Support NeoGAF

[Vestal]

True, they could just do a query dump to a text file and have a much smaller file. I am not sure what the hackers were able to do while connected.

I am sure we will never know too lol =p

 

[HomerSimpson-Man]

so you are ok with having your address and name out there?

I'm pretty sure that information is out there already.

 

[Hex]

so you are ok with having your address and name out there?

Since I started working in IT I have realized that my shit has already been out there if someone wanted to look hard enough for it no matter how careful I am.
Over the years it just gets more obvious.

 

[dreamer3kx]

holy shit. lol. sony dropped the ball here. game over for them.

Come on man, come on........come on.

 

[Omikron]

So just for the hell of it, I took the least optimized customer data output I could find from a database I work with. Roughly 680,000 customers, their addresses (more than one address for many), their e-mail information, etc. Split over five tables in the database I'm working with. Dumped them into binary output files (bigger than their text counterparts, but I'm aiming to overestimate file size, not under), then zipped up the files in a lazy fashion.

The resulting file is about 184MB, and this is literally the least optimal situation I could come up with. I'm really not seeing how a guy getting 77 million customers' data out of Sony (assuming you didn't have multiple people working in parallel) in the 24 hours or so they had is as unbelievable as some are claiming.

It isn't unreasonable at all, people just see a huge number and run with that.

 

[Ickman3400]

Yup. Check your inbox.

Nothing yet

 

[Aselith]

Serious question: the CC we have on file on PSN has since expired due to expiration date. We recently (like 2 weeks ago) got the new card which has the same card # but a different expiration date. Do I need to realistically actually get a new credit card with a completely different number? We have multiple things tied to it which were already a pain in the ass to change once, I really don't want to do it again.



That aside, fuck Sony. Fuck them up the ass. And I bought Portal 2 on PS3 specifically to give them props for allowing Steam integration, the first time I've bought a multi-platform on the PS3 over the 360 ever. That shit is going right back. This is catastrophic for them, and I can't wait for E3 now, there's absolutely no way to spin this.

I don't know if anyone answered this for you and I'm going to send a PM but yes you should absolutely be worried! Banks generally reissue cards to expire on the same month and just add a set interval. It's not too hard to figure out the interval since it's the same each time. All they'd have to do is forward date it. Do not take chance on this.

 

[Degen]

guys, when you sell your ps3, just a reminder:

those copies of vanquish/bayonetta/uncharted 2 are gonna have to go somewhere. i know it's a tough job, but i'm willing to accept them it. meaning the job.

hey, just looking out for ol' Number One. (totally you, buddy)

 

[alr1ght]

yep just got the email as well.

Important information regarding PlayStation Network and Qriocity services

===================================

PlayStation(R)Network

===================================

Valued PlayStation(R)Network/Qriocity Customer:

We have discovered that between April 17 and April 19, 2011,
certain PlayStation Network and Qriocity service user account
information was compromised in connection with an illegal and
unauthorized intrusion into our network. In response to this
intrusion, we have:

1) Temporarily turned off PlayStation Network and Qriocity services;

2) Engaged an outside, recognized security firm to conduct a full
and complete investigation into what happened; and

3) Quickly taken steps to enhance security and strengthen our
network infrastructure by rebuilding our system to provide you
with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill
as we do whatever it takes to resolve these issues as quickly and
efficiently as practicable.

Although we are still investigating the details of this incident,
we believe that an unauthorized person has obtained the following
information that you provided: name, address (city, state, zip), country,
email address, birthdate, PlayStation Network/Qriocity password and login,
and handle/PSN online ID. It is also possible that your profile data,
including purchase history and billing address (city, state, zip),
and your PlayStation Network/Qriocity password security answers may
have been obtained. If you have authorized a sub-account for your
dependent, the same data with respect to your dependent may have
been obtained. While there is no evidence at this time that credit
card data was taken, we cannot rule out the possibility. If you have
provided your credit card data through PlayStation Network or Qriocity,
out of an abundance of caution we are advising you that your credit
card number (excluding security code) and expiration date may have
been obtained.

For your security, we encourage you to be especially aware of email,
telephone and postal mail scams that ask for personal or sensitive
information. Sony will not contact you in any way, including by email,
asking for your credit card number, social security number or other
personally identifiable information. If you are asked for this information,
you can be confident Sony is not the entity asking. When the PlayStation
Network and Qriocity services are fully restored, we strongly recommend that
you log on and change your password. Additionally, if you use your PlayStation
Network or Qriocity user name or password for other unrelated services or
accounts, we strongly recommend that you change them as well.

To protect against possible identity theft or other financial loss, we
encourage you to remain vigilant, to review your account statements and
to monitor your credit reports. We are providing the following information
for those who wish to consider it:
- U.S. residents are entitled under U.S. law to one free credit report annually
from each of the three major credit bureaus. To order your free credit report,
visit www.annualcreditreport.com or call toll-free (877) 322-8228.

- We have also provided names and contact information for the three major U.S.
credit bureaus below. At no charge, U.S. residents can have these credit bureaus
place a "fraud alert" on your file that alerts creditors to take additional steps
to verify your identity prior to granting credit in your name. This service can
make it more difficult for someone to get credit in your name. Note, however,
that because it tells creditors to follow certain procedures to protect you,
it also may delay your ability to obtain credit while the agency verifies your
identity. As soon as one credit bureau confirms your fraud alert, the others
are notified to place fraud alerts on your file. Should you wish to place a
fraud alert, or should you have any questions regarding your credit report,
please contact any one of the agencies listed below:

Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division,
P.O. Box 6790, Fullerton, CA 92834-6790

- You may wish to visit the website of the U.S. Federal Trade Commission at
www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania
Avenue, NW, Washington, DC 20580 for further information about how to protect
yourself from identity theft. Your state Attorney General may also have advice
on preventing identity theft, and you should report instances of known or
suspected identity theft to law enforcement, your State Attorney General,
and the FTC. For North Carolina residents, the Attorney General can be
contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone
(877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney
General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202;
telephone: (888) 743-0023; or www.oag.state.md.us.

We thank you for your patience as we complete our investigation of this
incident, and we regret any inconvenience. Our teams are working around the
clock on this, and services will be restored as soon as possible. Sony takes
information protection very seriously and will continue to work to ensure that
additional measures are taken to protect personally identifiable information.
Providing quality and secure entertainment services to our customers is
our utmost priority. Please contact us at 1-800-345-7669 should you have any
additional questions.

Sincerely,

Sony Computer Entertainment and Sony Network Entertainment

===================================

LEGAL
"PlayStation" and the "PS" Family logo are registered
trademarks and "PS3" and "PlayStation Network" are
trademarks of Sony Computer Entertainment Inc.
(C) 2011 Sony Computer Entertainment America LLC.

Sony Computer Entertainment America LLC
919 E. Hillsdale Blvd., Foster City, CA 94404

Haven't received one on my Euro account.

 

[lolez2matt]

I wanted to take this opporuntity to clarify a point and answer one of the most frequently asked questions today.
There’s a difference in timing between when we identified there was an intrusion and when we learned of consumers’ data being compromised. We learned there was an intrusion April 19th and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon.
For those who were looking there’s also an FAQ with some more frequently asked questions
Thank you for your continued patience and support.

from ps blog

 

[Wario64]

So just for the hell of it, I took the least optimized customer data output I could find from a database I work with. Roughly 680,000 customers, their addresses (more than one address for many), their e-mail information, etc. Split over five tables in the database I'm working with. Dumped them into binary output files (bigger than their text counterparts, but I'm aiming to overestimate file size, not under), then zipped up the files in a lazy fashion.

The resulting file is about 184MB, and this is literally the least optimal situation I could come up with. I'm really not seeing how a guy getting 77 million customers' data out of Sony (assuming you didn't have multiple people working in parallel) in the 24 hours or so they had is as unbelievable as some are claiming.

On my connection, I can download about 4GB in 1 hour roughly. 24X4 = 96GB in 24 hours. That's a pretty good chunk of information depending on connection speed.

 

[Trent Strong]

People need to chill out. CC security codes are explicitly excluded from the list of data potentially compromised.

Why don't people just call the customer service number on the back of their CC and listen to the list of recent transactions to see if there's anything suspicious on there. If they're really worried, then cancel their credit card. They'll send out a new one in a few days.

 

[Zoe]

Got the email at my US account. Haven't seen anything for my JP account yet.

Why don't people just call the customer service number on the back of their CC and listen to the list of recent transactions to see if there's anything suspicious on there. If they're really worried, then cancel their credit card. They'll send out a new one in a few days.

It likely wouldn't even be a few days. I called asking about one of my cards not reading somewhere (though it worked later in the day), and they overnighted a new card at their insistence, just in case.

 

[Wag]

Damn. Well I was totally against using a form of permanent ID system on the net, but now since we've all been compromised (thanks to Sony's incompetence) I'm starting to lean towards it.

 

[FINALBOSS]

Let's play watch the Sony stock price.

http://www.nikkei.com/markets/company/chart/chart.aspx?scode=6758&ba=1&type=day

Down less than a 1/3 of a percent. Scary.

 

[Gritesh]

Some guy is already selling his PS3 on eBay. Looks like more are gonna follow suit.

http://cgi.ebay.com/Sony-PlayStatio...Video_Games&hash=item48403137c6#ht_1884wt_905

...serious?

 

[I3rand0]

Patrick's latest post on the blog is such bullshit. You can't claim ignorance when dealing with PII. If they were in health care, this would be a HIPAA violation and they would be screwed. They fucked up and should've been more forthright from day 1.

 

[KoruptData]

Received my email. Hope the hacker took the stuff to prove a point and not to actually use peoples info against them.

 

[Hex]

Let's play watch the Sony stock price.

http://www.nikkei.com/markets/company/chart/chart.aspx?scode=6758&ba=1&type=day

You do realize that when the servers come back up, they will be more secure and stronger than they are now so I would think that shareholders would be rather set that the worst is behind them.
Real world and all of that.
Just saying.

This is no BP situation and they seem to be doing just fine.

 

[obonicus]

Wait, the email I received doesn't have that part lol. Regional specific perhaps?

Yeah, I didn't get it either, but then my fake PSN information is registered to Beaverton, OR.

 

[sestrugen]

I'm pretty sure that information is out there already.

Yes I am aware a lot of my information is already out there, however I would think (not an expert) that some level of security might be involved with the companies that hold this information, at first glance these companies probably don't want to use this information erroneously but a hacker "might", just me being a little paranoid about it

 

[DevilWillcry]

Just got the e-mail.

 

[Stumpokapow]

No email on my PSN account email yet, so that's good!

 

[Neuromancer]

Why don't people just call the customer service number on the back of their CC and listen to the list of recent transactions to see if there's anything suspicious on there. If they're really worried, then cancel their credit card. They'll send out a new one in a few days.

Yeah I checked mine today, so far so good.

 

[Kagari]

You do realize that when the servers come back up, they will be more secure and stronger than they are now so I would think that shareholders would be rather set that the worst is behind them.
Real world and all of that.
Just saying.

This is no BP situation and they seem to be doing just fine.

It's certainly no Square-Enix stock situation.

 

[Uno Venova]

Just got mah email 20 minutes ago.

 

[alr1ght]

Yeah, I didn't get it either, but then my fake PSN information is registered to Beaverton, OR.

no sales tax. my man.

 

[epmode]

This

Post of the thread so far.

Why does it bother you so much to see people pissed off at Sony? It's a pretty reasonable reaction to something like this.

 

[daffy]

Damn. Well I was totally against using a form of permanent ID system on the net, but now since we've all been compromised (thanks to Sony's incompetence) I'm starting to lean towards it.

so incompetent

 

[LiK]

i got the email except it has extra info regarding freezing credit accounts cuz i'm in MA

 

[Jon of the Wired]

It's important to remember that buying goods online, or linking you credit card to services like PSN does not increase the chance that your credit card number will be stolen in a statistically significant way. Essentially any time you use your credit card your information is ending up in an electronic database somewhere. Data breaches that expose customer credit card numbers happen on a semi-regular basis and they don't affect online retailers disproportionately. The last few big ones affected a hotel chain, a health insurer, and a payment processing company.

The take away is that if you're willing to use a credit card in meat space, refusing to use one in cyberspace is completely irrational. Of course, if you only use cash then you're safe, and also probably the unibomber.

 

[Cruzader]

I just got mine on 10:20pm.

Does that mean they got my specic info or just a general email regarding the break into the network?

 

[alr1ght]

You do realize that when the servers come back up, they will be more secure and stronger than they are now so I would think that shareholders would be rather set that the worst is behind them.
Real world and all of that.
Just saying.

This is no BP situation and they seem to be doing just fine.

you do realize this is going to cost them millions.

 

[Dead Man]

People need to chill out. CC security codes are explicitly excluded from the list of data potentially compromised.

But not passwords, or DOB, or address, or other information used in identity theft.

 

[patsu]

I got my email 5 minutes ago.

 

[STG]

anyone from Europe got a mail?

 

[user friendly]

Just now got mine.

 

[OldJadedGamer]

I got the email but I never put a card on file with PSN, just used all prepaid cards.

 

[I NEED SCISSORS]

I hope they send me one. I've already been banned from PSN, but still.

 

[Vorg]

So just for the hell of it, I took the least optimized customer data output I could find from a database I work with. Roughly 680,000 customers, their addresses (more than one address for many), their e-mail information, etc. Split over five tables in the database I'm working with. Dumped them into binary output files (bigger than their text counterparts, but I'm aiming to overestimate file size, not under), then zipped up the files in a lazy fashion.

The resulting file is about 184MB, and this is literally the least optimal situation I could come up with. I'm really not seeing how a guy getting 77 million customers' data out of Sony (assuming you didn't have multiple people working in parallel) in the 24 hours or so they had is as unbelievable as some are claiming.

It´s actually only FINALBOSS.

 

[Kyoufu]

anyone from Europe got a mail?

*raises hand*

 

[Seraphinianus]

an email from "Apple" giving me links to reset my password got through my gmail spam filter.

Coincidence? I think not.

 

[Clear]

The point is there is no immediate threat of my CC being accessed without the 3rd party knowing the security code.

Hence I can chill. Especially given that the odds of my info being targetted specifically are millions to one.

 

[AwRy108]

LOL @ people posting "I just got the e-mail".

 

[Griffin]

anyone from Europe got a mail?

Not me and I have multiple accounts.

 

[StopMakingSense]

Nothing. I hope this means they've identified who exactly was compromised and are only mailing those

It takes quite a while to send out 77 million emails.

 

[Metalmurphy]

NOoooooooooo. Just got it too. Just in one of my 5 PSN accounts so far :/ And it's not my main one. It's my US one.

 

[Jinfash]

No email on my PSN account email yet, so that's good!

Hold on, how is that good news? Are they sending out emails to affected users only?!

:drudge

 

[ULTROS!]

It's certainly no Square-Enix stock situation.

What this situation about?

 

[Dead Man]

No email on my PSN account email yet, so that's good!

I'm running on that assumption, too. Still changed passwords though.