PSN Down


Recommended Posts

A lot of people here are mentioning that the information was kept in a plain text file, and not encrypted. I'm just wondering if there is any truth in this or if it's just rumour and speculation?

Link to comment
Share on other sites

Never use a debit card online. You are much safer with a credit card. With a debit card they can drain your bank account.

Never used a debit card anywhere in my opinion (unless you're withdrawing cash obviously).

With a credit card, the money that's spent isn't yours. So as long as you're responsible in terms of paying off your transactions every month, the credit card is the safest and most efficient way to spend.

(Of course, far too many people are careless fools when it comes to anything financial, so things don't always play out so well)

I don't have a credit limit guys, so I don't use a credit card. I use a VISA debit card.

Link to comment
Share on other sites

A lot of people here are mentioning that the information was kept in a plain text file, and not encrypted. I'm just wondering if there is any truth in this or if it's just rumour and speculation?

i think if it had been encrypted they would have said so to mitigate the bad press such a data breach would have caused. the wording of the statement on the blog:

"Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID"

if it was encrypted, they would have either said "however, this information has been encrypted" or similar. the have made no mention of any encryption being used in their backend database thus far, suggesting that it wasn't encrypted.

Link to comment
Share on other sites

I see, yes that could be construed as saying that the information wasn't encrypted. But you could also say the same thing if the database was encrypted, but a copy of it was made nevertheless. They would still have the data, albeit encrypted.

Link to comment
Share on other sites

I don't have a credit limit guys, so I don't use a credit card. I use a VISA debit card.

Which has direct access to your bank account. Not a good idea for online use. Another option is a pre-paid Visa.

Link to comment
Share on other sites

I see, yes that could be construed as saying that the information wasn't encrypted. But you could also say the same thing if the database was encrypted, but a copy of it was made nevertheless. They would still have the data, albeit encrypted.

i just think that if the database or any part of the data was encrypted they would have said so to try and lessen the pr disaster which has followed. i remember a data breach here in the uk a few years ago (here: http://news.bbc.co.uk/1/hi/7103940.stm) where they used the term 'password protected' to try and put a positive spin on it. i will try and find a source, but i was told that in that particular case the file was just an office document which was password protected... so not very secure at all

my point is, is that if it was protected or scrambled in any way i'm fairly certain would have said so.

Link to comment
Share on other sites

Then sue Sony.

If you think Sony did something wrong, go find a lawyer. I bet he'd gladly work for a contingency fee basis because there are 70 million potential plaintiffs.

We'll see where things go. I'm keeping all options open, as I would advise anyone else with a PSN account to do.

Sony sued for PlayStation Network data breach

Like clockwork, the first lawsuit resulting from the security breach of the personal data of more than 75 million Sony PlayStation Network customers has been filed.

The suit was filed today on behalf of Kristopher Johns, 36, of Birmingham, Ala., in the U.S. District Court for the Northern District of California. Johns accuses Sony of not taking "reasonable care to protect, encrypt, and secure the private and sensitive data of its users."

He also believes Sony took too long to notify him and other customers that their personal information had been exposed. Because of that, the complaint alleges, Sony did not allow its customers "to make an informed decision as to whether to change credit card numbers, close the exposed accounts, check their credit reports, or take other mitigating actions."

The lawsuit is asking for monetary compensation and free credit card monitoring, and is seeking class action status.

Yesterday, Sony warned customers of its PlayStation Network and Qriocity service that their personal information--including customer names, addresses, e-mail addresses, birthdays, PlayStation Network and Qriocity passwords, and user names, as well as online user handles--was obtained illegally by an "unauthorized person" between April 17 and 19. The company says there is "no evidence" that credit card information was compromised, but it can't be sure yet.

In the aftermath of the breach Sony has temporarily turned off PlayStation Network and Qriocity, contracted with an outside security firm to investigate the intrusion on its network, and started to rebuild its system and security.

Johns' complaint echoes the concerns of Sen. Richard Blumenthal, a Connecticut Democrat. Blumenthal yesterday wrote a letter to Jack Tretton, president and chief executive of Sony Computer Entertainment America, saying he was troubled that the company had not notified customers sooner about the breach. He also called for Sony to provide affected customers with financial data security services, including free access to credit reporting services for two years to protect against identity theft.

Link to comment
Share on other sites

SCEA: "When PSN is restored, friends lists, trophies and wallet funds will all be exactly as they were before."

Good, hopefully back to business soon then!

Link to comment
Share on other sites

We'll see where things go. I'm keeping all options open, as I would advise anyone else with a PSN account to do.

You know what this and definitely the speed of it reminds me?

Link to comment
Share on other sites

well the good thing about this is thing this is the longest streak i have been on where i have tried to play my ps3 and there isn't an update that takes about an hour to pull off...

maybe while they are fixing everything they'll make PSN faster...

Link to comment
Share on other sites

Which has direct access to your bank account. Not a good idea for online use. Another option is a pre-paid Visa.

I just opened a second checking account for this puprose only.. if the account has any issues, its not linked to my main cash and i don't lose anything. plus its easier to manage, credit cards have floating 25 day grace periods and other hassles or charge money to pay online or other bs. visa debit cards on separate accts ftw

Link to comment
Share on other sites

well the good thing about this is thing this is the longest streak i have been on where i have tried to play my ps3 and there isn't an update that takes about an hour to pull off...

maybe while they are fixing everything they'll make PSN faster...

Ha. The updates are separate of PSN though. I loaded up Assassin's Creed last night and had to download a 25MB patch that took less than a minute. This just means you're keeping your games up to date (or PSN+ has been doing that for you :) ).

Link to comment
Share on other sites

I don't have a credit limit guys, so I don't use a credit card. I use a VISA debit card.

As tmorris1 said, using debit card online is not good idea - really, it's not. When your card information is leaked, you bank account will be drained empty and no one is going to give that money to you back (as no one has to), while with credit card you are okay even when your information is out there. You are better off with prepaid cards, or at least do not connect the card to an important bank account. I too own debit card (obviously), but I do not use it for anything other than withdrawing. I would never even consider connecting it to PayPal or paying with it directly online, neither really in stores either.

Link to comment
Share on other sites

I don't have a credit limit guys, so I don't use a credit card. I use a VISA debit card.

That's fair enough...everyone can't get access to credit so they don't have that option. But it means you need to be extra careful, because the moment someone hits your bank account, you really could be in some financial danger.

I only used Visa Debit for a while too, so it's really just a case of being sensible about where you put your details and always having your bank's number to hand in case you suspect your card's been lost/stolen. Also, checking your bank account almost everyday is probably good practice, which is easy with online banking.

Link to comment
Share on other sites

How can you still trust a service like this? I'd be scared if I was a PlayStation user to be honest, and I don't have anything against Sony or the PS3.

Whether one should use a service that has had a security breach is a persona decision everyone will need to decide on their own.

Link to comment
Share on other sites

Q&A #1 for PlayStation Network and Qriocity Services

First off, we want to again thank you for your patience. We know that the PlayStation Network and Qriocity outage has been frustrating for you. We know you are upset, and so we are taking steps to make our services safer and more secure than ever before. We sincerely regret any inconvenience or concern this outage has caused, and rest assured that we?re going to get the services back online as quickly as we can.

We received a number of questions and comments yesterday and early today relating to the criminal intrusion into our network. We?d like to address some of the most common questions today.

We are also going to continue to post updates to this blog with any additional information and insight that we can over the next few days.

We are reading your comments. We are listening to your suggestions. Please keep them coming.

Thank you.

Q: Are you working with law enforcement on this matter?

A: Yes, we are currently working with law enforcement on this matter as well as a recognized technology security firm to conduct a complete investigation. This malicious attack against our system and against our customers is a criminal act and we are proceeding aggressively to find those responsible.

Q: Was my personal data encrypted?

A: All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.

Q: Was my credit card data taken?

A: While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained. Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network or Qriocity, and is therefore not stored anywhere in our system.

Q: What steps should I take at this point to help protect my personal data?

A: For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well. To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports.

Q: What if I don?t know which credit card I?ve got attached to my PlayStation Network account?

A: If you?ve added funds to your PlayStation Network wallet in the past, you should have received a confirmation email from ?DoNotReply@ac.playstation.net? at the email address associated with your account. This email would have been sent to you immediately after you added the funds, and will contain the first 4 digits and last 4 digits of your credit card number. You can also check your previous credit card statements to determine which card was attached to your PlayStation Network or Qriocity accounts.

Q: When or how can I change my PlayStation Network password?

A: We are working on a new system software update that will require all users to change their password once PlayStation Network is restored. We will provide more details about the new update shortly.

Q: Have all PlayStation Network and Qriocity users been notified of the situation?

A: In addition to alerting the media and posting information about it on this blog, we have also been sending emails directly to all 77 million registered accounts. It takes a bit of time to send that many emails, and recognize that not every email will still be active, but this process has been underway since yesterday. At this time, the majority of emails have been sent and we anticipate that all registered accounts will have received notifications by April 28th. Consumers may also visit www.us.playstation.com/support and www.qriocity.com for notices regarding this issue. In addition, we have taken steps to disseminate information regarding this issue to media outlets so that consumers are informed.

Q: What steps is Sony taking to protect my personal data in the future?

A: We?ve taken several immediate steps to add protections for your personal data. First, we temporarily turned off PlayStation Network and Qriocity services and, second, we are enhancing security and strengthening our network infrastructure. Moving forward, we are initiating several measures that will significantly enhance all aspects of PlayStation Network?s security and your personal data, including moving our network infrastructure and data center to a new, more secure location, which is already underway. We will provide additional information on these measures shortly.

Q: Has Sony identified the party or parties responsible for the PlayStation Network hack and subsequent theft of personal information?

A: We are currently conducting a thorough investigation of the situation and are working closely with a recognized technology security firm and law enforcement in order to find those responsible for this criminal act no matter where in the world they might be located.

Q: When will the PlayStation Network and Qriocity be back online?

A: Our employees have been working day and night to restore operations as quickly as possible, and we expect to have some services up and running within a week from yesterday. However, we want to be very clear that we will only restore operations when we are confident that the network is secure.

Source: http://blog.us.playstation.com/2011/04/27/qa-1-for-playstation-network-and-qriocity-services/

Link to comment
Share on other sites

How can you still trust a service like this? I'd be scared if I was a PlayStation user to be honest, and I don't have anything against Sony or the PS3.

I agree ... I think when this is all over and we can log into PSN again, I am going to use my pre-paid credit card for purchases. Come to think of it, I think I will change it on XBOX live too. I mean you never know this could happen to anyone with anything stored online.

Link to comment
Share on other sites

Q: Was my personal data encrypted?

A: All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.

Talk about software amateur hour over at Sony... Yikes.

In the internal apps I write for the company I work for, the passwords are *always* stored as salted hashes - and the apps are only used by internal employees. It's so easy and computationally inexpensive to do...

Link to comment
Share on other sites

Whether one should use a service that has had a security breach is a persona decision everyone will need to decide on their own.

Indeed. I think that's ultimately what it boils down to. People can talk about injustice and incompetence until they're blue in the face, but at the end of the day, people will have to make a personal decision regarding whether or not to continue using the service. Perhaps it will be easier to make such a decision once the anger of the masses has faded.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.