Oops: Sony “Believes” All Personal Info Stolen in PSN Hack
Oops: Sony “Believes” All Personal Info Stolen in PSN Hack
Posted 04/26/2011 at 9:05pm
| by Nathan Grayson
32
Comments
Print
For what feels like years, people have been trying to figure out why Sony's elected to take PSN offline for nearly a week. The good news: You can stop wondering. The bad news: Do you value, say, your credit card info, address, birthdate, and PSN login? Well, Sony now “believes” that some sticky fingered ne'erdowell has made off with all that and more.
“Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained,” the console-maker wrote in a recent PlayStation Blog update.
“While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.”
Sony then went on to caution customers against mail scams and things of the like, noting that it's not in the business of dressing up like a Nigerian prince and slyly coaxing your personal information out from its hidden alcove.
So yes, everyone wave to the nice Worst-Case Scenario. At the very least, Sony's desperation to mop up this mess is now understandable, but this is the type of ugly red mark few brands could survive. PlayStation, of course, will live to fight another day, but brand loyalty's a hard thing to keep when trust is out of the equation.
More like this
32
Comments
Comments are closed on this article
Hg Dragon
April 27, 2011 at 6:10pm
If there is anything less than complete transparancy and disclosure from Sony on this mess, I'll be joining the inevitable calss-action suit, even if I'll end up only collceting $12.76 when all is said and done.
JohnP
April 27, 2011 at 2:06pm
As far as I can tell, I never sent any personal info over the Playstation. I remember having a e-mail and password for signing into the loser avatar world (whatever it is/was called) but that is about it. I only had a couple of games as I used it for a good DVD player is all (and now I got rid of it as the new XBox360 works just as well).
I guess the only thing at risk would be my e-mail. I cannot remember what I filled out online years ago...
Caboose
April 27, 2011 at 2:57pm
If all you did was create a basic account, and used an email that was different from your normal use one, then you should be fine. If you used an email that is your primary one, doesn't hurt to change your password (you should be changing it anyway).
What is this "loser avatar world" that you're talking about? Are you referring to Playstation Home? The system that Microsoft was thinking about creating a version of? And the avitars that you're mentioning, you mean the ones that are similar to Microsofts?
I'm just trying to understand what you're referring to, is all.
Mastergeek
April 27, 2011 at 1:28pm
Not many people here seem to remember the Sony Music CD fiasco. They opened the door for rootkits and other intrusions into their customer's PCs by "secretly" installing copy protection software. I remember cleaning many systems down to bare metal and reinstalling the OS. Do they seem to care about customers? Maybe somewhere down the list from market share and profits. I do not buy or recommend Sony products anymore, since they did not seem to care about their customer's welfare and best interests.
afunyun
April 27, 2011 at 1:12pm
While sony should be criticised for the apparent "lack of security" (Which we don't know, just think. The best security can be broken, so even if they actually practiced it, this could have happened,) I think the focus should be on finding the person (or group) who performed the attack.
If we go after Sony, we will be just like them going after GeoHotz instead of finding and fixing the root of the problem.
Also, remember that this could happen to any company. Apple, Microsoft, Nintendo, Paypal, anyone. Don't make assumptions that Sony is evil because of this.
Atomike
April 28, 2011 at 11:58am
I don't know if anyone is saying Sony is evil because of this. I think Sony is just too sloppy with personal information to be trusted with any future personal information - especially credit card info. That may mean that most folks will never buy Sony products again. And rightly so.
Not because they're evil - just because they're as sloppy as any company could ever be ever.
bling581
April 27, 2011 at 10:01am
Sony deserved this one. Though it sucks for those people that had their credit card information stolen.
praack
April 27, 2011 at 9:58am
let's see,
sony has been trying to stop intrusion for some time, the main reason for the :other os: issue was security. patch after patch applied to prevent it-like putting lock upon lock on the house.
sometimes I read the forums and wonder where the ethics and morality have gone as it appears that some feel the person who hacks is blameless- job well done for stealing.
I wonder if the same people would feel the same if they came home to find thier place cleaned out by burgulars- no harm no foul- they got past the locks and alarm system? so what if there are laws ?
I would be crying foul if sony had done nothing these past months, even more if they kept the network up knowing there was an issue
Pyrophorics05
April 27, 2011 at 10:44am
There are three problems I have with Sony.
First, they had bare minimum protection. This is why as soon as GeoHot developed a hack, they jumped all over him. They knew the hack in the mainstream would circumvent their weak online security measures.
Second, they attacked GeoHot with lawsuits instead of working on a problem they already knew existed.
Third, once hacked, the completely failed to identify their suspicions to the public. It took them 6 days before they indicated data was stolen. In the event they even had suspicion, they should have notified everyone.
They started all this with they paranoia over installing another OS. Had they fixed the problem when initially aware of it we wouldn't be in this situation. It amazes me that people still come to their defense.
I have a feeling this is not the last of the controversial details from Sony. I am waiting for all their defenders to eat crow.
van_helblaze
April 27, 2011 at 9:30am
I love that they told us to change our passwords, but there is no way to do that until they turn the network back on.
Pyrophorics05
April 27, 2011 at 9:42am
I still cannot believe that they haven't notified PSN customers personally via email.
Next thing they are going to tell is this they've changed our password for our safety.
Hint: They will change everyone's password to "password." :/
I am selling my PS3 on Craigslist today. Not just for this incident but the mere fact they have virtually no security on their system (see Geohot hack) and they've had this entitled vibe since the PS2. Plus taking away features we paid for.
Biceps
April 27, 2011 at 9:54am
Agreed. I'm selling my PSP, too. One of the biggest electronics companies out there, and they can't even keep credit card #'s safe. Too bad. I know people who work for Sony, and they are all actually pretty nice people. Can't trust them with a credit card number, though, I guess.
Alibaba2k2
April 27, 2011 at 9:22am
The breach of security will set back cloud computing even further since people will now know their data is not 100% protected. If it's not on their hard drive or their personal device with it's own security, the worry will always be there.
bling581
April 27, 2011 at 9:58am
People that thought it was to begin with are morons. Amazon's outage just further proves that you can't trust the cloud no matter who is handling your data.
damicatz
April 27, 2011 at 6:52am
This is incompetence of the highest order. I have no doubt that Sony will scapegoat their low-level technical people while the CIOs and other IT managers, who are most likely responsible for this fiasco, will get a pat on the back and a bonus check for their "handling" of this crisis.
This does not fit the MO of Anonymous. If Anonymous managed to do all this, then it's really embarassing for Sony because Anonymous is nothing but a bunch of amateur script kiddies. It also appears that Sony stored the passwords in cleartext and did not encrypt any of this information, including credit cards. I knew back in middle school that passwords need to be hashed and salted in order to be securely stored in a database.
Caboose
April 27, 2011 at 8:31am
But... But... You can't see the password. It just shows up as a bunch of dots of stars. That's not plain text. You can't read it!
Vano
April 27, 2011 at 6:20am
Am I the only one who suspect that this is hoax?
I have a feeling that this is Sony's strategy turn people against the Anon group. I mean of course the group could stole the data and all, I don't deny that possibility, but putting the two together with recent events why can't Sony using this opportunity and accuse them in something much more bigger then DDoS attacks?
Thumper092486
April 27, 2011 at 9:13am
If this was a hoax by Sony I would not have had almost $500 of purchases on my card from some butt hole in Ohio. Sony did let my info get hacked and I'm pissed.
Vano
April 27, 2011 at 4:46pm
I didn't phrase it correctly...I meant they blame on Anon group while it could be someone else hacked them instead...
Atomike
April 28, 2011 at 12:02pm
Sony will likely not blame anyone - because nobody cares. Sony realizes that everyone blames Sony. And only Sony.
Rightly so.
Caboose
April 27, 2011 at 2:42pm
I hope you've contacted your bank/card issuer and had the card canceled and re-issued as well as the purchases contested and refunded or something.
turbonugget
April 27, 2011 at 7:33am
this a way for sony to switch from a free service to a paid service like xbox live gold. The new subscription fee will be "necessary" to support the hardware/personnel for thenew secure psn.
Atomike
April 27, 2011 at 6:29am
Yes - you're the only one. You see, destroying your own customer base is bad for business.
kixofmyg0t
April 27, 2011 at 5:16am
funny enough a few days before this all went down someone stole my credit card info and tried to order $80 worth of pizza from easypizza.com (didnt Anon threaten to do that to sony?!?) but epic failed and my bank shut off my card. So the credit card info that Anon (cuz its obvious it was them) stole off the PSN for me isnt valid anymore anyway.
I do feel sorry for Sony. They sued a hacker and "hacker" fanboys take it out on Sony customers. Good effin job Anon.
baGoGoodies111
April 27, 2011 at 6:29am
http://www.maximumpc.com/article/gaming/anonymous_declares_temporary_cease_fire_sony_doesnt_want_hurt_customers
While it could be the first idea, I doubt Anonymous would have continued such an attack to off PSN and steal customer info, not really their deal (unless its Sony's EMPLOYEE info). My guess is after someone noticed that Anon took down PSN with relative ease, they decided to attack to get the information.
kixofmyg0t
April 27, 2011 at 10:02am
Sony took down its own network. They noticed an intrusion and took the PSN and their music service down. They've posted that since like friday.
I believe that Anonymous hacked the PSN, most likley to get Sony employee credit card info to use for buying all the pizza and at home HIV tests or w/e stupid crap they keep blathering about. But why stop at Sony employee's? I mean all these people with PSN ID's are "supporting" Sony right? Why not show them how "bad" Sony really is by attacking the customers?
I actually got into a argument with a guy about this, his belief is that if you buy Sony then you are "evil" and "not for the free world" and "should" get your credit history ruined.
All I gotta say is I REALLY hope wish dream and prey that this gets the FBI's attention.
wolf17
April 26, 2011 at 11:09pm
This really sucks for users of PSN. Sony is definitely going to be in hot water for this as that is a lot of information that was compromised!!
bautrey
April 26, 2011 at 10:58pm
If only Sony hadn't sued George Hotz, this might not have happened...
KenLV
April 26, 2011 at 10:53pm
Who's gonna find the fucker who broke the law and stole all this info?
Connect with MaximumPC
Featured Content
The gang discusses the GTX 690, Trinity, Ivy Bridge, Amazon, big-box stores, MMOs,...
This month's issue
Feature
Build a PC On Any Budget
Feature
Cloud Services Showdown
How-To
Encrypt Your External Drive
Build It
Upgrade an X58 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Want to work at Maximum PC? Our Online Managing Editor, Alex, is moving away, so we need a new one. http://t.co/9Z7JCh0E1 day 14 hours ago
- maximumpc: Fraps 3.5.2 fixes lots of bugs, so if your motto, like @PCGamer's, is "always be frapsing," you should pick it up http://t.co/3DW3WUI01 day 16 hours ago
- maximumpc: Google Chrome Becomes World's Most-Used Web Browser, Kinda http://t.co/Xqgscmrp2 days 10 hours ago
