Considering I've been having some sketchy goings on with my card (not that they're even remotely connected), it's good to hear they're trying their best to rectify it.

Yay for no more 404

Oh, Sony.

Glad they're keeping us updated.

So what the hell does that even mean?

Credit card numbers were probably not taken; I'd assume they were 128-bit encrypted like all e-financing.

cool

Seybold later went on to say "Hey how about that Bin Laden thing - that's news right?  Who's that behind you?" before running out of the room.

any mention anywhere of what hashing function they used on the passwords?

smooth move hoover

I just want to play some Demon's Souls without the stupid connection error message.

I'm actually kind of OK with how they are handling things now. It's just that they keep proving that they are incompetent at security. I have trouble forgiving that.

So.....many....psn....articles....

" Credit card numbers were probably not taken; I'd assume they were 128-bit encrypted like all e-financing. "

if they handled it well in the first place they could have said this from the start.

 A report of a previous report about rumors about speculation in a forum from an outside report about a forum report.

" @Winsord said:

" Credit card numbers were probably not taken; I'd assume they were 128-bit encrypted like all e-financing. "

You mean like we all assumed their PS3 encryption random seed was random when it wasn't random at all?  I think it's best to assume nothing or at the very least, the worst. "

There's absolutely no way they didn't use 128-bit encryption.  Your CC info is safe.

So many Sony news.

" So.....many....psn....articles.... "

"  A report of a previous report about rumors about speculation in a forum from an outside report about a forum report. "

Hmm, the more I hear the more it sounds like they were doing a lot of the right things at the back-end in terms of storage.  Obviously not so much in terms of actually keeping that stored data secure!

Based on this new info I'm slightly more optimistic about the usefulness of the data to the potential bad guys.  Identity theft is still a possibility but if Sony's statements are true they must be lacking some of the data that would make it even easier.  Phishing and spamming are the two most likely things now and chances are that's something people either deal with or fall for on a regular basis anyway!

The key remaining things for me will be the hashing function used, whether or not the hashes have been salted to prevent rainbow table attacks, and, of course, how the data was obtained.

And FWIW, I think kudos are due to Giant Bomb and Patrick in particular for the level-headed coverage of this whole story.  While some news outlets spread thin details over multiple stories or engaged in fear-mongering Giant Bomb have kept the signal to noise ratio high.  And I for one am grateful!

I'm really enjoying the all the updates no matter what people are saying. Thanks for keeping me on the pulse dude I mean it is SUCH a huge event it's like basically a quarter of the industry completely fucked. I just hope it all works out.

I am happy to hear more about it. Granted, it's still not good news but better then some of the other articles.

Even if Sony had evidence that my credit card information was safe I still can't trust that card anymore so I decided to cancel it today and order a new card. With that, I immediately stopped caring about this whole thing.

It's good to know that they're staying vigilant over this whole incident. The internal morale at Sony can't be all that strong right now. But truthfully people aren't going to stop being "spooked" until there's a good amount of evidence that credit cards weren't exposed. There isn't a lot of comfort to be had from the idea that the simply don'tknow if the breach went that deep.

Having had to cancel my credit card today, and now try to clear up $1300-odd of fraudulent activity on my account, I'm certain that at lease some credit card data is floating around out there and in use.

In my many many years of using the same credit card online, I have never once experienced anything like this. Suddenly my account is compromised now? That is way too coincidental to my liking.

" Even if Sony had evidence that my credit card information was safe I still can't trust that card anymore so I decided to cancel it today and order a new card. With that, I immediately stopped caring about this whole thing. "

" Having had to cancel my credit card today, and now try to clear up $1300-odd of fraudulent activity on my account, I'm under no illusions that at lease some credit card data is floating around out there and in use.In my many many years of using the same credit card online, I have never once experienced anything like this. Suddenly my account is compromised now? That is way too coincidental to my liking. "

Why has nobody in the media called bullshit on The New York Times writing articles based on message board  posts and treating them as verifiable proof? I expect this crap from Fox News but the Times I thought had more integrity. Then again they did just lock away the majority of their articles behind asinine subscriptions so who knows.

Also, just out of curiosity, did you follow the steps Sony helpfully posted on how to make sure no one could run wild with your CC number, just in case?

Good that Sony is trying to fight some of the FUD kotaku (and others) are spreading.  

@Darkstalker said:

" So.....many....psn....articles.... "

Yeah, I say make them stop until we get some real news. I don't feel any more informed after reading these articles tbh.I know Sony is to blame for the lack of real news, but that doesn't mean we need new articles every day for every little tidbit they "announce".

Isn't it a bit odd to first announce that the passwords were unencrypted, leaving everyone to think they were stolen, then announce they'd been hashed?  Assuming they used a reasonable hash function, that's honestly more reassuring than if they'd simply been encrypted.   Sony seems to have gone out of their way to stoke panic---how does this make sense?

From what I heard, the only information that was passed in cleartext was the ones with CFW.  In order for them to gain access to PSN, they had to bypass certain parts of PSN's infrastructure including some SSL layer servers.  That's just what i've heard down the grapevine so it's still speculation until Sony shows the world it's audits.

Just let me play one 20 minute match of UC2 multiplayer. Playing the SP on fast mode with the sniper rifle just isn't the same.

" @example1013 said:

Also, just out of curiosity, did you follow the steps Sony helpfully posted on how to make sure no one could run wild with your CC number, just in case?

All their information pertained to US institutions and fraud hotline type things. None of which is of any use to me in South Africa, nor do my bank give enough of a shit to help me. "

I'm ready for Sony to bring me back online already.

Bin Laden's dead, so PSN should resurface soon. This was totally terrorist work.

If the passwords are hashed and not securely salted, it's almost just as vulnerable. If your password exists on a rainbow table somewhere, then you probably should change it anyway.

@PatrickKlepek: Do you have, or can you get, any information on whether those 10 million credit cards are in fact all credit cards whose information was stored on PSN? If you consider that there were some 77 million PSN accounts, which most likely includes forgotten accounts,  extra accounts (Japanese + American + European for the different stores), inactive accounts, accounts owned by people who don't buy stuff online and accounts owned by people who don't have/use credit cards (like most of Europe), 10 million sounds like an awful lot.
As for the password encryption thing, it's a strange technicality to get hung up on. Nobody would have blamed them if they'd said the passwords were in fact encrypted. Hashing is essentially a one-way form of encryption. Either way, the passwords aren't truly safe once hackers have access to the entire database. Anything that's encrypted can also be decrypted and once you have a huge list of hashes, it's fairly easy to generate passwords with the same hashes. The best we can hope for is that Sony salted the passwords and used a decent hashing method, but something tells me they used unsalted md5 hashes like most of the world, meaning everyone needs to act as if the passwords were actually leaked in their original plain text form.

Can someone tell me where this update to the article comes from. Because as far as I know Sony at no point admitted that. They said that out of the 77 million accounts only 10 million had CC attached

" @Legend

@Darkstalker said:

" So.....many....psn....articles.... "

Yeah, I say make them stop until we get some real news. I don't feel any more informed after reading these articles tbh.I know Sony is to blame for the lack of real news, but that doesn't mean we need new articles every day for every little tidbit they "announce".

Yea. I mean its not just giantbomb but all websites neeed to stop. plus its ju as t another excuse for people to say fuck sony and then the same people to retort with the same comments. I just want psn up so we can all move on. "

" @tourgen:  5 bucks says MD5 :) "