Sony Online Entertainment Servers Hacked, Personal Info of 24.6 Million Stolen... Two Weeks Ago

26

Comments

+ Add a Comment
avatar

whathuhitwasntme

at least with M$ and xbox live, you can purchase the card for cash and not worry about personal info being stolen

avatar

eternally

This is exactly why I hate online-only gaming and why I've always refused to purchase games that force you to sign up for a service in order to play.

avatar

sarkli

New total of hacked accounts is up to 100mill... which suggests to me that the number of CC's stolen and personal info stolen is higher than Sony is leading on

avatar

JohnP

Agreed. This is an absurdly LONG time to wait until doing a press release! I have to laugh at the line "making this disclosure AS SOON AS POSSIBLE". It only makes sense if SONY was waiting for the true scope of the hack was known and what SONY was going to do to compensate its users.

I think that most major companies these days should have a SWAT team in place just to handle bad PR. Quick and timely updates, full disclosure of what they are doing, and proper compensation.

avatar

brownj00

Look, I understand being a little astonished.  But the hype there is more than a little overboard.  I guess I mistake thinkiing your PC expertise would necessarily translate into having any experience with corporate or enterprise IT issues.

Sure, SONY is a big company and so maybe we have higher expectations.  Most breaches, if detected, are announced many months later.  But really, how much do you know about corporate security in most places?  So what is your baseline assumption founded on?  Compared to what would happen at most companies Sony was not doing bad to detect the issue in a couple weeks- especially if they are working with 3rd parties.  Many Fortune 1000 companies would NEVER have detected the problem or perhaps only months later after a regular audit.  That is just the way it is.  You ever try and monitor a million lines of firewall logs EVERY DAY ?!?  Good luck.  Sure, there are measures and tools- my point is just that is it WAY more complicated than you seem to understand. 

Company executives are not interested in spending money, or approving unpopular security measures required to make corporate infrastructure more secure.  Or even reasonably secure to begin with.

Don't get me wrong...  everybody says "security is important".  They have to SAY that.  In my 20 year career experience in this field- I am just telling you very few actually follow through.  It's like CEO's talking about "people being their most valued assets".  Yeah- totally BS.  But it is the real world.  Welcome to it!  I usually look to MPC for better insight than angry rants fueled by ignorance. 

avatar

kixofmyg0t

Well said my friend. 

 

avatar

Ulrich

First: Sony is only going to find out what has actually been taken when the third party security team gets done with the investigation. Sony is doing it's part in letting your that your information "MAY" have been hacked.Also they released information that user information is in a Hash format, and that the credit card information is encrypted.

Second: since there is a third party doing the investigation Sony has to wait for updates from said third party. Which means

"two freaking weeks ago. Oh, and they may have gotten their grubby mitts on 24.6 million accounts' worth of personal info. And when did Sony finally notice? Today."

is not the case... I'd think a PC news site like Maximum PC which is usually right on the money would be mongering like this. Sony was told by the third party that the SOE servers were ok. Then during the investigation the third party discovered that the original inforamtion may have not been correct that they supplied to Sony. Which Sony took imidiate action on, and sent out a press release with a lot of "may" statements.

Third: This is possibly the funniest to me. Anytime Sony put out numbers about how many PSN, or Online MMO accounts they have. There are always press or comments that bring to light that those numbers are inflated due to old accounts, duplicate accounts, and so on. Although this time around I just see everyone quoting the maximum number. Odd how we play these games...

Sure this is a bad situation, but it's happened many times with many other comapnies. This is not the first time I've had to change my passwords.... and if need be it isn't the first time I've had to cancel a credit card.

avatar

bling581

"Third: This is possibly the funniest to me..."

What's funny to me is that this is hardly relevant and for all we know they could be all current accounts. The fact is that a large amount of accounts were hacked into, period. You can try and down play it by making assumptions but it's still a big deal regardless.

avatar

Ulrich

 

This was a poke at media... but since you bring it up... when Sony says this is total of our accounts worldwide... that is the total ever made. I have made 3 different SOE accounts, and 2 different PSN accounts. one of each has old outdated information. I imagine I'm not the only person with more than one account... or old out of use accounts. I'm not down playing anything Sony goofed up big, but they are not the first or last to be hacked for their information. I feel since the hacker community was targeting them rather heavily they should have taken that seriously and beefed up before hand. Hindsight is what it is.

 

Anyway I was making some observations, and since everyone is so anti sony at the moment I thought I'd post my observations. Let me know if any of my points are false.

avatar

Dartox

Yours truly

 

obvious sony employee

avatar

Ulrich

Actually no... I just know how to read.

avatar

Mighty BOB!

So, I hope that Microsoft is taking this massive failure at their leading competitor as a signal that they should maybe review their own security practices for Xbox Live and fix any problems before they happen.

avatar

Ulrich

It's been proven time, and time again that XBL accounts can be compromised rather easily. It's not a huge attack like on Sony... but many little ones on XBL. Search around, and you'll find even Well known MS employee's have had their accounts hacked.

avatar

Slugbait

I searched around...all I could find were hijacks, which has been proven time and time again having been utilized to compromise password-protected accounts on [enter any service name or company here].

Major Nelson didn't have his account "hacked", nor did any other MS employee. The guy in charge of investigating the hijack of Major Nelson last year had his own account hijacked a little over a month ago, and the braggart whodunit even publicly admitted it was just social engineering...the tactic done via email, forum convos, profiles, Facebook comments, etc. Calling PSS armed with enough info of your victim, and you might social engineer additional info in your quest to hijack a targeted account. Kevin Mitnick was an ace at this kind of thing.

There was no targeted account attack with Sony...it was tens of millions of accounts (or over 100 million), all at once. There is a big difference between doing one at a time, and doing all at one time.

So as BOB so correctly stated, MS should maybe review their own security practices for Xbox Live and fix any problems before they happen. But they can't fix pebkac...that will be around forever.

avatar

Emmit066

And that's a good reason why I don't play any SOE games.  The only word that comes to mind to describe Sony's predicament is this:  FUBAR.  Big time.

avatar

Emgtek

wow horrible infastructre Sony. good job.

avatar

Dartox

Sony You Dun' Goofed....even harder....good that I ditched sony after their ps2.

avatar

HiGHRoLLeR038

so let me get this straight....  PSN AAANDDD SOE were hacked?  at the same time?  but seperately?  thats rediulous.  

avatar

d3v

This is bad. But not as bad as its made out to be. If I am not mistaken credit card numbers are stored encrypted. So even if they go access to that database it would do them no good.

avatar

HKUSPC40

I wonder if these guys are retaliating against Sony after the Geohotz lawsuit.

avatar

Blaze589

94.6 Million accounts hacked. You've got to be kidding me. That's nearly 1/3 of the population of the US! It might be high time to switch to another platform since I don't think Sony's accounts can handle the impending backlash from this.

avatar

Kinetic

Wait, so let me get this straight... All of the user data including name, birthdate, email, password, credit card number, etc. was compromised in over a million accounts according to Sony themselves. Identities were stolen, many users had fraudulent charges popping up on their card accounts, and a lot of people -including myself- issued fraud alerts to their credit bueros and possibly had to go through the hassle of filing for a new credit card number to stop further fraudulent charges.
What is all your trouble worth to Sony? Well, according to this:
http://us.playstation.com/psn/playstation-plus/
A free month of Plus at just over $4. Thanks a bundle you tools. Keep the money, you idiots obviously need it more than me.

avatar

someuid

Actually, the cost is less to Sony.  $4 is what you would pay as a customer.  They can provide the service for less than $4.  There monthly cost is probably, what, $1 or 50 cents?

avatar

DDRDiesel

You sound like morons.  The both of you.  You think Sony was only paying that much?  When you want to talk costs, think of it this way:

Sony charges $4 per person for a month.  That $4 pays for online service, Sony's fees, and a little extra.  Multiply that by the MILLIONS of users who use this service.  Now add the rising costs of maintaining their online servers.  Sony's losses are going to be in the millions, and rising every day

avatar

Kinetic

I fully understand what the cost will be to Sony, I say it isn't enough for exactly the reasons I specified. For example a few years ago Sony released a demo disk for the PS2 that would corrupt save files on your memory card, when they found out they let those who lost their data pick a free hard copy of a game from some greatest hit titles. Today however a much greater loss of personal data equates to a month of Plus? A service that basically only encourages you to give Sony more money through some cheaper downloads. Neat. Just what I always wanted.
As countless other users have already said, Sony should have spent the time and money fixing security risks when they found out about them instead of trying to bury them behind lawsuits. What they're experiencing now is the cost of callousness, and I don't see how expecting more from a company who fumbled the personal data of MILLIONS makes me a moron.
If your company can't afford the cost of damage control for an event like this, you should make every attempt to ensure it doesn't happen in the first place; something Sony never did.

 

avatar

wkstar

EverQuest went down before 5am Monday morning

Log in to MaximumPC directly or log in using Facebook

Forgot your username or password?
Click here for help.

Login with Facebook
Log in using Facebook to share comments and articles easily with your Facebook feed.