Sony PlayStation 3

This will affect my decision on whether I buy another Sony console in future, that's for sure. If the future lies in digital distribution and more and more online services then I'm not sure Sony can be trusted to deliver it safely.

I don't wish any ill on Sony, and hope they recover from this, but over the last few years I think it's fair to say the company has gone from a rock-solid name in electronics - renowned for build quality and professionalism - to frankly something of a laughing stock these days.

How the mighty have fallen.
 
Updates from Sony

The PlayStation Blog has posted another question and answer session detailing the fallout from a hacker attack on the PlayStation Network that gave up the personal information of its users. The majority of the information covered by the post is known to folks who have been keeping up with the day-to-day reports here on IGN, but there were a few new tidbits.

How Safe Is Your Personal Info?
"All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack."

Did They Get Your Credit Card?
"While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained. Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network or Qriocity, and is therefore not stored anywhere in our system."

Changing Your Password
"We are working on a new system software update that will require all users to change their password once PlayStation Network is restored. We will provide more details about the new update shortly."

The Future
"Moving forward, we are initiating several measures that will significantly enhance all aspects of PlayStation Network's security and your personal data, including moving our network infrastructure and data center to a new, more secure location, which is already underway. We will provide additional information on these measures shortly."
Click to expand...

Credit:IGN.com

http://ps3.ign.com/articles/116/1164601p1.html

Sony has confirmed that it hopes to restore some fuctionality to the PSN service by next Tuesday in a new statement on the PlayStation Blog.

"Our employees have been working day and night to restore operations as quickly as possible, and we expect to have some services up and running within a week from yesterday. However, we want to be very clear that we will only restore operations when we are confident that the network is secure."

Dated April 27, the update posted by Patrick Seybold (Sr. Director, Corporate Communications & Social Media), would put the estimated return date for PSN services as May 3, meaning that the service will have been offline for two weeks.

Although which services will be coming back online next week is unclear, Sony has stated they are working on new security measures for the future, as well as seeking out those responsible for the breach, confirming they "are working closely with a recognised technology security firm in order to find those responsible for this criminal act, no matter where in the world they might be located."

Hackers - lock your doors. Sony's coming after you.
Click to expand...

Credit:IGN.com

http://ps3.ign.com/articles/116/1164641p1.html
 
My girlfriend just got an email from Sony saying that they believe her details have been obtained, no email for me though.
 
DagsJT said:
My girlfriend just got an email from Sony saying that they believe her details have been obtained, no email for me though.
Click to expand...

I got an email today, it's just the exact same message they put on their blog, warning people to be vigilant of their card's activities and pointing out warning signs of fraudulent Sony emails we're likely to get asking for more info.

I guess it's taking them a while to message 77 million people!
 
It is sounding more like a storm in a teacup everyday.

It'd affect my decision to buy a Sony console sure, if the equivalent didn't mean moving to Microsoft's ideology of 'online FPS' are the only way'. Somehow the i have my doubt about the Xbox harboring games on par with Uncharted 3, The Last Guardian and ICO/Shadow of Colossus HD so i'll keep some faith in Sony for the time being.
 
Last edited:
Hey guys, i strongly advise everyone that hade credit card on PSN to cancel it, there´s too much information floating around and no one to definetly say if they are true or not, like this one from psx-scene:

So was the "credit card" table really encrypted?

Rumors are following thru various underground "credit card" trading forums, and on the new #psnhack twitter list that a large section of the PSN database containing complete personal details along with over 2.2million working credit card numbers with the much-needed CVV2 code are being offer up for sale to the highest-bidder, after the "hackers" tried to sell the DB back to Sony for a price, but they of course didn't answer!


The following information is from Kevin Stevens, Security Researcher in hostile times from his @killercube on Twitter:

Hackers offer to return DB containing 2.2million CC's to Sony for a price, they say NO!

Discussion about #psnhack and possible speculation about the hackers being from Europe Logs - efnet - #ps3dev - 2011-04-26

<Mathieulh>trixter, people I know had a shell on the psn servers

<Mathieulh>did you know that sony didn't disable the function that sets the psn server under maintenance ?

The hackers that hacked PSN are selling off the DB. They reportedly have 2.2 million credits cards with CVVs #psnhack

Sony was supposedly offered a chance to buy the DB back but didn't #psnhack

@mikkohypponen That is what is going around on some underground forums. The DB contains pretty much everything

@the_pc_doc That is what I thought but the guys selling it say that they have CVV2 numbers

@RiquezJP Well not properly securing your server breaks compliance as far as I know.

@RangerRick Yeah, this information about the CVV2 numbers could be bogus. The guys selling the DB could just be making it up.

Supposedly the hackers selling the DB says it has: fname, lnam, address, zip, country, phone, email, password, dob, ccnum, CVV2, exp date

No, I have not seen the DB so I can not verify that it is true
Click to expand...


<Mathieulh>trixter, people I know had a shell on the psn servers

<Mathieulh>did you know that sony didn't disable the function that sets the psn server under maintenance ?

The hackers that hacked PSN are selling off the DB. They reportedly have 2.2 million credits cards with CVVs #psnhack

Sony was supposedly offered a chance to buy the DB back but didn't #psnhack

@mikkohypponen That is what is going around on some underground forums. The DB contains pretty much everything

@the_pc_doc That is what I thought but the guys selling it say that they have CVV2 numbers

@RiquezJP Well not properly securing your server breaks compliance as far as I know.

@RangerRick Yeah, this information about the CVV2 numbers could be bogus. The guys selling the DB could just be making it up.

Supposedly the hackers selling the DB says it has: fname, lnam, address, zip, country, phone, email, password, dob, ccnum, CVV2, exp date

No, I have not seen the DB so I can not verify that it is true
What follows is some 'screenshots' from various 'underground' forums, that suggests the database is complete, and also contains over 150,000 German accounts, so is this just a "Europe" slice of the pie, or did the still unnamed 'hackers' target that country because of what Sony did to the 'scene' in regard to how they were handling the graf_chokolo case!
Click to expand...

source: http://psx-scene.com/forums/f6/psn-database-containing-2-2million-credit-cards-now-up-sale-85702/
 
Sony’s confirmed that Sony Corp’s Kaz Hirai is to hold a press conference in Japan tomorrow to address last week’s PSN hacking crisis.

Hirai will speak at 2.00pm Japanese time (9.00pm PST, 12.00am EST, 5.00am BST, 6.00am CET) about the breach, as well as the firm’s information management system and the schedule to resume services.

PSN was hacked last week and taken offline completely as a result. Sony has since confirmed that user data was compromised, and that it can’t rule out the possibility that credit card details were stolen.

The news has rocked the gaming world, and has been reported widely in the mainstream press as one of the largest ever online security failures.

PSN is expected to be back online next week.
 
The one thing that this whole ordeal has taught me is how to identity spoiled petulant gamers and those that realise it isn't the end of the freaking world not being able to play online for two weeks. I am not talking about the credit card thing for the time being because as far as i'm aware there's been a lot of rumour but no fact? Most people are rightly worried about this but for some odd reason it seems more people are butthurt solely about just not being able to play online.
 
Last edited:
Northzzz said:
The one thing that this whole ordeal has taught me is how to identity spoiled petulant gamers and those that realise it isn't the end of the freaking world not being able to play online for two weeks.
Click to expand...

Then there are those that are genuinely worried about ID fraud. No laughing matter.
 
Jamezinho said:
Then there are those that are genuinely worried about ID fraud. No laughing matter.
Click to expand...

Oh, you are too quick. I edited that before i saw this because i was aware it'd probably come up. Of course that's no laughing matter, my details are on there.

I was merely commenting on the amount of people i keep seeing on the internet who merely reference the ability to play online being down for two weeks in their arguments against Sony and completely miss the bigger issue. Both that of the potential card issue and the fact that not being able to play online for 2 weeks is not exactly a detriment to one's life.

Anyway it annoys me. I don't know why because i would normally not care but I think it could be because most gamers annoy me in general. They fight on the internet as if they're fighting in COD, no reason at all to their logic and all out for themselves. This forum is the only place where the amount of spoiled gamers are in the vast minority (discounting all of us wanting the world in Fifa and PES ;) ).
 
Last edited:
You're right, of course. The PSN outage is the least of my worries when all my personal details are out there for the highest bidder.

I've seen people worriedly ask about their trophies? Really, who cares? They must be kids with nothing else to worry about in their lives, or at least I hope that's the case. If adults are saying these kind of things then shame on them.

Personally I've been gaming for over 20 years, and it's only the last few years where online has featured for me, so I can cope with a couple of weeks offline.
 
Sony press conference to explain the unexplainable!

The-Joy-of-Tech-comic.gif
 
Honome_WEC said:
Hey guys, i strongly advise everyone that hade credit card on PSN to cancel it, there´s too much information floating around and no one to definetly say if they are true or not, like this one from psx-scene:

source: http://psx-scene.com/forums/f6/psn-database-containing-2-2million-credit-cards-now-up-sale-85702/
Click to expand...

Response to this 'hackers chatting' that I read somewhere else.

I certainly don't have access to the stuff those guys claim to but I will mention two things...

transport level security IS considered "enough" even though I wouldn't make that choice myself... so saying this data is transmitted in the clear over an SSL connection is an oxymoron... either it was transmitted over an SSL connect (ie. encrypted in transit) or it was transmitted in the clear... there's no such thing as "in the clear over an encrypted connect"...
format preserving encryption is often used on things like credit card numbers, primary account numbers, social security numbers, etc. It's a way to encrypt data while preserving the input data characteristics. So if you have a 16-digit credit card number encrypted with a format preserving encryption process, the encrypted value will look EXACTLY like a valid credit card number... except the 16 digits you're seeing aren't the credit card number, but an encrypted value of the credit card number. I noticed in this chat that the guy says both that the credit card number is fake, redacted, and he'd never used one so even if I were to believe everything in that log, I don't know that what I'm reading actually says he identified a known real credit card number in the clear after entering it into his account... it actually seems to indicate the opposite.
 
bsmaff said:
Well the hackers have now also hacked into Sony Online Entertainment and got even more details and credit card numbers.
Click to expand...

Rumors are that aparently the work was done by inside employers that were fired two weeks before the attack, don´t know if thet´s true but it would make sense since the attack have absolutely nothing to do with jailbreak scene and SOE were attacked too and the server is not in the same place of PSN.
 
You must log in or register to reply here.
Back
Top Bottom