Support NeoGAF

[Fireye]

Thanks for the confirmation, though a bit of common sense was all we really needed for to debunk it. I do appreciate your work though and it's nice that we can finally put that matter to bed.

In your opinion, would you say the recent, numerous leaks of data and the current situation may be connected? Or would you say they are isolated incidents? Is it common for several companies to use the exact same encryption on all files?

I'm not up to date on what was leaked exactly, has it been determined precisely what was stolen, and if it was encrypted? From Sony's press release, they took the cautious side and implied that passwords might be out there, but didn't confirm it.

I'd say yes, it's common for several companies to use the same TYPE of encryption, and to use that same TYPE of encryption in multiple places. If that encryption type is flawed or compromised, it can cause serious issues. I don't think there's been any indication that some sort of encryption has been broken in this situation though. If the passwords and other sensitive information was decently encrypted, it's likely still secure, at least until enough resources are thrown at cracking it.

Regarding numerous leaks happening... what leaks are you talking about? Has Sorny had other leaks recently that I'm not aware of? This GracenoteDB thing is pretty unrelated to everything else. It's a poorly configured server, and likely wouldn't leak any confidential information.

If you're smart enough to hack PSN, you probably know how to spoof an IP. Or atleast not dumb enough to do the hacking from work.

Please stop talking about the DoD IP like it's related to the PSN hacking. It almost certainly isn't. The DoD IP did some vulnerability scanning (starting on the ... 7th of march? 3rd? I forget), which isn't wholely unusual.

 

[Rflagg]

Well this awful news, before I go on let me stress that I hope everyone's money/credit is safe.

That said I am very glad for myself that the only card I ever listed on PSN is expired, and I am very uncomfortable about these hackers whomever they may be having any of my personal information.
Scary scary stuff.


I don't know enough about internet security to judge Sony on how they handled the whole thing so I won't really do that, but I do like that they seemed to have pulled the plug to try and stop as much of the damage as possible.

 

[Pinko Marx]

This thread...This fuckin thread.

 

[IchigoSharingan]

has anyone got there email from sony yet?

My bro set up a single gmail account with PSN. Doesn't use it for anything else.

he was just notified some fucking asshole with IP 64.134.231.106 accessed his info

 

[Attackthebase]

I have no idea if I used my Visa or Discover card for the PSN. Is there any feasible way to find out, or am I forced to wait until PSN to check which card I used?

 

[bender]

2. Not telling their customers as soon as possible that their information might be compromised.

That's what irks me in the most. They waited a week to tell us.

The security breach doesn't really bother me and that's not excusing Sony for allowing it to happen. Every place you use your credit card information with is just another potential place to have that information stolen. I overheard a conversation at my bank about a national retail chain being compromised and them having to re-issue Visa debit cards. While you'd expect someone with as large of an eCommerce presence as Sony to have their act together I can't say I'm surprised. My former bank had a lot of customer information stolen (including mine) so nothing really shocks me anymore.

I'm not sure the last time I used my credit card information on PSN as I've been using pre-paid cards for some time but I went ahead and ask my credit card holder to re-issue me a card. The peace of mind is worth the trouble it takes to change the handful of auto-pays set to the card. Plus dealing with fraudulent purchases and the collection agencies that come with those transactions is a pain.

I have no idea if I used my Visa or Discover card for the PSN. Is there any feasible way to find out, or am I forced to wait until PSN to check which card I used?

When is the last purchase you made? Compare that to your card statements.

 

[offshore]

...And then you crybabies would complain that the speedy e-mail didn't have ANY sort of information in it.

It obviously took this long because they were figuring out what exactly happened.

Of course Sony want to conduct investigations, but you tell your customers on day one to prepare for the worse case scenario…which is what has happened here.

"While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility." is not the same as "We can categorically state credit card information was not compromised and your credit card details remain secure on our servers"

They should have told us on day one to prepare for this...even if they weren't sure.

More generally, it's the CC bit that is the brunt of everyone's annoyance. I think everyone knows that their name and address is probably floating around somewhere on the internet, and yeah, it's annoying that you may get cold calls,or junk mail or your email account may get spammed.

But your CC information is something else completely. A company has to protect that. If they can't, then they probably can't be trusted. Of course the irony now is that going forward, Sony are most likely to run the most secure network, but it's going to take time before this blows over.

 

[Version 3.0]

likewise as someone who has been down the lane of credit card theft (sigh.. monoprice..), it did nothing to change my habits with them. as a matter of fact I placed an additional order with them around 2-3 weeks after they started accepting credit card orders. (byw, this is actually true, swear to god)

bad shit happens. breaches happen. information gets stolen. it's silly to let it cause you to lose faith in the company just because it happened to you. and if you want to distrust EVERYONE that has ever had a breach, your list of trusted companies will probably be down to three companies no one has ever heard of before.

just saying..

Yeah. You'll end up like Rain Man, who could only fly Qantas airlines because every other airline had a fatal crash at some point.

I wish I could use PayPal on PSN like I do on XBL, though.

 

[Snuggles]

I have no idea if I used my Visa or Discover card for the PSN. Is there any feasible way to find out, or am I forced to wait until PSN to check which card I used?

do you have an past bank statements handy?

 

[Pimpbaa]

Glad I removed credit card info last time I was on. Also glad I didn't put in my new credit card info. Still concerned about personal info tho.

 

[StuBurns]

Ok let me give you a nice little pictorial if you will of what happend.


You have a bunch of hungry SoBs with machetes(Hackers) walking around outside your establishment, but they don't have a key to get in. You see them go into other places but hey your ok, they dont have your key. Now you find out that you missplaced your key and it might have been Duplicated, instead of taking steps to say change the locks, or add security within your establishment to guard that meat locker in the back, you go about your business.

few days later you are surprised when you find a machete attached to your skull...

If you don't believe the thieves are at all to blame I don't know what I can say to you, I disagree strongly, and the idea that Sony is exclusively to blame is almost offensive to me. Supporting the people who did this is disgusting.

 

[Dreamgazer]

Rebug most likely had nothing to do with the hack itself. While people used it to get games for free (and I'm sure Sony will not take this lightly, and I fully support them going after the morons who exploited this), and didn't give them any special access to anything on PSN, "just" the ability to add money to their account.
CFW firmwares on PS3 allowed people to add their own SSL CA certificate to the ones the PS3 would accept, which enabled them to have proxies who actually would decrypt the PSN https protocol. Someone more than likely found an SQL injection among some of the POST or GET parameters the PS3 sends to the PSN webservices, and exploited it.

Indeed, Rebug had nothing to do with the hack itself.
However, the fact remains that Rebug CFW was used to pull off the fake credit card -> obtain game activation trick. You can't just blow off and claim no association.

Again, yes, we just get back to the fact that they're just the facilitator, and something need to be done to the F-ing morons who exploited it.

 

[Kazuma Kiryu]

Hey yo son....shit just got mad real up in this punk ass bitch.



http://www.cnn.com/2011/TECH/gaming.gadgets/04/26/playstation.network.hack/index.html

It's major now...sell your stock people. Time to trade in my PS3 fighters for 360 versions now. No more PSN purchases for me, I am not taking any more chances. I'm not saying that 360 is hackproof, but until it happens then i have no other options.

If 360 gets hacked, I am freaking going portable then.

man, the amount of joke posts in this thread is crazy.

 

[baekshi]

I donno dude, not trying to be a dick, ARK's points are a lot more clear and straight to the point, I couldn't really make anything out of Blimblim's..."rescue"

"hacker's with different goals"??? I donno what that means, that just sounds vague and subjective to me. Who is you or me or Blim to confirm the hacker's "goals"?

Anyway what's done is done, just let me know what will make you sleep better at night, blaming on Hackers fully or blaming Sony or half and half? let me know and I'll go with that, because you know, that will hopefully get my $55 back that I had in my PSN wallet

What about your promise?

 

[FINALBOSS]

I kind of don't care about my identity. I really want to link my steam account though so if sony could hurry that up thanks be to Ken.

Me neither.

I'll make a new identity...with a super cool ass name.

 

[Barrett2]

This is maybe the single greatest thing I have ever seen in my life.

Tough to say, at the moment, because I am drunk...

 

[Kyoufu]

This thread...This fuckin thread.

I know :lol

It has given me a few good laughs.

 

[xion4360]

Im glad I removed my credit Card info a day or two before PSN went offline!

 

[GaimeGuy]

I can't believe there are people in here saying "Why are people mad at sony?! It's the hackers' fault!"


If my data becomes compromised because someone fucked up keeping it secure, you bet i'll be pissed off at them. And they'd be liable, too.

 

[rdrr gnr]

I never associated my credit card with PSN. I've always used a store-bought PSN card for security. I'm actually glad my parents drilled such philosophies into my brain. But, I totally sympathize with those who weren't as fortunate. This is absolutely unacceptable. It's only a matter of time before lawsuits are filed.

It has been said before in this thread, Sony should have informed us ASAP to protect our information if the idea of our information being at stake was even a possibility.

 

[The Lamp]

Oh wait, that's right, PSN is down...so I don't know which of the past credit cards it was that was compromised...and I can't check my PSN account to see.

DAMN IT.

 

[Commanche Raisin Toast]

sensationalism:
HACK TAKES PLACE>>sony finds out data was compromised>>>>>>>>>>>>>>>>>>>>>>>>>>>>sony announces data compromise

reality:
HACK TAKES PLACE>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>sony announces data compromise

we have no idea when sony found out the data was compromised. so until then, im not buying this "they didn't tell us when they found out our data was compromised" crap one bit. for all we know they posted the very minute they found out, but it just took them 6 days to discover if that had indeed happened.

 

[RustyNails]

I donno dude, not trying to be a dick, ARK's points are a lot more clear and straight to the point, I couldn't really make anything out of Blimblim's..."rescue"

"hacker's with different goals"??? I donno what that means, that just sounds vague and subjective to me. Who is you or me or Blim to confirm the hacker's "goals"?

Anyway what's done is done, just let me know what will make you sleep better at night, blaming on Hackers fully or blaming Sony or half and half? let me know and I'll go with that, because you know, that will hopefully get my $55 back that I had in my PSN wallet

blimblim is trying to distinguish between white hats and black hats. I think the boundary that separates the two has become very fuzzy in the past decade or so.

 

[I NEED SCISSORS]

I did.

Which GUI in Visual Basic did you use?

 

[Blimblim]

How easy is this to do?

What is the best way to fix this so it will never happen again?

Is this something that could happen to XBL?

Exploiting SQL injections is not rocket science, but it usually involves some quite skilled people. There are many tools that will do basic SQL injections testing (many PCI-DSS testing company have these for example).
Xbox Live doesn't use webservices as far as I know, so they are safe from automated scans. It doesn't mean it's unbreakable though.

 

[mr_nothin]

Sony's incompetence is at the lower end of reasons not to do business with them. I certainly knew just what kind of company I was dealing with when I bought my PS3 and i'm nothing has changed in that regard.

Oh really? What kind of company are they then?\
Do some of you guys not understand that tons of you do business with tons of companies that have had breaches, such as this, in their past?

 

[Vestal]

If you don't believe the thieves are at all to blame I don't know what I can say to you, I disagree strongly, and the idea that Sony is exclusively to blame is almost offensive to me. Supporting the people who did this is disgusting.

The thieves have blame yes, but not taking adequate security measures to protect our information is worse than the thieves themselves.

 

[DMeisterJ]

If you don't believe the thieves are at all to blame I don't know what I can say to you, I disagree strongly, and the idea that Sony is exclusively to blame is almost offensive to me. Supporting the people who did this is disgusting.

.

 

[patsu]

I don't understand why a lot of people keep reminding us to "HATE THE HACKER WHO DID THIS."

... probably because they are mad at the hackers ?

 

[arnoldocastillo2003]

Do me a favor and stop posting like you know whats going on. You were way off with your thursday info, can you just please stop?
Alot of us are pissed off at all this, we dont need this.

I personally have gone from being annoyed at all this, to being quite pissed off. I dont like some random knowing my address and secret question/answer.
I dont like the possibility of having to get a new CC because of all this. I dont like the idea of having to fuck around with Sony Australia to get my PSN id back when all this is said and done.
It's cool that you want attention and all that, but leave it alone, please.

EDIT: Basically I'm asking you to stop spreading misinformation. Sorry if I sound pissed, I just woke up to this shitty news, and I'm sick and tired of having to sift through people guessing or spreading rumours. This is important to me.

You are absolutely right, sorry for it, will restrain of posting, sorry.

 

[JaseMath]

Why didn't Sony formally alert people to this potential beach sooner instead of waiting six days? This is some bullshit.

 

[MetatronM]

sensationalism:
HACK TAKES PLACE>>sony finds out data was compromised>>>>>>>>>>>>>>>>>>>>>>>>>>>>sony announces data compromise

reality:
HACK TAKES PLACE>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>sony announces data compromise

we have no idea when sony found out the data was compromised. so until then, im not buying this "they didn't tell us when they found out our data was compromised" crap one bit. for all we know they posted the very minute they found out, but it just took them 6 days to discover if that had indeed happened.

Really?


So they just shut down PSN a week ago for funsies?

 

[Macho Madness]

I, for one, feel priveleged to have my information stolen from Sony. All of you blaming them should be ashamed.

 

[Uno Venova]

The thieves have blame yes, but not taking adequate security measures to protect our information is worse than the thieves themselves.

Do we know officially that they didn't take adequate security measures?

 

[TheChewyWaffles]

Which GUI in Visual Basic did you use?

The funny thing is that this is even more nonsensical than the quote you've adapted it from

 

[Vinci]

Really?


So they just shut down PSN a week ago for funsies?

And there's still no information sent to customers? Hell, at this point, they might as well just tell everyone, "Watch CNN. Big news!"

 

[Wario64]

I, for one, feel priveleged to have my information stolen from Sony. All of you blaming them should be ashamed.

We have no right to complain. It was a free service after all.

 

[dreamer3kx]

This is one takes the f**** cake of failing, have to worry about bills and real life now this shit on my GAMING console.

 

[Cruzader]

*stare at an entire tutorial thread about how to set up fake credit card number on nextgen*BEEP*date site*

(don't believe me? google it)

RIGHTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT

Oh, I'm sorry, the kiddies at that site are probably more knowledgeable

Im sure they dont want to get sued so they putting their tail between their legs. Man up and accept the consequences!

 

[xbhaskarx]

IT ONLY DOES OFFLINE
Twitter Cracks Wise About PlayStation Network Hack

Some of these are pretty good:

"Hey folks, they told Playstation Plus subscribers about this credit card thing last Thursday."
- Bookscout

"If Sony had required firmware updates hourly instead of daily, this never would've happened."
- MTV Multiplayer's Russ Frushtick

"PSN's down for a week, my credit card info might be stolen, but the most irritating thing about Sony's service is still the name 'Qriocity.'"
- Casey Malone

"Upside of PSN debacle: easy to identify, block Sony Defense Force."
- Giant Bomb's Ryan Davis

"Mortal Kombat exclusive: Kratos. Xbox 360 Mortal Kombat exclusive: being online."
-Andre Black Nerd

"Bad news gets worse. If you ever participated in Folding@Home, it turns out that PSN was storing your entire DNA sequence."
- Insult Swordfighting's Mitch Krpta

"Funnily enough, going to @Kotaku for news on the PSN thing reminded me that I already changed my passwords when they leaked my info."
- Martin Tsang (wait, we're not allowed to laugh at that one, right?)

"Sony warns that Playstation Network hacker may have taken users' personal info/credit cards while leaving their virginity intact."
- Funny or Die

"I better go change my birthday."
- Ars Technica reader

"Man, Kevin Butler better have a fucking gut-buster in his quiver to win me back this time."
- Joystiq's Griffin McElroy

"I hope the PSN hackers do something really cool with all our money, like start a game company that provides a reliable and secure service!"
- Justin Amirkhani (not sure if this one was really a joke)

"At Sony we believe in an open platform. A very open platform."
- Fake Kaz Hirai

holeeshit that is amazing.

so is this.

 

[pantyhelmet]

I'm not argueing about the morality of what has happened, but I have seen 0 information since the PSN service went down that Anon. has had anything to do with it. Judging from the critique from more well informed people than myself about internet security, it sounds like Sony took down the service themselves to find out how deep the problem is and fix it (much in the same way Gabe literally pulled the plug at Valve when he found out the servers had been compromised).

Since this is the third time I've asked you to provide some sort of information to backup what your saying, I have to presume that you have no idea what your talking about. Please, I want to be proven wrong and see this proof that Sony or Anon. claim responsibility for the data theft.

I offered speculation, you ask for proof..are you serious? you even admit its plausible,
plus your whole "Hi. we're Anon, and we goofed, one of our own went a bit to far, OUR BAD!" The blood lust of psn users would be enough to keep a cold blooded terrorist from admitting fault if it was intentional. be serious please.

 

[Uno Venova]

Why didn't Sony formally alert people to this potential beach sooner instead of waiting six days? This is some bullshit.

Because they weren't sure data was compromised.

 

[Vestal]

Do we know officially that they didn't take adequate security measures?

Isn't it obvious? 77 million accounts compromised?

Depending on the client to do most of the security work?

 

[CadetMahoney]

I can't believe there are people in here saying "Why are people mad at sony?! It's the hackers' fault!"

If my data becomes compromised because someone fucked up keeping it secure, you bet i'll be pissed off at them. And they'd be liable, too.

Indeed it is to be suspected there are ppl who are going to try and steal. It is not expected that security is going to be shit. It's not some random holiday resort internet cafe you're giving your cc details to after all.

 

[HomerSimpson-Man]

Well, shit. Worst thing to happen this generation was consoles being online focused. Might as well buy a Stream/Cafe and never touch another console again if this is going to happen.

Spoiler

I would never abandon Steam, though. I'm a hypocrite, but I can admit it.

The only way is barely use your consoles online again. It would be like retrogaming back in olden days!

 

[FINALBOSS]

PSN users will forget all about this shit when they catch the hacker. We'll all huddle together and become stronger as a community.

 

[Mama Robotnik]

Do we know officially that they didn't take adequate security measures?

The fact that they were hacked whereas comparable online infrastructure (XBL, Steam, Wii) was not, evidences their security measures as inadequate.

 

[StuBurns]

The thieves have blame yes, but not taking adequate security measures to protect our information is worse than the thieves themselves.

Great, so you agreed they're not solely to blame, so I don't know why you felt the need to post your little parable.

 

[CloakedPuppet]

If a normal PSN update takes me around 20 minutes or so, I can't imagine what's going to happen with this one. Jeeeez

 

[Degen]

Filling my bathtub with water and dropping my Sony speaker system into it, just to be safe.