PSN Down and Out

[Hectic Glenn]

We keep physical copies of everything. In the case of passwords, we just write them on our hands.

On the topic of this whole thing...this is actually unforgivable. Leaking this kind of information by not being secure enough is negligent beyond belief and there should be legal consequences. Personal information is given to Sony with the expectation they will keep it secure, if you fail that side of the agreement then I would want compensation and damages. An example really must be set here because this can't happen again...cutting corners on security tech is absolute madness, it's so amateur its beyond laughable.

 

[Combine Hybrid]

Apparently, sony didn't know the full scale of the psn intrusion until Monday.

Talk about massive fail on sony's part.

 

[Bad^Hat]

Welp pretty much never getting a PS3 now. Nice knowing you, Last Guardian.

For PC and Xbox 360 users at least...

Haha, I know right, **** those stupid Sony ****ers for not getting the right console. Pwned! XD

 

[Combine Hybrid]

Jesus christ. Makes me wonder what kind of qualifications you need to work at Sony?

Do you like Playstation?
Yes, Yes I Do

YUR HIRED!!!!

 

[sixteenth]

Just got the email...

Spoiler

Add [email protected] to your address book

===================================

PlayStation(R)Network

===================================

Valued PlayStation(R)Network/Qriocity Customer:

We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:

1) Temporarily turned off PlayStation Network and Qriocity services;

2) Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and

3) Quickly taken steps to enhance security and strengthen our network infrastructure by rebuilding our system to provide you with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

For your security, we encourage you to be especially aware of email, telephone and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them as well.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information
for those who wish to consider it:
- U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228.

- We have also provided names and contact information for the three major U.S.
credit bureaus below. At no charge, U.S. residents can have these credit bureaus place a "fraud alert" on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below:

Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790

- You may wish to visit the website of the U.S. Federal Trade Commission at www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania Avenue, NW, Washington, DC 20580 for further information about how to protect yourself from identity theft. Your state Attorney General may also have advice on preventing identity theft, and you should report instances of known or suspected identity theft to law enforcement, your State Attorney General, and the FTC. For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone
(877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202;
telephone: (888) 743-0023; or www.oag.state.md.us.

We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information.
Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at 1-800-345-7669 should you have any additional questions.

Sincerely,

Sony Computer Entertainment and Sony Network Entertainment

===================================

LEGAL
"PlayStation" and the "PS" Family logo are registered trademarks and "PS3" and "PlayStation Network" are trademarks of Sony Computer Entertainment Inc.
(C) 2011 Sony Computer Entertainment America LLC.

Sony Computer Entertainment America LLC
919 E. Hillsdale Blvd., Foster City, CA 94404

 

[Stylo]

As if there weren't enough reasons why PS3 sucks balls already...

 

[Krynn72]

So is PSN back up? I dont remember what my password is, and I'd like to find out just in case it is one I used for something else. It'd be a low priority password of mine, one I use for shit I don't really care about (even hl2.net is on a higher tier of on my password scale), but still I aught to change stuff. Its not unfathomable that they could just try my password on several sites, regardless of whether or not they have anything to suggest I use the site/service.

EDIT: Hey, apparently my senator is upset over this. Good news, maybe others aught to send emails to their politicians and get some pressure on Sony for being a ****wad.

http://www.joystiq.com/2011/04/26/s...umentha?icid=sphere_blogsmith_inpage_engadget

Sony's failure to report data breach incurs CT Senator Blumenthal's wrath
by Alexander Sliwinski on Apr 26th 2011 5:05PM

Connecticut Senator Richard Blumenthal is "demanding answers" about why Sony Computer Entertainment of America failed to inform customers of the data breach of the PlayStation Network on April 20.

"When a data breach occurs, it is essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised," Blumenthal said in a release. "Compounding this concern is the troubling lack of notification from Sony about the nature of the data breach."

Of course, Sony just issued a statement that it says will be emailed to "all of our registered account holders" but, as we noted in our post, it's been nearly six days since the "intrusion" first took place. Blumenthal elaborated, "Although the breach occurred nearly a week ago, Sony has not notified customers of the intrusion, or provided information that is vital to allowing individuals to protect themselves from identity theft, such as informing users whether their personal or financial information may have been compromised."

Sen. Blumenthal also sent a letter to SCEA President and CEO Jack Tretton, which can be found after the break.

 

[Combine Hybrid]

PSN won't be back up at least until Friday.

 

[Gargantou]

it means they have your email address ([email protected]) and it sounds like they also have your psn password (hunter2). And because so many people use the same password for many different accounts, there's a chance they could log into your gmail account also.

Makes me happy I use random passwords for all my accounts on stuff!*Rubs KeePass 2*

 

[hool10]

Lol at the people hoping to use the network again. It's contaminated and probably full of holes after the patch job is done.

 

[Stigmata]

I wish I could make that image my retinal background for the day.

 

[No Limit]

Unfortunately, many places still do not hash passwords. Even with a hash, it's easy to discover weak passwords using a rainbow table attack.

Don't ask what halflife2.net does. :<

I would never assume a company as large as Sony wouldn't have the common sense to hash their passwords, even this site does it. That kind of negligence should be criminal. Yes, some weak passwords can be uncovered even if they are hashed but that can then be blamed on the person that decided to use a weak password for all their stuff.

We keep physical copies of everything. In the case of passwords, we just write them on our hands.

On the topic of this whole thing...this is actually unforgivable. Leaking this kind of information by not being secure enough is negligent beyond belief and there should be legal consequences. Personal information is given to Sony with the expectation they will keep it secure, if you fail that side of the agreement then I would want compensation and damages. An example really must be set here because this can't happen again...cutting corners on security tech is absolute madness, it's so amateur its beyond laughable.

$10 says there was something in the terms of service that you agreed to which lets them off the hook if their entire network is hacked. I'm guessing through the years they took the savings from hiring shitty programmers and used it to beef up their legal team.

 

[Acepilotf14]

I laughed so hard.

 

[Combine Hybrid]

SONY be ****ed as They Say


PlayStation Network Breach Could Carry A $24 Billion Price Tag (In Some Crazy Fantasy World)
Michael McWhertor — While the financial ramifications of the PlayStation Network's "external intrustion" on Sony, PlayStation developers and consumers likely won't be known for many moons, a data-security research firm and the mathematicians at Forbes have put a worst-case scenario price tag on the breach: $24 billion USD.

That gargantuan figure was derived by multiplying the number of PlayStation Network accounts (77 million) by the "cost of a data breach involving a malicious or criminal act," which according to the Ponemon Institute, averaged $318 last year. Of course, not every PSN account has current credit card data or accurate personal information attached to it, meaning the actual figure would likely be much, much less.

That said, Forbes still warns of scams that don't require access to credit card info.

Alan Paller, director of research for the SANS Institute, a security training organization, said that even if credit numbers weren't stolen, knowing someone's name, email address and which games he or she likes can lead to expertly crafted scam e-mails. Knowing billing histories can be even more harmful, since they can identify big spenders.

Regardless of the actual cost to Sony and its customers, it's certainly a massive loss in terms of trust and sales, which we may see reflected in the company's earnings over the course of the coming months and years.

Source: http://kotaku.com/#!5796301/playstat...-fantasy-world

 

[Shakermaker]

http://www.youtube.com/watch?v=Cwn4R_GexLM

 

[Combine Hybrid]

 

[Warped]

It seems like Sony can't ever catch a break. I bet Apple will introduce a gaming console during the next generation, but thats just a guess

http://www.youtube.com/watch?v=eZexoW0UEno&feature=feedu

:O

 

[YROC]

Damn, I was wanting a PS3 too. :/

 

[morgs]

Damn, I was wanting a PS3 too. :/

Me too, bloody glad I didn't get one sooner.

 

[Acepilotf14]

The PS3 still plays games, guys. I played it earlier. PSN is borderline useless anyway.

 

[Krynn72]

My cousin bought Red Dead Redemption the day PSN went down because we wanted to play online. It would have been the first game I'd ever play multiplayer on the PS3. LOLNOPE

 

[Darkside55]

The PS3 still plays games, guys.

reaction image



I canceled my credit card today. Now to wait 3-5 business days for a new one. Goddamnit, Sony, you just wait until that class action lawsuit. I had to get a new card, change all my passwords and security questions for everything, and it really doesn't help that the PS3 has no games. Sony will not recover from this.

 

[Javert]

When my health insurance company lost a hard drive possibly containing my data (didn't get stolen, they just lost it), they gave me 2 free years of credit monitoring. I wonder if Sony would do the equally decent thing at least.

 

[Darkside55]

What are they gonna do, give us all free access to their online service? OH WAIT

 

[Vegeta897]

Free PS3s for everyone.

Along with a free copy of Call of Duty: Black Ops™

 

[Darkside55]

free copy of Call of Duty: Black Ops™

I'LL SUE


Realistically, there's nothing Sony can do to rectify this situation. There is no freebie, no gesture of goodwill that Sony can do that will placate the masses. 77 million users' info was compromised; right now the only people who even have the meanest faith left in Sony is the SDF full of kiddies and people who don't live in the real world, where identity theft--especially potential theft of CC info--is a major concern. The fact that they didn't tell anyone about it in a timely manner also put the nail in their coffin. There's nothing Sony can do here. There is no "equally decent thing"; NOTHING measures up to having information that could negatively impact your entire life stolen out from under a company you entrusted to hold said information secure, in good faith.

Sony is done for.

 

[morgs]

It'sony sony.

 

[Stigmata]

Sony is done for.

I don't even know what to say. That kind of fall is just... how do you recover from something like this?

 

[<RJMC>]

I dont get the whole blaming on sony,what about the people that stolen the info?

and if anon was behind this them sure they wont get much simpathy from this

 

[Bad^Hat]

Sony are responsible for keeping your information secure, they're taking a lot of the blame because it's obvious they didn't go to every measure they could have to prevent this from happening or to keep sensitive information from being stolen. I don't think anyone is saying the hackers are free from blame, but (bad analogy incoming) if your bank is robbed and they fail to prevent your money from being stolen, you're probably going to be more concerned about how the bank handled it than about who stole it.

 

[Combine Hybrid]

I dont get the whole blaming on sony,what about the people that stolen the info?

and if anon was behind this them sure they wont get much simpathy from this

People blame both parties. But people are much more furious at $ony because we expected for them to protect our information when we signed into their service.

What can people do about the hackers? Send a formal complaint to anonymous hackers?

 

[<RJMC>]

People blame both parties. But people are much more furious at $ony because we expected for them to protect our information when we signed into their service.

What can people do about the hackers? Send a formal complaint to anonymous hackers?

yeah I know but since hating sony was the cool thing since the hacker incident it looks like people is using this to keep attacking them

and yeah I still think there is a conection beetwen that and this event,not saying the guy that hacked the ps3 is the culprit but still think there is a conection

I think I read a theory that the hackers used that hack as some kind of "base" to enter the important part,dont remenber where and dont remenber if it was a theory or a fact

 

[DiSTuRbEd]

Ddos is different then hacking into a system.

 

[Stigmata]

(bad analogy incoming) if your bank is robbed and they fail to prevent your money from being stolen, you're probably going to be more concerned about how the bank handled it than about who stole it.

Pretty good analogy TBH, but you forgot the part where the bank keeps everyone's money in a burlap sack behind the counter.

 

[CyberPitz]

Cancelled my card today. Really didn't want to, since it will be renewing soon, thus changing the expiration date, thus being free. Opted for the more safe route though. Now to change passwords.........

I think I'm the only one not hating on Sony for this. In a Q&A, they said that the CC info was encrypted. Whether they are telling the truth or not...I'll err on their side. I've been trying to figure out where the first 'OMG IT WAS JUST PLAIN TEXT SO EASY TO READ' came from. It would have to be the hackers, but god knows they are trustworthy.

 

[<RJMC>]

I got some new spam mail today,also a spanish version of the warning mail

 

[Warped]

I keep forgetting to call my credit card company but I'm pretty sure my old card wasn't being used anymore. regardless I check that stuff regularly so I think I'm aight

 

[Gargantou]

I just did the most simple thing for me, I blocked my card from internet and foreign purchases, meaning I can only use it physically in-real-life.

What's neat is that I can do this via my banking website in just a minute, so if I need to purchase a game on Steam I can just unlock internet purchases, buy it, then lock it again.

Might seem like a hassle to do that but I'd rather wait to automatically get a new card than lock my current one and have to wait up to two weeks to get a new one, especially since mine will expire soon and I'll get a new one automatically then anyway.

 

[Stigmata]

I think I'm the only one not hating on Sony for this. In a Q&A, they said that the CC info was encrypted. Whether they are telling the truth or not...I'll err on their side. I've been trying to figure out where the first 'OMG IT WAS JUST PLAIN TEXT SO EASY TO READ' came from. It would have to be the hackers, but god knows they are trustworthy.

Maybe it was "encrypted" in the sense that you need a computer to interpret the binary text file

 

[Dynasty]

The fact that they didn't tell anyone about it in a timely manner also put the nail in their coffin.

I dont see why people are complaining about how long it took Sony to say something. Of course NOW we know our finances may be in jeopardy, and only now do we get infuriated. But think about what they (Sony) did, really, really think about it.

It's a balance between what you say and when you say it.

YES, Sony could have said on day 1 of the hack that the network was down, which Im pretty sure they did, and the simple fact of the matter was that THEY DID NOT KNOW WHY. Just like any service these days. If your bband fails and you call your provider, they have to figure out why. If a bird dies on a telephone line and your power goes out, the company has to find out why it has died (the power, that is). It's not like a big error box splashes on their screens saying 'pigeon fried on line on st. elmans road in x-town has caused blackout'.

So, saying the network is down as soon as possible is great, but we consumers, retarded as we are, will scream and howl as to why Sony wont say WHY IT IS DOWN. For god sake, they dont know why yet.

On the flip side, if they knew it was hackers, they wont know what the hackers had got. So if they said straight away the system was hacked and they dont know what the hackers got, we would scream and howl at how Sony arent protected enough, why dont they know, how hard can it be, blah blah blah.

FIGURING IT OUT TAKES TIME, as does reacting to the situation, which we are reluctant to give. Time to investigate the potential of it being hackers. How did they get it. How long were they in for. What did they get. What did they leave behind. Was this an in-house employee playing a practical joke. YOU DONT KNOW until you peel away all the layers. That takes time in the real world and potentially hiring independant investigators and technicians etc. They are also rebuilding the PSN from scratch apparently. That doesnt happen overnight.

Then they have to ensure it doesnt happen again, so how do you plug those holes ONCE YOU HAVE FOUND THEM IN THE FIRST PLACE, etc etc etc.

You dont just blurt stuff out as a corporation to the public WITHOUT CONFIRMING THINGS, things that take time to confirm. This isnt something small that takes 5 minutes to say ''ahh, thats the reason.'' This is a HUGE breach of Sony security.

Imagine the scenario from Sony's PR:

Unconfirmed reports - we have discovered the PSN has been hacked and financial data has been obtained; panic people and cancel your cards, change your passwords blah blah blah.

1 or 2 days later - woops, our bad, no financial data was obtained, we're all safe, PSN will be back up once we have fixed it.

We would scream and howl with rage at Sony for messing with us, why not wait till it's confirmed our info was obtained, blah blah blah.

So, really, Sony WAS doing the right thing in delaying. Confirm things before inform the ill-informed and rumour-loving public.