Support NeoGAF

[Kyoufu]

Do we even know if payment info has been compromised? Sony didn't confirm it.

 

[MetalAlien]

Is this the same thing as Media Go? I haven't used it in a while but is that considered the PSN?

 

[TrAcEr_x90]

If they could have gotten the info they already have.

Spoiler

Just guessing. It wouldn't hurt to remove it though.

Wait, what about Chase bank?

hahaha, so what if you use a chase card for psn? double screwed??

 

[Relaxed Muscle]

Because they weren't sure data was compromised.

"Hey, we're certain there has been uncontrolled activity by outside people in our network!"

"You think they may have stole all of our users data and CC info?!"

"Um....maybe they were just there to make some private Killzone 3 matches!"

"Yeah, certainly that's a possibility, let's call a 3rd party company and let's see what the say about!"

*six days after*

"Holy fuck! they stole all the data of our users!! let's make an offcial statement!"

 

[X-Frame]

How do you set up a Fraud Alert without your CC company terminating and sending you a new card?

What does that mean? They just have to confirm your identity for a couple weeks before you use the card or something?

 

[Morn]

How did you find this?!!?

Holyshit

jail rape time.

enjoy the millions of year in prison dude.

I have a serious question for you. Has any doctor ever diagnosed you as mentally disabled or used the word "slow" when talking about you to your parents?

Anyone who can get your IP can go to any one of numerous websites and legally get that information.

 

[railGUN]

For everyone freaking out at sony and claiming this was handled so "terribly"

Lets be realistic here and look at the timeline of events:

Last week Sony detects an intrusion on their network, they begin an investigation to find out how serious the intrusion is. Someone has to make the heavy financial decision to figuratively (and literally) pull the plug on the PSN in order to further protect themselves, developer's and the consumers. I am sure that decision was not easy to make but necessary.

Then they begin an investigation to determine how the intrusion was made and take the necessary steps in order to resolve this issue.
This of course all takes place leading into a Easter Long Weekend where even employees at Sony have lives, and probably either were gone for holiday's or going to visit relatives or whatever normal people do for long weekends.

I think that's a big key in what people are missing, it happened over a long weekend, when a large number of the team was very likely unreachable, including the PR department, for many Tuesday (today) is the first day back to work.

So they being last Thursday / Friday investigating the issue, trying to determine the severity of the attack, what information was at risk, what information was made available etc..
The weekend comes into play, given the state of emergency, I am sure Sony had employees working around the clock, they discover the extent of the issue and what information was taken.

Come Monday they are trying to get security people into work, get them up to speed on what happened, get meetings underway on what to do to deal with it, and decide 100% for sure how to move forward.

Finally Tuesday morning, PR people are back to work, major bosses are back to work, everyone is brought up to speed, a head honcho makes the saddening decision that they need to tell the consumers what has happened, and finally they come forward and let us know.

Really how else could it have gone? These decisions aren't light hearted decisions, they have heavy repercussions and nobody at Sony wanted to have to come forward and tell everyone what happened without being 100% positive because of the obvious (as evening news can tell) negative impact of the news.

You can't be serious... this can't be serious...

 

[pestul]

As a 360 only user, I'm truly sorry you guys have to go through this BS. :/

There's probably a few 360/Wii users in this thread that will try to get a dig in at your/Sony's expense. Shame on them I say.

 

[rapid32.5]

is it possible for hackers delete PS Store content ? that would be the biggest clusterfuck this gen next to RROD. I kinda feel sorry for Sony and PSN members, because nobody is safe online.

 

[Seraphinianus]

Why would they? I can't imagine Valve sharing Steam details with Sony and I don't see why they would need to.

ah, steam! thanks for reminding me. i hope that's the last thing using my psn password...

 

[x3sphere]

Here's the IP info for the person who apparently hacked PSN:



Either the guy is in the military, or was spoofing his IP.

That's from publicly accessible access logs on the the q2-np environment (I won't post the URL), which has been known for some time. I don't think the hack was performed on through this server, there's really no useful information there, though you can see version strings from new firmware being tested. 3.65, 3.70 etc come up in the access logs.

However, it definitely shows how careless Sony is. Access logs should be restricted to local addresses.

 

[FINALBOSS]

Sony's going to continue being the laughingstock of the industry for years to come. So much fail this generation...

I hope you're trolling

 

[SapientWolf]

how? if you lose your key, why would you go about your own key why would you go about your business, you can't get in either. -__-

Some people have more than one copy of their housekey. I know that seems far fetched but I'm willing to stretch my imagination for the sake of argument.

 

[Revolutionary]

is it possible for hackers delete PS Store content ? that would be the biggest clusterfuck this gen next to RROD. I kinda feel sorry for Sony because nobody is safe online.

I heard that hackers can accidentally the whole PSN

 

[Vinci]

How do you set up a Fraud Alert without your CC company terminating and sending you a new card?

What does that mean? They just have to confirm your identity for a couple weeks before you use the card or something?

If there's any remotely suspicious activity on the card, they'll call you up. At least that's what Chase told me they'd do.

 

[entremet]

Is this the same thing as Media Go? I haven't used it in a while but is that considered the PSN?

To access the store? Yes, it's the same thing.

I hope you're trolling

Why? This is a big fuck up. Sony's gonna get its lumps for this one, just a Gawker did. But Gawker didn't have CC data, which makes this more serious.

 

[Loudninja]

is it possible for hackers delete PS Store content ? that would be the biggest clusterfuck this gen next to RROD. I kinda feel sorry for Sony and PSN members, because nobody is safe online.

Huh?

 

[Vamphuntr]

I have a serious question for you. Has any doctor ever diagnosed you as mentally disabled or used the word "slow" when talking about you to your parents?

Anyone who can get your IP can go to any one of numerous websites and legally get that information.

Someone didn't read stump's warning.

 

[jackdoe]

Alright. Changed all of my passwords and have an eye on the two cards I used on PSN. Should be good now.

 

[pantyhelmet]

I heard that hackers can accidentally the whole PSN

they set us up the bomb?

 

[mugurumakensei]

I think people are missing that point that many are saying. Geohot broke the PS3's security and everyone was warned way ahead of time(By Sony themselves even) that people on custom firmware could be susceptible to...well, whatever specific firmware could do. Fast forward and we get several new groups popping up with their own firmwares. The people on pSXscene start abusing devnet. Someone, somewhere notices a crack in the system and uses it to get at this information.

Uh, Rebug had nothing to do with this. In fact, you can access psn from a computer. If you use fiddler while downloading games through media go, you can see some of the magic going into negotiating a download on psn.

 

[robotzombie]

....

Why not ill bite.


If you don't use AV, Firewall and a password on your pc, and you end up getting hacked.. Who has the bigger blame... The hacker or you?

THE HACKER. FOR HACKING.

I mean seriously, the person not defending well enough against a piece of shit is somehow worse than the piece of shit doing something they shouldn't be doing? OBVIOUSLY you need to defend your shit and what Sony did was horrible, but to somehow call them worse than actual villains that are attacking? Really?

 

[syoaran]

I offered speculation, you ask for proof..are you serious? you even admit its plausible,
plus your whole "Hi. we're Anon, and we goofed, one of our own went a bit to far, OUR BAD!" The blood lust of psn users would be enough to keep a cold blooded terrorist from admitting fault if it was intentional. be serious please.

Your talk as if this is a forgone conclusion. Anon. did it, they took down the service for 6 days and took our personal details while they were at it. Until Sony say otherwise, the facts as they stand point toward a theft by a group in the similar to the group that stole the Epsilon data earlier this year. Since we know so little, this is of course speculation.

Of course I admit your theory has some merit, as does many others, but it's not a forgone conclusion by any means, and unless you can offer something to back it up, stop acting as if this is over.

 

[Hugh Buelow]

Question: I don't use the same password everywhere but I do use a variant of the same password everywhere that changes depends on the site, so if they got my password in plaintext, it's conceivable they could derive how it's modified and apply the steps when trying other sites.

Am I screwed?

That depends on the pattern that you use. If you use something obvious, say for example "hunter2neogaf" and "hunter2paypal", there is definitely a danger if they try to log in to other site manually (and the human doing this recognize the pattern). But if they try to log in to other sites using a program, there should be no problems, as it is extremely difficult to write an algorithm to detect this kind of patterns. But anyway, while being better than reusing the same password, it is not a very safe way to diversify your passwords.

If you use a more elaborate way to incorporate the site name to your passwords, you should have (almost[1]) nothing to worry. The key here is to have a way that you understand (and can easily figure out) while not being obvious. To more time it takes to figure, the safer that you are.


[1] If the "hacker" really wants to access your account, and he have an infinite amount of time for this, then yeah, it is not secure.

 

[FINALBOSS]

XBL gets hacked probably 30 times a day.

You pay someone 200 bucks to steal someone's Gamertag and personal information and it's done.

 

[Uno Venova]

"Hey, we're certain there has been uncontrolled activity by outside people in our network!"

"You think they may have stole all of our users data and CC info?!"

"Um....maybe they were just there to make some private Killzone 3 matches!"

"Yeah, certainly that's a possibility, let's call a 3rd party company and let's see what the say about!"

*six days after*

"Holy fuck! they stole all the data of our users!! let's make an offcial statement!"

Or they found out today and put out an official statement today, 2 days ago all they could say was they weren't sure.

 

[RedSwirl]

I miss the days back when Sony would just let me manually input my debit card info upon each purchase. Yes it was tedious, but it was safer.

 

[cloud_sleep]

Damn. Now I've got to change all my passwords, get new CCs, new bank accounts, change my name by deed poll, move, get an unlisted number and fake my own death. What a hassle. And all I ever bought via PSN was Abbey Road for Beatles Rock Band.

Japanese technology, eh? WTF happened?

 

[D4Danger]

XBL gets hacked probably 30 times a day.

You pay someone 200 bucks to steal someone's Gamertag and personal information and it's done.

that's not the same thing

not at all

 

[mr_nothin]

Dude, I had to work on Easter, and my company WASNT having a catastrophic data breach.

What the hell is up with these apologists?????? Is Easter even a big holiday in Japan???

Just accept that Sony fucked up really bad!

Awww, you didnt get to see kids finding Easter Eggs. That's horrible

 

[Arpharmd B]

Do we even know if payment info has been compromised? Sony didn't confirm it.

They said it may have been, which is a clever way of saying yes without causing people to panic.

Actually, it's not clever, people are just stupid.

Yes it's been compromised.

 

[Stuggernaut]

Well even though I warned my associated CC account last week about this just in case, it's still annoying that it took them this long to let people know.

On the other side of the coin, I have seen some people do some serious "hacks" on a computer in my day and I am a firm believer in the idea that if a good enough hacker sets his/her sights on something, they will get it.

Sony had just about any hacker with a bug up their ass wanting to hit them. So was bound to happen.

Sony should have seen it coming

 

[Htown]

they could have said, "there may have bee a security breach, customers may want to keep an eye out and change your passwords" days ago. instead, they basically kept quiet until the story got too big to handle and folks like the BBC got involved.

 

[Blimblim]

is it possible for hackers delete PS Store content ? that would be the biggest clusterfuck this gen next to RROD. I kinda feel sorry for Sony and PSN members, because nobody is safe online.

We don't know if the hacker(s) actually got "physical" as in shell/remote access to the servers, or just exploited a webservice to get all kinds of informations out of PSN's database.
It it's the latter then the content itself is more than likely perfectly safe. If it's the former, well then anything's possible.

 

[Garjon]

Wait, what about Chase bank?

EDIT: That information is out of date, it's supposedly to do with emails now. Sorry, I really need to learn to read.

And fair enough Fireye, looks like we'll have to wait until more specific information is given out before we can make any proper assumptions.

 

[jax (old)]

I have a serious question for you. Has any doctor ever diagnosed you as mentally disabled or used the word "slow" when talking about you to your parents?

Anyone who can get your IP can go to any one of numerous websites and legally get that information.

Well, you're the one that's pointing the finger at that one guy and saying he was the culprit behind this international data theft.If its that easy, I don't know what he isn't already arrested.

If anything, that way worse. I'm only reacting to your post. Anyhow, there's absolutely no reason to call me mentally disabled or slow

 

[Igor Antunov]

My hatred for hackers has just been forever set in stone.

Has it reached parity with your hatred for thieves? Because thats what these guys are, thieves and possibly even conmen if they resort to identity theft.

 

[Glix]

I miss the days back when Sony would just let me manually input my debit card info upon each purchase. Yes it was tedious, but it was safer.

I constantly curse Magic the Gsathering Online for this.

I shall curse them no more!

 

[Barrett2]

Awww, you didnt get to see kids finding Easter Eggs. That's horrible

The fuck is wrong with you people?

 

[Mama Robotnik]

XBL gets hacked probably 30 times a day.

You pay someone 200 bucks to steal someone's Gamertag and personal information and it's done.

(1) Citation needed. I'm not being snarky, I'd genuinely like to see the evidence.

(2) One person, two people, etc, are not comparable to the personal information of millions of millions of people. One is an inconvenience, the other is industrial-scale incompetence bordering on the criminal.

 

[entremet]

XBL gets hacked probably 30 times a day.

You pay someone 200 bucks to steal someone's Gamertag and personal information and it's done.

Do you work for Sony? Serious question.

 

[stupei]

Had my debit card on there so my bank recommended changing all my accounts. Just got back from doing that.

What sucks is having to switch over a billion other automatic payment things at work and elsewhere after I just finished doing that when I got a new card two months ago.

 

[MoneyLaunderer]

I'm glad I didn't have any CC info on my PSN account and signed up w/ a dummy email address. Not worried in the least about any of my info. Have an identity alert service through my bank/employer that tracks my SSN and CCs. Just waiting for PSN to relaunch so everything can return to normal.

 

[Arpharmd B]

XBL gets hacked probably 30 times a day.

You pay someone 200 bucks to steal someone's Gamertag and personal information and it's done.

I think you're making this up.

 

[B-Dex]

For everyone freaking out at sony and claiming this was handled so "terribly"

Lets be realistic here and look at the timeline of events:

Last week Sony detects an intrusion on their network, they begin an investigation to find out how serious the intrusion is. Someone has to make the heavy financial decision to figuratively (and literally) pull the plug on the PSN in order to further protect themselves, developer's and the consumers. I am sure that decision was not easy to make but necessary.

Then they begin an investigation to determine how the intrusion was made and take the necessary steps in order to resolve this issue.
This of course all takes place leading into a Easter Long Weekend where even employees at Sony have lives....

Sorry if your entire database of customer information was hacked and stolen fuck your easter long weekend. And don't wait a week to tell me either.

 

[Jburton]

I just want online back up and functioning!!

Socom 4 multiplayer god damn it!!


For all those panicking, use points cards! ....... I do it for itunes, PSN. XBL, fuck credit cards on the internet.

Sony have been stupid in relying on client side protection, the severity of the situation is a result of this.

The originator of this bullshit is that asshole hacker/hackers.

Unfortunately he has harmed not only normal use customers but also those that support and use CFW etc.

Powerful weapon in the hands of Sony to point out the danger of people hacking their electronics.

 

[pantyhelmet]

Some people have more than one copy of their housekey. I know that seems far fetched but I'm willing to stretch my imagination for the sake of argument.

well I'M NOT. He's locked out of the house and can't get in and thats all there is to it la la la al la i can't hear any other explanation la la la la. >__<

 

[gembel]

gonna be bad for celebrity ps3 owners.. they might get stalked and receive phone threats..

 

[Tempy]

I have a serious question for you. Has any doctor ever diagnosed you as mentally disabled or used the word "slow" when talking about you to your parents?

Anyone who can get your IP can go to any one of numerous websites and legally get that information.

I think he's convinced you found the hacker (you haven't), and the jail time thing is regarding the hacker, not you.

 

[CrushDance]

Uh, Rebug had nothing to do with this. In fact, you can access psn from a computer. If you use fiddler while downloading games through media go, you can see some of the magic going into negotiating a download on psn.

Right. And PSN was hacked before with such gaping holes.