Dante Posted April 26, 2011 Posted April 26, 2011 Here's some NeoGAF quality quotes. Step 1: Go through all your credit card statements. Step 2: Call your credit bureaus to have a fraud alert placed on your record. Step 3: Join in any class action lawsuits filed against Sony. What is wrong with this one?
Cookyman Posted April 26, 2011 Posted April 26, 2011 Answers to your questions. Update on PSN Service Outages Q.1 When did you realise the system had been intruded? We discovered between April 17 and April 19 there was an illegal and unauthorized intrusion into our network. Q.2 How did you know that the system was intruded? We watch for any issues that may be raised with respect to security and monitor for such issues both internally and externally. Q.3 What is the main reason to this problem? Which parts of the system were vulnerable to the intrusion? We are currently conducting a thorough investigation of the situation. Since this is an overall security related issue, we will not comment further on this case. Q.4 What action did you take (are you taking)? Is there any possibility of further unauthorized access? As soon as we learned of this issue, 1) we temporarily turned off PlayStation Network and Qriocity services in order to conduct a thorough investigation and to verify the smooth and secure operation of our network services, 2) we have also engaged an outside, recognized security firm to conduct a full and complete investigation into what happened, and 3) quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information. Q.5 How many were affected? How many per each region? What is the latest status of PlayStation Network registered account/ operating countries. Our investigation indicates that all PlayStation Network/ Qriocity accounts may have been affected. Q.6 Does that mean all users’ information was compromised? Tell us more in details of what personal information leaked. In terms of possibility, yes. We believe that an unauthorized person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity password, login, password security answers, and handle/PSN online ID. It is also possible that your profile data may have been obtained, including purchase history and billing address (city, state/province, zip or postal code). If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. If you have provided your credit card data through PlayStation Network or Qriocity, it is possible that your credit card number (excluding security code) and expiration date may also have been obtained. Q.7 Have you notified those users? We are sending out e-mails directly to these users to their e-mail address registered on the PS Network accounts. Also, we have posted web notices, and additional necessary procedures have been followed by each region. Q.8 Have you received reports or claims that their PSN ID information/ credit card had been used improperly? Not at this point in time. Q.9 I want to know if my account has been affected. To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your account statements and to monitor your credit reports. Additionally, if you use the same user name or password for your PlayStation Network or Qriocity service account for other unrelated services or accounts, we strongly recommend that you change them. When the PlayStation Network and Qriocity services are back on line, we also strongly recommend that you log on to change your password. For your security, we encourage you to be especially aware of email, telephone, postal mail or other scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. Q.10 What should I do to prevent any unauthorized use of my (credit card) personal information? For your security, we encourage you to be especially aware of email, telephone, postal mail or other scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. Additionally, if you use the same user name or password for your PlayStation Network or Qriocity service account for other unrelated services or accounts, we strongly recommend that you change them. When the PlayStation Network and Qriocity services are back on line, we also strongly recommend that you log on to change your password. To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your account statements and to monitor your credit reports. Q.11 Since when have PSN/Qriocity become unavailable and in which region? PSN/Qriocity services have not been available since April 20 (US time) in all regions. Q.12 How come it is taking so much time to resume the service? We are taking the investigation seriously. We decided to keep the service down to allow us to conduct a thorough investigation and verify smooth operation of our network services. Q.13 How serious is this? Have the hackers broken the security on PSN/Qriocity? Are you taking necessary measures to prevent such outage happening in the future? Since this is an overall security related issue, we will not comment further on this case but we are working to restore and maintain the services, including countermeasures against future intrusions. Q.14 When will the service resume? We are taking the investigation seriously. We will keep the service down to allow us to conduct a thorough investigation and verify smooth operation of our network services but are working hard to resume the services as soon as we can be reasonably assured security concerns are addressed. Q.15 Seems like SOE service was also not available/ suffering outage. Is this true? Is this due to the same reason as the PSN/Qriocity outage? SOE's service is available although a service interruption due to an external attack did occur. A thorough investigation is ongoing. Q.16 I want my money back (subscription fee, content) since the PSN/Qriocity was not available. When the full services are restored and the length of the outage is known, we will assess the correct course of action. Q.17 There seems to be some games that cannot be played even offline? Depending on the game titles, but mainly PSN games, some may require access to PSN for trophy sync, security check, etc.
flameboy Posted April 26, 2011 Posted April 26, 2011 I like how US customers get this credit advice at the end of their statement on who they can contact but us EUer's don't get any such treatment... It's a proper mess to be fair and there are gonna be a ton of people expecting blood for this.
Cookyman Posted April 26, 2011 Posted April 26, 2011 (edited) I like how US customers get this credit advice at the end of their statement on who they can contact but us EUer's don't get any such treatment... It's a proper mess to be fair and there are gonna be a ton of people expecting blood for this. Country Customer Support Africa [email protected] Australia 1-300 365-911 Austria 0820 44 45 40 Belgium 011 516 406 Bulgaria [email protected] Croatia [email protected] Cyprus 22352282 Czech Republic 222 864 199 Denmark 90137013 Estonia 6543484 Finland 600411911 France 0820 31 32 33 Germany 01805 766 977 Greece 801 11 92000 Hungary 1 814 4800 Iceland 591- 5100 India 1800-103-7799 Ireland 0818 365065 Israel 09-9711700 Italy 199 116 266 Latvia 67046049 Lithuania 37338655 Luxembourg 0820 31 32 33 Malta 234 360 00 Middle East - All [email protected] Netherlands 0495 574 817 New Zealand 09 415 2447 Norway 82068322 Poland 0 801 230 000 Portugal 707 23 23 10 Romania [email protected] Russia 8-800-200-76-67 Slovakia 232 112 209 Slovenia 1 510 31 30 South Africa 0861 773783 Spain 902 102 102 Sweden 9002033075 Switzerland 0848 84 00 85 Turkey [email protected] UK 0844 736 0595 Edited April 26, 2011 by Cookyman
Jon Posted April 26, 2011 Posted April 26, 2011 Ah, I see the timeline is on the US statement. Why did they feel the need to omit that from the European one? Especially when you consider most people only care about knowing roughly when it will return. Sod's low they'll return the shitty Qriocity that no one actually uses and leave the PSN until the end of the week period.
Pit-Jr Posted April 26, 2011 Posted April 26, 2011 This whole thing just solidifies why hackers are just as despicable as pirates
flameboy Posted April 26, 2011 Posted April 26, 2011 Country Customer Support Africa [email protected] Australia 1-300 365-911 Austria 0820 44 45 40 Belgium 011 516 406 Bulgaria [email protected] Croatia [email protected] Cyprus 22352282 Czech Republic 222 864 199 Denmark 90137013 Estonia 6543484 Finland 600411911 France 0820 31 32 33 Germany 01805 766 977 Greece 801 11 92000 Hungary 1 814 4800 Iceland 591- 5100 India 1800-103-7799 Ireland 0818 365065 Israel 09-9711700 Italy 199 116 266 Latvia 67046049 Lithuania 37338655 Luxembourg 0820 31 32 33 Malta 234 360 00 Middle East - All [email protected] Netherlands 0495 574 817 New Zealand 09 415 2447 Norway 82068322 Poland 0 801 230 000 Portugal 707 23 23 10 Romania [email protected] Russia 8-800-200-76-67 Slovakia 232 112 209 Slovenia 1 510 31 30 South Africa 0861 773783 Spain 902 102 102 Sweden 9002033075 Switzerland 0848 84 00 85 Turkey [email protected] UK 0844 736 0595 No I meant about the credit check bureau to contact or whatever...
Ike Posted April 26, 2011 Posted April 26, 2011 Ehh, guess it's a good job I removed my CC info a couple of weeks back providing it does completely remove my info and Sony simply don't just "deactivate" it.
Cookyman Posted April 26, 2011 Posted April 26, 2011 This whole thing just solidifies why hackers are just as despicable as pirates Couldn't agree more.
flameboy Posted April 26, 2011 Posted April 26, 2011 Ah, I see the timeline is on the US statement. Why did they feel the need to omit that from the European one? Especially when you consider most people only care about knowing roughly when it will return. Sod's low they'll return the shitty Qriocity that no one actually uses and leave the PSN until the end of the week period. Through a bit more reading it seems the european one may have been brought down as a precaution or as a result of the US being hacked....so it could be working to different timescale? I have to say they should have come out and admit this earlier? Sure they were trying to save face but I think they must have known for a while, to leave people not knowing for 6 days if their stuff has been hacked sucks.
Cookyman Posted April 26, 2011 Posted April 26, 2011 No I meant about the credit check bureau to contact or whatever... Sorry dude thats all the info I could find.
Jon Posted April 26, 2011 Posted April 26, 2011 They seem to be supplying different information to different regions. Although it doesn't deny it on the US site, it does state that there is no evidence to suggest that any Credit Card information has been leaked. Perhaps it's just how I read it but it came across on the Euro one like it had. It's not a major problem though as you're protected with your Credit Card against fraud and unauthorised purchases etc.
flameboy Posted April 26, 2011 Posted April 26, 2011 They seem to be supplying different information to different regions. Although it doesn't deny it on the US site, it does state that there is no evidence to suggest that any Credit Card information has been leaked. Perhaps it's just how I read it but it came across on the Euro one like it had. It's not a major problem though as you're protected with your Credit Card against fraud and unauthorised purchases etc. hmmmm not with debit cards though to the same extent...which is what I have linked to my account...
Jon Posted April 26, 2011 Posted April 26, 2011 hmmmm not with debit cards though to the same extent...which is what I have linked to my account... Yeah, me too. Although, the banks will normally sort you out. It just takes a lot longer than with a credit card to get any money recouped.
flameboy Posted April 26, 2011 Posted April 26, 2011 Yeah, me too. Although, the banks will normally sort you out. It just takes a lot longer than with a credit card to get any money recouped. yeah...I am contemplating cancelling it to be honest. If your bank admitted such a breach they would reissue you a card straight away...its happened once with me and Natwest who lost card numbers and expiry dates data...
Cookyman Posted April 26, 2011 Posted April 26, 2011 More NeoGaf quotes: PSN cards #1 on Amazon coming soon. Can you even imagine informing the insurance carrier? Oh hi, turns out we had a data breach... all 75,000,000 accounts.... in 40 different countries. Sweet Jesus. Haha can't even remember my PSN password =P. and my favourite Tweet so far. PlayStation: They only stole everything.
flameboy Posted April 26, 2011 Posted April 26, 2011 lol surely that Playstation: They only stole everything will appear as a JPG/animated GIF some time.
Dante Posted April 26, 2011 Posted April 26, 2011 Sony's failure to report data breach incurs CT Senator Blumenthal's wrath. Connecticut Senator Richard Blumenthal is "demanding answers" about why Sony Computer Entertainment of America failed to inform customers of the data breach of the PlayStation Network on April 20. "When a data breach occurs, it is essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised," Blumenthal said in a release. "Compounding this concern is the troubling lack of notification from Sony about the nature of the data breach." Of course, Sony just issued a statement that it says will be emailed to "all of our registered account holders" but, as we noted in our post, it's been nearly six days since the "intrusion" first took place. Blumenthal elaborated, "Although the breach occurred nearly a week ago, Sony has not notified customers of the intrusion, or provided information that is vital to allowing individuals to protect themselves from identity theft, such as informing users whether their personal or financial information may have been compromised." Sen. Blumenthal also sent a letter to SCEA President and CEO Jack Tretton
Cookyman Posted April 26, 2011 Posted April 26, 2011 (edited) When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Now this is a worry - why don't they just reset the passwords? If the hackers login before we do they can change your password! From the BBC PlayStation hacker took user info Sony has warned users of its PlayStation Network that their personal information, including credit card details, may have been stolen. The company said that the data might have fallen into the hands of an "unauthorised person" following a hacking attack on its online service. Access to the network was suspended last Wednesday, but Sony has only now revealed details of what happened. Users are being warned to look out for telephone and e-mail scams. In a statement posted on the official PlayStation blog, Nick Caplin, the company's head of communications for Europe, said: "We have discovered that between April 17 and April 19 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network". The blog posting lists the personal information that Sony believes has been taken. Name Address (city, state/province, zip or postal code) Country E-mail address Date of birth PlayStation Network/Qriocity passwords and login Handle/PSN online ID Mr Caplin added: "It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained". Credit cards Sony admitted that credit card information, used to purchase games, films and music, may also have been stolen. "While there is no evidence that credit card data was taken at this time, we cannot rule out the possibility," Mr Caplin said. "If you have provided your credit card data through PlayStation Network or Qriocity, to be on the safe side we are advising you that your credit card number (excluding security code) and expiration date may also have been obtained." Sony has not given any indication of how many PlayStation Network users may have had their information taken, but the service has around 70 million members worldwide. 'PR Disaster' The theft of so much detailed customer information would be seen as a "public relations disaster", according to Graham Cluley, senior technology consultant at security firm Sophos. "This is a big one," he told BBC News. "The PlayStation Network is a real consumer product. It is in lots of homes all over the world. "The impact of this could be much greater than your typical internet hack." Mr Cluley warned that, even without credit card details, the information taken was enough to help criminals carry out further attacks on other services. "Some people will use the same passwords on other sites. If I was a hacker right now, I would be taking those e-mail addresses and trying those passwords," he said. Edited April 26, 2011 by Cookyman
flameboy Posted April 26, 2011 Posted April 26, 2011 there seems to be this viewpoint arising that it was just a single hacker this seems to be due to the original wording of the statement more than anything.
Wesley Posted April 26, 2011 Posted April 26, 2011 Oh man... I have no idea what password I was using... Now I'm going to have to changed all sets of passwords.
Vokfets Posted April 26, 2011 Posted April 26, 2011 I'm surprised, the PS3 stuff has been pretty hard to decrypt. It's been out a while now and no-one has managed to crack the stuff they put on videos. They're just simple mp4s with aac audio, I think, but it's not been cracked. I don't have any money anyway so if someone did get my details they'll find they can't take anything out of my account.
The Lillster Posted April 26, 2011 Posted April 26, 2011 (edited) This is interesting: http://forums.sarcasticgamer.com/showpost.php?p=645846&postcount=734 I need to ignore Twitter right now... there are tons of people (and site feeds) spewing ignorance galore... I work at a company that deals with data security... we wish everyone that lost a laptop or left data unencrypted had used our product(s) first. The fact is, NOBODY is impervious to being hacked. It happens all the time to tons of companies. It happens at a much larger scale than the 75M PSN users. Edited April 26, 2011 by The Lillster
Choze Posted April 26, 2011 Posted April 26, 2011 I'm surprised, the PS3 stuff has been pretty hard to decrypt. It's been out a while now and no-one has managed to crack the stuff they put on videos. They're just simple mp4s with aac audio, I think, but it's not been cracked. I don't have any money anyway so if someone did get my details they'll find they can't take anything out of my account. Well Sony and especially PS3 seem to be the big target right now. If hackers focus on one system then the flaws will be discovered. Right now one by one the PS3 and PSN are being taken apart, especially as its considered a 'just' cause.
Cube Posted April 26, 2011 Posted April 26, 2011 The only people who think it is a just cause probably have no idea what it is all about.
Recommended Posts