Squid Division

Sony Shitshow

Recommended Posts

PSN Security Breach

I'm sure most everyone has heard about this already, but this is ridiculous. To me, it seems like the last nail in the coffin for any credibility Sony had this generation. They're really going to have to shake up the company and come out unbelievably strong with their next console if they're serious about staying in the race.

Share this post


Link to post
Share on other sites

A lot of bad things have happened in this generation for Sony. PS3 gets hacked, PSN goes down/comprimised, PSPGo, Poor PS3 sales, Poor PSP sales, selling consoles at a huge loss and with the mother-ship leaking money like a sieve, they are not in good waters.

Share this post


Link to post
Share on other sites

Don't forget the rampant PSP piracy.

This is really disgusting though, this current situation.

I want to see Sony go after the people who caused this.

Share this post


Link to post
Share on other sites

I still don't see why people are celebrating the hackers that have stolen their personal information.

Share this post


Link to post
Share on other sites
I still don't see why people are celebrating the hackers that have stolen their personal information.

Claims were issued on behalf of Anon that this was not part of their protest attacks, but... Anon isn't exactly a unified group.

Share this post


Link to post
Share on other sites
A lot of bad things have happened in this generation for Sony. PS3 gets hacked, PSN goes down/comprimised, PSPGo, Poor PS3 sales, Poor PSP sales, selling consoles at a huge loss and with the mother-ship leaking money like a sieve, they are not in good waters.

Sony have been having problems with more than there Computer Entertainment division. Though it is ridiculous that this could happen, I really hope that Sony offers some compensation to those affected.

Share this post


Link to post
Share on other sites

My gut feeling is that this was a hack done for profit, not to prove a point, which would probably take Anonymous out of the picture. And if it was done for profit, then it's probably a sophisticated enough hack that Sony couldn't reasonably be expected to have prevented it.

Share this post


Link to post
Share on other sites

It really does suck, I was trying to play Portal Coop on the PS3 version, and I've been absolutely loving Mortal Kombat. Fortunately, those games have strong single player components I can distract myself with while the issues are sorted out.

Share this post


Link to post
Share on other sites

It's hard to know what really happened, the fact that the "attack" happened right before the "Holy Week" started didn't help much either.

Some people are saying that the hacker just hacked some admin's account and he MIGHT have use it to access our info.

It's looks like I was "lucky", I bought some PSN games for my PSP for my Easter trip right before PSN fell, I still have money in that "wallet" though.

I do think some people are making strange leaps of logic:

-Did Sony ever say the hacker has EVERY BODIES' info? The press release shows an email with the info about the outage, I never got one. Not everybody checks the blogs or other gaming sites that often, did Sony forget to inform everybody or are the only informing the people who got hacked for real?

-People say Sony said they knew what happened a week ago, but from what I've read, they knew of the security breach a week ago, they never said they knew what the hacker did the moment they found out about the breach.

Yes, they could have told us about the breach, but would it be a good idea to make us panic before they knew what the hacker did?

I don't know much about hacking and data security, but from what I've heard something doesn't add up, shouldn't our info be encrypted?

The "hacker hacked an admin" seems to be the most logical and probable situation and Sony's real mistake is not giving us enough information and not giving it sooner, but.... I still don't believe they knew that early what happened? :erm:

EDIT: Of course, it's also possible that the hackers hacked some PSN accounts, but I don't think he had the time or resources to hack EVERY account. That would explain the email thing, maybe only a few accounts were hacked and only those who were affected got the email?

Edited by Tanukitsune

Share this post


Link to post
Share on other sites
It's looks like I was "lucky", I bought some PSN games for my PSP for my Easter trip right before PSN fell, I still have money in that "wallet" though.

I think you're missing the point here, it's not some kid jacking your account and buying a bunch of DLC, somebody lifted a ton of personal information from their servers. Just because it hasn't already happened doesn't mean it won't. Your information is potentially floating around out there, waiting to be exploited. You're going to want to AT LEAST change your password. (And if you used that same password for any other services, change those too.)

-Did Sony ever say the hacker has EVERY BODIES' info? The press release shows an email with the info about the outage, I never got one. Not everybody checks the blogs or other gaming sites that often, did Sony forget to inform everybody or are the only informing the people who got hacked for real?

This is important to keep in mind, we don't know the extent of the breach. For all we know, they might have ended up with almost nothing, or they might have gotten everything. No way to know. The fact Sony wigged out and pulled the whole service off line probably indicates that it was a serious intrusion. The fact that they pulled it off line also suggests they may have stopped said intrusion while it was happening.

I don't know much about hacking and data security, but from what I've heard something doesn't add up, shouldn't our info be encrypted?

The reality is that nothing on the internet is really very secure at all. If somebody wants to get at something, they'll find a way. So unless it comes out that Sony was doing something extraordinarily bone-headed with how they're managing their customers' security, i wouldn't be leaping to put a lot of blame on them. It's more important that the guilty parties be tracked down, stuff like this shouldn't be allowed to pass.

Share this post


Link to post
Share on other sites
I think you're missing the point here, it's not some kid jacking your account and buying a bunch of DLC, somebody lifted a ton of personal information from their servers. Just because it hasn't already happened doesn't mean it won't. Your information is potentially floating around out there, waiting to be exploited. You're going to want to AT LEAST change your password. (And if you used that same password for any other services, change those too.)

This is important to keep in mind, we don't know the extent of the breach. For all we know, they might have ended up with almost nothing, or they might have gotten everything. No way to know. The fact Sony wigged out and pulled the whole service off line probably indicates that it was a serious intrusion. The fact that they pulled it off line also suggests they may have stopped said intrusion while it was happening.

The reality is that nothing on the internet is really very secure at all. If somebody wants to get at something, they'll find a way. So unless it comes out that Sony was doing something extraordinarily bone-headed with how they're managing their customers' security, i wouldn't be leaping to put a lot of blame on them. It's more important that the guilty parties be tracked down, stuff like this shouldn't be allowed to pass.

So basically, we have no idea what the hacker got or how much he got, right?

How am I to change my PSN password if PSN is down? I don't even remember it, but I'm sure I don't have anything important with that password... I have to type that password with a gamepad, not a keyboard, how complex could it be? ;(

I really feel like Sony isn't giving us enough info and some people are panicking, while most are being their "normal" angry little nerdlings....

Some kid at the Sony blog claims that he heard that someone's credit card was already used illegally, the fact it didn't happen to him seem convenient...

I have a debit card on my EU and I'm not cancelling it unless I see some fraudulent activity going on, but it looks like if the credit card thing is real, it should only affect US PSN users?

Share this post


Link to post
Share on other sites

fuck...

I didn't have my CC in PSN up to the 17th of April (I "removed" it before that), at which time I bought the Hobo King DLC...

And because I'm in India right now it is very inconvenient to cancel my CC

Share this post


Link to post
Share on other sites

I'm not going to cancel my credit card until more is known. For one thing, my bank will refund me if anything is purchased fraudulently. For another, unless Sony are absolute dipshits, they'll have encrypted the credit details. I don't know about other countries, but it's law in Australia that computer systems must have CC details encrypted so that not even admin users can view them. In general, they'll be encrypted with the bank (or credit card service)'s public key when the user first submits it and after that, Sony would only need to send the encrypted version to the bank/service when a transaction is performed.

Share this post


Link to post
Share on other sites

Ugh, I think the real failure here isn't with security, but with the handling of the issue, everybody is panicking and cancelling their credit cards...

I work in a small market and even they were all abuzz with the Sony news, they should make a new press release soon with something more specific.

I just realize that since PSN is down, my PSP is "locked" to it's US account, so I can only play the downloaded US games I have until PSN is back up.

People have said that Microsoft gave away a free game when XBL was down for a day, I don't remember this happening at all, but I wonder if Sony will try to give us something free too? At least the PSN+ users, because we are paying for an account?:erm:

Share this post


Link to post
Share on other sites

I'd still say that the security failure is by far the biggest problem and not the way they handled the situation. That's 77 million users, for god's sake! If it really was practically impossible to secure personal data, we would already have lost them many times over through Google, Facebook (hah!), Paypal and whatever.

Having said that, their handling of the issue has by no means been good. I would have liked to know about the possible loss of personal information immediately after Sony start suspecting it, in order to change my passwords on other services (although, I don't think I have the same email and password combination elsewhere). By now they should have sent an email to all the PSN users.

I have a debit card on my EU and I'm not cancelling it unless I see some fraudulent activity going on, but it looks like if the credit card thing is real, it should only affect US PSN users?

How so?

Share this post


Link to post
Share on other sites

I'm not keen on the incredibly sensational response on the internet. People explaining where's the best place to sell your PS3, people saying they're "Going to sell their PS3s", that they're never going to buy ANY SONY products ever again.

The situation sucks, but it's no different to having it stolen from any other place. It's just because it's Sony that people are getting so into this.

Share this post


Link to post
Share on other sites
I'd still say that the security failure is by far the biggest problem and not the way they handled the situation. That's 77 million users, for god's sake! If it really was practically impossible to secure personal data, we would already have lost them many times over through Google, Facebook (hah!), Paypal and whatever.

Having said that, their handling of the issue has by no means been good. I would have liked to know about the possible loss of personal information immediately after Sony start suspecting it, in order to change my passwords on other services (although, I don't think I have the same email and password combination elsewhere). By now they should have sent an email to all the PSN users.

How so?

I'm assuming they don't have one server with every PSN account but one server per region? When the "original" anon PSN take down happened I could access my Euro PSN account, but not the US one, so I'm assuming they don't have everything centralized?

Then again, they did take down the whole PSN instead of just the US part so I might be wrong. :erm:

Share this post


Link to post
Share on other sites
I'm not keen on the incredibly sensational response on the internet. People explaining where's the best place to sell your PS3, people saying they're "Going to sell their PS3s", that they're never going to buy ANY SONY products ever again.

The situation sucks, but it's no different to having it stolen from any other place. It's just because it's Sony that people are getting so into this.

Fuck no. I had my card details stolen from ordering a Christmas present, I'm not going to use that company again, simply on principle. If they make a mistake, which costs me money, or has the chance to they can fuck off. Most fraud cases require you to pay the first £50 or so. Sony aren't being honest with their customers, whether or not they know the whole story,they should come out with everything they know, as well as what they don't know. Besides I haven't seen an official Sony apology which should have happened days ago.

Sony have dealt with this whole situation terribly, and those affected need to know what has happened.

Share this post


Link to post
Share on other sites

I think this is PR disaster, not a security one.

Sony's PR isn't being open with us, they aren't telling us exactly what was stolen and from whom.

They say there are 77 million PSN accounts, so I think it's more plausible that the hacker got into an admin account which has access to these accounts, instead of actually hacking 77 million accounts, which it's seems some people think happened.

They are probably being very thorough and trying to figure out what the hacker had access to during the attack, but I seriously doubt there is a hacker with my debit card info buying a yacht now... I have a limit anyway... :mock:

I'm not going to panic until Sonic actually makes another statement, which they should... SOON!

Share this post


Link to post
Share on other sites

First of all, if the hackers have access to our passwords, this means Sony are terrible at computer security (nobody, not even Sony, should have access to our PSN passwords). Secondly, if they knew that credit card details couldn't possibly have been compromised, they would have said so. They said they're not sure, and they're having an external company look into it. This indicates to me that there is a non-trivial probability that my name, address, birthday, credit card number and credit card expiration dates is now in the hands of a criminal mastermind.

Just to be sure, I've ordered a new card, which will make all my credit card numbers stored on more or less secure servers around the internet useless. There's a very slight annoyance with having to enter the new details in some places, but the feeling of having regained a temporary control over my bank account is priceless.

Share this post


Link to post
Share on other sites
I think this is PR disaster, not a security one.

How is this not a security disaster? Even if credit card details haven't been stolen, there is still the issue of those 77 million email addresses, passwords and address details no one should be able to reach ever. The email/username and password pairing alone is a huge problem.

Q.6 Does that mean all users’ information was compromised? Tell us more in details of what personal information leaked.

In terms of possibility, yes. We believe that an unauthorized person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity password, login, password security answers, and handle/PSN online ID. It is also possible that your profile data may have been obtained, including purchase history and billing address (city, state/province, zip or postal code). If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. If you have provided your credit card data through PlayStation Network or Qriocity, it is possible that your credit card number (excluding security code) and expiration date may also have been obtained.

Share this post


Link to post
Share on other sites
I think this is PR disaster, not a security one.

Sony's PR isn't being open with us, they aren't telling us exactly what was stolen and from whom.

They say there are 77 million PSN accounts, so I think it's more plausible that the hacker got into an admin account which has access to these accounts, instead of actually hacking 77 million accounts, which it's seems some people think happened.

They are probably being very thorough and trying to figure out what the hacker had access to during the attack, but I seriously doubt there is a hacker with my debit card info buying a yacht now... I have a limit anyway... :mock:

I'm not going to panic until Sonic actually makes another statement, which they should... SOON!

If it's not a security disaster then why would PSN have been down for a week? Having to rebuild the entire system, which is a clear sign that it has been catastrophic for Sony.

Share this post


Link to post
Share on other sites

Yes, someone hacked into "something" PSN related, they may have actually managed to hack each and every of the 77 million accounts out there, but the fact that Sony is being so vague is what seems to disastrous to me.

Sony keeps using "may", "we believe", "probability" and other vague words, we don't really know what the hacker did, it's probably something big since they took down PSN is a good hint, but the fact the Sony's PR isn't telling us what happened is the real problem here.

If my memory serves me well, Sony tends to be on the news every once in a while because of some PR disaster.

This is like having a "ye olde" messenger tell you that: "The castle is in lock down because something happened to the King, but it's possibly that they had access to the royal treasury?". Sure, whatever happened is probably bad, but the messenger is only making matters worse by not telling us everything, or at least more.

We need to hear from a tech guy, not some PR drone!

We know nothing about Sony's security. Is our info encrypted? Were is it stored? Can an admin have access to it? Is everything one one server? Is there a server for each region?

Who knows, maybe Sony is so incompetent they just have our info in a server whose only protection is a post-it note that reads "Please don't steal" on it, but all I know is that a hacker did something big, but who knows, maybe Sony is so incompetent that they turned PSN off for some stupid reason and don't want to admit it.

All we know is that:

A) Sony says they were hacked.

B) PSN is down.

C) Sony says there is a chance the hacker has your info.

It's up to you to think whether there is a hacker buying yachts with your credit card or not, but the vagueness is the most bothersome part here to me.

I have no idea how bad the security breach is, but it's obvious that Sony's PR is doing a disastrous job here, just look at how many people are panicking! A PR's job is to make good news look awesome and bad news look like good news, or at least make the bad news not look worse, which is what they doing here. The fact that so many people are going to cancel they credit cards and that some are even going to sue Sony is proof of what a terrible job their PR did.

It's possible that Sony's tech team is equally incompetent, but since they won't tell us any more, the real incompetence I see here is from Sony's PR.

EDIT: I just realized they probably said that our accounts might have been compromised simply to cover their asses legally in case something does happen to them? :erm:

Edited by Tanukitsune

Share this post


Link to post
Share on other sites
My gut feeling is that this was a hack done for profit, not to prove a point, which would probably take Anonymous out of the picture. And if it was done for profit, then it's probably a sophisticated enough hack that Sony couldn't reasonably be expected to have prevented it.

It's completely reasonable to expect huge powerful companies that ask for my information to be able to protect it. I had that expectation and had to have my card cancelled this morning. Then I have to change all of my passwords anywhere, since I can't remember which password I had for PSN and where else I used it. And maybe then move or something because they know my address :X It's fucking atrocious and shouldn't have happened.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now