Log in or sign up to comment
714 Comments
Posted by Branthog

I wouldn't be too worried about your passwords being exposed. Even Sony can't possibly be so incompetent as to store our passwords in plaintext or with a simple hash. Even the least experienced among us know that at the very least, you encrypt passwords with a salted hash so that they would be very difficult for someone to suss out (and probably computationally prohibitive if you're talking about doing so for 75-million passwords). If this isn't the case and the data was stored either as plaintext or a simple hash (meaning passwords can be exposed using a simple rainbow table attack) then it's a level of negligence that should almost border on criminal.

 http://www.codinghorror.com/blog/2007/09/youre-probably-storing-passwords-incorrectly.html

Posted by sofakingcool

It's stuff like this that makes me glad I dont have a PS3. XBOX LIVE FTW lol

Posted by random_guy23

If anyone wants to know how the hackers got in, I found this info on PSX Scene, from user SKFU.

'The PSN is down, all accounts got dumped by an anonymous hacker and the community is cryin' for answers. 77 million accounts with password and sometimes CC info are worth a lot in several hack chans. This is a very huge case.

Now SONY engaged an external security company to discover the holes in SONY's system and find answers. As I was wondering if there may be some information about the actual case we can find out publically, I researched a bit myself.

One interesting point I found is a
not secured access log of a PSN environment.
You will quickly notice the IP 214.1.211.251, which sends requests like a vulnerability scanner.
The IP points to the DoD Network Information Center, based in Ohio USA.

The first log entry of this IP is [03/Mar/2011:07:10:38 -0800]. As the DoD is knows as beeing easy to hack, the anonymous hacker could have used this as proxy.

Maybe SONY might want to take a look at this IP, I hope soon we get some news and details about the case...'

- SKFU

Edited by Afroman269

What a fucking shitstorm. Good job, Sony. More shit to worry about.

Posted by Xaviersx

I wish the Sony users the best of luck in this crapfest, it shouldn't happen especially on such a large scale to anybody no matter the platform.  That said, thankfully, I don't have a paid account with any of the platforms so that is a relief to me.  It's sad that we live in times with many mass hacks and breaches of personal data, at schools, credit card go-betweens, online entertainment, etc.  And never mind if the credit card companies say they'll protect you from fraud, who'll protect us from the credit reporting agencies and their mismash of hard to clean up records. 

Posted by Czarpyotr

Changed all passwords, especially my bank one.  What's awesome is that my PS3 disc drive broke, after a sony rep already caused me to lose access to all my game data, and they still want me to pay them 130 bucks to fix it.  


Posted by TheClap

Patrick earning his newsy hat HARDDDD.


Posted by detectivepbert
@sofakingcool:   i'm pretty sure xbox security is at least as bad.  why do you think ps3 was (at least before this incident) the only platform allowed for call of duty in major league gaming?
Posted by FunExplosions
@lhaymehr said:
" I was actually watching it being hacked.  And DDoS'd earlier. "
Wanna elaborate on that? I'm a wee tad curious.
Posted by Elyhaym
@sofakingcool said:
" It's stuff like this that makes me glad I dont have a PS3. XBOX LIVE FTW lol "
It's sentences like this that make me glad I don't play on Xbox Live. 
Posted by JEC03

Wow this sucks hard for ps3 owners goodluck to everyone.

Posted by Leafhopper

How would you change your PSN without being logged in to PSN?

Posted by vogon

@random_guy23:

I, too, remember when the hackers attacked PSN, after compromising a computer at the Defense Department.

 

on March 3rd.

Posted by pot

This is bullshit, screw you Sony.
Posted by pot
@onimonkii said:
"
                whatevs, i use psn cards, anyone could look up the rest of the info without hacking into psn, not a big deal at all really.
            "

Yeah it is a big deal. And please tell me where someone could look up my credit card info and PSN password?
Posted by kalakov

Another nice plot for an south Park episode.    

Posted by honeycut1

I like that they are encouraging all of us to remain vigilant by checking our own credit scores and bank statements. 

The whole situation stinks and it's been horribly handled.

Posted by Xerxes8933A

The worst part about this?  I'm only finding out about this because I visit sites like this.  Not a single communication from PlayStation itself. 

What about the 90% of PSN users that don't visit sites like this?  When is Sony going to tell them they need to get new cards issued.

Posted by bhhawks78

I won't be adding a credit card to any sony system or site EVER again.

Posted by Duffyside
@KimFidler said:
" I have a new credit card on the way so that's all good.  What pisses me off is that I have to call the gas, cable, and electricity companies to change my automatic credit billing.  Thanks Sony! "
If you have a new card, wouldn't you have to do that anyway?
Posted by TadThuggish

Buh-bye PS3.

Posted by Magma_Pear
@DeShawn2ks said:
"

                    @Silock said:
"
                @Magma_Pear: Mate, your a fucking legend and I agree 100%, thanks for venting, on behalf of all of us! 
            "
Not all of us to me he comes off to me sounding like a whiny bitch. But yeah this situation does suck though. Buy pre paid cards, check you bank account and credit card info almost ever day (should have been doing this in the first place) I hope things get better for Sony and anyone affected by this.

                   

                "

@Elyhaym said:
"

                    @Silock said:
"
                @Magma_Pear: Mate, your a fucking legend and I agree 100%, thanks for venting, on behalf of all of us! 
            "
That's funny. I think he's absolutely awful.

                   

                "

@Silock said:
"

                    @Magma_Pear: Mate, your a fucking legend and I agree 100%, thanks for venting, on behalf of all of us! 

                   

                "



Thanks for the support Silock!

 

For you other guys, I don't mean to hate on Sony but this situation is retarded. Of course the hackers responsible for all of this have some blame in it all, but at the end of the day, if you leave your house or your car unlocked and you get robbed, who ultimately is to blame for it? In part, YOU ARE. For being so stupid! And that's what Sony's done to the detriment of us all.

Posted by Andorski

So... I'm gonna use my Xbox again.


If only Uncharted 3 was on other systems.  Then I can easily stop supporting incompetence.
Posted by TadThuggish
@Magma_Pear said:
"


I'm going to risk getting flamed for saying this but... I purchased MK on the PS3 instead of 360 this time around because of Kratos and I feel I'm owed a little venting right now. 

 

I'm going to say this is all Sony's fault, and there's no point in explaining all the reasons because it doesn't really matter. But I think that if you look at all the events of this generation I think you'll see that Sony has done EVERYTHING, as if intentional, to not only get the attention of hackers, but to piss them off too. It goes all the way back to the launch with few games, making claims of the PS3 being more than just a console as compensation, and having Linux support to begin with - that attracted the hacker crowd right there, that's what got Geohot involved.

 

Then they took Linux away, then Geohot hacked it back, then they mishandled that situation and sued Geohot, got themselves on the news for arresting other hackers, made ridiculous legal demands that violated people's privacy on unrelated services like youtube of all places - all only to settle and come out a big loser with Geohot walking away with a 10K donation to the EFF. But not before anonymous got pissed off enough for them to LIOC the crap out of Sony - while other hackers, also anonymous did the real damage by infiltrating the PSN system using Geohot's custom firmware running on one of Sony's own PS3 systems, via Linux.

 

 

There is a lesson in this for Sony. A pretty damn big one. STICK TO THE FUCKING VIDEO GAMES YOU FUCKING ASSHOLES. Next time don't muck around with internet browsers and running desktop operating systems and all that stupid, non-gaming related, curing cancer bullshit. Take a lesson from MS and make your games machine just that and that only! I can't believe how fucking stupid Sony is to not only have such embarrassingly horrible PS3 security, but to also make the PS3's security the ONLY line of defense that PSN had. Client side only security? What year is this, 1995? No wait, client side only security was horrible back then too. The horrible irony of this whole situation is that Sony is so fucking stupid, that it was the Linux support they first gave and then tried to take away that was used to hack PSN, right from a PS3 running CFW. There's so many layers to just how badly they set themselves up for this that they MUST deserve it.

 

It only does everything huh? Fucking morons. How about next time it ONLY DOES VIDEO GAMES? I mean, did anyone ever fucking ask for anything other than the next Playstation games machine? Which one you assholes asked for everything? 77 million users compromised. God Sony, you are so fucked.

 

 

 

 

"
CUT MY LIFE INTO PIECES
THIS IS MY LAST RESORT
Posted by Device

"Thank you you for your patience, thank you for your understanding".
I fucking tired of dry apologetic corporate tone. This sort of information should've been available to the users week ago when the PSN went down in the first place. What a bunch of fucking wankers!

Posted by onimonkii
@pot said:
" @onimonkii said:
"
                whatevs, i use psn cards, anyone could look up the rest of the info without hacking into psn, not a big deal at all really.
            "
Yeah it is a big deal. And please tell me where someone could look up my credit card info and PSN password? "
do you not understand what "the rest of the info" means? if you used psn cards they wouldn't have your credit card info. if your psn password is the same as anywhere else, that's the only reason you'd have to worry at all, in which case you could just change them to something else, now they have a useless password, psn is down so it's useless to them now, and once it comes back up you can change that too.
Posted by Aaron_G

If my personal information is effected I will be so not happy Sony. I better get something. 

Edited by Sooty

It's really bad they didn't release this info when it first went down.

I'd like to change my credit card info but I can't login to do that and I have no idea which card is on there. But the last time I bought anything was almost a year ago so hopefully it'll be an expired card.

Posted by Andorski

Just want to point this out: Patrick Klepek gets hired by Giant Bomb to do hard investigative reporting, and next thing you know a big story comes out about how a large corporation has screwed over it's entire userbase.


Coincidence?
Posted by Magma_Pear

@TadThuggish:

It just sucks to have to worry about identity theft on a damned video game machine. I have enough to worry about in my life with a wife and two kids to keep over without having worry about getting robbed simply because I purchased a few games on PSN.

 

Gaming is supposed to be about fun, not about CNN reporting that my personal address, phone number, billing address and probably my credit card info all got jacked because Sony thinks client side only security is the wave of the future.

 

I'd be different is Sony told us all up front that they only use shit security BEFORE I stored all my personal information with them. Then I'd have myself to blame for this too.

Posted by Keith_Games

We'll live...but I'm betting we'll receive no kind of compensation for the outage...although it's not sony's fault, maybe a free game or something would be nice...
Posted by Magma_Pear
@Andorski said:
"

                    Just want to point this out: Patrick Klepek gets hired by Giant Bomb to do hard investigative reporting, and next thing you know a big story comes out about how a large corporation has screwed over it's entire userbase.

Coincidence?


                   

                "

Patrick Klepek, he doesn't make his living by reporting the news. He makes his living by creating it in the first place...
Posted by Kyreo

Everything is going to be alright.... hopefully.

Posted by ParanoidFreak
@TadThuggish said:

CUT MY LIFE INTO PIECES

THIS IS MY LAST RESORT
Haha, this actually made me laugh out loud, but I definitely see "Magma_Pear's" point.
Posted by OmegaRadium

SO NINTENDO HAD IT RIGHT ALL ALONG!

Edited by TheHT

God, this situation sucks balls.

Online
Posted by Hashy
  @Snapstacle said:
" I'd still rather have my identity stolen than pay for XBL. Just sayin
Still funny no matter how many times I read it. Spoken like someone with nothing to lose.
Posted by Fjordson

God damn. So glad I never had any credit card/billing information on PSN account.

Posted by Andorski
@histeachn said:
" I am least inclined to blame Sony for this.  Should they have had a more stalwart system in place?  Sure, but there wasn't a known potential for this to happen until the PS3 got hacked.  Now there are people pointing fingers at Sony for this, and it's not really their doing.  Sometimes this is the way you learn there are gaping holes, and it sucks.  This is why they pursued the lawsuit and tried to close the floodgates, but the PS3 crack already got through.  My bank information is on PSN as well, but I also regularly check my account and can contact my bank very quickly about an off purchase.  I can't go online to change my password since PSN is down, so I'm just going to be vigilant and see what happens.  I wish Sony could do more than react, but it wasn't someone from Sony who published the way to hack into the system.  All this does is show that Sony had reason to be concerned from the original hack.  I say let them clean this up, and hopefully move on with a more secure PSN.  "
Hacking the system =/= hacking the service.  There should be no reason why a device with custom firmware should give one access to any and all information on online servers.  I don't blame Sony for being arrogant in their appraisal for their once-uncrackable console, or for their legal actions once people were able to open up the PS3.  I blame them for their idiotic security method of having their system securities on the hardware rather then on their servers.

I'm not even that technically proficient in computer hardware/software, but even I understand the idea that if a person physically has a device with security measures on it, they can and will break through it.
Posted by Vlad_Tiberius

So basically the PS3  turned into PS2...

Posted by CowsWithGuns
@TadThuggish said:
"
CUT MY LIFE INTO PIECES
THIS IS MY LAST RESORT
"
Suffocation No Breathing
Don't give a F*ck if I cut my arm breathing.   This made me laugh!

But seriously Sony you used to have a reputation of being a great electronics company.  Things were lookin good for you!  You had a the PS2, great TV's and pretty sweet sound systems (I still use my old one) .  You have continued to charge a premium for electronics that are now a lot worse than most, and taken short cuts to lead you to where you are today.  Good Job.  You pissed off the internet and the internet fought back and won....hard.   
Edited by NoCookiesForYou

Holy shit, PANIC MODE GO!

Sony and it's users just can't seem to catch a goddamn break. Thank god i only used PSN cards for my purchases and unique password for my account.

Edited by Jackel2072

the one time i buy a 3rd party game on my PS3 (Portal 2) PSN goes down. oh well. the credit card i did have on my account is dead so no worries there and i still have my xbox. back to MORTAL KOMBAT!

Posted by PoisonJam7

Fucking great.

A few weeks before this happened, my account got hacked somehow and someone bought "Angry Birds" lol. Luckily, I have a dedicated online-only credit card that I only keep a small amount of money on, so they weren't able to go on some kind of shopping spree or drain my main account. Still, I lost about $5 and got a stupid game that I didn't want.

I also completely don't buy the statement made by "Anonymous" that it wasn't them. Yeah right, who's going to believe those dick faces?

Posted by Andorski
@CowsWithGuns said:
" @TadThuggish said:
"
CUT MY LIFE INTO PIECES
THIS IS MY LAST RESORT
"
Suffocation No Breathing
Don't give a F*ck if I cut my arm breathing.   This made me laugh!

But seriously Sony you used to have a reputation of being a great electronics company.  Things were lookin good for you!  You had a the PS2, great TV's and pretty sweet sound systems (I still use my old one) .  You have continued to charge a premium for electronics that are now a lot worse than most, and taken short cuts to lead you to where you are today.  Good Job.  You pissed off the internet and the internet fought back and won....hard.   
"
They use to be great because electronics use to be a hardware game.  The PS3 is still a fantastically built unit.  Things went down for them when software-based services became the norm.  Sony has such shitty software engineers.  I remember when playstation.com went all screwy and people couldn't sign onto their website.  Took them a couple of months to figure that out.
Posted by tropico89

Now do they mean PSN should be back up tomorrow which is a week after it went down or a week as of today?  Can anyone clarify this for me? 
Posted by Getz

I don't want to sound like some idiot fanboy, but I am soooooooo glad I don't have a ps3 right now. 

Posted by CowsWithGuns
@Andorski: Yea your right, they didn't make the transition into the 2000's very smoothly at all.
Posted by thekingoftoilets

Well fuck. This sucks. Sony SHOULD have sent out some sort of notification about this sooner, not 5 days later. Also, they BETTER inform their consumers if personal information indeed was collected by hackers.
BUT: You cannot blame Sony for this intrusion. I can guarantee if the same thing happened to say Apple or Microsoft, shit would be as chaotic as it is now, and it isn't the first time a corporation was hacked and possibly leaked personal info.
Sony better have some sort of compensation for its consumer base, whatever it may be.

.... if this is a belated April fools joke, its not funny

Posted by MadLeper
@EuanDewar: 

Actually, that story turned out to be incorrect.  An unhacked PS3 uses the exact same encryption as by MS, the plain text file CC info was being exposed by....wait for it... someone using a PS3 with CFW.

So some idiot loads custom firmware on his PS3, adds his CC information into PSN and is outraged that it's being sent in the clear,