Support NeoGAF

[Felix Lighter]

If they knew about it earlier. There's no indication that they sat on this for days.

Considering the steps they took, they obviously knew it was a real possibility. There is no excuse.

 

[gcubed]

Shit just got real.

i'd say that has zero to do with this.

 

[Yoshichan]

Wait, how the fuck am I supposed to take down my creditcard number from PSN when I can't even log in to PSN?

 

[MThanded]

Shit just got real.

China gmail hacks are common place and his account got accessed prior to the psn supposed hack day.

 

[Paches]

What I am curious about is the how the attack worked and what measures the hackers employed. I have a sick curiosity in how people break in to systems and leak massive amounts of private info.

 

[Vamphuntr]

It's on CBC too now

http://www.cbc.ca/news/technology/story/2011/04/26/sony-playstation-network-hacked.html

 

[narwhalSTAB]

So... I am on a password change spree and i log into my gmail account.

This account is the same account that is associated with my PSN and has a password that's very similar.

Apparently someone in china has logged in to my account.

Unknown China (122.137.22.75) Apr 8
Unknown China (119.39.77.63) Apr 8
Unknown China (114.138.195.248) Apr 17

Interesting. I'm glad I used a unique password for PSN that I don't use anywhere else.

 

[DoctorButt]

this is libyas' fault

 

[darkwing]

Hehe, yeah. I wonder how many 2nd/3rd/4th etc. PSN accounts there actually are out there. Personally i have 2 PSN accounts.

lols i have like 4

 

[Cartman86]

So... I am on a password change spree and i log into my gmail account.

This account is the same account that is associated with my PSN and has a password that's very similar.

Apparently someone in china has logged in to my account.

Unknown China (122.137.22.75) Apr 8
Unknown China (119.39.77.63) Apr 8
Unknown China (114.138.195.248) Apr 17

April 8th before the hack... Sounds like what happens quite often. China trying to hack gmail accounts.

We don't have any real evidence yet that peoples accounts are being hacked nor do we know if the credit card information has been stolen.

 

[Painraze]

You are currently using 867 MB (7 %) of your 7576 MB.
Last account activity: 2 hours ago at this IP (geoHOT).  Details

Oh shi...!

 

[SappYoda]

I've been pretty pro-Sony throughout the whole GeoHot fiasco but I can really take that stance for their actions in this situation:

You forgot 1 thing:
Sony: "........................................"
Haters: WTF is GOING ON?\
Sony: "..................................?"
Haters: ?????
Sony: "...............OH YEA! I forgot, ur info miiiiiight have been taken"

http://forums.sarcasticgamer.com/showpost.php?p=645846&postcount=734

 

[Maxim726X]

Is there a way to get a bigger list than it gives you? I sign in and out of gmail so frequently that the short list it gives you only goes up to 2 days ago for me.

Same here.

Apparently they alert you if it is accessed in an odd location.

 

[Cth]

I just saw some more helpful advice.

Don't cancel credit cards, but rather, ask for a replacement. Cancelling can impact credit negatively.

 

[EternalGamer]

[Hacker sued] Haters: OMG Sony are evil I'm going to donate to hackers!
[Anonymous Hackers announce attacks to Sony] Haters: Fuck yeah! Sony deserves it!
[PSN stopped] Haters: It's not the hackers!
[Hackers behind confirmed] Haters: Sony should have better security!
[PSN in halt to improve security] Haters: I can't believe PSN is not up yet I'm giving up on PS3!

Seriously people, you suck.

As far as we know, Geohotz had absolutely nothing to do with the hacking at all. So it goes more like this:

1. Geohotz, a kid, is sued by Sony, a huge corporation, for creating a way for people to mod their own systems.

Sony is unnecessarily malicious.

2. Some unknown group of basement dwellers are able to destroy Sony, a multi-billion dollar company--'s online security protocols.

Sony is extremely incompetent.

3. Sony waits a week to tell us all that our information was compromised.

Sony is very stupid.

Nobody is defending the group responsible for hacking their servers here. Hell, I don't even care if someone wants to rail against Geohotz at this point. None of it changes the fact that this huge company has earned the label of incompetency and should no longer be trusted with our private information ever again.

 

[daffy]

Shit just got real.

It's been real for awhile actually

 

[CadetMahoney]

I just saw some more helpful advice.

Don't cancel credit cards, but rather, ask for a replacement. Cancelling can impact credit negatively.

surely "lost or stolen" lies won't hurt credit?

How...inconvenient.

Now I have to cancel my cards and change all my information on everything I ever used that email address with -_-

wipes tear from eye.

 

[Mr. Enigma]

Thankfully, my PSN password is completely different from all my other passwords. My PSN password is the only one I didn't change after the Gawker incident.

I didn't get my PS3 until August 2010. I only got it to play the MLB The Show games. I've only bought two things ever on PSN and did that with a pre-paid $20 card.

Even though I'm safe, this is going to inspire me to never use my credit card for this shit again. Also, I will be taking this stance with Xbox Live as well. I'll be removing my credit card from that service (or at least attempt to; I've heard the horror stories) and going pre-paid from now on.

 

[iammeiam]

This is pretty inexcusable. What kind of shitty encryption do they use where all my CC data may be hanging out there?

 

[Raist]

Well I guess these snes emulators and backup managers were worth it.

 

[TOAO_Cyrus]

Wait, how the fuck am I supposed to take down my creditcard number from PSN when I can't even log in to PSN?

It doesn't matter, the breach already happened and is not ongoing. If it was taken then removing it from PSN won't do a thing.

 

[Barrett2]

Does PSN take Amex? I probably used my Amex card.

Yes. My Amex is linked to my PSN account.

 

[BeeDog]

I hope people don't mind that I'm quoting myself, since I see it as some kind of mini-summary on what to expect (if I'm incorrect, I would appreciate corrections). Maybe this may comfort some of you.

People should try and take solace in the fact that:

1) If you're not stupid, you didn't share the password between your PSN account and your e-mail address.
2) If 1) is satisfied, then a password reset should be viable.
3) The amount of fake PSN accounts will no doubt make filtering out valid information a pain in the ass, and if someone finds something that's remotely real, the pairing of the e-mail address and the PSN password should stop the hackers/criminals in their track.
4) Any password resetting attempts using the secret answer should bounce back to your e-mail address, making it invalid. Let's hope you didn't use Mailinator then, lulz.

The main concerns here are:

1) If CC details leaked, obviously. Though I guess it's a little bit comforting that the security number doesn't leak too.
2) If they don't have a proper password reset practice in place. Then it will be a MAJOR pain in the ass for everyone.
3) If your purchase history lists are wiped clean. This would be the ultimate humiliation, and I would never really want anything to do with Sony ever again.

 

[Paches]

You are currently using 867 MB (7 %) of your 7576 MB.
Last account activity: 2 hours ago at this IP (geoHOT).  Details

Oh shi...!

I know IPv6 used hex but that doesn't look right....

 

[Yoshichan]

It doesn't matter, the breach already happened and is not ongoing. If it was taken then removing it from PSN won't do a thing.

WOW.

 

[zoukka]

China gmail hacks are common place and his account got accessed prior to the psn supposed hack day.

Shit just went back in the rectum.

 

[RustyNails]

Can I make that burglar analogy now

 

[Zoe]

Wait, how the fuck am I supposed to take down my creditcard number from PSN when I can't even log in to PSN?

It's too late. If your information was in there when the attack happened, doing something now wouldn't change anything.

 

[Mr. Spinnington]

Wait, how the fuck am I supposed to take down my creditcard number from PSN when I can't even log in to PSN?

instead you go to your bank and re-kajigger all your other services that the card is tied to after canceling and setting up a new one

 

[KingK]

Wow, fuck this shit so much. Fuck the hackers, and fuck Sony for not having better security. We sure as hell better get some kind of compensation. None of my other passwords are the same as my PSN one, so I'm good on that front. I'll just be monitoring my debit card account like a hawk.

How a huge company like Sony lets this happen is just...and I still haven't gotten a goddamn email about it. I have friends who have PSN accounts who didn't know until I called them just now.

Also, I'm assuming Microsoft will be using this to troll Sony at E3 now. Nintendo might too, but that's less likely I think.

 

[Evoga]

Sony really don't run a tight ship. I just hope this is the last of the bad news from sony.

I'm glad I use my ps3 with cfw offline and use my xbox for all online gaming.

 

[MThanded]

Resumption of the service is going to be a huge issue. The only way they can possibly confirm if you are legit it so send each user a tokenized link to their registered email to setup a new password on their account.

 

[daffy]

I hope people don't mind that I'm quoting myself, since I see it as some kind of mini-summary on what to expect (if I'm incorrect, I would appreciate corrections). Maybe this may comfort some of you.

Common sense won't form a comfy couch for me, Sony's incompetence has been a thorn on my ass for far too long!!

 

[Requeim]

Shit just went back in the rectum.

hahaha

 

[darkwing]

Wow, fuck this shit so much. Fuck the hackers, and fuck Sony for not having better security. We sure as hell better get some kind of compensation. None of my other passwords are the same as my PSN one, so I'm good on that front. I'll just be monitoring my debit card account like a hawk.

How a huge company like Sony lets this happen is just...and I still haven't gotten a goddamn email about it. I have friends who have PSN accounts who didn't know until I called them just now.

Also, I'm assuming Microsoft will be using this to troll Sony at E3 now. Nintendo might too, but that's less likely I think.

if MS and Nintendo will troll Sony, they would be trolling these companies as well

http://www.informationweek.com/news/galleries/security/attacks/229300675?pgno=1

 

[Revolutionary]

Great, now my main password is known by both the Gawker hackers and PSN hackers. I didn't feel it was necessary to change it then (FUD), and I was right: nothing has happened. I have a feeling the same will hold true in this case.

 

[DickSauce]

God damn you Sony and hackers. Well looks like i'm going to watch my credit card activity like a hawk from now on.

 

[SapientWolf]

a lot of people seem absolutely determined to make sure sony is to blame for any and everything involved with this whole debacle regardless of how nonsensical, irrational, or illogical it is.

someone complained that sony said "a few days" and it's taken longer. would you rather them put the PSN back up and THEN figure out the damage and put up new security measures? it would be a fantastic idea. let the hackers back in to do more damage and wreck havoc on the infrastructure while you try to figure out what originally happened so you can protect against it.

i'm also seeing a lot of people blow this 'lack of security' way out of proportion. some people are acting as if they were the people that personally engineered the PSN, and are somehow knowledgeable of it's structure and design. really? you KNOW that sony set up their security based on the idea that PS3 is unhackable? enlighten us on how you are privy to such information.

some people seem more concerned about getting back on PSN to play a game online than anything else. to the point where the overall security and safety of the network isn't as important as getting prestige in black ops. then they turn around and talk about how poorly sony is handling things and how poor their security is. why not keep quiet (since blabbering on won't fix anything) and letting them fix things, and fix them the right way. not putting on a bandaid, but completely redoing it all and making sure it's even more secure. that's right, more SECURE. nothing is 100%. would you rather them put the PSN up after a few days with just a bandaid and the hackers ACTUALLY get your credit card info or leave it down untilt hey can construct some serious armor?

anyone remember WAMU's visa's all being canceled and replaced with mastercards? yep. tons of visa card numbers got compromised. we got no notice of it until suddenly "hey we canceled your card and are sending you a new one that's from a different company." i don't particularly like the way that was handled, but it's something that had to be done, and im not mad at WAMU for letting a hacker in, im mad at the hacker for hacking WAMU. that's why it's called hacking. it's not an open door. you get mad at the shooter, not the victim for not being 100% coated in kevlar.

and as far as sony 'keeping us in the dark' is concerned, sometimes you have to know when to release information and when to keep your mouth shut. with something as serious as personal information being access i think it's best to only speak when absolutely necessary and to not give out too much information- especially before there are any leads or suspects in the case. glad sony isn't being like mainstream news channels. they practically announce all of our military plans to the world down to small details.

/rantwithoutcallinganyonenames

the only items im focused on right now regarding what to do when PSN is back up are:
-changing my password.
-can i change my security questions? if so, im choosing alternate questions.
-(if they announced that they believe CC data was in fact taken) removing my CC data from my account, and then switch to using PSN cards for a bit.

i think they should implement something similar to steam guard, if not a blatant copy of it. (not that it was unique to begin with) a simple mechanism to produce a random code and email it to the user's email address to be typed in to activate a PS3 unit with the account or recover an account. those that used the same password on their PSN as their email address.... well... wasn't a very bright idea to use the same pw to begin with. everyone that has them the same should be changing it now if that's the case.

It usually is an open door. Or, more specifically, security holes that aren't closed before they are exploited.

I think it was absolutely necessary to tell people that their information was compromised as soon as Sony knew. Sony put PSN users at risk by not being prudent and alerting them of the danger in a timely manner and they deserve to be held accountable for that.

If their gross incompetence left a security hole that was exploited then they deserve to be held accountable for that too. Problem is that we may never know the details about the intrusion.

 

[Zenith]

But guyz, why are you complaining? Sony does all this stuff for free!

 

[Green Biker Dude]

April 8th before the hack... Sounds like what happens quite often. China trying to hack gmail accounts.

We don't have any real evidence yet that peoples accounts are being hacked nor do we know if the credit card information has been stolen.

China gmail hacks are common place and his account got accessed prior to the psn supposed hack day.

the problem supposedly started around april 1st / march 31st with the rebug cfw

it might be unrelated, but april 8th wouldn't be too early to be related to this

 

[Dizzy]

Only question I have left now is how good was Sony's security? Anything could get hacked eventually, but I'd like to know how it compared to similar services. Hopefully we will get details leaked when this has all blown over.

 

[The Last Wizard]

alright so what should I do?

iI had a credit card on my account

 

[CB3]

Dear Sony:

Fuck You

Love-
Me

 

[Combichristoffersen]

Called my bank, cancelled my debit Visa card, and ordered a new one. Thanks, Sony. I hope heads will roll due to your incompetence.

 

[paskowitz]

Some perspective:
- Any company as large as Sony has the potential to be hacked. Just because Sony was hacked does not mean they are "incompetent". Flawed, sure.
- Secondly, Sony may have not even designed their security protocols and systems. They may have contracted it. So if that is the case it is the contractors fault.
- "Cybercrime" is a HUGE issue around the world. Most of the incident you do not even hear about, but they have a profound effect. The CIA and FBI have entire building dedicated to it. Even more crazy there are 40+ hackers in China for every 1 information security analyst in the US and UK.
- In fact it shows just how competent the hackers are. They knew exactly what to do and how to do it. I would not be surprised if this was more than a bunch of pissed off basement dwellers. It probably involved a large dedicated group. Even if Sony did have flaws, its like wearing a bulletproof vest and then getting hit by and RPG.
- Sony did not want to release information until it was 100% confirmed. Its simple corporate policy. Trust me for the sake of their PR staff, they wanted this info out ASAP. The worst thing they could have done is say one thing and then have to correct their first statement.


But really what should scare everyone and I surprised (wait no I am not) that no one has mentioned, is the hackers intentions. They knew that if they broke open the PSN it would do more than pirating PS3 games or cracking the PS3 to run whatever they wanted. When they do that nobody notices. Nobody cares. In fact they just look silly. They knew it would cause Sony substantial financial and public image damage. That is huge. The effect of this is easily in the upper millions of dollars once all is said and done. Now who has the last laugh? The hackers only had to cause Sony to shut the system down. Their goals was not your information, or that you purchased My Little Pony Home costumes, it was to hurt Sony. Mission accomplished.

 

[alphaNoid]

For anyone looking for a good free app where you can store your passwords I found one named Codebook made by Zetetic LLC.

I also highly recommend KeePass, the guys who wrote the security in its database are unreal smart. Its the only one I recommend to friends/family.

 

[Alts]

Great, now my main password is known by both the Gawker hackers and PSN hackers. I didn't feel it was necessary to change it then (FUD), and I was right: nothing has happened. I have a feeling the same will hold true in this case.

Mind telling me your email?

 

[syoaran]

As far as we know, Geohotz had absolutely nothing to do with the hacking at all. So it goes more like this:

1. Geohotz, a kid, is sued by Sony, a huge corporation, for creating a way for people to mod their own systems.

Sony is unnecessarily malicious.

2. Some unknown group of basement dwellers are able to destroy Sony, a multi-billion dollar company--'s online security protocols.

Sony is extremely incompetent.

3. Sony waits a week to tell us all that our information was compromised.

Sony is very stupid.

Nobody is defending the group responsible for hacking their servers here. Hell, I don't even care if someone wants to rail against Geohotz at this point. None of it changes the fact that this huge company has earned the label of incompetency and should no longer be trusted with our private information ever again.

Not knowing the details, I have no idea if Sony is incompetent because the PSN service going down, or that the information stolen happened at the same time. Epsilon, a system far better encrypted and has a lot more personal information about practically everyone who registered for online shopping, had information stolen from it not too long ago (names/email address and in some cases, real home address).

I've bolded the part where I completely agree with you, because its a very very stupid thing to wait to tell people that their personal data has been compromised. It's going to lead into a very ugly look at how Sony has handled this publicly now.

 

[McLovin]

Can we sue them for this? Class action suit. My god they are truly incompetent.

I guess we could... how many users affected? .... all of them? Yeah we could sue psn into extinction if you want that. Then you could sign up for xbox live :\

 

[Marleyman]

I just got a PS3 finally 3 months ago for The Show and even purchased a few things with my debit card from the PS Store. I got so much shit connected to that debit card and definitely don't feel like killing it off just yet. I am going to monitor closely and go from there.