Jump to content
morris

[PS3, PSP] PSN users - your data has been compromised

Recommended Posts

Changed all my passwords on other services that were linked or similar to my PSN ones, and am rather fucking annoyed at Sony, but haven't cancelled credit cards or such. Just warned the bank that I am one of the 77mil who have been affected, and for them to keep a watch on unusual spending on the card. They were pretty good about it, which is unusual because banks are jerks.

 

Can't wait for the apology and the inevitable free PSN stuff to thank us for our patience stupid hats and pants for PSHOME :(

Edited by elfinke

Share this post


Link to post
Share on other sites

Just a quick heads up on that.

 

When I was umming and ahhing about canning mine, and was investigating my options over the phone with the bank, they sort of implied that because I knew my details may have been compromised, that if I didn't take all the necessary steps to rectify the situation, they wouldn't be responsible for any transactions.

 

I ended up canning mine anyway, moreso due to the travel i'm about to do, but its worth checking out if your bank feels this way too.

Share this post


Link to post
Share on other sites

Yeah, when I spoke to the bank and asked their opinion they strongly suggested that since they couldn't be sure of the severity of the breach that I cancel my card. Oh well, I guess that means I won't end up playing some silly mmo for at least a week now...

 

Can't wait for the apology and the inevitable free PSN stuff to thank us for our patience stupid hats and pants for PSHOME :(

The double station cash for 24hrs promotion they started up at the moment is hilarious, most of their subscribers wouldn't even have a credit card to take advantage of it at this point in time, not to mention they probably wouldn't trust Sony.

Share this post


Link to post
Share on other sites

*** NEWS FLASH ***

 

This is not just PlayStation any more.

 

The SOE Station launcher is down too (This covers PC MMOs).

http://maintenance.station.sony.com/

"Dear valued SOE Customers,

 

We have had to take the SOE service down temporarily. In the course of our investigation into the intrusion into our systems we have discovered an issue that warrants enough concern for us to take the service down effective immediately. We will provide an update later today (Monday)."

 

Logging in to the Flying Lab Software (Pirates of the Burning Sea) forum reads:

"Sony has taken Station access offline.

They will provide an update later today (Monday)."

http://www.burningsea.com/forums/showthread.php?t=86000

Edited by gyrus

Share this post


Link to post
Share on other sites

The update is here

 

http://www.soe.com/securityupdate/

 

In part it reads:

 

....

 

Customer Service Notification

 

May 2, 2011

 

Dear Valued Sony Online Entertainment Customer:

Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems. We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password.

 

Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained. We will be notifying each of those customers promptly.

 

There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment.

 

....

 

So, if you are or were an SOE customer and used the same password you used with SOE (linked to your email) on any other account or forum...change it at once.

 

More news as I find it.

Share this post


Link to post
Share on other sites

Royal clusterfuck -_-

 

just rang bank and canceled my VISA debit card.

 

Now I gotta change all my passwords that were the same as my PSN one. OMG my atomic one is my PSN one -_- this royally sucks :(

Share this post


Link to post
Share on other sites

...

 

Now I gotta change all my passwords that were the same as my PSN one. OMG my atomic one is my PSN one -_- this royally sucks :(

I saw an interview with a Gold Farmer a couple of months ago. He represented those who operate legally - using their own accounts - but he also discussed the illegal operators.

 

He said that one of the biggest security weaknesses is Fan Sites / Forums.

This is because the security on these sites is often weak and a hacker can often gain access to 3 critical pieces of information from them

 

Handle

Email

Password

 

And because people are lazy they often use the same information from game to game and forum to forum - if a hacker gets access to one... they get access to all.

 

In my case - I know that one of the Forums I have signed up to has been hacked:

I have been getting fake emails about my WoW account (don't have one and never did) and my Rift account (again, no account)

But they have my email (special one reserved for games) and one of my game names (not sure which one as I use several) and a password.

No doubt they have tried to find a WoW account using those details.

 

In my case they failed because I never use the same password and have several game and forum names.

But I am sure they don't care - in thousands of cases they will have succeeded.

Share this post


Link to post
Share on other sites

...

 

Now I gotta change all my passwords that were the same as my PSN one. OMG my atomic one is my PSN one -_- this royally sucks :(

I saw an interview with a Gold Farmer a couple of months ago. He represented those who operate legally - using their own accounts - but he also discussed the illegal operators.

 

He said that one of the biggest security weaknesses is Fan Sites / Forums.

This is because the security on these sites is often weak and a hacker can often gain access to 3 critical pieces of information from them

 

Handle

Email

Password

 

And because people are lazy they often use the same information from game to game and forum to forum - if a hacker gets access to one... they get access to all.

 

In my case - I know that one of the Forums I have signed up to has been hacked:

I have been getting fake emails about my WoW account (don't have one and never did) and my Rift account (again, no account)

But they have my email (special one reserved for games) and one of my game names (not sure which one as I use several) and a password.

No doubt they have tried to find a WoW account using those details.

 

In my case they failed because I never use the same password and have several game and forum names.

But I am sure they don't care - in thousands of cases they will have succeeded.

 

sadly using 100 or more unique usernames and alpha-numeric passwords that your meant to know off the top of ur bloody head isn't a very realistic plan cause your not meant to write them down or use programs to handle em.

Share this post


Link to post
Share on other sites

We're only human, we can't have unique logins and passwords for every site we use.

Share this post


Link to post
Share on other sites

...

 

sadly using 100 or more unique usernames and alpha-numeric passwords that your meant to know off the top of ur bloody head isn't a very realistic plan cause your not meant to write them down or use programs to handle em.

True - and this is what the 'hackers' count on.

But there are simple things you can do to 'mix it up' a little.

Bare in mind that the 'hackers' who do this are probably just as lazy as you (it's a human failing) and are dealing with data - lots of data. They will probably use some kind of programme / macro to test the data on target sites.

They probably wont waste time to give most data individual attention - in other words - if at first they fail ... move on

 

So... lets say you log into site one with username "A" and password "B" then simply don't use "A" and "B" together again

Next site use username "C" with password "B"

Then use username "C" with password "D" on another site.

 

Then use minor variations on your passwords.

While a human sees "password", "pas$word" and "Passw0rd" as very similar... a computer does not. (note: I use a more complex idea to generate alphanumeric passwords - but you see the idea)

 

Suddenly you have a lot of passwords and a few user names you can mix up - and because you are now a more difficult target than thousands of others (who don't even bother with that!) the odds are now in your favour.

 

It's like the joke of the two guys who see a tiger - they start running and one pants "Do you think you can outrun the tiger?"

The second replies "No... I don't have to...I just have to outrun YOU."

Share this post


Link to post
Share on other sites

I've been using LastPass for over a eyar now. I have a different password for every single website on the web! Coupled up with a good backup strategy you really can't go wrong. Lastpass is also compatible with Android and Iphone so you can take it everywhrere. http://www.lastpass.com

 

I really think that once you become havily integrated into the internet and have countless registrations all over the web it's really worth investing some time into a good password strategy.

Edited by smakme7757

Share this post


Link to post
Share on other sites

I've been using LastPass for over a eyar now. I have a different password for every single website on the web! Coupled up with a good backup strategy you really can't go wrong. Lastpass is also compatible with Android and Iphone so you can take it everywhrere. http://www.lastpass.com

 

I really think that once you become havily integrated into the internet and have countless registrations all over the web it's really worth investing some time into a good password strategy.

What if LastPass gets hacked?

Share this post


Link to post
Share on other sites

Then use Keepass like I linked to.

 

 

Back on topic;

http://www.bbc.co.uk/news/business-13288532

Sony 'distracted by vigilante attack' while data stolen

 

Sony has blamed the online vigilante group Anonymous for indirectly allowing the security breach that allowed a hacker to gain access to the personal data of more than 100m online gamers.

 

In a letter to the US Congress, Sony said the breach came at the same time as it was fighting a denial-of-service attack from Anonymous.

 

It added that the attack that stole the data had been launched separately while it was distracted by the denial-of-service attack, and that it was not sure whether the organisers of the two attacks were working together.

 

"Whether those who participated in the denial of service attacks were conspirators or whether they were simply duped into providing cover for a very clever thief, we may never know," Sony's letter said.

 

Sony said that it had discovered on Sunday a file planted on one of its servers named Anonymous and featuring the line "We are legion", which is a phrase used by the group.

Share this post


Link to post
Share on other sites

see, the problem with "Anonymous" is that anyone can act on their behalf if they want to.

Share this post


Link to post
Share on other sites

see, the problem with "Anonymous" is that anyone can act on their behalf if they want to.

Which is probably why they pointed the finger there, it was an easy target.

 

 

 

I've been using LastPass for over a eyar now. I have a different password for every single website on the web! Coupled up with a good backup strategy you really can't go wrong. Lastpass is also compatible with Android and Iphone so you can take it everywhrere. http://www.lastpass.com

 

I really think that once you become havily integrated into the internet and have countless registrations all over the web it's really worth investing some time into a good password strategy.

What if LastPass gets hacked?

 

 

http://blog.lastpass.com/2011/05/lastpass-...tification.html

 

lol

Share this post


Link to post
Share on other sites

Has anyone tried PSN as I havent bothered yet and Sony hasnt said anything about when its back. I will try when I get home but at this point in time Im not expecting any service.

 

Im hoping that it will be back for the weekend but Im not holding my breath.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×