Sony Comes Clean: PlayStation Network Hackers Have Stolen Personal Data

[azatoth]

Haha, not surprised to see Joyrex sticking up for Sony. WATMM - a subsidiary of Sony Corp in the future?

[Blir]

Does JR work for Sony?

 

No - I'm being realistic about this stuff, rather than lapping up what the media wants you to think...

 

Yeah right. If this situation happened with the Xbox you'd be all over it, preaching the superiority of Sony in seconds.

[Joyrex]

Does JR work for Sony?

 

No - I'm being realistic about this stuff, rather than lapping up what the media wants you to think...

 

Yeah right. If this situation happened with the Xbox you'd be all over it, preaching the superiority of Sony in seconds.

 

I guess you didn't see me posting this earlier:

 

Make no mistake - I'm not happy at all about this (I feel a bit better about the credit card info being encrypted, as I was getting ready to cancel my card and get a new one issued as a precaution), and Sony messed up really bad with having passwords in cleartext rather than a hash. The reality of this is it's happening more and more, to bigger and bigger companies.

 

Even the top XBox Live spokespersons and moderators got hacked - and you didn't see one peep from me about that. Quit assuming because I like Sony and Playstation that I'm a shill for them or some raging fanboy.

[Guest tht tne]

this is exactly why i do not't play vidya games

[Npoess]

Joyrex why are you so quick to defend Sony here?

 

The only reason i can of think is you have a extreme degree of fanboism, or you are paid by them? Time to tell the truth dammit

 

 

2012

 

[encey]

I came clean this morning.

[SR4]

tore up my old CC and waiting for a new one.

 

 

How the hell do they get your SSN? I dont remember having to upload that.

 

Anyway, this shit has really got me thinking that enough is enough. Im playing old school games that dont require online shit from now on.

 

that said, anyone wanna buy a PS3 console? might have it ready to go in a few days.

[sneaksta303]

Play Portal 2 1st.

[Joyrex]

Joyrex why are you so quick to defend Sony here?

 

The only reason i can of think is you have a extreme degree of fanboism, or you are paid by them? Time to tell the truth dammit

 

 

2012

 

 

 

Re-read what I posted above (my guess is you didn't see it when you posted this).

 

tore up my old CC and waiting for a new one.

 

 

How the hell do they get your SSN? I dont remember having to upload that.

 

Anyway, this shit has really got me thinking that enough is enough. Im playing old school games that dont require online shit from now on.

 

that said, anyone wanna buy a PS3 console? might have it ready to go in a few days.

 

You're over-reacting - exactly what the media wants you to do... they do NOT have your SSN. That was never part of any data Sony stored, nor anything they ever asked for.

[Guest KY]

has this been posted yet?

 

Hackers Claim to Have PlayStation Users’ Card Data

 

Security researchers said Thursday that they had seen discussions on underground Internet forums indicating that the hackers who infiltrated the Sony PlayStation Network last week may have made off with the credit card numbers of Sony customers.

 

The comments indicated that the hackers had a database that included customer names, addresses, usernames, passwords and as many as 2.2 million credit card numbers, the researchers said.

 

Kevin Stevens, senior threat researcher at the security firm Trend Micro, said he had seen talk of the database on several hacker forums, including indications that the Sony hackers were hoping to sell the credit card list for upwards of $100,000. Mr. Stevens said one forum member told him the hackers had even offered to sell the data back to Sony but did not receive a response from the company.

 

Although several researchers confirmed the forum discussions, it was impossible to verify their contents or the existence of the database.

 

When asked about the hackers’ claims, Patrick Seybold, senior director of corporate communications and social media at Sony, said, ”To my knowledge there is no truth to the report that Sony was offered an opportunity to purchase the list.” Mr. Seybold also pointed to a blog post Sony published Thursday that said: “The entire credit card table was encrypted and we have no evidence that credit card data was taken.” Sony has said that it could not rule out the possibility that hackers might have obtained credit card data.

 

“Sony is saying the credit cards were encrypted, but we are hearing that the hackers made it into the main database, which would have given them access to everything, including credit card numbers,” said Mathew Solnik, a security consultant with iSEC Partners who frequents hacker forums to track new hacks and vulnerabilities that could affect his clients. Mr. Solnik said that people on the forums had details about the servers used by Sony, which may indicate that they had direct knowledge of the attack.

 

Mr. Solnik said researchers believe that the hackers gained access to Sony’s database by hacking the PS3 console and from there infiltrating the company’s servers.

 

Dan Kaminsky, an independent Internet security specialist, said in a phone interview that he had also seen forum posts about a Sony credit card database, but he said he could not confirm who was behind the attack. “These attacks just keep getting larger and larger and larger,” he said. “The security measures technology companies employ today are just not robust enough.”

 

The San Diego office of the Federal Bureau of Investigation, which is helping Sony with its inquiry into the hacking incident, declined to comment.

 

http://bits.blogs.nytimes.com/2011/04/28/hackers-claim-to-have-playstation-users-card-data/?ref=technology

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

WELP

[Joyrex]

has this been posted yet?

 

Hackers Claim to Have PlayStation Users’ Card Data

 

Security researchers said Thursday that they had seen discussions on underground Internet forums indicating that the hackers who infiltrated the Sony PlayStation Network last week may have made off with the credit card numbers of Sony customers.

 

The comments indicated that the hackers had a database that included customer names, addresses, usernames, passwords and as many as 2.2 million credit card numbers, the researchers said.

 

Kevin Stevens, senior threat researcher at the security firm Trend Micro, said he had seen talk of the database on several hacker forums, including indications that the Sony hackers were hoping to sell the credit card list for upwards of $100,000. Mr. Stevens said one forum member told him the hackers had even offered to sell the data back to Sony but did not receive a response from the company.

 

Although several researchers confirmed the forum discussions, it was impossible to verify their contents or the existence of the database.

 

When asked about the hackers’ claims, Patrick Seybold, senior director of corporate communications and social media at Sony, said, ”To my knowledge there is no truth to the report that Sony was offered an opportunity to purchase the list.” Mr. Seybold also pointed to a blog post Sony published Thursday that said: “The entire credit card table was encrypted and we have no evidence that credit card data was taken.” Sony has said that it could not rule out the possibility that hackers might have obtained credit card data.

 

“Sony is saying the credit cards were encrypted, but we are hearing that the hackers made it into the main database, which would have given them access to everything, including credit card numbers,” said Mathew Solnik, a security consultant with iSEC Partners who frequents hacker forums to track new hacks and vulnerabilities that could affect his clients. Mr. Solnik said that people on the forums had details about the servers used by Sony, which may indicate that they had direct knowledge of the attack.

 

Mr. Solnik said researchers believe that the hackers gained access to Sony’s database by hacking the PS3 console and from there infiltrating the company’s servers.

 

Dan Kaminsky, an independent Internet security specialist, said in a phone interview that he had also seen forum posts about a Sony credit card database, but he said he could not confirm who was behind the attack. “These attacks just keep getting larger and larger and larger,” he said. “The security measures technology companies employ today are just not robust enough.”

 

The San Diego office of the Federal Bureau of Investigation, which is helping Sony with its inquiry into the hacking incident, declined to comment.

 

http://bits.blogs.nytimes.com/2011/04/28/hackers-claim-to-have-playstation-users-card-data/?ref=technology

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

WELP

 

Anyone stupid enough to do this is begging for jailtime - I read elsewhere online where these reports were unverified, as there was no online source to point towards showing offers of sale.

[oscillik]

i wonder what will happen if it is proven that some people have fallen victim to credit card fraud as a direct consequence of this whole debacle

[Joyrex]

i wonder what will happen if it is proven that some people have fallen victim to credit card fraud as a direct consequence of this whole debacle

 

Well, there's already a class-action suit being brought against Sony, so I guess they could join the suit as well...

[oscillik]

i wonder what will happen if it is proven that some people have fallen victim to credit card fraud as a direct consequence of this whole debacle

 

Well, there's already a class-action suit being brought against Sony, so I guess they could join the suit as well...

that implies that the people affected are from the US though, surely?

[Joyrex]

i wonder what will happen if it is proven that some people have fallen victim to credit card fraud as a direct consequence of this whole debacle

 

Well, there's already a class-action suit being brought against Sony, so I guess they could join the suit as well...

that implies that the people affected are from the US though, surely?

 

A UK watchdog group is also looking into whether Sony was negligent (duh) with users' data...

[oscillik]

i wonder what will happen if it is proven that some people have fallen victim to credit card fraud as a direct consequence of this whole debacle

 

Well, there's already a class-action suit being brought against Sony, so I guess they could join the suit as well...

that implies that the people affected are from the US though, surely?

 

A UK watchdog group is also looking into whether Sony was negligent (duh) with users' data...

yeah but if someone from the UK was looking to take action against Sony for this, it is my understanding that they wouldn't be able to join a 'class-action' lawsuit that was initiated in the US - they'd have to start their own lawsuit in their own respective territory. or am i completely confused about how the law works?

[Joyrex]

i wonder what will happen if it is proven that some people have fallen victim to credit card fraud as a direct consequence of this whole debacle

 

Well, there's already a class-action suit being brought against Sony, so I guess they could join the suit as well...

that implies that the people affected are from the US though, surely?

 

A UK watchdog group is also looking into whether Sony was negligent (duh) with users' data...

yeah but if someone from the UK was looking to take action against Sony for this, it is my understanding that they wouldn't be able to join a 'class-action' lawsuit that was initiated in the US. or am i completely confused about how the law works?

 

No, you're right - a separate lawsuit would have to be brought in all the jurisdictions in Europe affected.

[Bubba69]

I was reading today about some bank/financial institution (can't remember the name) had the same sorta thing happen a few years back. They paid all their customers £50 each for the inconvienience. Not sure how the inconvienience relates to whats happened here but £50 would be handy right now Sony, if you don't mind.

 

 

Edit:

It was HFC bank that revealed all their 2600 customers' email addresses. Can't find any more info online about it.

 

Sony is doing some kind of make-up reward, but I doubt it is going to be money. Maybe some kind of store credit or something. Or some special download, or free ps+ for a few months, who knows.

[Joyrex]

I was reading today about some bank/financial institution (can't remember the name) had the same sorta thing happen a few years back. They paid all their customers £50 each for the inconvienience. Not sure how the inconvienience relates to whats happened here but £50 would be handy right now Sony, if you don't mind.

 

 

Edit:

It was HFC bank that revealed all their 2600 customers' email addresses. Can't find any more info online about it.

 

Sony is doing some kind of make-up reward, but I doubt it is going to be money. Maybe some kind of store credit or something. Or some special download, or free ps+ for a few months, who knows.

 

I was thinking free PS+ would be what they would do - get the guys hooked, and some of them keep subscribing

[oscillik]

I was reading today about some bank/financial institution (can't remember the name) had the same sorta thing happen a few years back. They paid all their customers £50 each for the inconvienience. Not sure how the inconvienience relates to whats happened here but £50 would be handy right now Sony, if you don't mind.

 

 

Edit:

It was HFC bank that revealed all their 2600 customers' email addresses. Can't find any more info online about it.

 

Sony is doing some kind of make-up reward, but I doubt it is going to be money. Maybe some kind of store credit or something. Or some special download, or free ps+ for a few months, who knows.

 

I was thinking free PS+ would be what they would do - get the guys hooked, and some of them keep subscribing

yeah it's a typical business move

 

do something that placates the droves of angry customers so they think we're doing something for them, when in actual fact we're trying to encourage more sales of our own service.

 

shops try to do the same thing if you buy something and it is defective. they'll claim that they can't give you your cash back, but can offer you in-store credit / gift vouchers that you can only spend in the store. in the UK, under the Sales act you are entitled to your money back in cash. anyone that comes across this situation in the UK should assert their statutory rights as a consumer.

 

anyways, sorry for derailing there.

[SR4]

i dont think im overreacting, yeah on the SSN part of it, but i shouldn't have signed up for an online account in the first place...and the fact that this happened and they didn't report it for almost a week is inexcusable.

 

 

games of the current generation are fantastic, great graphics, improved and revolutionary interfaces, the list can go on. but if i have to deal with shit like this when all I wanted was a console to play a game on...nevermind Bethesda and those fucks that "require" tons of patches just to get a game barely playable.

 

 

im bitching, and i suppose some of it is my fault, but its not my fault PS got hacked into...i dont remember amazon or dozens of other sites ive used being hacked into..and i have a feeling that if they were i wouldnt hear about it a week afterwards.

 

 

cut it however you want joyrex, but you have to admit that their way of handling it thus far is incredibly irresponsible.

 

but lesson learned, i tore up my debit card, and im not doing this network shit anymore. if i cant get access to patches and all that shit without an account, im done with it.

[747Music]

but lesson learned, i tore up my debit card, and im not doing this network shit anymore. if i cant get access to patches and all that shit without an account, im done with it.

 

Patches are separate from PSN. I know because I just downloaded a patch for Two Worlds 2 last night.

[Bubba69]

apparently they're implementing cross-game chat and video chat.

[Bubba69]

http://www.wired.com/threatlevel/2011/04/trixter

 

Very interesting, actually informative article. Interviewing one hacker who some have pointed fingers at regarding the attacks.

[oscillik]

I was reading today about some bank/financial institution (can't remember the name) had the same sorta thing happen a few years back. They paid all their customers £50 each for the inconvienience. Not sure how the inconvienience relates to whats happened here but £50 would be handy right now Sony, if you don't mind.

 

 

Edit:

It was HFC bank that revealed all their 2600 customers' email addresses. Can't find any more info online about it.

 

Sony is doing some kind of make-up reward, but I doubt it is going to be money. Maybe some kind of store credit or something. Or some special download, or free ps+ for a few months, who knows.

 

I was thinking free PS+ would be what they would do - get the guys hooked, and some of them keep subscribing

yeah it's a typical business move

 

do something that placates the droves of angry customers so they think we're doing something for them, when in actual fact we're trying to encourage more sales of our own service.

 

Kotaku article

 

Regarding the "Welcome Back" program, alluded to in "make-good" promises extended by Sony Computer Entertainment earlier this week, all PlayStation Network subscribers will get a month of PlayStation Plus premium service free; existing PlayStation Plus subscribers will get their terms extended a month, free. "Selected PlayStation entertainment content" will also be offered for free, on a region-by-region basis, as a welcome-back inducement. The content type was not specified, only that "it will be announced in each region soon."