PSN Down

[American Ninja]

Just read the update. Sony did a really good job handling the situation IMHO. Whats done is done just got to move on now.

New blog post:

I wanted to take this opportunity to clarify a point and answer one of the most frequently asked questions today.

There?s a difference in timing between when we identified there was an intrusion and when we learned of consumers? data being compromised. We learned there was an intrusion April 19th and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon.

For those who were looking there?s also an FAQ with some more frequently asked questions

Thank you for your continued patience and support.

Source: http://blog.us.playstation.com/2011/04/26/clarifying-a-few-psn-points/

Edited April 27, 2011 by American Ninja

[Ayepecks]

What about itunes?

You mean if you set up your iTunes to stream to the PS3? Absolutely nothing. The PS3 just acts as a kind of media center, which means it's only streaming the information (music) you're telling it to stream. It has no access to your iTunes account.

[DPyro]

I meant itunes got hacked awhile back...

[rajputwarrior]

Just read the update. Sony did a really good job handling the situation IMHO. Whats done is done just got to move on now.

New blog post:

Source: http://blog.us.playstation.com/2011/04/26/clarifying-a-few-psn-points/

That's just a bigger fail on their part admitting they didn't know their own and needed help from people that took a few days to figure out that people's personal information was stolen...

Sony fails at security

[Boz]

To check what credit card you used on PSN check your email for DoNotReply@ac.playstation.net and see what credit card you used..

Cancel that credit card and have the bank issue a new one for you to be 100% safe.

Not only that these guys have possibly obtained your credit card information but they have gotten name, address (city, state, zip), country, email address, birthdate as well as your security questions. Since most people pick similar questions these hackers with your birthday, security question and address and all that can probably get into a lot more that I'm afraid to even think of.

This could very well be the end of PS3.. I don't see myself using anything from them after this.. at least not buying anything online or doing anything online with them which is really the death of their service.

What a mess man.

[CentralDogma]

Just read the update. Sony did a really good job handling the situation IMHO. Whats done is done just got to move on now.

New blog post:

Source: http://blog.us.playstation.com/2011/04/26/clarifying-a-few-psn-points/

Oh that's great, everyone can go home, situation over. Good thing those hackers won't use my personal information, American Ninja said we can all move on. :rolleyes:

You know why I'm ****ed at Sony? Because it was Sony who I entrusted my personal information to, it was Sony who explicitly outline how they would use that information, and it was Sony who failed to secure that information properly. Not some damn hacker.

Sure I hope they prosecute the hacker as much as the law allows, but Sony had a responsibility that they failed to live up to and they deserve the crap their getting over it.

I've always been leery about buying anything on PSN and this will make me doubly so. And considering how many high profile companies are running into data theft, it gives me pause about any form of digital distribution, even though I have warmed up to Steam.

[rajputwarrior]

To check what credit card you used on PSN check your email for DoNotReply@ac.playstation.net and see what credit card you used..

Cancel that credit card and have the bank issue a new one for you to be 100% safe.

Not only that these guys have possibly obtained your credit card information but they have gotten name, address (city, state, zip), country, email address, birthdate as well as your security questions. Since most people pick similar questions these hackers with your birthday, security question and address and all that can probably get into a lot more that I'm afraid to even think of.

This could very well be the end of PS3.. I don't see myself using anything from them after this.. at least not buying anything online or doing anything online with them which is really the death of their service.

What a mess man.

cheers for that. i found it and it's a credit card that i cancelled a couple of months ago. i'm all good (Y)

[LingeringSoul]

I would be willing to forgive Sony if they had informed us regarding the severity of the incident right away. What I can't forgive is Sony's complete nonchalance regarding the potential compromising of their users' credit card information. It shouldn't have taken six days for this to surface, and I find it impossible to believe that Sony just didn't know about this until now.

Once bitten, twice shy.

EDIT: Just read Duke's post on page 16. If that's the case, and if Sony had no choice to wait, then that obviously changes the conditions. Regardless of the circumstances, I think it's going to be point cards from here on out, and I'll probably only exercise that option when we're dealing with content that isn't available on the 360.

[x9248]

And you guys felt so safe lol

https://www.neowin.net/forum/topic/984096-psn-automatic-renewal-and-issues-i-have-with-it/page__p__593814036#entry593814036

[LiquidSolstice]

I would be willing to forgive Sony if they had informed us regarding the severity of the incident right away. What I can't forgive is Sony's complete nonchalance regarding the potential compromising of their users' credit card information. It shouldn't have taken six days for this to surface, and I find it impossible to believe that Sony just didn't know about this until now.

Once bitten, twice shy.

EDIT: Just read Duke's post on page 16. If that's the case, and if Sony had no choice to wait, then that obviously changes the conditions. Regardless of the circumstances, I think it's going to be point cards from here on out, and I'll probably only exercise that option when we're dealing with content that isn't available on the 360.

Yeah ok, no offense, but that's just hindsight bias at its finest. I highly doubt anyone would be any less outraged if they were told all their CC info was compromised 6 days ago rather than today.

[Miuku.]

Just got mail from my VISA provider where they stated that so far during the investigation no CC information has been found to leak and if any such information would be discovered, they would contact people affected.

( http://www.luottokunta.fi/fi/luottokunta/uutiset_ja_tiedotteet/toimiala_arkisto/Tietomurto%20ulkomaisessa%20verkkokaupassa%20%2827.4.2011%29 - it's in Finnish so I doubt anyone here will benefit much from it ;-) )

[+BeLGaRaTh Subscriber¹]

Just got mail from my VISA provider where they stated that so far during the investigation no CC information has been found to leak and if any such information would be discovered, they would contact people affected.

( http://www.luottokunta.fi/fi/luottokunta/uutiset_ja_tiedotteet/toimiala_arkisto/Tietomurto%20ulkomaisessa%20verkkokaupassa%20%2827.4.2011%29 - it's in Finnish so I doubt anyone here will benefit much from it ;-) )

English translation ... HERE

Hacking the Sony PlayStation Network online shop (04/27/2011)

Sony PlayStation Network has announced that it has been subjected to intrusion from 17 to 19.4. PlayStation Network, says that an intrusion has been reached in connection with access to customer contact information such as name, address and e-mail.

So far, Sony's studies have not shown that the credit card information was compromised. If the card details have been compromised, however, are connected to the card issuer to card holders with a security card should be renewed.

Do not post or tell your debit card PIN or bank accounts

If you receive an email, or other contact, asking you to debit card number, validity, PINs or access codes, do not under any circumstances disclose the requested information.

Luottokunta, banks, merchants, government or an international card associations (Visa and MasterCard), no link with the need to inquire about the cardholder data. Information is personal, rather than the cardholder will not disclose them to anyone.

[Fourjays Veteran]

Wow, this is serious. I've had a lot of fraudulent usage of my debit cards online so I'm used to checking, but still... :/ Will probably resort to using the cards in the future too and reduce what information PSN (and others) have in the future, just to be safe.

I think people here should try to remember that this is extremely serious for PSN users and not something to laugh about, not to mention all the "it is Sony's fault", "it isn't encrypted", etc comments which are mere speculation and scaremongering from the usual anti-Sony crowd. The only ones to blame at the moment are the hackers.

ANY system on the Internet can be compromised. Regardless of who makes it, uses it, runs it, whether it is encrypted, etc. So before you make a "Sony sux, Xbox rules, lulz it is fun to hate Sony and Google" type comment you may want to consider that next week it could just as easily be Microsoft. Worst still, in a few years when they've successfully got all your data "on the cloud" (our systems just aren't ready for it, IMO - there were some massive email thefts a week or two ago as well, and wasn't a bank compromised recently too?).

There is literally no such thing as a 100% secure system. Even if Sony employed every reasonable way of keeping the data secure, there is still a decent chance of it being compromised. Nothing in online security is as simple as "just encrypt it", and you also have the human factor (the best security systems in the world are useless if someone with access is not trustworthy).

There are simply so many possible things that could contribute to a security breach of this scale that no one here could possibly know what caused it or who exactly is to blame. This is such a massive breach though that we are bound to find out eventually via the inevitable government investigations and/or lawsuits. If Sony are to blame I am sure they will pay for it dearly, and I will give them stick too, but at the moment we just don't know.

I just hope this will serve as a valuable lesson to other companies before we have some even more serious breaches with this cloud nonsense.

[Singh400]

ANY system on the Internet can be compromised. Regardless of who makes it, uses it, runs it, whether it is encrypted, etc. So before you make a "Sony sux, Xbox rules, lulz it is fun to hate Sony and Google" type comment you may want to consider that next week it could just as easily be Microsoft. Worst still, in a few years when they've successfully got all your data "on the cloud" (our systems just aren't ready for it, IMO - there were some massive email thefts a week or two ago as well, and wasn't a bank compromised recently too?).

There is literally no such thing as a 100% secure system. Even if Sony employed every reasonable way of keeping the data secure, there is still a decent chance of it being compromised. Nothing in online security is as simple as "just encrypt it", and you also have the human factor (the best security systems in the world are useless if someone with access is not trustworthy).

While I agree any system can be comprised. However, Sony's current security equated to a 1980s 80yr police man with a flashlight sitting at a desk. Their entire security practice was terrible. Even if the hackers did get into the PSN Dev network to unban their consoles, why were our details stored in the same place? Why not on a different differently secured database?

If this wasn't bought to light now, you can be damn sure Sony would be keeping our data as it was - completely unsecure. And you know it wouldn't have been long before someone with real skill to get in and out of the system without getting caught.

[+Audioboxer Subscriber²]

Wow, this is serious. I've had a lot of fraudulent usage of my debit cards online so I'm used to checking, but still... :/ Will probably resort to using the cards in the future too and reduce what information PSN (and others) have in the future, just to be safe.

I think people here should try to remember that this is extremely serious for PSN users and not something to laugh about, not to mention all the "it is Sony's fault", "it isn't encrypted", etc comments which are mere speculation and scaremongering from the usual anti-Sony crowd. The only ones to blame at the moment are the hackers.

ANY system on the Internet can be compromised. Regardless of who makes it, uses it, runs it, whether it is encrypted, etc. So before you make a "Sony sux, Xbox rules, lulz it is fun to hate Sony and Google" type comment you may want to consider that next week it could just as easily be Microsoft. Worst still, in a few years when they've successfully got all your data "on the cloud" (our systems just aren't ready for it, IMO - there were some massive email thefts a week or two ago as well, and wasn't a bank compromised recently too?).

There is literally no such thing as a 100% secure system. Even if Sony employed every reasonable way of keeping the data secure, there is still a decent chance of it being compromised. Nothing in online security is as simple as "just encrypt it", and you also have the human factor (the best security systems in the world are useless if someone with access is not trustworthy).

There are simply so many possible things that could contribute to a security breach of this scale that no one here could possibly know what caused it or who exactly is to blame. This is such a massive breach though that we are bound to find out eventually via the inevitable government investigations and/or lawsuits. If Sony are to blame I am sure they will pay for it dearly, and I will give them stick too, but at the moment we just don't know.

I just hope this will serve as a valuable lesson to other companies before we have some even more serious breaches with this cloud nonsense.

I hope this encourages people to use sites like lastpass. None of my passwords are the same any more.

I've been hacked in WoW which led to Gmail telling me my email had been accessed from China (same password on both). So lucky they hadn't changed my email password in time.

Then there was actual fraud on my visa debit which my bank caught due to the ShopTo leak.

Lastly most spam emails I get actually know my full name and some other surprising details at times.

Its quite scary at times :-(

Hope this is all tidied up by the end of the week.

[Fourjays Veteran]

While I agree any system can be comprised. However, Sony's current security equated to a 1980s 80yr police man with a flashlight sitting at a desk. Their entire security practice was terrible.

Source? If Sony are doing it though you can guarantee many other companies are just as lax.

Even if the hackers did get into the PSN Dev network to unban their consoles, why were our details stored in the same place? Why not on a different differently secured database?

From what I read yesterday it did sound rather odd regards the developers consoles. My understanding is that they managed to make their regular PS3's report themselves as a dev console, which gave them all kinds of access and powers? If I was in charge of such a system, the developer consoles would be on a separate network (for debugging purposes this may not be possible though), have to use a developer-only PSN account (given out only by Sony) or be prompted for a second developer id/passcode login (in addition to regular PSN, again given out by Sony).

It really depends on what kind of access developers need to things, but I'm surprised (assuming what I read was correct) it is as simple as "Hi, I'm a dev PS3", "Ok, here's the dev access." :blink: As a web developer, I have learnt that you never trust any data provided. It always needs verifying.

[Vandalsquad]

From what I have read and understand the dev machines had way more access then they should of instead of just being sand boxed like the 360 machines, as for credit card information and personal information. I have no idea why that was even on the same level, same machines at all. Hopefully the credit card information is fine and under 256 bit encryption like MS and any other normal business that needs to store that information so the customers shouldn't be hurt.

If they did store it in plain text but I have no face for what type of I.T department they are running over there.

7th day of down time over easter, at least PS users can look forward to the freebie classic or 2 when its finally up...

[DukeEsquire]

Just to put it into perspective with all the people freaking out about this:

Identity theft happens on a daily basis with large corporations.

Here is just a sampling from 2010 from the Maryland AG's office.

http://www.oag.state.md.us/idtheft/breachNotices2010.htm

You have Fortune 500 companies, Universities, even a few credit reporting companies losing your Credit Card numbers, Pin #'s and SSN.

In fact, in some states like Kentucky, if your data is leaked, the company does not need to inform you of the leak.

[BajiRav]

Just to put it into perspective with all the people freaking out about this:

Identity theft happens on a daily basis with large corporations.

Here is just a sampling from 2010 from the Maryland AG's office.

http://www.oag.state.md.us/idtheft/breachNotices2010.htm

You have Fortune 500 companies, Universities, even a few credit reporting companies losing your Credit Card numbers, Pin #'s and SSN.

In fact, in some states like Kentucky, if your data is leaked, the company does not need to inform you of the leak.

how does that justify this? If they had a decent system in place and still got hacked they it'd have been understandable...as of now - this just seems a giant cluster****. (this is assuming that unsecured dev. network caused the whole mess)

[Kreuger]

This could very well be the end of PS3.. I don't see myself using anything from them after this.. at least not buying anything online or doing anything online with them which is really the death of their service.

Cause you know, no online service has ever been hacked and had their information stolen before (including credit cards and other personal which could lead to idenity fraud). If you thought Sony was immune or any other company, you're sadly mistaken.

[BajiRav]

This is :rofl:

http://kotaku.com/#!5795984/twitter-cracks-wise-about-playstation-network-hack

[+Audioboxer Subscriber²]

Just to put it into perspective with all the people freaking out about this:

Identity theft happens on a daily basis with large corporations.

Here is just a sampling from 2010 from the Maryland AG's office.

http://www.oag.state.md.us/idtheft/breachNotices2010.htm

You have Fortune 500 companies, Universities, even a few credit reporting companies losing your Credit Card numbers, Pin #'s and SSN.

In fact, in some states like Kentucky, if your data is leaked, the company does not need to inform you of the leak.

Won't make many people feel better, just maybe shock a little (you don't tend to hear too much about these things unless it's huge corporations).

Fear has already won the battle, mass hysteria, boycotts, promises to never use PSN/PS3 again, ideas of selling whole PS3 collection and rebuying with competitor, etc.

The only cure is 6-12 months of time passing with no indisputable evidence of any information being used - Right now it's not even confirmed about the CC details, but people will cancel/change due to fear. There has been no proof of any information being used fraudulently, if it stays like that for an extended period of time and we have a more secure network, it'll be back to normal business in a few months.

Everyone in the UK was going to boycott ShopTo and it's demise was predicted for leaking CC details - Something fraud came about from, I got hit and so did a few other Neowinians. Our banks caught the fraud fine though - I was phoned about transactions that had been put on hold due to fraud queries. Since then ShopTo's security has been fine, I've used the site again and it's hardly came to any demise.

[CUBBYJR2005]

Guys stop blaming SONY for this this. This could had happen to even Microsoft and others so lets be honest If you are upset or etc vent out to that hacker that said he didn't do this he is most likely behind it.

[Massiveterra]

The reason everyone is freaking out is because this affects 77 million people. Yes, hacking occurs every day. Yes Apple and MS was hacked in the past. But this is 77 million people were talking about.

Stop blaming Sony on this? Lack of communication and gaping security holes isn't their fault at all. /sarcasm

[aerowave]

I presume that PSP users who have used the PlayStation Store (and therefore have a PSN account), will also have been affected by this data theft?