Support NeoGAF

[Vestal]

I don't know how to think of this. On one hand, no company is ever truly safe from breaches of security. There is no such thing as foolproof in my mind. On the other hand, Sony's lack of updates regarding the situation until now constitutes an egregious violation of their customers' collective trust and support. We all deserved to know this much sooner than we did, and not clarifying the extent of the compromised network is unforgivable.

I honestly do not know what to do. Part of me wants nothing to do with Sony ever again, but another part of me says hey, shit happens.

Its either incompetence or they knew and waited till now... One of the basic principles of IT SEC is Monitoring for suspicious activity, verifying log files etc.

So they are either incompetent or they knew and waited till now to say so.

Like i said earlier..
choose your poison.

 

[Zoe]

Is heartland a brand name I should recognize with something? What service do they provide and depend on directly to the consumer?

http://www.informationweek.com/news/security/attacks/212901505

The data breach could turn out to rival the massive breach reported by TJX in 2007, which affected as many as 94 million credit card accounts. Heartland handles 100 million transactions per month for more than 250,000 businesses. But the company isn't yet ready to disclose the number of credit card accounts affected.

Notice the date of the release is January 2009, but the breach began in 2008.

 

[Professor Beef]

That's soooooooooo much work though.

And it's so hot in MA today. It's still quite toasty now.

 

[Aselith]

On the contrary, lots of people (myself included) have permanently stopped visiting Gawker sites because of the security breach. So, quite a few of us still remember. I won't be using PSN ever again as well.

I doubt this will be a majority opinion but there is frankly a just-as-nightmarish scenario that is quite a bit more likely where people have a choice between PSN and Live and choose Live over PSN because of this situation. Why not go with a secure platform if you have a choice?

I think that is very likely.

 

[TheExecutive]

You know that how?

It was investigation by a firm independent of Sony, I have no reason to doubt their findings and how long it took to get an exact and accurate account of what was comprised. I'm not into conspiracy theories, honestly I've heard enough of them to make my head spin, if you think there's some sort of collusion or cover up, well that's like your opinion man, the truth is out there!

I know that through years of IM work. It doesn't take a week to understand how your systems are connected and the impact of the breech. If it does, you are in way over your head.

 

[Rebel Leader]

I GOT MY EMAIL!

Same here from "playstation-email.com" and "Reply to: 1647014-0860470912z@playstation-email.com"

wait.. what?

 

[AbsoluteZero]

I've got only maybe 3 or 4 sites that use passwords that have any sort of security risk (Credit Card, bank, etc.) and I use the same password but varieties of it (Numbers/Letters added at the end/beginning)...

Still debating if I want to change everything.

 

[lowrider007]

Well I shall probably never purchase anything off of PSN again myself, I was already cautious due to PSN not having any facility for you to reset or mange your licenses.

Of course I'm not going to flat out ignore PSN but they have lost any future revenue from me due to this debacle.

 

[FINALBOSS]

The whole situation is like if a chef was making a cake, but someone put poison in the cake, and the chef saw this, but didn't tell the customer before they ate it.

It's absolutely nothing like that, Ratatouille.

 

[vilmer_]

Has there been anyone in this thread that has had fraudulent credit card activity?

 

[Carlisle]

Wow, lots of FREAKED out people in this thread. Thanks for the bits of info here and there though.

I'm pretty fucking pissed at this whole thing. And I find myself more pissed at Sony than the hackers where yesterday it was the other way around. I JUST changed all my passwords and got a new debit card and had to enter it in all my auto pay shit after some key logger got a hold of my passwords a couple months back. Did the whole credit check, account verification, etc fiasco then too. And now I've gotta do it all the fuck over again. And now I've got to put a fraud alert on my credit? Jesus, I'm this close to quitting the Internet.

I don't know what's worse: all the hassle and shit you have to go through to fix someone else's mistake because of hour misplaced trust, or the unsettling paranoia that takes over your life for the next couple weeks.

Fuck.

 

[th3dude]

Same here from "playstation-email.com" and "Reply to: 1647014-0860470912z@playstation-email.com"

wait.. what?

Sounds phishy as hell. WTF @ Sony if they actually sent an e-mail from that address.

 

[Dead Man]

http://www.informationweek.com/news/security/attacks/212901505


Notice the date of the release is January 2009, but the breach began in 2008.

That's a reason to not use Heartland, (which consumers don't really have choice in) not abandon all credit cards.

 

[Rebel Leader]

Has there been anyone in this thread that has had fraudulent credit card activity?

None at the moment.

 

[Dreamgazer]

I doubt this will be a majority opinion but there is frankly a just-as-nightmarish scenario that is quite a bit more likely where people have a choice between PSN and Live and choose Live over PSN because of this situation. Why not go with a secure platform if you have a choice?

I think that is very likely.

Consumers vote with their wallets. It's not a nightmarish scenario, it's just the way it is.

Quite frankly I think you're crazy to really think any platform is really secure.

 

[Vestal]

Has there been anyone in this thread that has had fraudulent credit card activity?

A few people have posted some stuff.. But take that with a grain of salt as far as being associated to this.

 

[Kadey]

You know. I don't really care if they have my credit card number. Credit card companies are aware of my spending habits so they'll whatever it takes to ensure any purchases are legit. But my personal information. That's another thing. I take my privacy very seriously and never before had any compromise from any company. It doesn't matter what Sony does at this point. The damage has been done. No monetary or some goodwill apology isn't going to cut it.

 

[Four_Chamber]

I know that through years of IM work. It doesn't take a week to understand how your systems are connected and the impact of the breech. If it does, you are in way over your head.

If this was first detected on April 17th, and they required a week to determine that there was a data breach, then I don't even know what to say. You clearly know a lot more about this subject than me, so I'll defer to your expertise. To a relative lay-person, its hard to understand.

 

[Loudninja]

Has there been anyone in this thread that has had fraudulent credit card activity?

Yeah but it could have been a million different reasons why.

 

[FINALBOSS]

Been playing toooooooo much MK. I'm still trying to settle on a main.

 

[TheExecutive]

http://www.informationweek.com/news/security/attacks/212901505


Notice the date of the release is January 2009, but the breach began in 2008.

My point is and it is still valid is that there was no brand directly affected by that breech. If shit gets bad Sony is screwed.

 

[Rewrite]

Has there been anyone in this thread that has had fraudulent credit card activity?

I've been constantly checking and everything has been good so far.

Also, no e-mail from Sony yet.

 

[ezekial45]

Whomever or whichever hacking group did this must be sitting pretty at all the chaos they've caused.

 

[I NEED SCISSORS]

It's absolutely nothing like that, Ratatouille.

Oh yeah, I forgot that no one got to have any cake in the end... they just had jelly instead served by chef Microsoft.

 

[vissione]

The whole situation is like if a chef was making a cake, but someone put poison in the cake, and the chef saw this, but didn't tell the customer before they ate it.

I'm sorry but this analogy is so bad I laughed pretty hard. Thanks.

 

[bangai-o]

Yeah but it could have been a million different reasons why.

but mostly Xbox fault

 

[TheMissingLink]

Has there been anyone in this thread that has had fraudulent credit card activity?

NEG

 

[Zoe]

My point is and it is still valid is that there was no brand directly affected by that breech. If shit gets bad Sony is screwed.

I still see tons of people at TJ Maxx and Marshalls. In the part I quoted it says that affected up to 97 million accounts.

 

[jackdoe]

Consumers vote with their wallets. It's not a nightmarish scenario, it's just the way it is.

Quite frankly I think you're crazy to really think any platform is really secure.

Haha. PSN is free. I can't say no to free and go with a pay for play platform the false sense of "security". Just create a fake account and play online with that. I have two dummy PSN accounts with fake people in different regions and I suppose a lot of PS3 owners do as well. Which would make it hilarious if most of the data stolen were from fake PSN accounts created to download demos in different regions.

No monetary or some goodwill apology isn't going to cut it.

I completely agree. Sony needs to do something better than a "My Bad" for this complete fuck up.

 

[RadioHeadAche]

It's a good thing my slow-clap processor still works.

 

[Absoludacrous]

Has there been anyone in this thread that has had fraudulent credit card activity?

Yea, a few people, but that alone doesn't link them. Typically when fraudulent activity happens, it's the banks and CC companies that investigate to see if there's any common links. This is most likely going on right now, which is why Sony isn't saying either way whether cards have been stolen.

Strings of people on gaf saying they had their CC stolen doesn't amount to much.

 

[tomei]

I have some fraudulent charges from yesterday but I am not sure it was because of this. I posted earlier about it.

 

[Net_Wrecker]

I'm sorry but this analogy is so bad I laughed pretty hard. Thanks.

Why does gaf fail so hard at analogies?

Yo, dis hack is like if a car company sold you a car, and you sold it to someone else broken so not only does the manufacturer get no profit, but you also lied to your customer.

 

[Commanche Raisin Toast]

It would make them look like they actually care about their customers. Frankly, the way they handled this makes them look like they were trying to sweep it under the rug. That might be ok with some stuff but not with financial information security. Speed of response is paramount in these situations and they delayed telling anyone until the very last minute. Seven days is enough to clean out a lot of people. Luckily, it doesn't seem like that's happened but it's not by any means thanks to Sony.

People would not give a shit if Sony warned them and it turned out to be jumping the gun. Some people might halfheartedly complain because some people complain about anything but the majority would not care. The majority are very pissed about leaked data being hidden from them and RIGHTLY SO.

nope. it would make them look like they have absolutely no fucking idea what's going on. it's like when a teacher can't get his computer on and starts stalling and panicking and turning red in the face while he waits for a student to get up and go show him that the monitor was turned off.

an outside security firm is handling the investigation- not sony. and yes, people WOULD give a shit. i sure as hell would be furious if i canned my CC based on sony having no idea wtf is going on and it turned out to be a false alarm. if every company took action like that there would be an ocean of cut up CC's from everyone taking drastic measures over "just to be safe".

 

[TheExecutive]

If this was first detected on April 17th, and they required a week to determine that there was a data breach, then I don't even know what to say. You clearly know a lot more about this subject than me, so I'll defer to your expertise. To a relative lay-person, its hard to understand.

It never takes that long... I can't imagine a situation where you don't understand the impact well enough to at least warn your customers within a few days of the breech. Sony hiring a private firm to comb through the network might be an indication of their level of expertise though.

 

[Igor Antunov]

To 'affect' 100 million accounts and to outright steal the personal information and perhaps even credit card numbers of 77 million people are entirely different things.

Sony is up shit creek without a paddle, and I suspect many of it's customers are too.

Identity theft is HUGE, it costs economies billions every year.Aand it's not as hard as you think. They only need a few things to piece together your identity and everything that identify entails, they can forge the hard documentation and cause utter havok for you.

Sony just made it real easy for them.

 

[Vanillalite]

Currently listening to the PSN FAIL episode of IGN Podcast Beyond that they put up late this afternoon.

 

[Professor Beef]

Why does gaf fail so hard at analogies?

Yo, dis hack is like if a car company sold you a car, and you sold it to someone else broken so not only does the manufacturer get no profit, but you also lied to your customer.

I think bad car analogies are the only analogies GAF is good at.

 

[bangai-o]

Why does gaf fail so hard at analogies?

gaf analogy complier needed

 

[Oozinator]

Anyone know how much money was paid to consumers through class-action lawsuits for similar past events ?

 

[TheExecutive]

I still see tons of people at TJ Maxx and Marshalls. In the part I quoted it says that affected up to 97 million accounts.

It's not the amount of accounts that matter but what the image is that is tied to those numbers. For a company that is increasingly dependent on DD this could be disasterous.

 

[Zoe]

To 'affect' 100 million accounts and to outright steal the personal information and perhaps even credit card numbers of 77 million people are entirely different things.

Sony is up shit creek without a paddle, and I suspect many of it's customers are too.

There are 77 million people with PSN accounts?

And those security breaches mentioned above also involved outright stealing personal information and definitely credit card numbers.

 

[Aselith]

Consumers vote with their wallets. It's not a nightmarish scenario, it's just the way it is.

Quite frankly I think you're crazy to really think any platform is really secure.

It's nightmarish for Sony. You think their stockholders are going to just be like "thems the breaks" if it effects their earnings from their online service significantly? LOL

Also, I don't think that every online service is completely secure HOWEVER I can recognize that Xbox Live hasn't had this issue so it's clearly MORE secure than PSN. It doesn't have to be completely foolproof to be the better choice just more secure than the other option. You get it?

nope. it would make them look like they have absolutely no fucking idea what's going on. it's like when a teacher can't get his computer on and starts stalling and panicking and turning red in the face while he waits for a student to get up and go show him that the monitor was turned off.

an outside security firm is handling the investigation- not sony. and yes, people WOULD give a shit. i sure as hell would be furious if i canned my CC based on sony having no idea wtf is going on and it turned out to be a false alarm. if every company took action like that there would be an ocean of cut up CC's from everyone taking drastic measures over "just to be safe".

Would you be more pissed if you cancelled your card and were caused a minor inconvenience or if a malicious third party was given free access to your data for a week and you had zero chance to respond because Sony never gave you warning? Many people, including me, assumed that the data was secure because they weren't giving anyone warning. That was more than enough time to do some very bad things with your money.

 

[Commanche Raisin Toast]

Same here from "playstation-email.com" and "Reply to: 1647014-0860470912z@playstation-email.com"

wait.. what?

all mine are from PlayStation_Network@playstation-email.com, and have the same reply-to address you posted above. i even checked some regular PS Store mailers from a while back- same thing.

i set up a filter in gmail so PSN has it's own folder. this is the address they use for everything, afaik.

 

[robotzombie]

I just feel sad and uncomfortable right now.

I mean, I went around and changed the passwords to everything I could think of and I've been checking my credit card regularly and everything is okay at the moment.

Can i just get to sleep now, I mean I shouldn't really be worrying too much right?

 

[KingK]

Finally got an email from Sony about it. Goddamn, what a fuck up on their part, and I hope the hacker(s) get found and prosecuted.

Hopefully this means that Sony will completely overhaul their security, and it will be a lot safer going forward. Still, this is making me much more wary of stuff like this for all of these kinds of accounts.

Has there been anyone in this thread that has had fraudulent credit card activity?

I don't think so. I'm still checking my debit card account frequently though, just in case.

 

[FINALBOSS]

When PSN goes back up and is more secure than ever and we all receive our "free" gift for being patient, this will all be forgotten about by the time summer rolls around.

You can take that to the bank.

 

[Dreamgazer]

I just feel sad and uncomfortable right now.

I mean, I went around and changed the passwords to everything I could think of and I've been checking my credit card regularly and everything is okay at the moment.

Can i just get to sleep now, I mean I shouldn't really be worrying too much right?

I haven't changed anything.
So I'll be the control subject.

If anything happens to me I'll pm you. Go sleep.

*sips tea*

 

[Oozinator]

I just feel sad and uncomfortable right now.

I mean, I went around and changed the passwords to everything I could think of and I've been checking my credit card regularly and everything is okay at the moment.

Can i just get to sleep now, I mean I shouldn't really be worrying too much right?

Don't worry, a few thousand dollars missing from a bank account isn't such a big deal.

 

[TheExecutive]

I just feel sad and uncomfortable right now.

I mean, I went around and changed the passwords to everything I could think of and I've been checking my credit card regularly and everything is okay at the moment.

Can i just get to sleep now, I mean I shouldn't really be worrying too much right?

No don't worry too much. I you still feel uncomfortable cancel your CC. All other information that they may have gathered is readily available although thiefs may not have gotten it any other way...