Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained every bit of information about yourself up to and including the name of your dog and when/if you lost your virginity. If you have any friends or know anyone who also owns a Playstation 3 console, an unauthorized person probably got all their shit too. While there is no evidence at this time as to exactly how much of this information they truly obtained, we have to try and legally cover our asses by warning you, even if it is nearly a week late. On the bright side they got millions of other people's information too so it will probably be a while before they get to using yours. Maybe. Probably. Eh...they did get that week head start so you're probably screwed already.
I think they are being more cautious about the cc numbers then anything. I work in a point of sale development job for a large chain of stores and its more likely they got encrypted data if anything then actual numbers. Sony may have it set up so that the decryption cant be broken as it exists.
That said, im not happy about all this, but being in the computer biz, i cant quite blame sony. its not like they have absolute shit for security, its that there are asshats that want to break it. Lets blame them instead.
azith28 on
Stercus, Stercus, Stercus, Morituri Sum
0
Options
VanguardBut now the dream is over. And the insect is awake.Registered User, __BANNED USERSregular
edited April 2011
Do you think it's possible that Sony knows for sure whether or not credit card information was obtained and is claiming that they're unsure to avoid any liability?
Vanguard on
0
Options
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
edited April 2011
Oh what the fuck. They waited this long to tell us this? Bad form, Sony.
I mean, fuck the hacker who did this, seriously. He can rot in the lowest circle of whatever hell is the worst. But if all of this was enabled through a combination of "Random number = Constant" and "Are you a dev console?", then Sony has culpability in this too.
I agree with you, but while we're not paying for that, there's a possibility that we're paying for someone's international airline tickets in the near future.
With the possibility of credit card info being stolen, customers should have been informed much, much sooner. Terrible move.
This.
If they didn't think it was a possibility and have since found out it is possible that's kind of understandable from the perspective that needlessly causing customers to have to get new debit cards can be a giant hassle for the customers (having to change over automatic debits and whatnot).
Even then though taking this long to find out CC info might have been compromised is inexcusable. Finding out whether that was the case or not should have been the number one priority after getting everything locked down.
I think they are being more cautious about the cc numbers then anything. I work in a point of sale development job for a large chain of stores and its more likely they got encrypted data if anything then actual numbers. Sony may have it set up so that the decryption cant be broken as it exists.
That said, im not happy about all this, but being in the computer biz, i cant quite blame sony. its not like they have absolute shit for security, its that there are asshats that want to break it. Lets blame them instead.
Except it's looking like they really do have absolute shit for security.
Half the blame should go to the hackers, sure. But that other half deserves to go straight to the fucking security guard who let people in without even carding them.
Now I'm really starting to regret buying that Disgaea DLC back in January. If I ever decide to buy anything off PSN again, and that's a pretty big if, you can be damn sure it'll be with point cards from now on.
The Wolfman on
"The sausage of Green Earth explodes with flavor like the cannon of culinary delight."
So when should we expect there to be a class-action lawsuit, and how do we get a slice of that pie?
Trying to hold Sony responsible for any fraud caused by this I could see but aside from that I don't really know what angle you'd take for a class action suit.
I think they are being more cautious about the cc numbers then anything. I work in a point of sale development job for a large chain of stores and its more likely they got encrypted data if anything then actual numbers. Sony may have it set up so that the decryption cant be broken as it exists.
That said, im not happy about all this, but being in the computer biz, i cant quite blame sony. its not like they have absolute shit for security, its that there are asshats that want to break it. Lets blame them instead.
Here's hoping that the PSN CC crypto implementation was better than the PS3 private key implementation.
Near 70 million users personal info is still a huge problem, even without credit card details added to it.
I wonder how the hackers got the credit card info. Knowing Sony, they probably just asked the system politely.
Um, so far we're not sure anyone got CC info. It's possible, but not confirmed.
The main thing that pisses me off is that all other PII has been confirmed. Name, Address, Phone, Account name, Password, etc... That can be used for many different things in many different places.
This isn't going to go over well, and I hope to eff they trace who got the data. They should have logs up of people accessing the DEV network, and it shouldn't be a huge list. Here's hoping they did SOMETHING right. Doubtful though
I started building my own machines years ago for one reason: To liberate myself from the fucking computer shops. Back in the 486/Pentium days, I cannot BEGIN to count the number of times I gave my computer to a shop, only to let them hrm and haa over it for weeks and charge me labor - and then return the thing to me broken after I paid them.
Computers do some weird shit, and building them yourself does not exclude you from their quirks. But for me, I'd rather be in total control of my machine. If something does go wrong, I'd rather be baffled about what the hell the problem is myself than pay some guy I don't know from Adam so he can be baffled. In my experience the people behind the counter are going to be clueless as to what the problem is, so Google+Forums+NewEgg wind up being cheaper, faster, and safer.
Uhhh, right, PSN thread. By this point, it does seem like the "Rebug" theory is gaining more credence. The fact that the developer network is forcing new firmware seems to lend strength to the theory, in which case the idea of Sony rebuilding the code of the entire network is understandable, if unfortunate. I still don't know why they shrugged their shoulders and said "I dunno" regarding CC information, though. Even in the "Rebug" scenario that stuff should be secure, and they should be confident in saying it is.
I stopped building machines for one reason: to liberate myself from the ardor of having to do all that just to play a game. I don't build cars I want to drive either, though given my background and my family, it'd be no more inconvenient. I use desktops to play games. I can use anything from a laptop to a telephone to check emails in this day and age. Gaming is pretty much an exclusive use of desktops. In the Pentium/486 period, this wasn't quite the same thing, for obvious reasons, and not so obvious ones: I spent most of my life traveling, so if a computer broke, it broke, and there was no solution to it. Try finding someone who'll ship replacement components to a working compound in Sumatra in a reasonable and timely manner in the mid 90s. Not easy. I'm in the US now, but last I checked, NewEgg doesn't ship to Taiwan anyway.
In the end of the day, it doesn't matter how perfect you are--things sometimes don't work. That's WHY we have RMA, simple as that. You can be the greatest builder who ever lived, but if a GPU is a dud, it's a dud. You're never going to have complete control because you don't control the assembly lines. I don't want to deal with that--and now, between my job and graduate school, I don't have the time for it. It's completely true you can be overcharged for a desktop--but you can be overcharged for components just as easily. I don't have time to tool around in my Kia either, so I'd rather trust it to a trainer professional, and I get my PCs from the same people. If I didn't trust someone else to handle this, I'd probably have to swear off laptops as well.
Hah, actually with the number of problems I've had getting PSN to actually charge any of my cards I started just buying instant point cards off of Amazon awhile ago.
I'm definitely regretting not deleting out my card info once I started doing that though.
CC info being compromised is far less of a threat than allllll that other info being leaked.
Your bank covers you in event of CC fraud. It is a minor annoyance to possibly have to get a new card and use that instead (you shouldn't have the info saved anywhere anyways).
But that other stuff opens you up to so much spam and marketing and potential new hacks and all the other businesses and organizations you deal with. Awful.
I want a specific list of all those who had data leaked, and what data.
Like the Gawker leak.
Deusfaux on
0
Options
SteevLWhat can I do for you?Registered Userregular
Just double sucks because you don't log into the PSN with your gamer tag; you log in with your email address as your username.
Which, like, every major site (Amazon, some banks, etc) does. So if you have the same password for everything....
ugh
A painful, but important, realization.
As the resident forum paranoid, I'd like to take a moment to remind everyone that their PSN password ought to be off-limits for the entire web at this point. If you use that password for your email address, go change it immediately. While credit card information getting pinched is still in that nebulous 'maybe' zone, Sony have told us all that our passwords and logins are compromised.
It's the Gawker incident all over again, only on a larger and possibly more damaging scale.
I agree with you, but while we're not paying for that, there's a possibility that we're paying for someone's international airline tickets in the near future.
Ever give Microsoft your CC info? I'd rather help someone get to Singapore as at least I'd have a chance of getting that money back. :P
I don't have a CC on my PSN account but I do use the same email and password for my xbox live account and I do have a CC on that account, so I just went and changed the password for my xbox live account just to be safe.
The card I used is for online transactions only, is only funded when I manually put funds into it and is set up so it can't overdraft. My security questions are (as always) nonsensical answers since I never use them and my password is specific to that account.
Woo, go go gadget personal online transaction paranoia!
I agree with you, but while we're not paying for that, there's a possibility that we're paying for someone's international airline tickets in the near future.
Ever give Microsoft your CC info? I'd rather help someone get to Singapore as at least I'd have a chance of getting that money back. :P
...
Well, Xeno, you've convinced me. Once the service comes back online, I'm going to give Sony all my credit card information, even though the only credit card number Microsoft has from me is from one that expired in 2008.
Unless Sony used some legendarily shitty, HBGary-style hashing for their passwords (which I'm not putting past them) no one should have the actual password you used to log in to PSN.
The hash? Sure. But the actual plaintext? No.
PeregrineFalcon on
Looking for a DX:HR OnLive code for my kid brother.
Can trade TF2 items or whatever else you're interested in. PM me.
Posts
I was going to put something snarky here, but can't we just stop with this crap? this isn't gamefaqs, we don't care about system warz bs
That said, im not happy about all this, but being in the computer biz, i cant quite blame sony. its not like they have absolute shit for security, its that there are asshats that want to break it. Lets blame them instead.
I mean, fuck the hacker who did this, seriously. He can rot in the lowest circle of whatever hell is the worst. But if all of this was enabled through a combination of "Random number = Constant" and "Are you a dev console?", then Sony has culpability in this too.
I agree with you, but while we're not paying for that, there's a possibility that we're paying for someone's international airline tickets in the near future.
This.
If they didn't think it was a possibility and have since found out it is possible that's kind of understandable from the perspective that needlessly causing customers to have to get new debit cards can be a giant hassle for the customers (having to change over automatic debits and whatnot).
Even then though taking this long to find out CC info might have been compromised is inexcusable. Finding out whether that was the case or not should have been the number one priority after getting everything locked down.
Except it's looking like they really do have absolute shit for security.
Half the blame should go to the hackers, sure. But that other half deserves to go straight to the fucking security guard who let people in without even carding them.
Now I'm really starting to regret buying that Disgaea DLC back in January. If I ever decide to buy anything off PSN again, and that's a pretty big if, you can be damn sure it'll be with point cards from now on.
Yeah, people are going to be livid about this kind of fuck-up.
Trying to hold Sony responsible for any fraud caused by this I could see but aside from that I don't really know what angle you'd take for a class action suit.
ugh
Gamer Tag: LeeWay0
PSN: Leeway0
Here's hoping that the PSN CC crypto implementation was better than the PS3 private key implementation.
Near 70 million users personal info is still a huge problem, even without credit card details added to it.
Steam
My Backloggery
Um, so far we're not sure anyone got CC info. It's possible, but not confirmed.
The main thing that pisses me off is that all other PII has been confirmed. Name, Address, Phone, Account name, Password, etc... That can be used for many different things in many different places.
This isn't going to go over well, and I hope to eff they trace who got the data. They should have logs up of people accessing the DEV network, and it shouldn't be a huge list. Here's hoping they did SOMETHING right. Doubtful though
Destiny! : Warlock - Titan - Hunter
Which, like, every major site (Amazon, some banks, etc) does. So if you have the same password for everything....
ugh
I stopped building machines for one reason: to liberate myself from the ardor of having to do all that just to play a game. I don't build cars I want to drive either, though given my background and my family, it'd be no more inconvenient. I use desktops to play games. I can use anything from a laptop to a telephone to check emails in this day and age. Gaming is pretty much an exclusive use of desktops. In the Pentium/486 period, this wasn't quite the same thing, for obvious reasons, and not so obvious ones: I spent most of my life traveling, so if a computer broke, it broke, and there was no solution to it. Try finding someone who'll ship replacement components to a working compound in Sumatra in a reasonable and timely manner in the mid 90s. Not easy. I'm in the US now, but last I checked, NewEgg doesn't ship to Taiwan anyway.
In the end of the day, it doesn't matter how perfect you are--things sometimes don't work. That's WHY we have RMA, simple as that. You can be the greatest builder who ever lived, but if a GPU is a dud, it's a dud. You're never going to have complete control because you don't control the assembly lines. I don't want to deal with that--and now, between my job and graduate school, I don't have the time for it. It's completely true you can be overcharged for a desktop--but you can be overcharged for components just as easily. I don't have time to tool around in my Kia either, so I'd rather trust it to a trainer professional, and I get my PCs from the same people. If I didn't trust someone else to handle this, I'd probably have to swear off laptops as well.
"Let's see if anyone who got their credit card information feels that way."
Not very productive, is it?
I'm definitely regretting not deleting out my card info once I started doing that though.
3DS: 1521-4165-5907
PS3: KayleSolo
Live: Kayle Solo
WiiU: KayleSolo
Your bank covers you in event of CC fraud. It is a minor annoyance to possibly have to get a new card and use that instead (you shouldn't have the info saved anywhere anyways).
But that other stuff opens you up to so much spam and marketing and potential new hacks and all the other businesses and organizations you deal with. Awful.
I want a specific list of all those who had data leaked, and what data.
Like the Gawker leak.
Seriously. When I heard that, the possibility of credit card info being stolen was the least of my worries.
My Backloggery
A painful, but important, realization.
As the resident forum paranoid, I'd like to take a moment to remind everyone that their PSN password ought to be off-limits for the entire web at this point. If you use that password for your email address, go change it immediately. While credit card information getting pinched is still in that nebulous 'maybe' zone, Sony have told us all that our passwords and logins are compromised.
It's the Gawker incident all over again, only on a larger and possibly more damaging scale.
No kidding. My bank covers CC theft. The rest is all my problem. Only good news is that I use a different passowrd for everything.
Not that it matters. If they have your answers, thats how you reset most passwords when they're "forgotten".
3DS: 1521-4165-5907
PS3: KayleSolo
Live: Kayle Solo
WiiU: KayleSolo
Ever give Microsoft your CC info? I'd rather help someone get to Singapore as at least I'd have a chance of getting that money back. :P
Perhaps you could do this through Sony on the internet?
Can we put the whole "I'm mad at you for being mad at Sony" BS behind us now? Everyone should be angry about this.
The card I used is for online transactions only, is only funded when I manually put funds into it and is set up so it can't overdraft. My security questions are (as always) nonsensical answers since I never use them and my password is specific to that account.
Woo, go go gadget personal online transaction paranoia!
What about Steam?
What about the Steam account and password you put in to link your Steam account with PSN?
...
Well, Xeno, you've convinced me. Once the service comes back online, I'm going to give Sony all my credit card information, even though the only credit card number Microsoft has from me is from one that expired in 2008.
That's how convincing you've been.
The hash? Sure. But the actual plaintext? No.
Can trade TF2 items or whatever else you're interested in. PM me.
That's a good point. I hadn't thought of that. Since it's the actual information that's in question...I guess you could visualize it like a list...
On the other hand, see the aforementioned points made about the nature of the hash, etc.