then you become complacent and put too much trust into it. And then this type of things happen.

 

[Mr. Spinnington]

As far as other info like name, address, and phone number, I'm sure that my info has already been whored around to thousands and thousands of companies across the globe.

i'll mail them my shit if they just bring PSN back

 

[Kusagari]

At the bottom of the page you'll see something like:

You are currently using 270 MB (3 %) of your 7576 MB.
Last account activity: 4 hours ago at this IP (xx.xx.xx.xx).  Details

Click details.

Is there a way to get a bigger list than it gives you? I sign in and out of gmail so frequently that the short list it gives you only goes up to 2 days ago for me.

 

[knitoe]

Thank goodness, my last order directly from PSN was in 2007. Since then, I have moved and changed my credit card info. Proves once again Sony is amateur at internet related stuff.

 

[daffy]

what a terrible faq. "we dunno, we'll tell you later"

What? They provided answers there and the ones they didn't answer are left vague because they're in a security case talking to a firm.