Log in or sign up to comment
714 Comments
Edited by Rekt_Hed
@Silentsnake510 said:

" On a scale of one to shitty, this situation is pretty shitty "

YUUUUUUUUUUUUUUP

Well just got off the phone to my bank and ive had NO dodgy transactions in the time that PSN has been attacked but reported my card lost just to be on the safe side!
It doesnt effect me to much anyway because I barely use the thing its just a pain in the ass like this whole week has been :P

Feels like every day when I find out more information about PSN im being forced to take another bite on a huge shit sandwich.

I really should have reported my card as stolen when I first found out that the PSN had been hacked.  Thought it would never be this bad though.
Posted by Da_money125

This sucks I hope they get this sorted out soon, since I was planning on getting a PS3 last week.

Posted by dudeglove

oh fucking hell

Posted by KingX

What did Sony use to run and protect its network? a couple of cheap routers bought on mediamarkt?
THis sounds like the hackers must have had good time to gain all that info if it regards almost every user on the PSN.

Posted by urban_ryoga

I knew I picked the right system!


In all seriousness though, I'm really sad that this happened and the reprecussions of this are wide for all those users affected. Regardless if their credit card information was obtained or not...
Posted by tactis
@dck
Well, fuck you Sony. XBL only purchases from now on.
Posted by KamasamaK
@KaosAngel said:
" @damswedon said:
" @KaosAngel said:
" Who the fuck puts user information as a .txt file? "
Wait is that true? "
The news story on ArsTechnica and Reddit said it was right.  They don't BS with that kind of stuff.  They said there was no encryption on the user information...so that means it must've been a .txt file. "
I couldn't find that in either of the Ars Technica articles I read. That's pretty absurd, though. They would need to store that information in a database. And even if the database were unencrypted, they'd need to be incredibly incompetent to store passwords in plaintext. It's common practice to store and compare cryptographic hashes instead.
Edited by tightestjeans
@Kamasama:  You're talking about this article

 http://arstechnica.com/gaming/news/2011/02/report-psn-hacked-showing-stunning-lack-of-credit-card-security.ars

You'll notice they updated the article later and info was not stored in .txt file format.  They also confirmed that Sony was using a secure SSL connection for transactions.
Posted by WilliamRLBaker
@Snapstacle said:
"
                I'd still rather have my identity stolen than pay for XBL. Just sayin

Honestly I've had my credit card info stolen twice already from something as simple as giving the waitress my credit card at PF Chang's. It's really painless when you go through Bank of America.

            "


aren't you the epitome of fanboy then next up you'll be making the epitome of apologist...but but its not that big of a deal that Psn was hacked and so much information was stolen...


 

Posted by FCKSNAP
@WilliamRLBaker said:
" @Snapstacle said:
"
                I'd still rather have my identity stolen than pay for XBL. Just sayin

Honestly I've had my credit card info stolen twice already from something as simple as giving the waitress my credit card at PF Chang's. It's really painless when you go through Bank of America.

            "


aren't you the epitome of fanboy then next up you'll be making the epitome of apologist...but but its not that big of a deal that Psn was hacked and so much information was stolen...


 

"
That first line was a joke at my own expense for having an account. I thought you of all people would understand humor.
Posted by JudgeDread

 http://www.facebook.com/topic.php?uid=128798377161188&topic=356

 
 
 http://arstechnica.com/gaming/news/2011/02/report-psn-hacked-showing-stunning-lack-of-credit-card-security.ars 

Posted by crithon

wow.... I'm actually releaved for buying those 20 bucks PSN cards to make my purchases. 

Posted by tightestjeans
@JudgeDread:

Did you even read the arstechnica.com article before you posted it?  It has a pretty big update clarifying the original story.
Posted by Fallen189

"  I need to ignore Twitter right now... there are tons of people (and site feeds) spewing ignorance galore...

I work at a company that deals with data security... we wish everyone that lost a laptop or left data unencrypted had used our product(s) first. The fact is, NOBODY is impervious to being hacked. It happens all the time to tons of companies. It happens at a much larger scale than the 75M PSN users.

By data breach standards, what Sony has done here is the absolute text book implementation of what to do correctly. They didn't put protocol aside to keep selling PSN content. They didn't put protocol aside to let gamers keep gaming, potentially muddying up the systems being scoured for clues. They didn't try to hide that this happened. They didn't try to analyze it themselves but instead brought in experts.

The people and sites that are faulting Sony on how they've handled this so far are simply, and I mean no disrespect by the use of the very most accurate word I can think of... "ignorant" as to what they're talking about.

If you think Sony should've battened down the hatched and never gotten hacked... talk to the HUNDREDS of other companies/brands/organizations out there that have endured the exact same fate. If you think Sony shouldn't have been storing credit card information (at all or in a certain way) you should know that all there are now are recommendations or guidelines, there are no LAWS yet that force companies to certain degrees of protection and even if they were adequately protected, depending on the extent and nature of the hack, having them protected to PCI DSS guidelines STILL might not prevent people from getting to our credit card information...

That said, Sony said there was no evidence that our credit cards were compromised. They recommended (and to be honest, this was worded well) that "While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained." How can they be faulted for that? Would you rather them lie and say "you're safe" or "they were compromised"?

This was a text book reaction to a large scale data breach and unlike MOST companies where we'd simply get an unexpected letter in the mail, we were somewhat kept in the look by the raised awareness that PSN being down leading them to say something. You don't spill details during an investigation and these things take time. Hell, try checking out your computer after you've had a trojan installed and activated... now amplify that work by about a bajillion. Going through that stuff takes time."


Posted by jamesisaacs

Well i have no money anyways so i guess that means i win eh hackers?

Also i won't be selling my PS3 over this cus that is just lame plus my Xbox is broke so....

Posted by Winternet

I smell trouble for Sony.

Edited by PandaShake
@kalmis said:

" @RobotHamster said:

" I can just cancel my card and get a new one right? "
No, but you can report your card to be stolen. Then you should get new one. "
Unless your bank works differently, yea you can just say you want to cancel your card and get a new one. Reporting your card stolen is essentially the same thing since you are saying you want to cancel your stolen card.

Yea, I'm gonna cancel my card too. Wouldn't hurt.
Posted by RecallBerserk
Really? After it's all said and done everyone will act as if nothing happened and continue giving them all your money anyway. 70 million accounts aren't going to suddenly stop so I highly doubt they will even notice a difference.
Edited by tightestjeans
@Fallen189:   Your post is so true, it's amazing how many Videogame "Journalists" are also experts on cyber crime investigations.  You go to a website like N4G.com and every story is a rumor about the PSN outage, but very few have any hard facts.  You print a rumor 10 times and print a retraction once (or never).

You have journalists calling into customer service and painting their response as a statement from the CEO of the company.  Lets take Patrick Klepek for example and the following statement,

"Update 2: Regarding rumors Sony may have notified banks days ahead of disclosing today's revelations to the public, I have since contacted customer service representatives at both Bank of America and Chase. I personally have accounts at both financial firms and the representatives claimed to have received no information from Sony about a mass breach of credit information."

Which level of customer service did he talk to.  Was it a manager, public relations official, or did he just call the phone number on the back of his credit card.  Did he call into customer service several times to verify the information he was hearing was reliable from rep to rep.  From my experience the people working the phones are the last to know (and it's not their fault). 

The way Information is being gathered on videogame news sites has to be way more clear to be taken seriously.  People have been clamoring for more info from Sony about this situation to find out what has actually happened (which is totally justified) but maybe we should be asking for more information from the people delivering the news on the methods being employed to cover this fiasco.
Posted by Winternet
@RecallBerserk: This has reached a global awareness so there will be some consequences. Even if not from the users, but from investors and shareholders.
Posted by IIChristian89II

lol poor sony. Kinda glad i never did get round to buying a ps3 now.

Edited by Branthog

Cancelling a credit card can negatively impact your credit score.


The problem with canceling your credit card is that your credit score can be impacted by closing a credit card and your future credit score can be impacted because the length of your open credit account will be reset. For instance, I've had my current credit card for at least seven years. If I have to cancel it and open a new credit card, it will show my longest current line of credit as being less than one year.

Now, there may be a way that when you deal with your bank to have a credit card canceled and immediately reissued due to something like this, they do something that mitigates the whole incident, but I don't think so. Sony's security failure increases your risk profile to future lenders.

(Of course, having your identity stolen can ruin your credit score, too -- so I'm not advising that forgoing one method for the sake of the other is better. Just pointing out the fucked situation Sony put us in).
Posted by KamasamaK
@tightestjeans:  Thanks. No wonder I didn't find it as I wasn't looking that far back. And it appears it's only referring to the transmission of information anyway, and not Sony's server-side storage of it, which is the issue here.
Posted by BassmanPaul

I'm watching my bank account statement like a fuckin' hawk.

Edited by tightestjeans
@Branthog:  You're not cancelling your credit card, your getting a new number (like changing your telephone number because of harassing calls).  The balance transfers to the new number but the account stays the same and it doesn't effect your credit score at all. 

Google "lost credit card credit score" or go here

http://www.bankrate.com/finance/credit-cards/will-replacement-card-hurt-my-score.aspx
Posted by fraser
@BassmanPaul said:
" I'm watching my bank account statement like a fuckin' hawk. "
This.

Trying to remember my security questions if I need to ring the bank.
Posted by MeierTheRed

Canceled my Visa card this morning. So just need to apply for a new one, only takes 4-5 days to get a new one, so it's not that bad. 


It was worse changing my email password, as so many services are tied to it on my ipad, my Mac and Windows machine. Annoying as hell.
Posted by ancientlions

*cry*

Posted by MachoFantastico

Dealt with, better safe then sorry. 

Even if you suspect your okay, I'd still see about getting a new Credit Card or Debit Card. 
Posted by Caegn
@JJGIANT said:

" People need to take a step back for a second and stop heaping all the blame on Sony. Obviously it's bad we weren't informed earlier but there must be a reason for that maybe they only just found out themselves, who knows!


More anger should be focused towards the perpetrators. Obviously they are faceless criminals right now but it's something to keep in mind. I keep seeing hilarious comments like "Oh back to my 360" or "This never happens to Microsoft"

"
I agree that a huge part of this should be on the hackers.  This isn't someone using custom hard/software for their personal use, or even using ddos for a protest (which is illegal itself.)

But Sony gets a huge amount of blame for the information compromisation.  Even if the system is hacked there's no excuse for personal data to be accessed.  Even small operations have the foresight to encrypt that data.  So that even if the hackers did get the files, they would be useless without the tools to unencrypt them.

Also Sony gets blame for waiting a week to tell us about the risk to our information.  The reason we weren't informed earlier most likely isn't that Sony didn't know (I'm really really hoping that isn't the reason, because that would make Sony just about the most inept company in history if they honestly took a week to figure out the personal data was at risk.)  It's more likely that they were afraid of exactly what's happening now.  Canceled credit cards and accounts along with less trust from their customers.  All of which lead to fewer dollars being spent on PSN.  I don't want to say it's the ONLY reason, but one of the main reasons they're telling us even now is because it's the law.  They HAVE to disclose it as quickly as possible.  Even waiting this long could lead to a class action suit and possibly even official charges and fines if it can be proven they knew earlier and said nothing.

Still hope this can be sorted out soon.  I don't really use PSN myself.  But even though I never play my PS3 online or buy DLC, I still feel for all the people who do.  They haven't done anything to deserve either the hackers crimes or Sony's security ineptitude.  Of course they're the ones who get it worst though.
Edited by The_Big_Rough

SONY SONY SONY......

From sky high to rock bottom....

Kind of sure i deleted my credit card info when i gave up on PS+, start prying to god i am right

Posted by Sayishere

I have already made a post on this topic, but to keep it short and sweet..Sony fucked up, and i urge everyone to change email password and cancel cards linked to PSN

Posted by LobsterCrunk
@Treythalomew said:
" This is crazy talk. If there was any indication that they could have gotten any personal info/CC then they should have said something day one or day two. "
They claim that they released this info as soon as they found it - although, is it worse that they held on to this data for a week, or that it took Sony's entire network team a week to discover this in the first place?

Not like there's any good news at all, at this point.
Posted by Parsnip

I don't know, it doesn't seem likely that they would store all that information in plaintext format. I mean, could they really be that dumb? Surely the information is encrypted, somehow, right?

Posted by reverendericd

I AM SO GLAD MY PS3 IS ESSENTIALLY JUST A BLU-RAY PLAYER.  ALL 360 FOR ONLINE STUFF FOR SURE :) 

Posted by Matt_F606
@slantedwindows: I'm sure they will give the 32 PlayStation plus users a free week :-)
Posted by Sabata

Heh, knew I had the right idea not buying a PS3 even after all these years! :smugface:


(Not really)
Posted by Deeveeus

My question is


Name 
- Address (city, state, zip) 
- Country 
- Email Address 
- Birthdate 


How dangerous is this to be in the open???? I cancelled all my cards....what else should I do? 
Posted by reaper2923

I play on a free online gaming network, how rich do these hackers think I am?
Posted by detectivepbert

Considering selling me PS3 fat upgraded to 640GB hard drive on ebay.  I might be able to get $5 for it at this point.

Posted by orphean

@Branthog You don't have to cancel the line of credit with the card company.  You just have them reissue a new card with a new number on it.  The actual account (and therefore your credit report) is never touched.

Posted by Simplexity

They had the balls to sue Geohot, guess what now Sony is fucked for the rest of the eternity because of these hackers. Good job.

Posted by Mikazukinoyaiba
@Bokolino said:
" guess what: microsoft just unbanned all its consoles. Do u think its because this? "
Doubtfully, I don't even see how this could be remotely be considered related.

Besides this upgrade has to have been in progress for a while, Sony only released the news about the breach yesterday.
Posted by Enigma777
@Caegn: How do you know the data wasn't encrypted? Are you just making baseless assumptions? 
Posted by detectivepbert
@Prodstep:   I actually agree that they are fucked for the rest of eternity, at least when it comes to gaming.   With digital distribution, multiplayer everything, social gaming, etc. information security is huge for gaming companies, and Sony doesn't seem to give a crap.  They spent so much effort and money going after Geohot to protect their profits and lock down their console for things like homebrew and copying games, but apparently put little to no effort into securing the user and credit card information on PSN.  I love my standalone Sony blu-ray player but no longer trust them when it comes to gaming.  I might dust off my 360 at some point but for now I'll stick to PC gaming and save up for a 3DS.
Posted by Positrark

Cancelling your card at this point based on speculations is unnecessary. We don't know for certain that any credit information has been leaked, and even if your card is used without your approval, the bank will cover any loss since you are not to blame. At least that is what my bank says about the issue. 

Posted by MordeaniisChaos
@josty81: Hellllllo drama queeeeeen :D Breach of trust? How so? You better at least be a PSN+ subscriber, other wise, fuck you. If you are, I can understand, but you still need to calm the fuck down. Someone attacked their system. They didn't just put it down. And they cared much more about keeping your card safe (BTW, you fucking cancelled it? You couldn't just keep an eye on your card and if bad charges came up THEN cancel it?) and your personal information safe rather than letting you play your games, and focusing entirely on your narrow minded happiness. They took the safe route, to minimize any more damage, and you bitch about it, of course. And you also ignore the people who are actually responsible for the attack.
Online
Edited by FoxMulder
@orphean said:

" @Branthog You don't have to cancel the line of credit with the card company.  You just have them reissue a new card with a new number on it.  The actual account (and therefore your credit report) is never touched. "

True.  Most banks have this option available to do on their website.  They will just send you a new card, with a new number and the old one won't work anymore!  I've done it a few times after my card stops swiping.
Posted by radion_null

i feel like I'm technologically challenged. How are people logging in and commenting on the PS.blog when the PSN system (including loggin) is down for maintenance?

Posted by Semi_Sauce
@Snapstacle
I'd still rather have my identity stolen than pay for XBL. Just sayin

Honestly I've had my credit card info stolen twice already from something as simple as giving the waitress my credit card at PF Chang's. It's really painless when you go through Bank of America.
I think that's a dumb statement.