What about the Steam account and password you put in to link your Steam account with PSN?
I would be surprised if Steam stuff didn't go through Valve's servers. I see no reason that Sony would have access to any of the information behind a Steam account.
I'd honestly put the fraud alerts out on credit cards and the like.
Sony took a whole week to let people know that thier personal information had been compromised, what's to say they're trying to hide the theft of credit card data with that whole "Oh, by the way, we're not sure if credit card records were accessed (because we're all busy sitting around and trying to keep the company stock from tanking), but just in case, well, here are the resources you need to check if it was." bullshit? At this point, I'd just assume that the hackers got everything and act as such.
The last thing Sony wants getting out is that thier credit card records were compromised, because that'll just kill thier reputation further, and not to mention flood the secondary market with PS3 gear and games.
Oh, and I'd never trust Sony with any information for a long, long time. This is right up there with some of the biggest internet fuckups ever, in my opinion.
I agree with you, but while we're not paying for that, there's a possibility that we're paying for someone's international airline tickets in the near future.
Ever give Microsoft your CC info? I'd rather help someone get to Singapore as at least I'd have a chance of getting that money back. :P
I think this is exactly the time for this sort of thing.
What about the Steam account and password you put in to link your Steam account with PSN?
I would be surprised if Steam stuff didn't go through Valve's servers. I see no reason that Sony would have access to any of the information behind a Steam account.
I'm not too worried about Steam, especially with that SteamGuard thing they have. Hopefully my username/password was only stored locally.
Well, I was thinking of changing my main email address to my gmail account. I guess this is as good of a time as any.
What's sort of sad is how probably only a small fraction of the PSN users will even hear about this security breach, I really doubt any casual user is going to be looking up the OFFICIAL PLAYSTATION BLOG for updates. They fire up the console and see that PSN is down and go "meh" and move on.
What's sort of sad is how probably only a small fraction of the PSN users will even hear about this security breach, I really doubt any casual user is going to be looking up the OFFICIAL PLAYSTATION BLOG for updates. They fire up the console and see that PSN is down and go "meh" and move on.
It says directly in the blog that they are emailing all PSN account holders the same info. If someone can't be bothered to check their email, then that's a whole other issue in itself.
True. That's the reason why the fact that it's a perpetual outage, and not an intermittent one, is noteworthy--if it were intermittent, a lot of people probably wouldn't even realize there was any outage at all. Even with it being perpetual, the story behind it will probably remain a mystery to most even after Sony puts out a report.
Unless Sony used some legendarily shitty, HBGary-style hashing for their passwords (which I'm not putting past them) no one should have the actual password you used to log in to PSN.
The hash? Sure. But the actual plaintext? No.
Meh. If you have all the hashes and enough known solutions, hashed passwords are mostly breakable. Especially if they're using a known scheme for the encryption.
Mostly, I'm just shocked that it sounds more like they got a raw database dump from somewhere. Or some system they got into was able to flat out query any record with no form of timed lockout. Or this has actually been compromised for months and nobody noticed it slowly leeching data.
Really, any way you look at it there's both a huge "how the fuck did this happen?" and a huge "and why did you stay dead silent for so long about it?"
kildy on
0
HenroidMexican kicked from Immigration ThreadCentrism is Racism :3Registered Userregular
edited April 2011
I wasn't expecting to read this when getting home.
What's sort of sad is how probably only a small fraction of the PSN users will even hear about this security breach, I really doubt any casual user is going to be looking up the OFFICIAL PLAYSTATION BLOG for updates. They fire up the console and see that PSN is down and go "meh" and move on.
You think this news is going to stay on the Playstation Blog? Besides quickly spreading to pretty much every gaming site in existence, it's going to show up on a lot of mainstream sites as well. This isn't just gaming news anymore; this is potentially one of the biggest cases of identity theft in history.
Doing a google search with a few related keywords, I've already found articles about this whole mess on several big mainstream sites.
Unless Sony used some legendarily shitty, HBGary-style hashing for their passwords (which I'm not putting past them) no one should have the actual password you used to log in to PSN.
The hash? Sure. But the actual plaintext? No.
Meh. If you have all the hashes and enough known solutions, hashed passwords are mostly breakable. Especially if they're using a known scheme for the encryption.
Mostly, I'm just shocked that it sounds more like they got a raw database dump from somewhere. Or some system they got into was able to flat out query any record with no form of timed lockout. Or this has actually been compromised for months and nobody noticed it slowly leeching data.
Really, any way you look at it there's both a huge "how the fuck did this happen?" and a huge "and why did you stay dead silent for so long about it?"
Exactly, if the hacker has a PSN account and knows his own password, and has some friends who also have accounts and passwords, they can reverse engineer the hash.
What's sort of sad is how probably only a small fraction of the PSN users will even hear about this security breach, I really doubt any casual user is going to be looking up the OFFICIAL PLAYSTATION BLOG for updates. They fire up the console and see that PSN is down and go "meh" and move on.
It says directly in the blog that they are emailing all PSN account holders the same info. If someone can't be bothered to check their email, then that's a whole other issue in itself.
when do they plan on doing this? as a plus subscriber, I have yet to see any email.
Connecticut Senator Richard Blumenthal is "demanding answers" about why Sony Computer Entertainment of America failed to inform customers of the data breach of the PlayStation Network on April 20.
"When a data breach occurs, it is essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised," Blumenthal said in a release. "Compounding this concern is the troubling lack of notification from Sony about the nature of the data breach."
Of course, Sony just issued a statement that it says will be emailed to "all of our registered account holders" but, as we noted in our post, it's been nearly six days since the "intrusion" first took place. Blumenthal elaborated, "Although the breach occurred nearly a week ago, Sony has not notified customers of the intrusion, or provided information that is vital to allowing individuals to protect themselves from identity theft, such as informing users whether their personal or financial information may have been compromised."
You say that now, but just wait until a charge for someone else's Xbox Live subscription card shows up on your credit card bill :P
JihadJesus on
0
HenroidMexican kicked from Immigration ThreadCentrism is Racism :3Registered Userregular
edited April 2011
Jake Rodkin (of Idle Thumbs / Telltale Games) on Twitter:
PSN has not once accepted my CC# and billing address as valid, so hey. In your face, everyone who has been able to ever actually enjoy PSN!
Henroid on
0
HenroidMexican kicked from Immigration ThreadCentrism is Racism :3Registered Userregular
edited April 2011
Jesus jumped-up Christ, my Twitter feed is full of people going "oh fuck" over this.
Also I agree with that Senator; Sony should've notified people DAY ONE this may have been the case, not wait until they 'confirm' it. This is so goddamn fucked up.
Henroid on
0
Burden of ProofYou three boys picked a beautiful hill to die on.Registered Userregular
Jake Rodkin (of Idle Thumbs / Telltale Games) on Twitter:
PSN has not once accepted my CC# and billing address as valid, so hey. In your face, everyone who has been able to ever actually enjoy PSN!
I had this same problem ... hopefully none of my failed attempts are stored :P
I also have no idea what my PSN password is, so I guess I need to wait for it to be back up before I see if it matches any others I have.
Thank god I don't use the same password on PSN that I use anywhere else and I'm pretty positive my security questions are also different. At any rate they can't use that information to get into my gmail account and most other sites with CC info on them use a separate e-mail and my gmail can't be connected to them.
I really, REALLY wish I knew what the hell I chose for my security question on PSN though. Its been two years, I can't remember anymore. The odds of being specifically targeted are so low considering how much information they got and it has already been 6 days, but still. I like to play it safe.
Gilder on
0
SteevLWhat can I do for you?Registered Userregular
edited April 2011
So far, I'm pleasantly surprised that I hadn't used that password in places where I thought I actually had.
Not too concerned about the credit card stuff, as it's really easy to catch if you're paying the slightest bit of attention to your bank account. Or you could just cancel it now and get a new card if you're worried about it
I'm more concerned with the fact that I used one of my normal email/pw combo's to sign into the psn, so now I need to go through the internet changing shit. Maybe now is a good time to try something like 1password
I'm more concerned with the fact that I used one of my normal email/pw combo's to sign into the psn, so now I need to go through the internet changing shit. Maybe now is a good time to try something like 1password
This. And the secret question. Really, after having my WoW account hacked through my hotmail account's secret question...urgh. Gonna comb through my email accounts as soon as I get home.
The good news for me is that my PSN password is a retired password that I've been too lazy to update, so I'm not really compromised on anything else because I've updated almost everything else.
But I'm still concerned about personal info being out there, and I'll probably go to the bank tomorrow and talk to them about my card.
"For those who were asking, Sony has just confirmed to me there is currently no way to determine what password you were/are using on PSN. If you're worried at all, you should probably change your password used across the Internet."
If that is true, which for any Software company in 2011 ought to be true that at least dampens it a little bit.
Still: Change your passwords if you re-use them in several services.
What's sort of sad is how probably only a small fraction of the PSN users will even hear about this security breach, I really doubt any casual user is going to be looking up the OFFICIAL PLAYSTATION BLOG for updates. They fire up the console and see that PSN is down and go "meh" and move on.
It says directly in the blog that they are emailing all PSN account holders the same info. If someone can't be bothered to check their email, then that's a whole other issue in itself.
when do they plan on doing this? as a plus subscriber, I have yet to see any email.
Thank you for your patience while we work to resolve the current outage of PlayStation Network & Qriocity services. We are currently working to send a similar message to the one below via email to all of our registered account holders regarding a compromise of personal information as a result of an illegal intrusion on our systems. These malicious actions have also had an impact on your ability to enjoy the services provided by PlayStation Network and Qriocity including online gaming and online access to music, movies, sports and TV shows. We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week.
"For those who were asking, Sony has just confirmed to me there is currently no way to determine what password you were/are using on PSN. If you're worried at all, you should probably change your password used across the Internet."
If that is true, which for any Software company in 2011 ought to be true that at least dampens it a little bit.
Still: Change your passwords if you re-use them in several services.
When PSN was still up, didn't the store.playstation.com website use the same log-in information? I mean it was basically the equivalent of logging into xbox.com as it let you see who was online and such, which means it tied into your PSN ID. If you wrote down that password or had it stored within firefox or something then you can know what it is.
Wait, would the information stored go back to people who played online multiplayer through their PS2?
That's a good question. I haven't used PSN at all, but I can't remember I had some sort of account with Sony back in the day.
I wonder how much this will affect not just Sony, but also the view of sensitive information for consoles. Will newer customers be the more wiser?
V Faction on
Nintendo Network ID: V-Faction | XBL: V Faction | Steam | 3DS: 3136 - 6603 - 1330 PokemonWhite Friend Code: 0046-2121-0723/White2 Friend Code: 0519-5126-2990
"Did ya hear the one about the mussel that wanted to purchase Valve? Seems like the bivalve had a juicy offer on the table but the company flat-out refused and decided to immediately clam up!"
Well I never tied any card to PSN, and I use completely unrelated passwords for important services like banking, etc so the only thing they could have conceivably gotten from me is name, address and email. Still sucks and I've changed my general use password as a precaution.
Sony done fucked up.
Ceno on
0
HenroidMexican kicked from Immigration ThreadCentrism is Racism :3Registered Userregular
edited April 2011
"No, man, nothing is fucked here."
"Nothing is FUCKED? THE GODDAMN PLANE HAS CRASHED INTO THE MOUNTAIN."
Posts
I would be surprised if Steam stuff didn't go through Valve's servers. I see no reason that Sony would have access to any of the information behind a Steam account.
Sony took a whole week to let people know that thier personal information had been compromised, what's to say they're trying to hide the theft of credit card data with that whole "Oh, by the way, we're not sure if credit card records were accessed (because we're all busy sitting around and trying to keep the company stock from tanking), but just in case, well, here are the resources you need to check if it was." bullshit? At this point, I'd just assume that the hackers got everything and act as such.
The last thing Sony wants getting out is that thier credit card records were compromised, because that'll just kill thier reputation further, and not to mention flood the secondary market with PS3 gear and games.
Oh, and I'd never trust Sony with any information for a long, long time. This is right up there with some of the biggest internet fuckups ever, in my opinion.
I can has cheezburger, yes?
I think this is exactly the time for this sort of thing.
I'm not too worried about Steam, especially with that SteamGuard thing they have. Hopefully my username/password was only stored locally.
Well, I was thinking of changing my main email address to my gmail account. I guess this is as good of a time as any.
It says directly in the blog that they are emailing all PSN account holders the same info. If someone can't be bothered to check their email, then that's a whole other issue in itself.
Meh. If you have all the hashes and enough known solutions, hashed passwords are mostly breakable. Especially if they're using a known scheme for the encryption.
Mostly, I'm just shocked that it sounds more like they got a raw database dump from somewhere. Or some system they got into was able to flat out query any record with no form of timed lockout. Or this has actually been compromised for months and nobody noticed it slowly leeching data.
Really, any way you look at it there's both a huge "how the fuck did this happen?" and a huge "and why did you stay dead silent for so long about it?"
You think this news is going to stay on the Playstation Blog? Besides quickly spreading to pretty much every gaming site in existence, it's going to show up on a lot of mainstream sites as well. This isn't just gaming news anymore; this is potentially one of the biggest cases of identity theft in history.
Doing a google search with a few related keywords, I've already found articles about this whole mess on several big mainstream sites.
Zeboyd Games Development Blog
Steam ID : rwb36, Twitter : Werezompire, Facebook : Zeboyd Games
Exactly, if the hacker has a PSN account and knows his own password, and has some friends who also have accounts and passwords, they can reverse engineer the hash.
when do they plan on doing this? as a plus subscriber, I have yet to see any email.
Zeboyd Games Development Blog
Steam ID : rwb36, Twitter : Werezompire, Facebook : Zeboyd Games
I know that dude. He's cool.
Also I agree with that Senator; Sony should've notified people DAY ONE this may have been the case, not wait until they 'confirm' it. This is so goddamn fucked up.
That's terrible.
Goes to show how good Sony is with the whole "security" thing. Guess they should hire a few actual security professionals, from now on.
I had this same problem ... hopefully none of my failed attempts are stored :P
I also have no idea what my PSN password is, so I guess I need to wait for it to be back up before I see if it matches any others I have.
I really, REALLY wish I knew what the hell I chose for my security question on PSN though. Its been two years, I can't remember anymore. The odds of being specifically targeted are so low considering how much information they got and it has already been 6 days, but still. I like to play it safe.
I'm more concerned with the fact that I used one of my normal email/pw combo's to sign into the psn, so now I need to go through the internet changing shit. Maybe now is a good time to try something like 1password
This. And the secret question. Really, after having my WoW account hacked through my hotmail account's secret question...urgh. Gonna comb through my email accounts as soon as I get home.
But I'm still concerned about personal info being out there, and I'll probably go to the bank tomorrow and talk to them about my card.
...that was a good answer. :winky:
One word: Negligence.
Not telling consumers their information is compromised until 6 days later absolutely qualifies as such.
From the blog post itself, right at the top:
When PSN was still up, didn't the store.playstation.com website use the same log-in information? I mean it was basically the equivalent of logging into xbox.com as it let you see who was online and such, which means it tied into your PSN ID. If you wrote down that password or had it stored within firefox or something then you can know what it is.
At least we don't have brain hackers, yet.
I wonder how much this will affect not just Sony, but also the view of sensitive information for consoles. Will newer customers be the more wiser?
Pokemon White Friend Code: 0046-2121-0723/White 2 Friend Code: 0519-5126-2990
"Did ya hear the one about the mussel that wanted to purchase Valve? Seems like the bivalve had a juicy offer on the table but the company flat-out refused and decided to immediately clam up!"
Sony done fucked up.
"No, man, nothing is fucked here."
"Nothing is FUCKED? THE GODDAMN PLANE HAS CRASHED INTO THE MOUNTAIN."