Support NeoGAF

[TTP]

Got a notification from Yahoo telling me it happened and asking me to change my password on the spot.

Interesting. I wonder how Yahoo would know tho.

You sure it was a legit Yahoo email? D)

 

[jimmypop]

Ruh-roh, a full top quarter on msnbc.com devoted to the story.

 

[Arnie]

You don't know any more than the poster you quoted.

No but I can make an assumption based on what I do know. And I know Sony's network has been successfully hacked, so I'm as a result done.

I'm not going to put my trust in their network ever again after this. That is the crux of the matter.

 

[alr1ght]

Does anybody have any details as to the vector of this attack? I'm pretty familiar with database backend programming so lay it all on me. Did Sony not sanitize their inputs? Were transactions not using any form of encryption? Did Sony not hash and salt their passwords and instead store them as plain text?

i doubt you're going to get that info, unless the hacker releases it.

 

[lowrider007]

Using the same password for multiple things is very common. Having a different password for everything can be a hassle. I have four passwords that I use for like 20 different things.

I do the same, email acc's, online retailers, forums and banking are all separated between 4 passwords.

For those that have trouble remembering you passwords you should use KeePass, fantastic free app for keeping multiple passwords for various sites.

 

[daffy]

omg pics of Sonic the Hedgehog 200666 in the wild being posted?

Time to delete the last 20 pages and start over again

 

[XiaNaphryz]

The hell kind of new sites do you use? Most news sites have a 'Technology' section which deals with VG news.

You make it sound like all major newspapers and news sites have a section that's the equivalent of any major games news feed.

I know most news sites have a tech section. Anything newsworthy usually ends up there along with the occasional review, and NOT the front page - typically that only occurs for big announcements (i.e. new hardware), controversy (your hot coffees and what not), or major screwups.

I have TONS of logins, different passwords for each one is pretty much impossible.

Use something like LastPass.

 

[Deleted member 30609]

Everyone that is saying "I'm done with Sony" fail to realize that anything can be hacked. iTunes, Amazon, your email, anything. My friend was careful as possible and his iTunes account was hacked without him having any knowledge of it. You just have to be careful with your info and don't list your CC on every service you use, change your passwords every now and again, and you should be fine. You'd have to be done with the online world as a whole to escape identity theft. And even then it could still probably happen. I just don't see blaming Sony as a viable reaction. Sure, they should have disclosed that personal info was probably compromised, but if it wasn't they could have damaged their reputation just as much as if it had been. I'll be back on PSN when it relaunches. Don't plan on letting some hacker take away one of my favorite hobbies. But that's me. To each their own.

I mean, to be fair, this isn't just a one-off account hack. Their entire PSN user-database was compromised. That's a little more -- uh -- uncommon.

 

[shintoki]

My bad then. thread moves so fast.

Not really, it still took a week to figure it out and say something. After shutting down the service and saying very little about why, letting rumor and paranoia run rampant. Which is why their is such a blow up now over it.

 

[Clipper]

So has anybody tried to detect a pattern on the compromised accounts yet? Neither of my PSN accounts have been e-mailled, so I would have to assume they weren't compromised (unless Sony is just taking a while to e-mail).

Perhaps it's only people who signed up early or something like that? We should have a fairly good sample here at NeoGAF to figure this out if there is any clear pattern. I'm just wondering if it's already been done...

 

[Minsc]

I changed all my passwords and changed my PSN linked credit cards.

I freaking can't believe they've screwed up so badly.

Yea, I'll change mine now too, I was just worried it wasn't safe to change them yet, until we got confirmation from Sony things are up and running properly.

The story that I read from arstechnica sounded just awful, hopefully it's not that bad. But I guess this is nothing new, it happens to department stores and even banks... still annoying.

 

[chubigans]

Ruh-roh, a full top quarter on msnbc.com devoted to the story.

MSNBC...which is partly owned by Microsoft.

The plot thickens.

 

[Mithos]

I got 7 email accounts

Bah only 7?

I have like 40+ mail-accounts. ;p

 

[Xavien]

So lucky i never brought anything on PSN or linked my CC for anything.

Sucks for all you guys though

Shit... just realized that ill probably have to change my passwords on other sites :/

 

[Metalmurphy]

No but I can make an assumption based on what I do know. And I know Sony's network has been successfully hacked, so I'm as a result done.

I'm not going to put my trust in their network ever again after this. That is the crux of the matter.

Pentagon and the White House got hacked. Are you gonna assume the security is bad?

 

[Dash Kappei]

Way to refute any of the arguments I presented. Laff.

You had arguments? Sorry, I only noticed crazy fanboy's talk.
If my bank got robbed of my family's jewelry because they didn't hire enough security guards and have no alarm system, you can bet your ass I'm going to be pissed at the criminals but more than that I will fucking sue the bank's ass off for being so incompetent and for breach of trust.

 

[MoneyLaunderer]

I mean, to be fair, this isn't just a one-off account hack. Their entire PSN user-database was compromised. That's a little more -- uh -- uncommon.

I agree. This is very uncommon. I hate to say it, but it really shows the level of talent it takes to compromise a service like PSN, even though I'm not a fan of hacking and feel it hurts innocent gamers like myself. One thing that will come out of this is it should make more people aware of what info they have out there on services like PSN/XBL/WoW/Steam. I know I'll be checking my credit report regularly from now on.

 

[greyshark]

Interesting. I wonder how Yahoo would know tho.

You sure it was a legit Yahoo email? D)

Heh - now you're making me paranoid . I do login with a different password on my Yahoo account now (have even screwed up a couple of times entering in the old one out of habit), so I'm sure it's ok. As for how they knew, I have no idea. Maybe they can recognize the channels attack programs use to access their users accounts.

 

[Jinfash]

MSNBC...which is partly owned by Microsoft.

The plot thickens.

I miss Wollan

Spoiler

Not really.

 

[Dominican Power]

So only the compromised accounts are getting emails?

 

[Shurs]

I'm a little surprised some of you use the same password for multiple things. When I originally signed up for PSN they wanted something with both letters and numbers so I created something that I never use elsewhere.

Honestly, I've never really worried about my information being compromised. Now, I don't use the same password for everything, but my PSN password was shared by a few other websites that I frequent. Not anymore, obviously.

Lesson learned, for sure.

 

[Arnie]

Pentagon got hacked once. Are you gonna assume it has/had bad security?

Was their entire database pilfered? If so, yes.

 

[Majine]

So only the compromised accounts are getting emails?

They suspect everyone.

 

[chubigans]

I miss Wollan

Spoiler

Not really.

Bwahaha

 

[FINALBOSS]

Oh Sony...:



Both, https://media.q-np.ac.playstation.net/access-navigator-media & https://media.q-np.ac.playstation.net/errors-navigator-media were perectly accessible and viewable until some minutes ago. Seems like Sony saw it and changed things. Seriously, fucking amateurs.

Already debunked as having jack shit to do with PSN.

 

[Apath]

I'm confident that not only will Sony be able to get things back up and running, but that they will not let something like this happen again. As such my worries are more focused on:
1. Compensation for the inconvenience -- Microsoft gives games and free gold for RROD, and free games for when Live goes down. Sony should do something similar.
2. Compensation for the PS+ subscribers (me =]) -- Free month of PS+ and free game? Bonus discounts? Keep a PS+ tied title perm.??

If someone steals my credit card numbers, I'll cancel it and get a new one. The CCC will take care of any fraudulent charges. The only question is how much longer I'll have to wait before I am able to log back in to PSN.

 

[Snipes424]

You really think it's a "meltdown" to be upset over compromised credit card details.

I think it's serious and Sony are to blame for the weak security, but people closing their CCs? Really? that is WAAAAY over reacting. 1st we don't know if CCs were stolen and second if they were and charged you get the money back and your CC is changed. If you cancel your CC you lose credit rating.

I mean even though it's comical to watch these people lose their minds, people just need to take a deep breath, panic doesn't help anything.

 

[MoneyLaunderer]

Honestly, I've never really worried about my information being compromised. Now, I don't use the same password for everything, but my PSN password was shared by a few other websites that I frequent. Not anymore, obviously.

Lesson learned, for sure.

I use capital and lower case letters, numbers, and punctuation in my passwords now. Might not matter, but one would think it would make it tougher to get a password with that many different characters. Changed all my passwords today after this news broke.

 

[Metalmurphy]

Was their entire database pilfered? If so, yes.

So the content of the network is what defines if the security is bad or not?

You're not making any sense.

 

[XiaNaphryz]

For all those discussion password security, password generation, and whatnot, there's a recent OT thread started due to this whole mess:

http://www.neogaf.com/forum/showthread.php?p=27417562

 

[Rebel Leader]

I think it's serious and Sony are to blame for the weak security, but people closing their CCs? Really? that is WAAAAY over reacting. 1st we don't know if CCs were stolen and second if they were and charged you get the money back and your CC is changed. If you cancel your CC you lose credit rating.

I mean even though it's comical to watch these people lose their minds, people just need to take a deep breath, panic doesn't help anything.

All I did was put a fraud alert on the card holder (which isn't me)

 

[Fatghost]

Not concerned about my CC info as I only use a throwaway CC for online stuff and can easily close that account, not worried about changing email passwords either, but I don't like my name, address, birthday and the password questions being out there. Can't change that stuff, can't remember the 100s of places that info is used either.

 

[epmode]

I think it's serious and Sony are to blame for the weak security, but people closing their CCs? Really? that is WAAAAY over reacting. 1st we don't know if CCs were stolen and second if they were and charged you get the money back and your CC is changed. If you cancel your CC you lose credit rating.

Who's canceling anything? Just get the number changed. Easy.

 

[FINALBOSS]

You had arguments? Sorry, I only noticed crazy fanboy's talk.
If my bank got robbed of my family's jewelry because they didn't hire enough security guards and have no alarm system, you can bet your ass I'm going to be pissed at the criminals but more than that I will fucking sue the bank's ass off for being so incompetent and for breach of trust.

Except you have fuck all of an idea as to the strength of PSN's security.

 

[teiresias]

No but I can make an assumption based on what I do know. And I know Sony's network has been successfully hacked, so I'm as a result done.

I'm not going to put my trust in their network ever again after this. That is the crux of the matter.

So I guess you don't have a Visa or a Mastercard either and/or don't use them at restaurants?

http://www.usatoday.com/money/perfi/credit/2009-01-21-visa-mastercard-credit-security-breach_N.htm

 

[TTP]

Heh - now you're making me paranoid . I do login with a different password on my Yahoo account now (have even screwed up a couple of times entering in the old one out of habit), so I'm sure it's ok. As for how they knew, I have no idea. Maybe they can recognize the channels attack programs use to access their users accounts.

I don't want to make you paranoid but why would one who already has your Yahoo information (email and password) use attack programs anyway?

Was your Yahoo pass the very same as the PSN one?

 

[Shaneus]

So only the compromised accounts are getting emails?

Maybe the hacker is sending the emails?

Oooer.

 

[PsychoJecht]

No but I can make an assumption based on what I do know. And I know Sony's network has been successfully hacked, so I'm as a result done.

I'm not going to put my trust in their network ever again after this. That is the crux of the matter.

Then I suggest you stop giving any personal information to any company ever again.

Because they can all be compromised at any time, and many of them have been without you even knowing it.

Nothing is ever completely secure, ever. So you aren't going to use Sony's services anymore? Fair enough. Deal with it and move on.

 

[MustacheBandit_]

it would be very interesting to see how many of these people in this thread bashing and casting blame on Sony actually have a PS3

Spoiler

or not

. Just saying...

 

[bigtroyjon]

MSNBC...which is partly owned by Microsoft.

The plot thickens.

Microsoft hasn't had an ownership stake in MSNBC in years but they might still have a piece of the website.

 

[XiaNaphryz]

So the content of the network is what defines if the security is bad or not?

You're not making any sense.

Well, part of security is how easy it is to access data once on the network. Someone may be able to get through some security to get into a network, but could still be limited to what they can access at that point. That would be more secure than being able to grab everything, even if the two examples had the same external security.

 

[Four_Chamber]

5 straight days of "forensic analysis" before they were comfortable coming to the press?

Like I said early in the last thread, Sony once again proves that their expertise lies in the hardware side of the equation because their software technical expertise is still a huge work in progress.

 

[Psychotext]

That has been debunked. It has nothing to do with the problem.

Sort of irrelevant really, those logs should never have been visible. That in itself is a security hole.

 

[rollingstart]

If I didn't have any credit card info on PSN at the time of hacking, but had previously purchased things on PSN, is that still a risk?

I mean, did it store the cc info from previous transactions? or does it affect those who currently have inputed their information.

 

[daffy]

So only the compromised accounts are getting emails?

I doubt anyone is getting emails because Sony just informed us to watch out for emails claiming to be Sony.

 

[Cruzader]

Fanboy conspiracy? Check.
Insults? Check.
Forgetting about the people blindly defending Sony? Check.

Ironic your ignore what he's pointing out. How bout you and the troll who apparently will sell his 6 ps3's on eBay have a chat?

Both extreme parties are present in this thread.

 

[chubigans]

Microsoft hasn't had an ownership stake in MSNBC in years but they might still have a piece of the website.

Well I was joking anyways.

 

[alr1ght]

It would be nice if they would tell us if they kept CC numbers on file after they had been removed from PSN.

 

[Jinfash]

Pentagon and the White House got hacked. Are you gonna assume the security is bad?

The PS3 earned the "bad security" stigma after the signing keys' debacle and thorough explanation of the missteps they took with their approach. So when you have yet another major security-related issue coming hot on the heels of the recent one, a lot of people would jump and accuse Sony of yet another misstep, and understandably so, imo.

So in essence: no, people won't assume the Pentagon's security is bad, but they'll assume Sony's as so.

 

[TekkenMaster]

This is the Top Story on CNN.com right now.

Hope they catch the hacker(s)