Support NeoGAF

[Gritesh]

Warning customers that their personal information was potentially compromised when they felt the need to take down their network and then 6 days later letting everyone know the situation wasn't as serious as they originally feared would have been a better situation then what we're dealing with now as far as I'm concerned.

I understand what your saying but I think the financial implications of going that route would be much much worse, if someone made a mistake like that.

I know I know, consumers information is more valuable, but Sony is indeed a company and is probably more concerned about looking out for themselves in the end heh.

 

[patsu]

but I have read on the internet that Chinese people aren't even able to browse the internet

Apparently the Great Firewall of China isn't so great after all.

Ha ha, the China Internet is bigger than US Internet now.
They are booming... like in our dotcom days. Companies are going IPO as we speak ! T_T

 

[alr1ght]

still no email? wow.

 

[Sblargh]

Wonder why nobody has taken responsibility yet.

Aren't most hackers going to announce that they did this for X reason?

I wonder why nobody claimed responsability for something that will put a private security firm backed by a giant corporation behind their asses.

 

[X-Frame]

For what it's worth, my email address associated with my PSN account was compromised on April 21st. No suspicious activity on my CC account though.

How did they get your e-mail address?

Is your e-mail password the same as your PSN password?

 

[Arnie]

I think you missed the point entirely. Sony's could have had on of the most secure networks in the world and it still could have been hacked. Sony being hacked doesn't necessarily mean their security was bad.

You don't know this at all. The only way we can judge the security of Sony's network against others is if this event correlates with any other incidents, and it doesn't. Judging by the only metric we know possible Sony's network isn't secure. You're again assuming these types of intrusion attempts haven't happened to other networks and been rebuffed, which is definitely not the case for Sony.

 

[SixStringPsycho]

Not to understate the seriousness in all this, but It's really easy to make out what gaffers are americans right now

Pls explain yourself

 

[(._.)]

I just changed all my passwords too. My PSN has the same PW as my battle.net and steam account. same email also.

 

[lowrider007]

It's a news story...on a news website...where they post news.


How is this alarming?

I apologise ok, I'm very very sorry, what is it with people on here seriously.

 

[Rubenov]

I think you missed the point entirely. Sony's could have had on of the most secure networks in the world and it still could have been hacked. Sony being hacked doesn't necessarily mean their security was bad.

I think the hacker (s) went for the easier, lowest hanging fruit. Xbox Live seems like a tougher nut to crack.

 

[EricHasNoPull]

still no email? wow.

I got two already, would you like one of mine?

 

[marrec]

It seems that everyone in this thread thinks the only way to have a secure network is to have an obscure network which just isn't true. I will love to hear, in the near future, the theories of professionals that I trust.

 

[Gritesh]

You don't know this at all. The only way we can judge the security of Sony's network against others is if this event correlates with any other incidents, and it doesn't. Judging by the only metric we know possible Sony's network isn't secure. You're again assuming these types of intrusion attempts haven't happened to other networks and been rebuffed, which is definitely not the case for Sony.

Have other networks attracted the attention of the hacking community in the same ways the ps3 has?

 

[FINALBOSS]

You're delusional, and quite sad.

Way to refute any of the arguments I presented. Laff.

 

[Kagari]

I'm a little surprised some of you use the same password for multiple things. When I originally signed up for PSN they wanted something with both letters and numbers so I created something that I never use elsewhere.

 

[The Faceless Master]

My dad's fucking Netflix account is on my PS3.

Should I be paranoid

do you even enter netflix data on the console? don't you just get a code to activate on the website? i could be wrong, i did it last fall...

 

[MrPink93485]

I think the hacker (s) went for the easier, lowest hanging fruit. Xbox Live seems like a tougher nut to crack.

Or, they went for the one that pissed them off the most.

 

[Jive Turkey]

Wonder why nobody has taken responsibility yet.

Aren't most hackers going to announce that they did this for X reason?

Generally the only time people announce their crimes is when they are trying to make a name for themselves. As this appears to be motivated by money I doubt we'll see anybody claim responsibility.

 

[XiaNaphryz]

It's a news story...on a news website...where they post news.


How is this alarming?

Video game news rarely gets mainstream press coverage. It's alarming mainly for those concerned about the PR/reputation hit that Sony may get from the non-video game demographic.

 

[patsu]

Wonder why nobody has taken responsibility yet.

Aren't most hackers going to announce that they did this for X reason?

It could mean they are within Sony's legal strike distance.

[Like... Exhibit A: Geohotz]

 

[Metalmurphy]

You don't know this at all. The only way we can judge the security of Sony's network against others is if this event correlates with any other incidents, and it doesn't. Judging by the only metric we know possible Sony's network isn't secure. You're again assuming these types of intrusion attempts haven't happened to other networks and been rebuffed, which is definitely not the case for Sony.

I know I don't. That's the whole point.

"Sony's security is inadequate"
"I've seen this said a couple of times....how do we know this?"
"really?"

Yes really, you don't know if the security was crap or not.

 

[PsychoJecht]

You don't know this at all. The only way we can judge the security of Sony's network against others is if this event correlates with any other incidents, and it doesn't. Judging by the only metric we know possible Sony's network isn't secure. You're again assuming these types of intrusion attempts haven't happened to other networks and been rebuffed, which is definitely not the case for Sony.

You don't know any more than the poster you quoted.

 

[Fatghost]

Is Sony sending an email to all accounts or only affected ones?

If you don't get an email should you assume your data was safe?

 

[ULTROS!]

Sucks but I don't think I've used my credit card. So this goes to show that the best way to purchase stuff is to use PSN Cards.

So were into Sonic hate now?

You know what? Ive played 3 JRPGs in my life and Final Fantasy XII is one of the best games ive ever played. A masterpiece i must add.
FFXII >>>>>> FFX
Come at me Kagari! >8/

FFXIII >>>>>>> FFXII

 

[Aquavelvaman]

I'm a little surprised some of you use the same password for multiple things. When I originally signed up for PSN they wanted something with both letters and numbers so I created something that I never use elsewhere.

Prior to changing everything today I used a base password and added different combinations of numbers and caps on the same base word for different websites. Some of the combinations overlapped. That's just me though.

 

[teiresias]

I couldn't give a fuck how long they knew, I know that they're incapable of giving me a safe and secure network to go about my business and as a result I will have to cancel my credit cards and change my passwords which is a serious inconvenience and breach of trust. As a result I'll not be purchasing and participating in any of their low security services in the future which includes next generation, I've already hatched a plan to end my current Playstation generation short after Uncharted 3 releases and use the proceeds to buy a Cafe.

LOL @ Nintendo's system being anymore secure. I'm really starting to think the Japanese corporations are just horrible at online infrastructure as a general rule. Devs can't get online modes right, and hardware manufacturers can't get their networks worth a damn.

 

[Rebel Leader]

I'm a little surprised some of you use the same password for multiple things. When I originally signed up for PSN they wanted something with both letters and numbers so I created something that I never use elsewhere.

I did the same

 

[FINALBOSS]

Video game news rarely gets mainstream press coverage. It's alarming mainly for those concerned about the PR/reputation hit that Sony may get from the non-video game demographic.

So...shareholders only?

 

[BackwardsSuggestions]

Video game news rarely gets mainstream press coverage. It's alarming mainly for those concerned about the PR/reputation hit that Sony may get from the non-video game demographic.

The hell kind of new sites do you use? Most news sites have a 'Technology' section which deals with VG news.

 

[Fersis]

So its true that the data was not encrypted? Or its just an interwebz rumor?
Because if so: DAYUUUUUUUUUUUUUUUMN!

 

[greyshark]

How did you realize that?

Got a notification from Yahoo telling me it happened and asking me to change my password on the spot.

 

[DevilWillcry]

Sucks but I don't I've used my credit card. So this goes to show that the best way to purchase stuff is to use PSN Cards.



FFXIII >>>>>>> FFXII

FFXII sucked pretty bad...my opinion of course.

 

[paskowitz]

IGN update: http://ps3.ign.com/articles/116/1164186p1.html



So there you go. Unless, of course, you don't believe the Sony.

Sanity restored.

Wait no...

 

[PsychoJecht]

do you even enter netflix data on the console? don't you just get a code to activate on the website? i could be wrong, i did it last fall...

You enter the username and password of your netflix account. Netflix now auto activates devices until you get to 6, then you have to remove one to add another.

 

[(._.)]

I'm a little surprised some of you use the same password for multiple things. When I originally signed up for PSN they wanted something with both letters and numbers so I created something that I never use elsewhere.

Using the same password for multiple things is very common. Having a different password for everything can be a hassle. I have four passwords that I use for like 20 different things.

 

[Metalmurphy]

I'm a little surprised some of you use the same password for multiple things. When I originally signed up for PSN they wanted something with both letters and numbers so I created something that I never use elsewhere.

I have TONS of logins, different passwords for each one is pretty much impossible.

 

[alr1ght]

Is Sony sending an email to all accounts or only affected ones?

If you don't get an email should you assume your data was safe?

Q.5 How many were affected? How many per each region? What is the latest status of PlayStation Network registered account/ operating countries.

Our investigation indicates that all PlayStation Network/ Qriocity accounts may have been affected.

I have TONS of logins, different passwords for each one is pretty much impossible.

Either way, your email pass should be completely unique.

 

[Minsc]

I've only used PSN a handful of times, and I still find this pretty crappy.

75 million accounts stolen? And passwords too, along with possibly credit cards? Damn.

Funny thing is, I feel like we had this thread a few months ago, but it was a false alarm back then as it only pertained to people with CFW.

I have TONS of logins, different passwords for each one is pretty much impossible.

Use a password manager. I have 100+ accounts (no exaggeration - a quick ctrl+a in keypass counts 111 in just one category), and I doubt I know more than 3 of them, but they're all unique and I have no problems bringing them up when I need to.

 

[Jerk]

FFXII sucked pretty bad...my opinion of course.

You need a better one

 

[gcubed]

I have TONS of logins, different passwords for each one is pretty much impossible.

why?

(not directed at you mm) also if your email address is your login and the password is the same as your email address password you should basically just rip your internet connection out and never go online again

 

[greyshark]

How did they get your e-mail address?

Is your e-mail password the same as your PSN password?

No clue if it was related to PSN being compromised, but the timing was a bit strange considering I've had this account for 8 years and have never had any issues with it.

I'm not even sure if I remember my PSN password, but it is possible that they are (were) the same.

 

[Apath]

I don't know what's worse. The crazy people panicking like it's the end of the world. Or the assholes blaming the whole thing on Sony. Guarantee you half the people blaming Sony could give a shit less about their PS3 to begin with...if they even have one at all. When can we start acting like adults again?

Fanboy conspiracy? Check.
Insults? Check.
Forgetting about the people blindly defending Sony? Check.

 

[FINALBOSS]

I've only used PSN a handful of times, and I still find this pretty crappy.

75 million accounts stolen? And passwords too, along with possibly credit cards? Damn.

Funny thing is, I feel like we had this thread a few months ago, but it was a false alarm back then as it only pertained to people with CFW.

He'd have to be in the server...downloading...for DAYS to get the information on 70+ million accounts.

 

[Akia]

I changed all my passwords and changed my PSN linked credit cards.

I freaking can't believe they've screwed up so badly.

 

[Swifty]

Does anybody have any details as to the vector of this attack? I'm pretty familiar with database backend programming so lay it all on me. Did Sony not sanitize their inputs? Were transactions not using any form of encryption? Did Sony not hash and salt their passwords and instead store them as plain text?

 

[MoneyLaunderer]

Everyone that is saying "I'm done with Sony" fail to realize that anything can be hacked. iTunes, Amazon, your email, anything. My friend was careful as possible and his iTunes account was hacked without him having any knowledge of it. You just have to be careful with your info and don't list your CC on every service you use, change your passwords every now and again, and you should be fine. You'd have to be done with the online world as a whole to escape identity theft. And even then it could still probably happen. I just don't see blaming Sony as a viable reaction. Sure, they should have disclosed that personal info was probably compromised, but if it wasn't they could have damaged their reputation just as much as if it had been. I'll be back on PSN when it relaunches. Don't plan on letting some hacker take away one of my favorite hobbies. But that's me. To each their own.

 

[Majine]

75 million accounts stolen? And passwords too, along with possibly credit

Dunno if its 75 million. I have 4 PSN accounts, but only 1 where I have CC info.

 

[Mithos]

I'm a little surprised some of you use the same password for multiple things. When I originally signed up for PSN they wanted something with both letters and numbers so I created something that I never use elsewhere.

I use the same passwords on some sites, and another password on a few other sites etc etc.
However when I show people how I make my passwords and still remember them they think I'm crazy. "qRB$um3@", "Jx5&g!N%", etc etc etc, crazy passwords like this, and normally they are longer then 8 characters.

 

[Mailenstein]

Oh Sony...:

The PSN is down, all accounts got dumped by an anonymous hacker and the community is cryin' for answers. 77 million accounts with password and sometimes CC info are worth a lot in several hack chans. This is a very huge case.

Now SONY engaged an external security company to discover the holes in SONY's system and find answers. As I was wondering if there may be some information about the actual case we can find out publically, I researched a bit myself.

One interesting point I found is a not secured access log of a PSN environment.
You will quickly notice the IP 214.1.211.251, which sends requests like a vulnerability scanner.
The IP points to the DoD Network Information Center, based in Ohio USA.

The first log entry of this IP is [03/Mar/2011:07:10:38 -0800]. As the DoD is knows as beeing easy to hack, the anonymous hacker could have used this as proxy.

Maybe SONY might want to take a look at this IP, I hope soon we get some news and details about the case...

- SKFU

214.1.211.251 – - [15/Apr/2011:09:40:11 -0700] “GET /officescan/cgi/cgiChkMasterPwd.exe HTTP/1.1″ 404 336 “-” “-”
178.202.110.92 – - [22/Apr/2011:19:05:00 -0700] “GET /admin/cdr/counter.txt HTTP/1.1″ 404 343 “-” “Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16″
214.1.211.251 – - [15/Apr/2011:09:40:09 -0700] “GET /_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15 HTTP/1.0″ 404 325 “-” “-”
214.1.211.251 – - [15/Apr/2011:09:39:51 -0700] “GET /scripts/foxweb.exe/ HTTP/1.0″ 404 324 “-” “-”
214.1.211.251 – - [15/Apr/2011:09:39:48 -0700] “GET /phpwebfilemgr/index.php?f=../../../etc/services HTTP/1.0″ 404 328 “-” “-”

214.1.211.251 – - [15/Apr/2011:09:39:49 -0700] “GET /board.php?FID=<script>alert(document.cookie)</script> HTTP/1.0&#8243; 404 314 “-” “-”
214.1.211.251 – - [15/Apr/2011:09:39:38 -0700] “GET /servlet/webacc?User.id=”><script>alert(‘eeye2004&#8242</script> HTTP/1.0&#8243; 404 319 “-” “-”
214.1.211.251 – - [15/Apr/2011:09:39:30 -0700] “GET /modules.php?name=Reviews&rop=postcomment&title=%253cscript>alert%2528document.cookie);%253c/script> HTTP/1.0&#8243; 404 316 “-” “-”




Source: psx-scene

Both, https://media.q-np.ac.playstation.net/access-navigator-media & https://media.q-np.ac.playstation.net/errors-navigator-media were perectly accessible and viewable until some minutes ago. Seems like Sony saw it and changed things. Seriously, fucking amateurs.

 

[Metalmurphy]

Either way, your email pass should be completely unique.

I got 7 email accounts

3 Gmail
2 MSN/LIVE
1 ISP
1 university

Oh Sony...:



Both, https://media.q-np.ac.playstation.net/access-navigator-media & https://media.q-np.ac.playstation.net/errors-navigator-media were perectly accessible and viewable until some minutes ago. Seems like Sony saw it and changed things. Seriously, fucking amateurs.

That has been debunked. It has nothing to do with the problem.

Use a password manager. I have 100+ accounts (no exaggeration - a quick ctrl+a in keypass counts 111 in just one category), and I doubt I know more than 3 of them, but they're all unique and I have no problems bringing them up when I need to.

I use Firefox for anything web related, but there's also many games and outside applications. Too many to memorize.