Log in or sign up to comment
714 Comments
Posted by Fallen189

"  I need to ignore Twitter right now... there are tons of people (and site feeds) spewing ignorance galore...

I work at a company that deals with data security... we wish everyone that lost a laptop or left data unencrypted had used our product(s) first. The fact is, NOBODY is impervious to being hacked. It happens all the time to tons of companies. It happens at a much larger scale than the 75M PSN users.

By data breach standards, what Sony has done here is the absolute text book implementation of what to do correctly. They didn't put protocol aside to keep selling PSN content. They didn't put protocol aside to let gamers keep gaming, potentially muddying up the systems being scoured for clues. They didn't try to hide that this happened. They didn't try to analyze it themselves but instead brought in experts.

The people and sites that are faulting Sony on how they've handled this so far are simply, and I mean no disrespect by the use of the very most accurate word I can think of... "ignorant" as to what they're talking about.

If you think Sony should've battened down the hatched and never gotten hacked... talk to the HUNDREDS of other companies/brands/organizations out there that have endured the exact same fate. If you think Sony shouldn't have been storing credit card information (at all or in a certain way) you should know that all there are now are recommendations or guidelines, there are no LAWS yet that force companies to certain degrees of protection and even if they were adequately protected, depending on the extent and nature of the hack, having them protected to PCI DSS guidelines STILL might not prevent people from getting to our credit card information...

That said, Sony said there was no evidence that our credit cards were compromised. They recommended (and to be honest, this was worded well) that "While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained." How can they be faulted for that? Would you rather them lie and say "you're safe" or "they were compromised"?

This was a text book reaction to a large scale data breach and unlike MOST companies where we'd simply get an unexpected letter in the mail, we were somewhat kept in the look by the raised awareness that PSN being down leading them to say something. You don't spill details during an investigation and these things take time. Hell, try checking out your computer after you've had a trojan installed and activated... now amplify that work by about a bajillion. Going through that stuff takes time."


Online
Posted by tightestjeans
@JudgeDread:

Did you even read the arstechnica.com article before you posted it?  It has a pretty big update clarifying the original story.
Posted by crithon

wow.... I'm actually releaved for buying those 20 bucks PSN cards to make my purchases. 

Posted by JudgeDread

 http://www.facebook.com/topic.php?uid=128798377161188&topic=356

 
 
 http://arstechnica.com/gaming/news/2011/02/report-psn-hacked-showing-stunning-lack-of-credit-card-security.ars 

Posted by FCKSNAP
@WilliamRLBaker said:
" @Snapstacle said:
"
                I'd still rather have my identity stolen than pay for XBL. Just sayin

Honestly I've had my credit card info stolen twice already from something as simple as giving the waitress my credit card at PF Chang's. It's really painless when you go through Bank of America.

            "


aren't you the epitome of fanboy then next up you'll be making the epitome of apologist...but but its not that big of a deal that Psn was hacked and so much information was stolen...


 

"
That first line was a joke at my own expense for having an account. I thought you of all people would understand humor.
Posted by WilliamRLBaker
@Snapstacle said:
"
                I'd still rather have my identity stolen than pay for XBL. Just sayin

Honestly I've had my credit card info stolen twice already from something as simple as giving the waitress my credit card at PF Chang's. It's really painless when you go through Bank of America.

            "


aren't you the epitome of fanboy then next up you'll be making the epitome of apologist...but but its not that big of a deal that Psn was hacked and so much information was stolen...


 

Edited by tightestjeans
@Kamasama:  You're talking about this article

 http://arstechnica.com/gaming/news/2011/02/report-psn-hacked-showing-stunning-lack-of-credit-card-security.ars

You'll notice they updated the article later and info was not stored in .txt file format.  They also confirmed that Sony was using a secure SSL connection for transactions.
Posted by KamasamaK
@KaosAngel said:
" @damswedon said:
" @KaosAngel said:
" Who the fuck puts user information as a .txt file? "
Wait is that true? "
The news story on ArsTechnica and Reddit said it was right.  They don't BS with that kind of stuff.  They said there was no encryption on the user information...so that means it must've been a .txt file. "
I couldn't find that in either of the Ars Technica articles I read. That's pretty absurd, though. They would need to store that information in a database. And even if the database were unencrypted, they'd need to be incredibly incompetent to store passwords in plaintext. It's common practice to store and compare cryptographic hashes instead.
Posted by tactis
@dck
Well, fuck you Sony. XBL only purchases from now on.
Posted by urban_ryoga

I knew I picked the right system!


In all seriousness though, I'm really sad that this happened and the reprecussions of this are wide for all those users affected. Regardless if their credit card information was obtained or not...
Posted by KingX

What did Sony use to run and protect its network? a couple of cheap routers bought on mediamarkt?
THis sounds like the hackers must have had good time to gain all that info if it regards almost every user on the PSN.

Posted by dudeglove

oh fucking hell

Posted by Da_money125

This sucks I hope they get this sorted out soon, since I was planning on getting a PS3 last week.

Edited by Rekt_Hed
@Silentsnake510 said:

" On a scale of one to shitty, this situation is pretty shitty "

YUUUUUUUUUUUUUUP

Well just got off the phone to my bank and ive had NO dodgy transactions in the time that PSN has been attacked but reported my card lost just to be on the safe side!
It doesnt effect me to much anyway because I barely use the thing its just a pain in the ass like this whole week has been :P

Feels like every day when I find out more information about PSN im being forced to take another bite on a huge shit sandwich.

I really should have reported my card as stolen when I first found out that the PSN had been hacked.  Thought it would never be this bad though.
Posted by BlueFroman
@slantedwindows: Everyone should get free Playstation plus for life.
Posted by kalmis
@RobotHamster said:
" I can just cancel my card and get a new one right? "
No, but you can report your card to be stolen. Then you should get new one.
Posted by tightestjeans
Posted by Punk1984
@YukoAsho: I hope you're right, there is a woman at my office who prints out every email she gets...I weep for the forests. However outside of the echo chamber let's be honest most people will ignore this and go on about their day, week, year. The problem comes in any lasting damage to Sony's brand image. We will know in the next few weeks if that will happen. If this is a huge blemish on the digital age maybe people will notice (people know about RROD) but I don't think that will happen. Like I said Monday after next no one will care.
Posted by TadThuggish

It was only about a week ago that I finally admitted that the PS3 was on par with the 360 in terms of online content.


When I get home, I may sell the thing.  Or burn it.  I can't believe this shit.
Posted by YukoAsho
@Punk1984 said:
" @YukoAsho said:
"I hope these two incidents have at least some people looking very seriously at the implications of moving our entire way of life onto something so drastically effected by the mercurial fates. "
It won't by next Monday it will be business as usual for everyone involved but Sony's security, who will have to work a little harder. It is the same reason why people still eat Big Macs after they've been proven to have fecal matter in them. It is just easier to get a Big Mac than grill your own. "Easier" wins over "Common Sense" every time.

Earlier this evening I thought this hack could have last repercussions from Sony. After reading the boards and seeing the same system centric biases I'm pretty sure it will be over before you know it.
"
Well, forums are cesspools, so I try to not base my opinions on them.  Let's be honest, the only difference between Giant Bomb and most other game sites is that the moderators at least try not to let it descend into chaos.  While some console zombies (and probably the Bombcast crew) will be back to extoling how download only is THE ONLY FUTURE and how those of us resisting are holding everything back, I'm sure there will be people outside of the echo chamber at least considering this.  I think back to the supposed "paperless society."  Remember that a few years back?  How we wouldn't need paper anymore because we could just store all our documents on our computers?  Instead, people used more paper than ever because they wanted hard copies.  The "digital future" might just end up being another pipe dream like the "paperless society."  At least we can hope.
Posted by Punk1984
@YukoAsho said:
"I hope these two incidents have at least some people looking very seriously at the implications of moving our entire way of life onto something so drastically effected by the mercurial fates. "
It won't by next Monday it will be business as usual for everyone involved but Sony's security, who will have to work a little harder. It is the same reason why people still eat Big Macs after they've been proven to have fecal matter in them. It is just easier to get a Big Mac than grill your own. "Easier" wins over "Common Sense" every time.

Earlier this evening I thought this hack could have last repercussions from Sony. After reading the boards and seeing the same system centric biases I'm pretty sure it will be over before you know it.
Posted by hollitz

Well this is great news for XBL.  Can't imagine too many people are going to be eager to give PSN any money now.
Posted by YukoAsho

I think the larger issue here is that, as more and more people surrender more and more of their lives to the nebulous whims of the internet, this sort of stuff is going to keep on happening.  It's been proven again and again that sufficiently determined hackers will try relentlessly to break into systems.

And that's just this incident.  The Amazon Cloud shutdown shows us just how much simple acts of God that once wouldn't effect more than the area where they occurred can now be felt nationwide, and even worldwide, and the prospect of a society free of physical media become nightmarish.

I hope these two incidents have at least some people looking very seriously at the implications of moving our entire way of life onto something so drastically effected by the mercurial fates.

Posted by TwoOneFive

this is nothing short of epic. 



i hope they find the dickheads responsible and prosecute the shit out of them. 

seriously, what a bunch of loser/assholes. use your fucking computer skills for something worthwhile you fucking dickheads. 
Posted by policenaut

I'm glad I can sit through 800 firmware updates a year so shit can get fucked up anyway.

Posted by Punk1984
@blastershift said:
" Well the biggest issue I have is that it took them so long to bring this to information out. It should have been said the first or second day.Oh well my visa is safe and sound "
According to them they didn't know until late yesterday.
Posted by ThomasofTroy

wooot

Posted by blastershift

Well the biggest issue I have is that it took them so long to bring this to information out. It should have been said the first or second day.

Oh well my visa is safe and sound

Posted by Silentsnake510

On a scale of one to shitty, this situation is pretty shitty

Posted by Godlyawesomeguy
@super_machine said:
" Well, balls for sony. In the mean time, I met a super awesome chick and had an awesome first date. PSN goes down, and my personal life goes up. Connection? "
Definitely.
Posted by chads92

PC FOR THE WIN

Posted by Hawk456

Congratulations Gamestop... I will be buying any PSN point cards from you going forward. 
Posted by Vextroid

Its things like this why I dont have/use a credit card.

Change you passwords (regualry, which you should do if you don't, changed my G-Mail as a precaution) and keep eye on your Credit Card statments and records, raise any flags with the bank on anything suspicious (If you don't already.)

Gonna occupy myself with some more Single-player action untill this situation gets under control.

Posted by RobotHamster

I can just cancel my card and get a new one right?

Posted by gunslingerNZ
@Branthog said:
" I wouldn't be too worried about your passwords being exposed. Even Sony can't possibly be so incompetent as to store our passwords in plaintext or with a simple hash. Even the least experienced among us know that at the very least, you encrypt passwords with a salted hash so that they would be very difficult for someone to suss out (and probably computationally prohibitive if you're talking about doing so for 75-million passwords). If this isn't the case and the data was stored either as plaintext or a simple hash (meaning passwords can be exposed using a simple rainbow table attack) then it's a level of negligence that should almost border on criminal.

 http://www.codinghorror.com/blog/2007/09/youre-probably-storing-passwords-incorrectly.html "
Wish GB had an upvote system so I could put this near the top. I'm incredibly pissed off with Sony right now but I'm still hopeful that they weren't so incompetent as to have the passwords stored unencrypted on their servers. Hopefully we get a full rundown on the situation though because the information they've provided so far has been woefully inadequate.

Again the same can be said for the Credit Card info. It should surely have been protected by some sort of strong encryption and if it wasn't then I'm first in line for the class action against Sony.
Posted by TooWalrus
@super_machine said:
" Well, balls for sony. In the mean time, I met a super awesome chick and had an awesome first date. PSN goes down, and my personal life goes up. Connection? "

I've been balls deep in late homework for a week now, but I feel like if the PSN shortage had really effected my gaming, I would have done the opposite of what you did- gone straight back to Warcraft.
Posted by UnsolvedParadox

I become more alarmed with every news update (great job, Patrick), and would be extremely reluctant to share any information with Sony ever again. I'll keep using PSN after I change all of my password, but I'll never trust them with my credit card or personal information again.

Posted by shodan2020
@Video_Game_King: @Video_Game_King said:
" Shit. I'd say that this makes me glad that I don't own a PS3, but I still want to play all those cool games. "
Just play them offline, like you used to on your PS2.  Hell, I still fire up my PS2 regularly... still enjoying many great titles. :)
Posted by yakov456

I expect to be contacted my many Nigerian Princes in the near future.

Posted by laugurinn
@slantedwindows: they won't
Posted by animateria
@spazmaster666 said:
" Well at least the password that I use for PSN is one of my older passwords that I don't really use anymore.

Also, this probably isn't related (though it is a little ominous), I just tried to login to Bank of America online banking and the site seems to be down . . .
"
I logged in fine just now.
Posted by honeycut1

I find it difficult to believe that Sony had no idea that personal data was compromised until the outside firm told them so.

Posted by spazmaster666

Well at least the password that I use for PSN is one of my older passwords that I don't really use anymore.


Also, this probably isn't related (though it is a little ominous), I just tried to login to Bank of America online banking and the site seems to be down . . .
Posted by Stars2099
Posted by UlquiorraSchiffer
@cuevas: Yeah, seriously, some people are such fucking babies. They're hurting the users with this, not sony.
Posted by inkwolf

How could the hackers possibly have the passwords?  Only the hashed value of the password should be stored on Sony's servers.  Why would they have any reason to store the plantext password anywhere?  That's rediculous.
Posted by super_machine

Well, balls for sony. In the mean time, I met a super awesome chick and had an awesome first date. PSN goes down, and my personal life goes up. Connection?

Posted by blaakmawf

Fuuuuuuck.

Posted by pikastar

Man what a mess. Just hope everything gets fixed up soon

Posted by ToxikPandaKoi

xbox ftw!