Yeah....the credit card situation is not really a problem. I've had cards and numbers stolen before and even had a new card issued because it was in a compromised database. I suspect that Sony will notify the CC companies that the numbers may have been stolen and everyone will get a new card. Annoying, but not the end of the world. No PSN customers are going to be out any $ related to that.
What is a huge issue is those compromised e-mail addresses and passwords. Your Paypal account could easily be looted if you use the same password for everything or even something that could be derived from your PSN password.
Jake Rodkin (of Idle Thumbs / Telltale Games) on Twitter:
PSN has not once accepted my CC# and billing address as valid, so hey. In your face, everyone who has been able to ever actually enjoy PSN!
I had this same problem ... hopefully none of my failed attempts are stored :P
I also have no idea what my PSN password is, so I guess I need to wait for it to be back up before I see if it matches any others I have.
Yeah, it never let me buy anything with my credit card so I swapped to the prepaid cards... really hoping my info didn't save. Somehow it seems worse to me if someone stole my info after I myself was unable to ever use it.
I also have changed every password I can think of connecting to PSN, even though I know I didn't use the same password. I'm not losing my Steam or email accounts over this stupidity.
With the data that's been stolen, people should go and put an 'initial fraud alert' on their identities with experian or something (like it say's in the blog). These criminals if they have the data will be mainly interested in opening false accounts in your name, more so than stealing money directly from your cards, since that can be quickly cancelled as most people will notice. By putting a fraud alert on your account you make it so that you can't really get an account without the bank calling the number you provide to confirm you want it.
If I can think of one upside to all this, it's that if things get so bad that we'll be forced to create new usernames/accounts/whatever (while somehow making sure all our purchases, trophies and such are kept intact), I'll finally be able to create a username that won't get spammed with 10 friend requests a day (half of them Spanish).
What is a huge issue is those compromised e-mail addresses and passwords.
If you can ring up your bank, have forgotten your telephone banking password or whatever, what are the questions they'll ask you? What's your name, address, date of birth, and to prove it's really you, some banks will ask you to tell them one of your accounts and/or a recent transaction on it.
What have Sony lost control over? Your name, address, date of birth and your transaction history, along with any secret question answers you might have given.
This is a treasure trove of information for identity thieves. The emails and passwords is just a bonus on top of that.
With the data that's been stolen, people should go and put an 'initial fraud alert' on their identities with experian or something (like it say's in the blog). These criminals if they have the data will be mainly interested in opening false accounts in your name, more so than stealing money directly from your cards, since that can be quickly cancelled as most people will notice. By putting a fraud alert on your account you make it so that you can't really get an account without the bank calling the number you provide to confirm you want it.
The thing that sucks is that with a 6 day head start, even if a criminal is apprehended, it is very likely that any or all stolen data has already been offloaded and replicated to the point that it is unrecoverable (irrecoverable?).
What bothers me is that there is enough information they have which cannot even be changed: name, address, country, birthdate. That alone could be enough for identity theft
An unauthorized person stole names, addresses and other personal data belonging to about 77 million people who have accounts on Sony Electronics' PlayStation Network, Sony said on Tuesday.
What is a huge issue is those compromised e-mail addresses and passwords.
If you can ring up your bank, have forgotten your telephone banking password or whatever, what are the questions they'll ask you? What's your name, address, date of birth, and to prove it's really you, some banks will ask you to tell them one of your accounts and/or a recent transaction on it.
What have Sony lost control over? Your name, address, date of birth and your transaction history, along with any secret question answers you might have given.
This is a treasure trove of information for identity thieves. The emails and passwords is just a bonus on top of that.
That's why we should all get the initial fraud alert set up. Now, I don't think there's a huge chance this will come to result in vast online fraud (too many names to exploit efficiently) you make yourself a poor target by setting this up. While you can get past this fraud alert, if you have one in place and 90% of people don't, the thieves will go for the unprotected people.
A theft of this magnitude will likely create such a furor that the people responsible for it will hopefully be unable to exploit their takings. Online theft is so effective because it's small and tough to justify the resources to track down the criminals, a theft like this is a different scale. If it's as bad as it seems I could see a whole new set of laws coming down to limit access to personal information 'instantly' online.
Update 2: Regarding rumors Sony may have notified banks days ahead of disclosing today's revelations to the public, I have since contacted customer service representatives at both Bank of America and Chase. I personally have accounts at both financial firms and the representatives claimed to have received no information from Sony about a mass breach of credit information.
Update 3: Valve has just told me that anyone who connected their PlayStation Network account to Steam via Portal 2 should not be worried, either.
"Steam has nothing to do with the PSN outage," said the company in the statement.
An unauthorized person stole names, addresses and other personal data belonging to about 77 million people who have accounts on Sony Electronics' PlayStation Network, Sony said on Tuesday.
That's one hell of a headline.
Well, usually I'm against that sort of thing, but given Sony's extreme lateness in this situation people need to react fast.
Henroid on
0
Johnny ChopsockyScootaloo! We have to cook!Grillin' HaysenburgersRegistered Userregular
edited April 2011
Just opened a fraud alert with Experian. Thankfully, I'm moving in a few weeks so at least one of the pieces of info the douchebag hacker shitheels got about me is about to become useless.
Thankfully, the only thing I "purchased" off of PSN was actually paid for on Ubisoft's site, so I shouldn't have to worry about my CC being compromised...
Now to check my passwords to see what I used and where and change them over.
I'm sure its been said, but i just heard about this and wow, i can't believe sony wasn't hashing the passwords, that's the first thing any lowly network admin learns let alone guys who are supposed to be in charge of security
You say that now, but just wait until a charge for someone else's Xbox Live subscription card shows up on your credit card bill :P
Now that is what I'm talking about!
Sorry if my previous statements got out of hand, I was just trying to lighten things up a bit. I've run into two previous someone maybe, possibly has your CC info boondoggles on my debit card. It's fun as hell when they get cancelled on you out of nowhere until the bank calls/writes you or you get the new card in the mail.
Every journo right now is waiting for that first account of identity theft. The first sporadic purchase of flight tickets, leaving someone without groceries for a week. Then it changes from a corporate story to a human story, and it will be remembered outside of the gaming community.
And then Fox News will run:
Violent video games lead to identity theft
Sources show that children as young as 8 are playing violent video games in order to give away their parents' credit card details to hackers.
Ace Jon on
Yours truly, Ace Jon.
0
Johnny ChopsockyScootaloo! We have to cook!Grillin' HaysenburgersRegistered Userregular
Just opened a fraud alert with Experian. Thankfully, I'm moving in a few weeks so at least one of the pieces of info the douchebag hacker shitheels got about me is about to become useless.
Thankfully, the only thing I "purchased" off of PSN was actually paid for on Ubisoft's site, so I shouldn't have to worry about my CC being compromised...
Now to check my passwords to see what I used and where and change them over.
Yeah, going through my accounts and passwords right now to see what I might need to change. Checking your email for the DoNotReply email from PSN lets you know what address and name you put, as well as the credit card to added to PSN. I also only ever bought one thing for PSN and it was off Ubisoft's website. Also, it seems that my old address is what is on file...I should still probably change it when PSN gets back up.
Luckily I already changed most of my passwords when Gawker leaked my stuff last time. >_>
Pro: I managed to buy FF7 for my PSP about a week before this outage hit
Con: my impeccable timing means I gave them all my important info, CC#, etc, right before it was about to get compromised.
Al_wat on
0
NocrenLt Futz, Back in ActionNorth CarolinaRegistered Userregular
edited April 2011
Hmm.... I boxed up my PS3 in september of last year and hadn't booted up much before that... But I'm pretty sure I purchased stuff (with an old card) and I have moved since then... I wonder how affected I'll be.
With the data that's been stolen, people should go and put an 'initial fraud alert' on their identities with experian or something (like it say's in the blog). These criminals if they have the data will be mainly interested in opening false accounts in your name, more so than stealing money directly from your cards, since that can be quickly cancelled as most people will notice. By putting a fraud alert on your account you make it so that you can't really get an account without the bank calling the number you provide to confirm you want it.
needs to not be botp
So what exactly is the 'make yourslef hard to steal' checklist here?
1. Call card issuer, ask for a new card
2. Call your bank and let them know someone might have this personal info
3. Go to......anti-ID theft site and.....?
Are you pretty much covered if you do the first two, or what?
JihadJesus on
0
Triple BBastard of the NorthMARegistered Userregular
Same here. You're able to do it right on their website, and it takes all of about 30 seconds. There's no reason anyone who uses PSN should not do this. Man, Sony's going to eat some serious shit for this if a lot of people end up getting fucked over as bad as they potentially could.
I'm not worried myself. I already have strong safeguards and checks on my finances and my PSN password isn't attached to anything important.
But for fucks sake Sony. How the fucking hell do you wait this long to notify people that might not be as proactive with their finances?
Meh i've had identify theft problems in the past and found it very easy to deal with "this isn't my debt, i never opened that credit card, i don't live in xxx" done. And the credit card i had on file with sony expires at the end of this month anyway so i'm not going to bother doing anything
FiggyFighter of the night manChampion of the sunRegistered Userregular
edited April 2011
I'm just going to second/third/fourth/whateverth the [strike]suggestion[/strike] demand that all PSN users put a fraud alert on their credit file.
I had a Rogers Wireless account open in my name a little while ago, and the only way I found out is from simultaneous letters from both a collection agency and a lawyer's office about the $1500 or whatever I "owed." It's not easy to get fixed. It involves a lot of calls/visits. You're treated like the criminal until it's proven you aren't. It is not fun.
And don't think you're "safe" because your card is expiring soon or you are moving or something. They don't need all of your information to be correct. In fact, they will purposely change some of it around so that it doesn't match up if you currently have an actual account on whatever service they're trying to scam.
Get this shit done yesterday. I should also note that even though a credit alert exists on your file, that doesn't mean creditors/companies have to call you before authorizing an account. Sometimes they ignore them.
Meh i've had identify theft problems in the past and found it very easy to deal with "this isn't my debt, i never opened that credit card, i don't live in xxx" done. And the credit card i had on file with sony expires at the end of this month anyway so i'm not going to bother doing anything
You're being a goose right here. I can charge something to your credit card after it has expired, and it will just move over to your newly issued card. For example, if you sign up for a monthly subscription under a contract, you can't just cancel that credit card and avoid charges. You'll still be charged. If it turns out the company can't bill your credit card, they'll just keep accumulating your debt until it reaches critical mass and then sell it to a collection agency.
I know you want to act tough here and brush this off, but don't. It's not always easy to dispute a file on your credit report, and the only way you're going to find out about it is by getting some asshole collector calling you a low-life scumbag. Do you think the people using your info are going to politely use your current address to open false accounts/buy cell phones/etc? They don't want you to get a bill in the mail. You won't get a bill in the mail. You'll have a disconnected account in your name, building up charges, interest, and hits on your credit file.
Help a brotha out, what exactly am I supposed to be doing with Experian?
Go here and click the 90 day thingy. This is free to do, and you can do it as soon as the initial 90 days expire if you feel you need to. Also, let me second that it's not a bad idea to call your bank or whoever issued your debit/credit card and ask them to immediately cancel your current one and send you a new one.
Posts
What is a huge issue is those compromised e-mail addresses and passwords. Your Paypal account could easily be looted if you use the same password for everything or even something that could be derived from your PSN password.
The Pipe Vault|Twitter|Steam|Backloggery|3DS:1332-7703-1083
Yeah, it never let me buy anything with my credit card so I swapped to the prepaid cards... really hoping my info didn't save. Somehow it seems worse to me if someone stole my info after I myself was unable to ever use it.
I also have changed every password I can think of connecting to PSN, even though I know I didn't use the same password. I'm not losing my Steam or email accounts over this stupidity.
Oh thank god. I just thought about this a while ago... Fuck...
EDIT: Now I just have to worry about everything else.
Gamer Tag: LeeWay0
PSN: Leeway0
Blog||Tumblr|Steam|Twitter|FFXIV|Twitch|YouTube|Podcast|PSN|XBL|DarkZero
If you can ring up your bank, have forgotten your telephone banking password or whatever, what are the questions they'll ask you? What's your name, address, date of birth, and to prove it's really you, some banks will ask you to tell them one of your accounts and/or a recent transaction on it.
What have Sony lost control over? Your name, address, date of birth and your transaction history, along with any secret question answers you might have given.
This is a treasure trove of information for identity thieves. The emails and passwords is just a bonus on top of that.
Steam
needs to not be botp
3DS friend code: 4811-7214-5053
edit: I should type faster, it seems.
That's one hell of a headline.
That's why we should all get the initial fraud alert set up. Now, I don't think there's a huge chance this will come to result in vast online fraud (too many names to exploit efficiently) you make yourself a poor target by setting this up. While you can get past this fraud alert, if you have one in place and 90% of people don't, the thieves will go for the unprotected people.
A theft of this magnitude will likely create such a furor that the people responsible for it will hopefully be unable to exploit their takings. Online theft is so effective because it's small and tough to justify the resources to track down the criminals, a theft like this is a different scale. If it's as bad as it seems I could see a whole new set of laws coming down to limit access to personal information 'instantly' online.
Well, usually I'm against that sort of thing, but given Sony's extreme lateness in this situation people need to react fast.
Thankfully, the only thing I "purchased" off of PSN was actually paid for on Ubisoft's site, so I shouldn't have to worry about my CC being compromised...
Now to check my passwords to see what I used and where and change them over.
Steam ID XBL: JohnnyChopsocky PSN:Stud_Beefpile WiiU:JohnnyChopsocky
from the sound of it, nothing
Now that is what I'm talking about!
Sorry if my previous statements got out of hand, I was just trying to lighten things up a bit. I've run into two previous someone maybe, possibly has your CC info boondoggles on my debit card. It's fun as hell when they get cancelled on you out of nowhere until the bank calls/writes you or you get the new card in the mail.
The Pipe Vault|Twitter|Steam|Backloggery|3DS:1332-7703-1083
And then Fox News will run:
Violent video games lead to identity theft
Sources show that children as young as 8 are playing violent video games in order to give away their parents' credit card details to hackers.
Eh, you can play it again. The Lebowski card is one that never gets old and holds up to repeat viewings.
Steam ID XBL: JohnnyChopsocky PSN:Stud_Beefpile WiiU:JohnnyChopsocky
Yeah, going through my accounts and passwords right now to see what I might need to change. Checking your email for the DoNotReply email from PSN lets you know what address and name you put, as well as the credit card to added to PSN. I also only ever bought one thing for PSN and it was off Ubisoft's website. Also, it seems that my old address is what is on file...I should still probably change it when PSN gets back up.
Luckily I already changed most of my passwords when Gawker leaked my stuff last time. >_>
3DS Friend Code: 2165-6448-8348 www.Twitch.TV/cooljammer00
Battle.Net: JohnDarc#1203 Origin/UPlay: CoolJammer00
Oh okay.
Con: my impeccable timing means I gave them all my important info, CC#, etc, right before it was about to get compromised.
1. Call card issuer, ask for a new card
2. Call your bank and let them know someone might have this personal info
3. Go to......anti-ID theft site and.....?
Are you pretty much covered if you do the first two, or what?
Same here. You're able to do it right on their website, and it takes all of about 30 seconds. There's no reason anyone who uses PSN should not do this. Man, Sony's going to eat some serious shit for this if a lot of people end up getting fucked over as bad as they potentially could.
But for fucks sake Sony. How the fucking hell do you wait this long to notify people that might not be as proactive with their finances?
// Switch: SW-5306-0651-6424 //
As badly as Sony has bungled this, again, my rage is mostly fueled at those HAXZOR fuckers who like to pretend what they do isn't plain criminal.
The most that could happen is someone could get my email address, and that's not even the one I use for most things
PSN ID : DetectiveOlivaw | TWITTER | STEAM ID | NEVER FORGET
Unrelated. I was going to close it anyway.
3DS Friend Code: 2165-6448-8348 www.Twitch.TV/cooljammer00
Battle.Net: JohnDarc#1203 Origin/UPlay: CoolJammer00
I had a Rogers Wireless account open in my name a little while ago, and the only way I found out is from simultaneous letters from both a collection agency and a lawyer's office about the $1500 or whatever I "owed." It's not easy to get fixed. It involves a lot of calls/visits. You're treated like the criminal until it's proven you aren't. It is not fun.
And don't think you're "safe" because your card is expiring soon or you are moving or something. They don't need all of your information to be correct. In fact, they will purposely change some of it around so that it doesn't match up if you currently have an actual account on whatever service they're trying to scam.
Get this shit done yesterday. I should also note that even though a credit alert exists on your file, that doesn't mean creditors/companies have to call you before authorizing an account. Sometimes they ignore them.
You're being a goose right here. I can charge something to your credit card after it has expired, and it will just move over to your newly issued card. For example, if you sign up for a monthly subscription under a contract, you can't just cancel that credit card and avoid charges. You'll still be charged. If it turns out the company can't bill your credit card, they'll just keep accumulating your debt until it reaches critical mass and then sell it to a collection agency.
I know you want to act tough here and brush this off, but don't. It's not always easy to dispute a file on your credit report, and the only way you're going to find out about it is by getting some asshole collector calling you a low-life scumbag. Do you think the people using your info are going to politely use your current address to open false accounts/buy cell phones/etc? They don't want you to get a bill in the mail. You won't get a bill in the mail. You'll have a disconnected account in your name, building up charges, interest, and hits on your credit file.
Take care of it.
Go here and click the 90 day thingy. This is free to do, and you can do it as soon as the initial 90 days expire if you feel you need to. Also, let me second that it's not a bad idea to call your bank or whoever issued your debit/credit card and ask them to immediately cancel your current one and send you a new one.