Support NeoGAF

[Aquavelvaman]

I feel for the devs trying to make money on PSN titles...a week of no sales followed by a long-term loss of consumer confidence.

 

[CartridgeBlower]

If you cancel your credit card due to this I think you're making a horrible mistake. If you are responsible and diligent enough you can watch your bank statements and act accordingly. No need to mess your credit .

If it's a debit/credit card combo, just call your bank and have them send a new debit card.

 

[MThanded]

So what have we learned from all of this? DO NOT SUE GEOHOLT.

who is dat?

 

[DoomGyver]

oh for fucks sake.

.

.

.

 

[EternalGamer]

Despite all the "sky is falling" posts on here, I doubt that NPDs will be affected by this at all. All of you guys saying you're "done with Sony" will come back to the fold with Uncharted 3.

It's a PR black eye for sure but it's one they will survive. I'll definitely be sticking to pre-paid cards from now on, though.

The problem is that in truth this could happen to anyone, and XBL and Steam might be just as vulnerable. I kinda wish Steam had pre-paid cards now, but I suppose temporary account #s and pre-paid VISAs will have to do.

You can buy pre-paid Steam cards.

 

[CadetMahoney]

fuck Sony for not having better security. We sure as hell better get some kind of compensation.

Home t-shirt.

It does credit card fraud
It does unencrypted passwords
It does Identity Theft

Oh dear I can see that one being put in a gif.

 

[angelfly]

It's a PR black eye for sure but it's one they will survive. I'll definitely be sticking to pre-paid cards from now on, though.

Consumer confidence in Sony is taking a permanent hit from this. Especially from those that are affected by it.

 

[DrM]

This is the reason why i use special account and card for online shopping - funds are limited to 120 € on account, mostly is around 50 € and i can keep up with all transactions.

 

[IchigoSharingan]

This fucking sucks. I'm not harboring any hate at Sony here, but the whole ordeal is terrible. Time to change some passwords.

Why wouldn't you be pissed at Sony?

Why?

They have just been caught using god damn client side validation techniques that have been known to be DISASTROUS SINCE FUCKING 2003! Always keep the important shit server side. ALWAYS. Or you will ALWAYS see hacking.

And you're not pissed at them?

Fuck their incompetent network engineers. Fuck their security team. Fire them all. Every last one of them. No wonder they're bringing in a 3rd party security firm.

 

[Loudninja]

Hopefully this isn't ignored by people. Definitely a good read for those that are upset about Sony "sitting" on this info.

It will be is rage rage rage season right now.

 

[AgentChris]

wtf does China want with my gmail?

 

[iNvid02]

maybe they'll throw in in-game voice chat when its back

Spoiler

no

 

[expy]

Point is, we didnt know much of anything for 6 days.

Who's to say they knew all the specific details on the first day?

 

[Vamphuntr]

Despite all the "sky is falling" posts on here, I doubt that NPDs will be affected by this at all. All of you guys saying you're "done with Sony" will come back to the fold with Uncharted 3.

It's a PR black eye for sure but it's one they will survive. I'll definitely be sticking to pre-paid cards from now on, though.

The problem is that in truth this could happen to anyone, and XBL and Steam might be just as vulnerable. I kinda wish Steam had pre-paid cards now, but I suppose temporary account #s and pre-paid VISAs will have to do.

I never was interested in Uncharted 1 so I don't see why I would come back for 3. What kind of logic is that.

 

[lol51]

?
Changing your credit card number is no big deal.

Yeah getting a replacement card doesn't affect your score.

Closing your credit card, and applying for a new one does.

 

[daffy]

?
Changing your credit card number is no big deal.

If you cancel doesn't it hurt your score?

 

[ShortBus]

Dear Sony:

Fuck You

Love-
Me

But you have no problem with Hackers?

 

[Cth]

Wouldn't a class action lawsuit only result in free credit reports for the unaffected, with potentially some payout for the affected?

 

[Adamm]

http://forums.sarcasticgamer.com/showpost.php?p=645846&postcount=734

This is a good post

 

[offshore]

SOCOM getting a nice plug on the BBC news channel.

 

[test_account]

look right above that
Last account activity: 0 minutes ago at IP ************. Details

Nothing there unfortunately :\ Only thing above it is:

Add your Gmail inbox to the Google homepage.
You are currently using 1 MB (0 %) of your 7576 MB.

 

[graywolf323]

Some perspective:
- Any company as large as Sony has the potential to be hacked. Just because Sony was hacked does not mean they are "incompetent".
- "Cybercrime" is a HUGE issue around the world. Most of the incident you do not even hear about, but they have a profound effect. The CIA and FBI have entire building dedicated to it. Even more crazy there are 40+ hackers in China for every 1 information security analyst in the US and UK.
- In fact it shows just how competent the hackers are. They knew exactly what to do and how to do it. I would not be surprised if this was more than a bunch of pissed off basement dwellers. It probably involved a large group.
- Sony did not want to release information until it was 100% confirmed. Its simple corporate policy. Trust me for the sake of their PR staff, they wanted this info out ASAP.


But really what should scare everyone and I surprised (wait no I am not) that no one has mentioned, is the hackers intentions. They knew that if they broke open the PSN it would do more than pirating PS3 games or cracking the PS3 to run whatever they wanted. When they do that nobody notices. Nobody cares. In fact they just look silly. They knew it would cause Sony substantial financial and public image damage. That is huge. The effect of this is easily in the upper millions of dollars once all is said and done. Now who has the last laugh? The hackers only had to cause Sony to shut the system down. Their goals was not your information, or that you purchased My Little Pony Home costumes, it was to hurt Sony. Mission accomplished.

very good point

 

[teruterubozu]

So which is worse? Toyota brake recall or PSN haxor?

 

[A.R.K]

I know GeoHot is not the same as Anonymous. Please stop repeating the same over and over again.

About why Sony couldn't say anything about the matter:

http://forums.sarcasticgamer.com/showpost.php?p=645846&postcount=734

needs to be quoted here:

I need to ignore Twitter right now... there are tons of people (and site feeds) spewing ignorance galore...

I work at a company that deals with data security... we wish everyone that lost a laptop or left data unencrypted had used our product(s) first. The fact is, NOBODY is impervious to being hacked. It happens all the time to tons of companies. It happens at a much larger scale than the 75M PSN users.

By data breach standards, what Sony has done here is the absolute text book implementation of what to do correctly. They didn't put protocol aside to keep selling PSN content. They didn't put protocol aside to let gamers keep gaming, potentially muddying up the systems being scoured for clues. They didn't try to hide that this happened. They didn't try to analyze it themselves but instead brought in experts.

The people and sites that are faulting Sony on how they've handled this so far as simply, and I mean no disrespect by the use of the very most accurate word I can think of... "ignorant" as to what they're talking about.

If you think Sony should've battened down the hatched and never gotten hacked... talk to the HUNDREDS of other companies/brands/organizations out there that have endured the exact same fate. If you think Sony shouldn't have been storing credit card information (at all or in a certain way) you should know that all there are not are recommendations or guidelines, there are no LAWS yet that force companies to certain degrees of protection and even if they were adequately protected, depending on the extent and nature of the hack, having them protected to PCI DSS guidelines STILL might not prevent people from getting to our credit card information...

That said, Sony said there was no evidence that our credit cards were compromised. They recommended (and to be honest, this was worded well) that "While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained." How can they be faulted for that? Would you rather them lie and say "you're safe" or "they were compromised"?

This was a text book reaction to a large scale data breach and unlike MOST companies where we'd simply get an unexpected letter in the mail, we were somewhat kept in the look but the raised awareness than PSN being down leading them to say something. You don't spill details during an investigation and these things take time. Hell, try checking out your computer after you've had a trojan installed and activated... now amplify that work by about a bajillion. Going through that stuff takes time.

by the way checked my CC and so far so good...I have put extra alerts on it for precautions...hopefully its not doomsday like some of you are shouting

 

[syoaran]

But really what should scare everyone and I surprised (wait no I am not) that no one has mentioned, is the hackers intentions. They knew that if they broke open the PSN it would do more than pirating PS3 games or cracking the PS3 to run whatever they wanted. When they do that nobody notices. Nobody cares. In fact they just look silly. They knew it would cause Sony substantial financial and public image damage. That is huge. The effect of this is easily in the upper millions of dollars once all is said and done. Now who has the last laugh? The hackers only had to cause Sony to shut the system down. Their goals was not your information, or that you purchased My Little Pony Home costumes, it was to hurt Sony. Mission accomplished.

(Only quoting some of your post here paskowitz, you did make some good points but I wanted to highlight this)

Honestly, I don't think a hacking group which goes to steal CC information from customers is out the same hacking group that wants to hurt Sony for the sake of it. I also don't think you can draw a line and say that the PS3 being opened up is the root cause of personal information being stolen. If this was the case, then everyone who has ever registered their CC details with Microsoft has already had their details stolen many times over, as the 360 has been hacked from year1.

 

[MThanded]

wtf does China want with my gmail?

Once someone has your email they can reset passwords for other account find personal information look at the naked pictures your girlfriend sent you.

 

[Adam Prime]

Aww man those hackers are going to send all kinds of spam to my "poopy@inmypants.com" e-mail address I used on PSN!

 

[darkwing]

But you have no problem with Hackers?

hackers didn't do this, it was Skynet

 

[daffy]

Yeah getting a replacement card doesn't affect your score.

Closing your credit card, and applying for a new one does.

Yeah this is what I was referring to by canceling

 

[blizzardjesus]

So when can we do a class action lawsuit against sony for not protecting our information securely?

 

[Kusagari]

I changed my passwords but I'm not going through the pain in the ass of canceling my card until some charges show up on it.

 

[Morn]

If you cancel doesn't it hurt your score?

Don't cancel. Just report it lost/stolen and they'll issue you a new card.

Or if it was REALLY compromised, Sony will notify Visa (or MC or Amex) and they'll automatically issue you a new card.

The German paypal rip-off Square uses for FFXIV was recently hacked and my card was stolen and my card company automatically gave me a new number.

 

[mr_nothin]

Who's to say they knew all the specific details on the first day?

Read my edit:

I meant not notifying their customers/PSN users. I understand everything in that post you linked and I also think how they handled the intrusion is textbook and it's what they should have done. What they didnt do is notify their customers in a timely manner. They still havent emailed PSN users yet...well maybe they dont have access to the PSN user's email addresses right now since they shutdown PSN. Point is, we didnt know much of anything for 6 days.

I understand both sides and it's hard to say who's right and who's wrong. I know that businesses cant speak on much until they know what's going on but they have to give their customers some kind of warm-and-fuzzy to hold them over.

I agree with both sides since I know what it's like from both sides.

Also, they could have just said there's a "possibility" or something along those lines. I know that they didnt want to get everybody worried but they probably should have been a little more preemptive about the situation. It's really hard to judge the situation. I can understand it from a business point but I can understand it as a worried customer also.

 

[dude]

Some perspective:
- Any company as large as Sony has the potential to be hacked. Just because Sony was hacked does not mean they are "incompetent".
- "Cybercrime" is a HUGE issue around the world. Most of the incident you do not even hear about, but they have a profound effect. The CIA and FBI have entire building dedicated to it. Even more crazy there are 40+ hackers in China for every 1 information security analyst in the US and UK.
- In fact it shows just how competent the hackers are. They knew exactly what to do and how to do it. I would not be surprised if this was more than a bunch of pissed off basement dwellers. It probably involved a large group.
- Sony did not want to release information until it was 100% confirmed. Its simple corporate policy. Trust me for the sake of their PR staff, they wanted this info out ASAP.


But really what should scare everyone and I surprised (wait no I am not) that no one has mentioned, is the hackers intentions. They knew that if they broke open the PSN it would do more than pirating PS3 games or cracking the PS3 to run whatever they wanted. When they do that nobody notices. Nobody cares. In fact they just look silly. They knew it would cause Sony substantial financial and public image damage. That is huge. The effect of this is easily in the upper millions of dollars once all is said and done. Now who has the last laugh? The hackers only had to cause Sony to shut the system down. Their goals was not your information, or that you purchased My Little Pony Home costumes, it was to hurt Sony. Mission accomplished.

This is the biggest load of crap in this thread. ffs.

1. They were after the info, and probably don't care about hurting Sony. The intention if identity theft and fraud.
If this was some free software activists they would have boasted about this from every blogtop in the internet. We should all hope that's the case, though, at least then the data will probably not end in the hands of some chinese criminal ring.

2. Companies are attacked, but most companies seem to be competent enough to keep their users info. Maybe Sony used every reasonable technology they had and the hackers were crazy good - But I do not give the benefit of the doubt that easily. Until this is said by a court, I'll have to assume Sony in incompetent on account of them failing where others have succeeded.

 

[RoadHazard]

This sucks. Not worried about my password, since I use a different one for every site (LastPass FTW), but the possibility of my CC info being stolen is not to my liking.

But: Since my VISA debit card is connected to Verified by VISA, shouldn't that mean that even if someone has my info they wouldn't be able to buy anything with it? The point of VBV is that no online transaction will be allowed by the bank without the VBV password, right?

Also, apparantly security codes were not stolen (not saved anywhere, I guess?). So, should I really worry about this?

 

[daffy]

Don't cancel. Just report it lost/stolen and they'll issue you a new card.

Or if it was REALLY compromised, Sony will notify Visa (or MC or Amex) and they'll automatically issue you a new card.

The German paypal rip-off Square uses for FFXIV was recently hacked and my card was stolen and my card company automatically gave me a new number.

Some posters here have claimed they'd already canceled, that's why I made the post.

 

[Great Rumbler]

Hopefully this isn't ignored by people. Definitely a good read for those that are upset about Sony "sitting" on this info.

I'm sure everyone who's had their information stolen will feel much better knowing that Sony did everything "by the book".

 

[graywolf323]

You can buy pre-paid Steam cards.

no you can't

 

[Thunderbear]

Why is no one in the media, or most of the internet discussing this, blame the hacker? I don't get it.

 

[Elfforkusu]

Eagerly awaiting the inevitable leak so I can check to see how much crap I'm going to need to change.

Eff you, Sony! Never again. We're finished professionally, etc etc

 

[Wario64]

2012 - Year of the PS3

 

[Zoe]

Why wouldn't you be pissed at Sony?

Why?

They have just been caught using god damn client side validation techniques that have been known to be DISASTROUS SINCE FUCKING 2003! Always keep the important shit server side. ALWAYS. Or you will ALWAYS see hacking.

And you're not pissed at them?

Fuck their incompetent network engineers. Fuck their security team. Fire them all. Every last one of them. No wonder they're bringing in a 3rd party security firm.

How do you know how the hacking was accomplished?

 

[CadetMahoney]

Does anyone think that when PSN is back up, that a good portion (say 30-40%) of the playerbase doesn't come back?

If this happens, I might as well convert back myself.

Don't be ridiculous. Everyone is going to come back.

 

[CartridgeBlower]

Zipper must be angry as hell that Socom 4 was basically DOA because of this. Whole franchise may be fucked.

 

[LuFel]

too bad SONY!!

hackers gonna hack...

 

[darkwing]

So when can we do a class action lawsuit against sony for not protecting our information securely?

http://www.ehow.com/how_135688_organize-class-action.html

 

[Commanche Raisin Toast]

No. We weren't asking for them to put the service back up quickly. We were however, ASKING THEM TO BE FUCKING TRANSPARENT (like this blog post) about what they're doing, what happened (EG: the important thing) and shit like IDENTITY THEFT POSSIBILITIES days ago.

The fact it took them SIX DAYS to let people know "Oh, hey, your information may be part of our newest game: Sony vs Identity Theft 3: Fate of your information being taken for a ride (doo-doo-doo~)" is FAILURE. There is no excusing it.

YOU aren't upset that it wasn't up in a few days, but a lot of people ARE. i am addressing that specific, irrational concern.

i already covered 'transparency' elsewhere in my post and i stand by my position that being silent until the facts are in is the best course of action. if it took them 6 days to figure out if info was compromised then it took 6 days to figure out if info was compromised. it's still a matter of people being mad that it wasn't a fast enough turn around. and until they are engineers that work for sony and know how everything is set up, you can't realistically judge what an acceptable turn around time is for their specific set up. they also claimed they wanted to put some additional security measures in place, as well as hired a 3rd party security company to do the investigation so if you're going to be mad about time, be mad at the 3rd party security company.

in my opinion i think that the PSN is currently at the point where fire fighters are done making sure the burned down building is structurally safe enough to go inside and start taking a death toll, and now we're getting that damage report basically. and at the same time the building owner has already started reconstruction and repairs.

It usually is an open door. Or, more specifically, security holes that aren't closed before they are exploited.

I think it was absolutely necessary to tell people that their information was compromised as soon as Sony knew. Sony put PSN users at risk by not being prudent and alerting them of the danger in a timely manner and they deserve to be held accountable for that.

If their gross incompetence left a security hole that was exploited then they deserve to be held accountable for that too. Problem is that we may never know the details about the intrusion.

-a poorly locked door, maybe, but not one that is open and welcoming anyone to just walk in. that's why it's called hacking. i, a regular joe, could not simply push a button on my PS3 and access the inner workings of the PSN and steal info. ie: there is no open door. i see what you mean though. 'open door' as in what hackers may call it, but i was talking more along the lines of ease of access.

-you're right. but nobody knows WHEN sony became aware of data being compromised. if you know for a fact that sony HAS KNOWN about it for a while and is just now telling us, sure, being upset is perfectly rational. but until we know that then i say we keep calm. especially since they are having a security firm do the investigation.

-how is their security not being 100% unhackable, which isn't something that exists anywhere ever, 'gross incompetence'? all it really boils down to is that there is a hacker or hackers out there that were better than sony's security. those people could be better than bank of america's security, or even the pentagons, but they chose sony and that's who they hacked. but going to what i said before, if information does come to light that sony had little to no security AT ALL because they thought PS3 was unhackable- THEN and only then would i consider their security being 'gross incompetence' and downright negligent. there would be no excuse. but we just need the info before we can decide.

i guess that's all im trying to say is that a lot of these angry reactions on GAF are based on too many if's and hardly any fact. and a lot of these if's are being taken as fact by those that are already upset and angry. these threads should be full of rational analysis and reflection, not screaming and pillow-punching. (much less the grabbing of pitchforks and lighting of torches)

 

[lifa-cobex]

Why is no one in the media, or most of the internet discussing this, blame the hacker? I don't get it.

huh?

 

[Conceited]

2012 - Year of the PS3

I can't help it, this made me laugh pretty hard.

 

[Lindsay]

Wow... this is just bad

Glad I never bought into the digital age. A couple demo downloads, movie rentals paid via psn card I was given a couple years back, free Yakuza dlc, thats all I've done with PSN business-wise. For people invested in it even a little bit though this prolly among the worst things that could happen. All parties involved in this failure oughta be names & shamed big time.