Roughly 900 Credit Card Numbers Exposed Via Sony Online Entertainment Breach

  • 113 results
  • 1
  • 2
  • 3
Posted by patrickklepek (4609 posts) -

 "Ha ha. Wait, cards from 2007? Only ha, then."
Sony's security woes continued yesterday when Sony Online Entertainment announced a security breach at the same facility that housed PlayStation Network's recently compromised database. 

The MMO developer said the personal information of 24.6 million accounts were exposed, in addition to 12,791 non-US credit or debit numbers with expiration dates--but not security codes. Data compromised included name, address, email address, birth date, gender, phone number, login name, and hashed password. 10,740 direct debit records from Germany, Austria, Netherlands and Spain were also accessed.

In mildly "positive" news, SOE has revealed this morning that most of those were actually expired cards. Only 900 of the nearly 13,000 exposed were active cards, meaning most consumers are not at risk. The database accessed was reportedly from 2007, explaining how so many of the cards have expired.

Like PSN, SOE does not believe its main database was or is at risk.

"There is no evidence that our main credit card database was compromised," reiterated the company in a statement. "It is in a completely separate and secure environment."

It's been quite a ride when that's considered positive news.

With PSN still down, PlayStation 3 users are still unable to access SOE titles like DC Universe Online.
Staff
#1 Posted by patrickklepek (4609 posts) -

 "Ha ha. Wait, cards from 2007? Only ha, then."
Sony's security woes continued yesterday when Sony Online Entertainment announced a security breach at the same facility that housed PlayStation Network's recently compromised database. 

The MMO developer said the personal information of 24.6 million accounts were exposed, in addition to 12,791 non-US credit or debit numbers with expiration dates--but not security codes. Data compromised included name, address, email address, birth date, gender, phone number, login name, and hashed password. 10,740 direct debit records from Germany, Austria, Netherlands and Spain were also accessed.

In mildly "positive" news, SOE has revealed this morning that most of those were actually expired cards. Only 900 of the nearly 13,000 exposed were active cards, meaning most consumers are not at risk. The database accessed was reportedly from 2007, explaining how so many of the cards have expired.

Like PSN, SOE does not believe its main database was or is at risk.

"There is no evidence that our main credit card database was compromised," reiterated the company in a statement. "It is in a completely separate and secure environment."

It's been quite a ride when that's considered positive news.

With PSN still down, PlayStation 3 users are still unable to access SOE titles like DC Universe Online.
Staff
#2 Posted by dragonzord (815 posts) -

awesome man

#3 Edited by FourWude (2261 posts) -

OKAY

Oh well, one day.... one day.

*Gotta keep on trucking*

#4 Posted by Sammo21 (3276 posts) -

This really isn't that weird as Paypal still has 3 or 4 cards of mine listed that are expired.  Also, so did XBL at one point.

#5 Edited by phish09 (1109 posts) -

Yeah...I realized after I went and canceled my card that the last game I bought on PSN was Final Fantasy VII, and that means that they still had my old expiry date. Usually it's not very hard to figure out what the new expiry date is because it's generally either 3, 4 or 5 years after your previous one.

Even if your expiry date was not updated, it's still not a bad idea to have your card reissued.

#6 Posted by Getz (3012 posts) -

It could be worse than this, but having all your personal information stolen is no picnic. Good thing it was an older database.

#7 Posted by Krakn3Dfx (2490 posts) -

Just really ready for PSN to be back online, and hopefully the store so I can pick up Outland.

#8 Posted by ThePhantomnaut (6197 posts) -
@FourWude said:
"

OKAY

Oh well, one day.... one day.

*Gotta keep on trucking*

"
Don't think too hard about it or else it wont happen. This site wont go permanently down soon; if that shit ever happens, that's gonna be lulz for the non-forum, non-wiki, but hella quest people WHO SHOULD POST OR HELP MAKE A WIKI! Ahem...
#9 Posted by TadThuggish (907 posts) -

Boy, Sony sucks at everything.

#10 Posted by StriderNo9 (1092 posts) -

Man this has been a terrible month for Sony and Trump.

#11 Posted by CyleMoore (494 posts) -

Well I only have like $3.00 to my name right now so I'm still not worried.

#12 Posted by Banzai_NL (264 posts) -

Still way too many. :(

#13 Posted by m0rdr3d (474 posts) -

Nice going, Sony!  "Meh.  They were mostly expired cards.  Why secure em."

Don't think I'll be doing business with those pricks ever again.  Anyone wanna buy a PS3 Slim?

#14 Posted by Altrezia (25 posts) -

Passwords were only hashed? LOL. If my employees did that, they'd be off, and we're only a tiny web agency.

#15 Posted by OldManLight (846 posts) -

Un-fucking-acceptable! EVER!

#16 Posted by benu302000 (213 posts) -

Sony:
Cel-i-brate-good-times, COME ON.

#17 Posted by TheAdmin (713 posts) -

I feel like the next thing I'm going to read about is that if  you ever bought a Sony product that your information is leaked. How do you not prepare for this kind of thing!? 

#18 Posted by Phoenix87 (480 posts) -

Even 1 exposed is too many.

#19 Posted by White_Silhouette (473 posts) -

Well out of "77 million"  users that's only 0.0012% of possible credit cards that could have leaked.

I should work as a spin doctor for Sony.

#20 Posted by zityz (2360 posts) -

This seams like bad news bears for sony. A lot of people are probably going to be sour over this to the point where they probably won't trust sony's services again. Shame too. No company should have to have this happen to them.

#21 Posted by Yanngc33 (4496 posts) -

So who are the "lucky" 900?

#22 Edited by UnsolvedParadox (1863 posts) -

How did Sony decide if a card has expired? A different CID number would likely have been issued by now, but not definitively...and that doesn't change the basic credit card number.

#23 Posted by Kombat (2205 posts) -

The bad news just keeps pouring in from Sony. I'm starting to feel sort of bad for them; they've got an honest mess on their hands, and someone out there just keeps pouring it on faster than they can deal with it.

#24 Posted by Jasonofindy (258 posts) -

Didn't Sony's press release last week say that some PSN services would start coming back online today?  or did they later amend that to sometime this week?  

#25 Posted by Kyreo (4600 posts) -
@Phoenix87 said:
" Even 1 exposed is too many. "
Pretty much this.
#26 Posted by dragonzord (815 posts) -
@White_Silhouette said:
" Well out of "77 million"  users that's only 0.0012% of possible credit cards that could have leaked.I should work as a spin doctor for Sony. "
This is SOE not PSN
#27 Posted by QKT (250 posts) -

even after being exposed there's still no reports of actual fraud.

there's still no way of knowing if the details have been taken.
i dont use my main card for psn so im ok but im gonna leave it be to see what happens.
#28 Posted by wickedsc3 (1046 posts) -
@White_Silhouette said:
" Well out of "77 million"  users that's only 0.0012% of possible credit cards that could have leaked.I should work as a spin doctor for Sony. "
The 77 million is from playstaion network, this article is talking about SOE(there online mmo's) at the same facility.  
#29 Posted by MordeaniisChaos (5730 posts) -
@Phoenix87 said:
" Even 1 exposed is too many. "
Oh shut up. Unless you are a 1 man, top security firm, I think I'll just assume that your another whining prick. Nothing is perfect. Even military body armor can't stop every round. How can you expect it to be any different for cyber security? 900 isn't that bad, especially if the people know about it. If you have a credit card and you don't keep an eye on your account, especially when you've been notified of this kind of event, your just asking for it. It sucks, maybe they could have done better, but that's a tiny number relatively speaking, and it's not like they just gave em out to criminals. Why blame the people who spent 4 years planning a bank heist when you can blame the bank, right?

/sigh

@m0rdr3d said:
"

Nice going, Sony!  "Meh.  They were mostly expired cards.  Why secure em."

Don't think I'll be doing business with those pricks ever again.  Anyone wanna buy a PS3 Slim?

"
Except they were secure. Just separate.
But hey, feel free to be a big baby about all of this and act like Sony fucked you in the ass with a steel rod. Also, SOE is totally separate from the Playstation division. Sony is so big with so many parts, it's basically a confederation, in business form. Blaming one division for the failing of another is just silly.
#30 Posted by Tekkor (30 posts) -

Yeah...not to pile on but this really is such a fiasco. This is just so unacceptable that its not even funny. You have to be either an employee of Sony or have a Sony fanboy tattoo to be defending them at this point. 


I have only had a couple Xbox 360's for the last several years and thought about getting a PS3 a couple months ago. No way I do it at this point just on principle. 
#31 Posted by zameer (606 posts) -

So is Ryan screwed since he semi-recently played The Matrix Online?

#32 Posted by chrissedoff (2098 posts) -

fuck this company

#33 Edited by WinterSnowblind (7617 posts) -
@Jasonofindy said:

" Didn't Sony's press release last week say that some PSN services would start coming back online today?  or did they later amend that to sometime this week?   "

Limited services are returning tomorrow.

@MordeaniisChaos

said:

" Except they were secure. Just separate.

But hey, feel free to be a big baby about all of this and act like Sony fucked you in the ass with a steel rod. Also, SOE is totally separate from the Playstation division. Sony is so big with so many parts, it's basically a confederation, in business form. Blaming one division for the failing of another is just silly."

Sony failed their customers big time and have broken laws/mandates in certain countries.  They deserve everything they get and I think defending them for this is stupendously immature.
You can call people babies for being upset, but I'm sure you'll feel very differently if you're the victim of identity fraud because of Sony's lax security measures.  Sony don't need you to defend them and you shouldn't be pretending that this isn't a big deal.
#34 Posted by Warchief (657 posts) -

keep on reaching for that rainbow Sony. 

#35 Posted by JJWeatherman (14558 posts) -

Wow, what the hell. Sony's getting torn apart. This is brutal.

#36 Posted by Noisician (77 posts) -

Just when you think it's over, Sony keeps this roller coaster of failure going.

#37 Posted by White_Silhouette (473 posts) -
@zoner: @wickedsc3: Ahh my bad.
#38 Posted by LoneWolf75 (3 posts) -

I never enter a credit card number into a console,I just pick up those cards in a store if I want Xbox live or PSN credit.

#39 Posted by Azteck (7449 posts) -

Wow 900 cards. Holy fuck.

#40 Posted by MrAristocrates (194 posts) -
@Tekkor said:
" You have to be either an employee of Sony or have a Sony fanboy tattoo to be defending them at this point. "
Or do any research whatsoever.
#41 Posted by WinterSnowblind (7617 posts) -
@MrAristocrates said:
" @Tekkor said:
" You have to be either an employee of Sony or have a Sony fanboy tattoo to be defending them at this point. "
Or do any research whatsoever. "
I find it highly amusing that it's only the people with blue usernames (and KaosAngel, who's a Sony fanboy anyway) defending them at this point.
But please, point me in the direction if this research that I've clearly skipped over, that nulls the fact they've lost my personal details and maybe even my credit card information twice.
#42 Posted by artofwar420 (6289 posts) -

There really doesn't seem to be an end in sight.

#43 Posted by MrAristocrates (194 posts) -
@WinterSnowblind said:
" @MrAristocrates said:
" @Tekkor said:
" You have to be either an employee of Sony or have a Sony fanboy tattoo to be defending them at this point. "
Or do any research whatsoever. "
I find it highly amusing that it's only the people with blue usernames (and KaosAngel, who's a Sony fanboy anyway) defending them at this point.
But please, point me in the direction if this research that I've clearly skipped over, that nulls the fact they've lost my personal details and maybe even my credit card information twice.
"
Maybe it's because the people with the blue usernames aren't posting in the first article they see without looking anything else up. I'd be a lot more open to what you had to say if you weren't so rude about it.

Also, again, research. We still don't have any evidence that the PSN credit card info was even accessed.

I declare the word "fanboy" to be a variation on Godwin's law, in that someone will always bring it up.
#44 Posted by LordCmdrStryker (346 posts) -
@MrAristocrates said:
"We still don't have any evidence that the PSN credit card info was even accessed."
Their system was compromised!  WE HAVE TO ASSUME THE WORST.  If you do NOT assume the worst, YOU ARE BEING EXTREMELY NAIVE.

I cancelled my card a while ago.  If you haven't already done so, you should get on that shit.  The alternative could seriously screw up your life.
#45 Posted by LiquidSwords (2738 posts) -

"Everybody's Mad" meme goes here

#46 Posted by FMinus (394 posts) -
@MrAristocrates said:
" @WinterSnowblind said:
" @MrAristocrates said:
" @Tekkor said:
" You have to be either an employee of Sony or have a Sony fanboy tattoo to be defending them at this point. "
Or do any research whatsoever. "
I find it highly amusing that it's only the people with blue usernames (and KaosAngel, who's a Sony fanboy anyway) defending them at this point.
But please, point me in the direction if this research that I've clearly skipped over, that nulls the fact they've lost my personal details and maybe even my credit card information twice.
"
Maybe it's because the people with the blue usernames aren't posting in the first article they see without looking anything else up. I'd be a lot more open to what you had to say if you weren't so rude about it.Also, again, research. We still don't have any evidence that the PSN credit card info was even accessed.I declare the word "fanboy" to be a variation on Godwin's law, in that someone will always bring it up. "

Thing is, even if the CC data was not stolen, the fact that such data might be available to the hacker made customers like me angry. I have to go through the hassle of changing both of my CC just because their security was breached. If it turns out that the CC data was in fact not touched by the hacker good, still how long do I have to wait before Sony finally opens the mouth and gives me concrete answer weather or not it was stolen? 

I rather not wait, so I went to the bank and applied for a change for both of my cards which in the end is going to cost me money, not much but still. I rather take the risk of changing them as later going through the process of fraud which takes even longer and what not. 

Still I can not stress how bad their information is. By now they should know exactly if and what data was stolen and I think it's in their power, to email those accounts that got breached with information "hey your card was compromised", even for the 2007 card, because as someone above mentioned, not every CC number changes when you get a new card. 4  Master Cards already expired for me and all the new cards come with the exact same number, except the CCV is different but that's 3 digits and this means shit anyway regarding security. Same goes for my AMEX. 

So yeah I'm pretty disappointed in Sony and they have lost my trust for pretty much ever. Not because they got hacked, that can happen to anyone, but because valuable data wasn't encrypted like it should be, even if it's 20 years old, and the way they are handling this regarding customer information is rather disrespectful at best - info should be on my inbox or on their site DAY-1 of the hack. 

#47 Posted by EgoCheck616 (782 posts) -
@MrAristocrates said:
" @WinterSnowblind said:
" @MrAristocrates said:
" @Tekkor said:
" You have to be either an employee of Sony or have a Sony fanboy tattoo to be defending them at this point. "
Or do any research whatsoever. "
I find it highly amusing that it's only the people with blue usernames (and KaosAngel, who's a Sony fanboy anyway) defending them at this point.
But please, point me in the direction if this research that I've clearly skipped over, that nulls the fact they've lost my personal details and maybe even my credit card information twice.
"
Maybe it's because the people with the blue usernames aren't posting in the first article they see without looking anything else up. I'd be a lot more open to what you had to say if you weren't so rude about it.Also, again, research. We still don't have any evidence that the PSN credit card info was even accessed.I declare the word "fanboy" to be a variation on Godwin's law, in that someone will always bring it up. "
Fanboy.
#48 Posted by MrAristocrates (194 posts) -
@LordCmdrStryker said:
" @MrAristocrates said:
"We still don't have any evidence that the PSN credit card info was even accessed."
Their system was compromised!  WE HAVE TO ASSUME THE WORST.  If you do NOT assume the worst, YOU ARE BEING EXTREMELY NAIVE.

I cancelled my card a while ago.  If you haven't already done so, you should get on that shit.  The alternative could seriously screw up your life.
"
It disturbs me that I thought it was a joke at first. I would prefer waiting until I hear (not just from Sony, mind you) reliable sources telling me that the cards were actually compromised, rather than cancel a card based on something I don't have enough info to make an informed decision based upon.
#49 Edited by MrAristocrates (194 posts) -
@EgoCheck616 said:

" @MrAristocrates said:

" @WinterSnowblind said:

" @MrAristocrates said:
" @Tekkor said:
" You have to be either an employee of Sony or have a Sony fanboy tattoo to be defending them at this point. "
Or do any research whatsoever. "
I find it highly amusing that it's only the people with blue usernames (and KaosAngel, who's a Sony fanboy anyway) defending them at this point. But please, point me in the direction if this research that I've clearly skipped over, that nulls the fact they've lost my personal details and maybe even my credit card information twice.
"
Maybe it's because the people with the blue usernames aren't posting in the first article they see without looking anything else up. I'd be a lot more open to what you had to say if you weren't so rude about it.Also, again, research. We still don't have any evidence that the PSN credit card info was even accessed.I declare the word "fanboy" to be a variation on Godwin's law, in that someone will always bring it up. "
Fanboy. "
Oh, I wasn't denying it. It just pisses me off that it comes up so often. I own every console and I'm still a raging fanboy!

 @FMinus: It pisses me off too that Sony had such poor security. But people have been finding numerous ways that don't even make sense to get angry over this, and it's annoying.
#50 Posted by dagas (2837 posts) -
@MordeaniisChaos said:
 and it's not like they just gave em out to criminals. "
As long as a company doesn't actively give away your credit card information to criminals they are doing a good job? Wow you really must have low standards for the companies you deal with. I guess you would feel safe to have your valuables in a bank where they store them in an unlocked box in the lobby? I mean they are not giving them away to criminals right? If someone happens to take them the bank can hardly be held responsible in any way right?

Of course the thieves are to be blamed first and foremost, but any company who stores people's passwords, credit card numbers, personal information etc. have an obligation to safeguard that data.

This edit will also create new pages on Giant Bomb for:

Beware, you are proposing to add brand new pages to the wiki along with your edits. Make sure this is what you intended. This will likely increase the time it takes for your changes to go live.

Comment and Save

Until you earn 1000 points all your submissions need to be vetted by other Giant Bomb users. This process takes no more than a few hours and we'll send you an email once approved.