Support NeoGAF

[offshore]

Has anyone received an email yet? I certainly haven't.

Sony sent me a very nice email about PlayStation Move on the 22nd April.

Nothing about their emphatic security collapse though.

 

[obonicus]

If you were a publisher, would you trust or want to do business with Sony after this debacle?

Yes? They'll go where the money is. If this somehow irreparably damages people's interest in NGP, no one will make games for it, but I doubt that's happened.

 

[paskowitz]

This thread is flying.

 

[DMeisterJ]

Oh yeah, so who's still excited for NGP?...

Why wouldn't I be? I can buy media physically, or use a prepaid card.

This ordeal changes little on the dev/publisher front.

 

[borghe]

Why wouldn't you be pissed at Sony?

Why?

They have just been caught using god damn client side validation techniques that have been known to be DISASTROUS SINCE FUCKING 2003! Always keep the important shit server side. ALWAYS. Or you will ALWAYS see hacking.

And you're not pissed at them?

Fuck their incompetent network engineers. Fuck their security team. Fire them all. Every last one of them. No wonder they're bringing in a 3rd party security firm.

where were they caught? what information has come out? Surely you are not refering to my post where I just explained why CFW more than likely played a role in this and why packet sniffing on data between PSN and a PS3 would be pointless. Nowhere in there did I or anyone else say they were using client side validation, etc.

the amount of hyperbole in this thread is ridiculous. Sony will never recover. No one will ever buy a PS3. Strike that, no one will ever buy a SONY product, etc.

in six months almost no one will care. This type of leak has never brought down a company before and it certainly isn't going to bring down or irreparably damage a $30B+ corporation. Settle down people.

If you are worried about your credit cards, cancel them and get new ones issued. If you are worried about your passwords, change them. If you are truly pissed about this, hop aboard the inevitable class action lawsuit. But let's at least try and tone down the hyperbole and conclusion jumping that is making up like 99% of this thread now.

 

[darkwing]

So now the question becomes: Surely other online systems have been hacked into as well? Or is it the scale of the PSN hack that has everyone rattled?

http://www.informationweek.com/news/galleries/security/attacks/229300675?pgno=1

its just the scale of the PSN, but how many of the 77M accounts are legit lol

 

[Phonomezer]

The absolute worst thing about all of this is how long it took Sony to communicate this information to their customers. 6 days. Pretty outrageous.

 

[Angry Fork]

I'm a really huge Sony/PS3 supporter but this has definitely shaken me up a bit. I used my debit card on purchases before, someone in this topic told me I should cancel my current card and ask for a new debit card (which I did, just got back from the bank now, said it should take 7-10 days before I get my new card but the current one can't be used anymore). After this whole thing ends i'll have to strictly do pre-paid card stuff from now on, or those PSN card things they sell in some stores.

This really sucks though for everyone. I really like Sony products though and the PS3 is a great machine, I hope this doesn't fuck them up too much to the point where it kills the brand name entirely. The RROD didn't do that for the 360 so maybe Sony can turn this around, I guess we'll have to see in the coming months what they do and how bad it gets (if anyone gets identity theft and stuff like that).

 

[xbhaskarx]

inb4 movie 'The Playstation Network'.

Our users being ripped off for a million dollars isn't cool...

You know what's cool? PSN users being ripped off for A BILLION DOLLARS.

Spoiler

wow this thread is really moving now

 

[test_account]

"other companies also have lax security" and "if you blame Sony the terrorists hackers win!" are not good points

Are there any info on how the hack was done so that we know if it was "lax security" or not?

If you were a publisher, would you trust or want to do business with Sony after this debacle?

Yes. The reason for this is because i dont see how this affects the publisher that much (besides PSN being down, so that PS Store is down so they cant sell their games and that online multiplayer doesnt work for their games, but PSN will be up sooner or later). What matter the most for the publisher is to get the games out there and sell as many copies as they can.

 

[Majine]

Wonder if they are gonna use this as a "joke" on their E3 press conference.

You know...

2010: The Cirque De Soleil performance
2009: The early leaks

 

[Atomski]

Sony at E3 2011

 

[dr_octagon]

Sony's communication, or lack of, has compounded the issue. E-mails should have been sent out before, or alongside, the official statement on the blog.

(This would be the same for any company when there has been security breach)

 

[BolognaSoup]

People worried about their Credit Cards need to call and ask for a new CC #.
DO NOT CANCEL.

If credit card owners don't know this already, they should really not be credit card owners.

 

[daffy]

That is the same in the end.

Is it? I am out of the loop then.

i assume some people are canceling their account altogether.

Some of the posts read that way. I would say getting issued a replacement card, I wasn't aware people say cancel for that.

 

[sangreal]

Bank has issued me a new card:

changed passwords @ 10 websites

I am DONE using my card for Live or PSN or anything online anymore.

I am getting a secured CC with a low limit and using that from now on.

Why? In the US you are liable for 0$ if your credit (not debit) card number (not card) is stolen. This is federal law and not subject to bank policy. Stop worrying so much about the bank's problems

 

[CadetMahoney]

Just cancelled my card and had a new one re-issued. 10 dollar fee. I hope Sony reimburses me!!!

*sigh*

your sopposed to say lost/stolen otherwise you get charged and your credit rating goes down.

 

[CartridgeBlower]

I can't see smaller publishers wanting to sign exclusive deals with PSN now for their games, simply because you have to think less people will be buying games on PSN now that this has happened.

If people stop putting up their credit cards, that shrinks the market to people who strictly use pre-paid cards. And that's a lot less buyers for your game.

 

[larvi]

So now the question becomes: Surely other online systems have been hacked into as well? Or is it the scale of the PSN hack that has everyone rattled?

For me it's the amount of info they have taken. I've been notified of data breaches before from other companies but never have they gotten userid/pw, cc info, email, personal name/address/DOB and security question before (and mine unfortunately is my mother's maiden name). That is way too much fucking information for another person to have and I have no clue what to do about it. For god damn sure I'm taking out the real information out of my PSN profile if I ever get the chance, it was probably stupid of me to provide real information to them in the first place.

 

[SRG01]

So it was verified Sony was using client-side validation?

IIRC, They use SSL. It's not as simple as saying it's client-side. Everything uses SSL. All you need to do is compromise one side -- either server or client -- to bypass the security.

 

[Proxy]

Oh yeah, so who's still excited for NGP?...

I am.

 

[Stumpokapow]

I mean, in today's world, gazillions of private data are available everywhere. Shit, here in my country there's a guy selling for 210 euro a database that contains private data from about 36 million persons (sorry, spanish link, but it's from a major spanish newspaper). That's 4/5 of the total population. It's illegal but the selling and trade of private data is a huge and shadowy bussiness among big corporations and in the black market, believe it or not.

Sure, what has happened needs to be inspected throughly but, sadly, it's the rule, not the exception. If you want privacity in today's world, just burn your gadgets, stop paying your bills and go to live to the Himalaya or something like that. Notice, I'm referring to privacity, not anonymity, which is an entire different question.

I definitely think you're right, but I'd say that most of the people who are getting the most mad right now probably weren't aware of how bad it was until now. And a lot of them probably want more stringent protections; bigger fines for companies who are subject to breaches, enormous fines for companies who are complicit by negligence in breaches, harsher sentences for black market CC buyers/fraudsters/sellers, etc--so their anger here is very consistent with the state of things in the world.

Is it? I am out of the loop then.

Some of the posts read that way. I would say getting issued a replacement card, I wasn't aware people say cancel for that.

The times I've had my wallet stolen or misplaced, I've "cancelled my credit cards". I've never actually closed an account or anything, I just cancel the existing cards in favour of being sent replacement ones. Maybe it's a regional expression or something. I understand the confusion.

 

[LiK]

if you guys aren't sure what CC you used with PSN, just check old statements online for charges from PSN. just a lil reminder if you forgot.

 

[HomerSimpson-Man]

Yeesh, get a wee bit embellished with the reactions here.

 

[Barrett2]

i just checked my bank account and its all good

anyone who has lost money yet?

Well, problem is, even if someone has a questionable charge on their card, there's no way to know whether or not it is related to PSN. Right now everyone is paranoid about their CC activity, so there will be a lot of false positives for fraudulent, PSN-related charges. time will tell...

 

[kaskade]

The absolute worst thing about all of this is how long it took Sony to communicate this information to their customers. 6 days. Pretty outrageous.

I bet a large percentage still don't know what's going on.

Free Uncharted 3 for all PSN users.

 

[TTP]

I don't understand the "I'm done with you" statements here. If you don't trust Sony anymore, don't buy stuff from the PSN with your credit card.

Online play is still free.

 

[undigital]

Not sure if it's related and this may be pure coincidence, but my debit card number was stolen and charged today for $500 at an online store. I was lucky and caught it today as it comes straight out of my checking account. I called the online store and they didn't let the charge complete, it's just pending at my bank. I cancelled my card and got another one. I used this card to pay my PSN subscription. My bank recommended I not use a debit card for this and use a credit card instead in case this happens again. I'm lucky I'm getting my money back. Hopefully this doesn't happen to anyone else.

 

[JetBlackPanda]

Why? In the US you are liable for 0$ if your credit (not debit) card number (not card) is stolen. This is federal law and not subject to bank policy. Stop worrying so much about the bank's problems

while I know the bank will back me up, Why not take the extra steps and make sure im safe?? it cost me nothing.

 

[SolidSnakex]

I don't know about you, but idea of my company's content being extracted and put on torrent sites, along with losing money due to the network being down for over a week doesn't sit too well with me.

Publishers are in this for money. If a game sells on a system then they're going to support it. It's that simple. Yes, i'm sure companies are going to be upset at Sony over this, but they aren't going to stop supporting them over it.. Those same companies will likely be on their asses to make sure that their new security system is as good as it can be. And that'll be a good thing for everyone.

 

[mr_nothin]

Bank has issued me a new card:

changed passwords @ 10 websites

I am DONE using my card for Live or PSN or anything online anymore.

I am getting a secured CC with a low limit and using that from now on.

edit: If I had not seen this thread I would have had no idea, my email linked to PSN has nothing.

Sony is a failure right now..

This wont stop anybody from getting your CC #'s and info. All of your info is already on the internet and even if you dont shop online,
this info can still be accessed by hackers. Everybody stop being so paranoid. Nothing you can do to stop people from getting your info if they want it.
All you can do is take counter-measures. The more ppl that understand this, the less paranoia that goes around. No need to panic, just screen all activity
on your cards and emails....this is something you should be doing ANYWAYS. This situation just reinstates that ideal.

 

[Vamphuntr]

Why? In the US you are liable for 0$ if your credit (not debit) card number (not card) is stolen. This is federal law and not subject to bank policy. Stop worrying so much about the bank's problems

Indeed, identity theft is much worse.

At least they don't have social security numbers or driver license numbers or here in Canada Health Insurance Card Numbers. It will make spoofing your identity a bit harder.

 

[Feorax]

Quick question.

Are people who are changing their card numbers actually seeing fraudulent activity on their account? If not, then I really don't see the point as long as you're vigilant over the next week or so.

 

[FunkyPajamas]

Somebody tried to buy a condo in the Bahamas with my credit card but it reached its limit.

God that must have been embarrassing. I feel bad for the hacker.

 

[-PXG-]

Yes? They'll go where the money is. If this somehow irreparably damages people's interest in NGP, no one will make games for it, but I doubt that's happened.

I can guarantee you that there were, are, and will be meetings, amongst publishers, as well as shareholders, discussing whether or not if Sony's network security, including their overall ability to do business, is at all sound.

Will there be games for NGP? Of course. But don't think for one second that publishers and investors aren't having second thoughts or have some level of apprehension when it comes to making deals with Sony in the future.

 

[Ploid 3.0]

Can anyone log into hotmail?

My psn pass was the same as my hotmail (which I used as my email to PSN).

 

[NeoUltima]

"other companies also have lax security"

Does PSN have lax security though?
I see so many people jumping to the conclusion that it did, just because it was hacked.

The absolute worst thing about all of this is how long it took Sony to communicate this information to their customers. 6 days. Pretty outrageous.

This is the one thing people can legitimately be angry at Sony for now imo.

I already suspected this data was compromised due to the PSblog posts, but the general public didn't know. There were no emails or pr statements until now.

 

[Snaku]

Changed the password of my email associated with my PSN account, and checked IP address logging history. Nothing out of the ordinary. And the debit card I had tied to the account has long since expired. I think I'm good.

Shitty situation though.

 

[AgentChris]

This is what happens when monkeys run your service Sony.

 

[SRG01]

where were they caught? what information has come out? Surely you are not refering to my post where I just explained why CFW more than likely played a role in this and why packet sniffing on data between PSN and a PS3 would be pointless. Nowhere in there did I or anyone else say they were using client side validation, etc.

the amount of hyperbole in this thread is ridiculous. Sony will never recover. No one will ever buy a PS3. Strike that, no one will ever buy a SONY product, etc.

in six months almost no one will care. This type of leak has never brought down a company before and it certainly isn't going to bring down or irreparably damage a $30B+ corporation. Settle down people.

If you are worried about your credit cards, cancel them and get new ones issued. If you are worried about your passwords, change them. If you are truly pissed about this, hop aboard the inevitable class action lawsuit. But let's at least try and tone down the hyperbole and conclusion jumping that is making up like 99% of this thread now.

This needs to be repeated. ANY secure transaction depends on both sides being secure. CFW caused this, plain and simple.

 

[Elfforkusu]

Yeah, reconsidering the "waiting" thing. IIRC, PSN only asked me for CC info the first time I bought something...

Which is to say, hackers probably have everything they need to start stealing stuff. Time to cancel!

 

[teiresias]

Dear Sony:

Fuck You

Love-
Me

This is the second time you've posted this exact same post in less than half an hour. Do you intend to to do anything but troll in this thread?

 

[Linkified]

So..so.. if they know my email address they will get my password or am I unwillingly getting myself caught up in hyperbole minus cc details of course?

 

[TheBaldEmperor]

Well, problem is, even if someone has a questionable charge on their card, there's no way to know whether or not it is related to PSN. Right now everyone is paranoid about their CC activity, so there will be a lot of false positives for fraudulent, PSN-related charges. time will tell...

Posting this again since this thread is flying. There is no way to know if the two are related. This was just my recent experience.

Originally Posted by spindashing:
Sorry for my bluntness, but:

Are there any reports of anyone's Credit Card/Debit Card being utilized as a result of this hack?

This may be a total coincidence but the credit card I had on file was used last week on the 21st to buy over $1000 of cosmetics from some online Canadian cosmetic store. My bank called me on the 22nd, removed the charges, and sent me a new card.

 

[daffy]

Looks like all hope that PSN would be up soonish is gone. Oh well, no choice but to wait.

Partly up sounds like the Store will go up last to me.

 

[Vamphuntr]

Can anyone log into hotmail?

My psn pass was the same as my hotmail (which I used as my email to PSN).

Working for me.

 

[darkwing]

So..so.. if they know my email address they will get my password or am I unwillingly getting myself caught up in hyperbole minus cc details of course?

if you use an easy password, and you use the same password on other sites, i'd be worried

 

[Rubixcuba]

http://www.youtube.com/watch?v=_xKV9BFEEXQ&feature=player_embeddedhttp://
This was on Destructoid, I don't even.

 

[-viper-]

Alright, I've cancelled my debit account, and changed my email password (which is the same as my PSN password).

For the likes of Amazon, Paypal, eBay, I use completely different passwords.

There is no need for me to change OTHER passwords, right? All other websites in my LassPass vault are essentially... RANDOM. Like various forums and shops, where credit card details MUST be entered to purchase items.

 

[mr_nothin]

So..so.. if they know my email address they will get my password or am I unwillingly getting myself caught up in hyperbole minus cc details of course?

You're just getting caught up.