Support NeoGAF

[MicH]

I can't remember if I input my new credit card on PSN. I checked my bank statement, and it didn't have any PSN charges in the last 10 months I've had my card. I just have this feeling that I did. Ugh. This is really unsettling and not the first time I've experienced this (damn you, Shopto).

 

[Speevy]

Won't he have a head start though since he'll already have your login information?

His account already comes with a credit card that he loves to use. Mine does not.

 

[Shoogoo]

what a fucking mess Sony. Thanks for the fuckup.

 

[Fallout-NL]

that's crazy n' lazy all at the same time, while being kinda stupid too.

It might be, but I never felt like remembering a dozen different passwords for all my accounts.

 

[phosphor112]

Sony should have rebuilt the PSN when these happened, instead they waited, now look what happened tsk tsk can this be brought up as evidence in a class action lawsuit?

Remember that string of updates we got? Yeah? Well those constantly addressed each issue that came up.

Sony's biggest mistake is putting Linux on the device. They gave idiots like Geo a mile to work with, but apparently wanted access to the hypervisor. Whether or not that was the reason why they took off OtherOS is irrelevant, it's that sort of "i want more" baby bullshit that causes these issues and security problems.

 

[Shaneus]

Okay, I've just now realised (yeah, I know) that Vidzone requires you to sign in to PSN.

I'm now officially pissed.

 

[dejay]

Pretty pissed off right now - heard the news at work but couldn't check any gaming sites because of work's firewalls. I went to the bank at lunch and I've ordered a new credit card. I've got so many things taking money out of my credit card it's going to be a major pain to sort out. The ineptitude of Sony for having such weak protection of such personal data is beyond contempt in my opinion.

Anyway, rant over - another screaming voice lost in the storm. I'm sure this has already been done a million times, but..

 

[Mailenstein]

^^
lol, so good haha.

 

[Juicy Bob]

What a load of fucking hassle. So now I need to cancel my debit card that I use pretty much every day and I can't cancel it yet as I need to use it.

Jesus Christ.

No, you don't have to. They've said that they have no evidence that the hackers have obtained credit card details. They're saying that there is only a possibility that the hackers might have credit card information and so to be super careful they're telling us to be wary of it.

 

[Monty Mole]

...Yeah? And? Do you realize how many security issues releasing the metldr keys has created?

F*ckPSN, SSL spoofers, ID spoofers, the list goes on.

If what you're saying is what I think you're saying, then why didn't Sony shut down PSN as soon as the meltdr keys had been released? Why wait until the (clearly inevitable in your opinion) attack happened?

 

[dejay]

No, you don't have to. They've said that they have no evidence that they have obtained credit card details. They're saying that there is a possibility and so to be super careful they're telling us to be weary of it.

Whilst I doubt the cc info was taken, I'd rather be safe than "wary".

 

[HYDE]

It might be, but I never felt like remembering a dozen different passwords for all my accounts.

write them down, and put them in a safe inside of another safe inside of another safe.

 

[ColonelSkills]

write them down, and put them in a safe inside of another safe inside of another safe.

For real, folks.

http://keepass.info/

Use it. Love it.

 

[MrNyarlathotep]

Has anyone actually received an email about this from Sony yet?

Because posting important information like this on a fucking blog and nowhere else is not impressing me with how they are handling things.

Particularly when they usually can't wait to tell me via email how awesome playstation plus is, or what PSP Minis have just been released.

 

[VibratingDonkey]

It might be, but I never felt like remembering a dozen different passwords for all my accounts.

https://lastpass.com/
http://keepass.info/

 

[Mailenstein]

For real, folks.

http://keepass.info/

Use it. Love it.

http://agilewebsolutions.com/onepassword

But then again, I still prefer to keep them in my head only.

 

[darkwing]

If what you're saying is what I think you're saying, then why didn't Sony shut down PSN as soon as the meltdr keys had been released? Why wait until the (clearly inevitable in your opinion) attack happened?

that is why I said it was stupid in their part

 

[darkwing]

Has anyone actually received an email about this from Sony yet?

Because posting important information like this on a fucking blog and nowhere else is not impressing me with how they are handling things.

Particularly when they usually can't wait to tell me via email how awesome playstation plus is, or what PSP Minis have just been released.

yup many have received the email, same as the blog article

 

[mj1108]

Sony must compensate consumers over this debacle!

I am absolutely sure there are lawyers licking their chops on this story and we'll see a class action suit of some kind against Sony for damages -- especially if credit card info was stolen.

 

[Lord Error]

Why is anyone cancelling credit cards over this, when there's no indication that any of them were stolen? What do you gain by cancelling, it just sounds like an unnecessary headache. Your money is not going to just disappear from the card even if someone did steal the number. Banks and credit companies are extremely good with dealing with this sort of thing nowadays, from detecting fraudulent use and warning you when it happens, to reimbursing the money that was fraudulently spent.

 

[MrNyarlathotep]

yup many have received the email, same as the blog article

Are they sending emails only to people they know for sure have been compromised then?

I haven't received jack shit for either my UK (real) or US (massively fake) accounts, and they're both attached to email addresses I regularly check.

If I didn't check videogame news sites I would be oblivious to all of this.

 

[Withnail]

Are they sending emails only to people they know for sure have been compromised then?

I haven't received jack shit for either my UK (real) or US (massively fake) accounts, and they're both attached to email addresses I regularly check.

If I didn't check videogame news sites I would be oblivious to all of this.

Putting down the pitchfork for a minute, sending 77,000,000 emails probably does take a little bit of time.

 

[neorej]

Are they sending emails only to people they know for sure have been compromised then?

I haven't received jack shit for either my UK (real) or US (massively fake) accounts, and they're both attached to email addresses I regularly check.

If I didn't check videogame news sites I would be oblivious to all of this.

It was on the morningnews here (Holland) and on the radio. Even my dad knows about this.

 

[MrNyarlathotep]

Putting down the pitchfork for a minute, sending 77,000,000 emails probably does take a little bit of time.

Errr... not really, they're not handcrafting pixels here.

They're bulk-mailing a c+p statement to (what should be) all addresses in a database.

The exact sme way they do when they send direct marketing, or notifications of updates to the PSN ToS.

 

[dude]

Why is anyone cancelling credit cards over this, when there's no indication that any of them were stolen? What do you gain by cancelling, it just sounds like an unnecessary headache. Your money is not going to just disappear from the card even if someone did steal the number. Banks and credit companies are extremely good with dealing with this sort of thing nowadays, from detecting fraudulent use and warning you when it happens, to reimbursing the money that was fraudulently spent.

I will resist the urge to tag quote you.

There's no clear proof the info was taken, but what Sony said, basically it that as far as they're concerned the info could have been taken, basically, Sony admits that from their end, their security failed to protect the data. Going by a worse case scenario is unarguably the best here.

Also, Some banks are not as good with fraud - My card was once stolen and I had to go through a whole lot of shit to get my money back.

 

[Dark Schala]

If I didn't check videogame news sites I would be oblivious to all of this.

Getting spun in mainstream news in Canada.

Global
CBC
CTV
The Toronto Star
National Post
The Globe and Mail

What a clusterfuck. I fully expect to be asked about this by my parents in the morning/afternoon/evening.

 

[Withnail]

Errr... not really, they're not handcrafting pixels here.

They're bulk-mailing a c+p statement to (what should be) all addresses in a database.

The exact sme way they do when they send direct marketing, or notifications of updates to the PSN ToS.

If you send 1000 per second it would take 21 hours. We have no idea how long it takes them to send out direct marketing or updates to the TOS.

 

[Sblargh]

Why is anyone cancelling credit cards over this, when there's no indication that any of them were stolen? What do you gain by cancelling, it just sounds like an unnecessary headache. Your money is not going to just disappear from the card even if someone did steal the number. Banks and credit companies are extremely good with dealing with this sort of thing nowadays, from detecting fraudulent use and warning you when it happens, to reimbursing the money that was fraudulently spent.

"we don't really think CC info was taken, but law demands us to ask you to be safe even if there is only a 0.1% possibility" aparently = "OMGPANICNOW!"

 

[fistwell_old]

Also, Some banks are not as good with fraud - My card was once stolen and I had to go through a whole lot of shit to get my money back.

Yeah, it's a matter of taking a relatively simple action now, rather than risk having to potentially deal with a giant pain in the ass later.

"we don't really think CC info was taken, but law demands us to ask you to be safe even if there is only a 0.1% possibility" aparently = "OMGPANICNOW!"

Where does that percentage figure come from? Also, it's not a matter of panic. But rather taking steps to ensure my account will not be charged by some unknown stranger. Which is annoying and i wouldn't have to do if sony could be trusted with cc information, which obviously it can't.

 

[Alx]

Came across an interesting reply from a SCEA-employee on Engadget:



I guess there's an upside to this after all.

http://www.caemgen.nl/sce.jpg[img]

Link: [url]http://www.engadget.com/2011/04/26/sony-provides-psn-update-confirms-a-compromise-of-personal-inf/#comment-192487183[/url][/QUOTE]

I suppose that they're going to add all the features they can to calm down customers (maybe some of them were kept for E3 but will be released sooner than expected).

 

[phosphor112]

If what you're saying is what I think you're saying, then why didn't Sony shut down PSN as soon as the meltdr keys had been released? Why wait until the (clearly inevitable in your opinion) attack happened?

It's hard to scramble and find security holes for something after your largest defense gets knocked down.

 

[gofreak]

Wow, this was the second headline on the national broadcaster's news here this morning (RTE, Ireland edit - you can see the ordering on their site aswell: http://www.rte.ie/news/).

 

[Absoludacrous]

Errr... not really, they're not handcrafting pixels here.

They're bulk-mailing a c+p statement to (what should be) all addresses in a database.

The exact sme way they do when they send direct marketing, or notifications of updates to the PSN ToS.

All their statements implied everyone in every region was compromised. If you're at all concerned about your info I wouldn't infer a lack of an email to mean anything. It's pretty unlikely they know exactly which accounts were leaked, or that the hacker only got some of the account info in a region and not all of them.

 

[mrklaw]

credit cards are so easy to obtain I might start getting one for each of the major online services that I use, so that if something like this happens again I can cancel without major impact

 

[HYDE]

http://agilewebsolutions.com/onepassword

But then again, I still prefer to keep them in my head only.

Beware of inception my friend.

 

[iapetus]

Sony really need to do something to provide positive PR for a change. They've pissed off just about everyone other than their most hardcore of fanbase recently. Time to do something positive. Free PSN+ for everyone, good news on the NGP pricing, the return of a new, improved OtherOS would be quick and easy fixes for various people. Expecting a miraculous appearance of cross-game chat just because they've pissed people off is less likely, though.

 

[No45]

I will resist the urge to tag quote you.

Drawing attention to it isn't resisting that urge at all.

I agree though, why take the risk? You could get a new card and go through the headache of updating information at a few/lot of sites - or you could leave it, potentially lose money and THEN go through the headache of updating that same information.

 

[Lakitu]

Barclays conduct an investigation into fraudulent activities into your account. They will send you a list of all transactions that you may consider fraudulent and then you will have to fill in other details and questions. It can take up to a month to get all your money back, after a few phone calls and letters.

In my case, someone used my card to purchase stuff off of Xbox Live, but luckily that card wasn't registered on Xbox Live previously, but had it been, then they wouldn't have refunded the money.

So in the case that someone does use your card, if say, you had your card details registered on XBL, a betting site before, and they spent a lot of money with those details at those places, it would be less likely for you to get your money back.

Well, that's at least how Barclays do things. But no doubt they would have heard about this, so maybe they will discount measures like that. At least I'd hope so.

 

[Absoludacrous]

"we don't really think CC info was taken, but law demands us to ask you to be safe even if there is only a 0.1% possibility" aparently = "OMGPANICNOW!"

You shouldn't panic. But you also shouldn't act like it couldn't happen. Companies don't admit to even a hint of CC theft lightly. If you had a credit card attached you should keep a close eye on your bank statements until sony comes out with a definitive no.

Even with credit card companies helping you out, if your debit card gets stolen you could be in for a huge headache, especially if you're living paycheck to paycheck.

I don't blame anyone for changing their number. But I agree at this point it's probably unnecessary.

Sony really need to do something to provide positive PR for a change. They've pissed off just about everyone other than their most hardcore of fanbase recently. Time to do something positive. Free PSN+ for everyone, good news on the NGP pricing, the return of a new, improved OtherOS would be quick and easy fixes for various people. Expecting a miraculous appearance of cross-game chat just because they've pissed people off is less likely, though.

Free PS+ for everyone would probably piss off whatever hardcore they have left.

Though honestly after this thread I'm wondering if there's anything they could actually do to lose those fans.

 

[Jinfash]

Sony really need to do something to provide positive PR for a change. They've pissed off just about everyone other than their most hardcore of fanbase recently. Time to do something positive. Free PSN+ for everyone, good news on the NGP pricing, the return of a new, improved OtherOS would be quick and easy fixes for various people. Expecting a miraculous appearance of cross-game chat just because they've pissed people off is less likely, though.

A 1-3 free months of PS+ for everyone seems reasonable/doable, not sure about the rest though

 

[Sblargh]

You shouldn't panic. But you also shouldn't act like it couldn't happen. Companies don't admit to even a hint of CC theft lightly. If you had a credit card attached you should keep a close eye on your bank statements until sony comes out with a definitive no.

Even with credit card companies helping you out, if your debit card gets stolen you could be in for a huge headache, especially if you're living paycheck to paycheck.

I don't blame anyone for changing their number. But I agree at this point it's probably unnecessary.

I would change cards if I had a debit one linked into the PSN, but thing about Credit is that you should always check it once a week or so to see if there is anything wrong anyway. PSN is hardly the only way criminals can have access to you CC information.
I'm not dissing people who want to be on the safe side, only those going "aww fuck, now I HAVE to do this and it will screw my life and give a headache and make me stress", you know? No, you don't really *have* to do anything.

 

[-viper-]

For real, folks.

http://keepass.info/

Use it. Love it.

Last pass is easier to use.

 

[Lord Error]

I will resist the urge to tag quote you.

OK, I might as well ask someone, what is wrong sounding with my tag that would make you say that? I'm pretty sure I got it when I was posting some level headed stuff about something I can't remember anymore, way back.

You shouldn't panic. But you also shouldn't act like it couldn't happen. Companies don't admit to even a hint of CC theft lightly. If you had a credit card attached you should keep a close eye on your bank statements until sony comes out with a definitive no.

That's what I'm planning to do. Cancelling seems a little extreme to me at this point. Even though, with my bank I get warnings from them even at a hint of any irregularities.

 

[Mailenstein]

Sony really need to do something to provide positive PR for a change. They've pissed off just about everyone other than their most hardcore of fanbase recently. Time to do something positive. Free PSN+ for everyone, good news on the NGP pricing, the return of a new, improved OtherOS would be quick and easy fixes for various people. Expecting a miraculous appearance of cross-game chat just because they've pissed people off is less likely, though.

There is only ONE HOPE now:

 

[dejay]

I don't blame anyone for changing their number. But I agree at this point it's probably unnecessary.

At the very least people should be reducing their credit limits to a bare minimum.

 

[MrNyarlathotep]

If you send 1000 per second it would take 21 hours. We have no idea how long it takes them to send out direct marketing or updates to the TOS.

If they had one bulk-emailing server for their entire multinational conglomerate, yeah, maybe.

I'd be tempted to say that would be so ludicrous as to not even be feasible, but then I would also have said that about using a constant as a random number in a high level encryption algorithym, or for not assuming insecure clients when designing user data security measures too.

 

[Diablos]

You remember GeoHot's latest blog? You don't?

Well, his last sentence was:

lol, if true.

Hahaha holy shit.

 

[rSpooky]

It makes me wonder though .. Cc info gets stolen everyday .. I have had it happen , friends of mine had this happen .. So my point its from this point forward , how many people will say it was due to PSN their stuff got stolen? I hear about lawsuits.. if you do you still need to proof it was because of that. Just saying that the two do not need to be linked necessarily. You CC info could be stolen in restaurants, form other online sites, from hacks done to atm machines etc etc..

How would you proof PSN/SONY was the cause other then you never used the card for Anything else then PSN??

 

[Diablos]

Hulu Plus is offering me a 1 week free credit.

 

[Hexadecimalt]

Sony really need to do something to provide positive PR for a change.Free PSN+ for everyone, good news on the NGP pricing, the return of a new, improved OtherOS would be quick and easy fixes for various people.

This, even though in reality all we're going to get is a BP-style apology with Kevin Butler.