Announcement

Collapse
No announcement yet.

Playstation 3 "PSN" database hacked, 77 million persons' information stolen.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Playstation 3 "PSN" database hacked, 77 million persons' information stolen.

    A hacker stole the names, birth dates and possibly credit-card numbers for 77 million people who play online videogames through Sony Corp.'s PlayStation console, in what could rank among the biggest data breaches in history.
    Read more: http://online.wsj.com/article/SB1000...#ixzz1KgUb8amp

    I posted this in the PS3 forums but found it important enough to post it here in General Discussion, as well. Check your bank accounts, I have friends with PS3's who already have mysterious charges on their debit cards.

  • #2
    Re: Playstation 3 "PSN" database hacked, 77 million persons' information stolen.

    I was sort of indifferent about the downtime until I heard about the data breach. Here's what I found on the PS blog, and I'm wondering why they didn't email this to me.

    Valued PlayStation Network/Qriocity Customer:
    We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:

    1. Temporarily turned off PlayStation Network and Qriocity services;
    2. Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
    3. Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.

    We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

    Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

    For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

    To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it:

    U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228.

    We have also provided names and contact information for the three major U.S. credit bureaus below. At no charge, U.S. residents can have these credit bureaus place a “fraud alert” on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below.

    Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
    Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
    TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790

    You may wish to visit the web site of the U.S. Federal Trade Commission at www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania Avenue, NW, Washington, DC 20580 for further information about how to protect yourself from identity theft. Your state Attorney General may also have advice on preventing identity theft, and you should report instances of known or suspected identity theft to law enforcement, your State Attorney General, and the FTC. For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone (877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202; telephone: (888) 743-0023; or www.oag.state.md.us.

    We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at 1-800-345-7669 should you have any additional questions.

    Sincerely,
    Sony Computer Entertainment and Sony Network Entertainment
    "No bastard ever won a war by dying for his country.
    He won it by making the other poor dumb bastard die for his country."

    - Attributed to General George Patton, Jr.

    Comment


    • #3
      Re: Playstation 3 "PSN" database hacked, 77 million persons' information stolen.

      I foresee this as being a major lawsuit in the making... We'll have to wait and see

      To be honest I'm a little torn as to if such a suit should be brought, and if it is, if it should succeed. Lets face it odds are someone is already looking into trying to create a class action already. That said, the main issue that will be interesting should a suit be filed is that typically companies say that 'they are not responsible for personal data.' You often find such language with any online account, or program. Heck Verizon Wireless has written into their EULA that they are not responsible for the personal data on their website. I understand that the reasons is to protect themselves in the event that someone uses the letter 'a' for a password and otherwise doesn't protect themselves, but still the phrasing used always had me worried that it included outside breaches to their systems not just poor password creation.

      Anyways... I'm kind of glad I don't have a PS3 right now, and I'll be keeping a very close eye on how this all plays out over the next few weeks

      Comment


      • #4
        Re: Playstation 3 "PSN" database hacked, 77 million persons' information stolen.

        Well that didn't take long...

        Originally posted by MSNBC
        On Wednesday Kristopher Johns of Alabama filed a suit in U.S. District Court accusing Sony of "negligence in data security" and of not taking "reasonable care to protect, encrypt, and secure the private and sensitive data of its users" as well as for taking too long to notify him and other customers that their data had been pilfered.

        Johns and his attornies are seeking class action status for the case as well as monetary compensation and free credit card monitoring for everyone affected.

        "Sony's breach of its customers' trust is staggering," J.R. Parker, co-counsel in the case, told IGN. "Sony promised its customers that their information would be kept private. One would think that a large multinational corporation like Sony has strong protective measures in place to prevent the unauthorized disclosure of personal information, including credit card information. Apparently, Sony doesn't."

        http://ingame.msnbc.msn.com/_news/20...n-network-hack

        Comment


        • #5
          Re: Playstation 3 "PSN" database hacked, 77 million persons' information stolen.

          Originally posted by DrakenViator View Post
          Well that didn't take long...
          i say he has a VERY strong case

          Comment


          • #6
            Re: Playstation 3 "PSN" database hacked, 77 million persons' information stolen.

            "The real reason PSN is down"

            relevant part:
            The truth is, there was a new CFW (custom firmware) released known as Rebug (http://rebug.me). It essentially turns a retail console into a dev console (not fully, but gives you a lot of the same options that usually dev's only have access to). Anyway, this new CFW was quickly figured out by 3rd parties (not Rebug) to give CFW users access to the PSN network again via the dev networks. With a little manipulation of the URL's through a proxy server you could get your hacked console back online. Not that big of a deal, right? Well, it also turns out that some people over at NGU found out that you could provide fake CC# info and the authenticity of the information was never checked as you were on Sony's private developer PSN network (essentially a network that Sony trusted). What happened next was extreme piracy of PSN content. Sony realizing the issue here shut down the network.

            Comment


            • #7
              Re: Playstation 3 "PSN" database hacked, 77 million persons' information stolen.

              Also, according to their press release that I snagged off Gizmodo, they say that credit card information WASNT stolen, just userdata, and even if it was stolen, its encrypted with some ridiculous algorithm. Then again, this is coming from the same people that took a week to fess up that something was wrong in the first place. *grain of salt*

              Comment


              • #8
                Re: Playstation 3 "PSN" database hacked, 77 million persons' information stolen.

                Originally posted by Kwalc View Post
                i say he has a VERY strong case
                Too early to tell...

                Here's the issue that I hinted at in my first post. Often by 'agreeing' to use a service such as PSN you also agree not to hold them (the provider of said service) liable for any damages. Typically company lawyers also put in various clauses that limit any damages to be paid out even if one can establish a breach. You also have to deal with may of these agreements state what court has jurisdiction.

                As with the situation at hand...

                Originally posted by PSN ELUA
                * * *
                15. GENERAL LEGAL
                * * *
                Except as otherwise required by applicable law, this Agreement shall be construed and interpreted in accordance with the laws of the State of California applying to contracts fully executed and performed within the State of California...
                * * *
                16. WARRANTY DISCLAIMER AND LIMITATION OF LIABILITY
                No warranty is given about the quality, functionality, availability or performance of Sony Online Services, or any content or service offered on or through Sony Online Services. All services and content are provided "AS IS" and "AS AVAILABLE" with all faults. SNEA does not warrant that the service and content will be uninterrupted, error-free or without delays. * * * YOUR SOLE AND EXCLUSIVE RECOURSE [for damages] * * * SHALL BE LIMITED TO YOUR DIRECT DAMAGES, NOT TO EXCEED THE UNUSED FUNDS IN YOUR WALLET AS OF THE DATE OF TERMINATION. * * * SNEA EXCLUDES ALL LIABILITY FOR ANY LOSS OF DATA, DAMAGE CAUSED TO YOUR SOFTWARE OR HARDWARE, AND ANY OTHER LOSS OR DAMAGE SUFFERED BY YOU OR ANY THIRD PARTY * * * THE FOREGOING LIMITATIONS, EXCLUSIONS AND DISCLAIMERS SHALL APPLY TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, EVEN IF ANY REMEDY FAILS ITS ESSENTIAL PURPOSE. * * *

                http://legaldoc.dl.playstation.net/p..._tosua_en.html

                Emphasis added - "* * *" = Section edited out
                Alright... Best Guess: First move will be Sony asking for the case to be dropped saying that 1) the person is limited to whatever they have in their Sony 'wallet' and 2) the person can't prove damages otherwise, so the case is without merit.

                Odds are the court will disagree with Sony and this will go to trial.

                The next issue is can the plaintiff prove damages, and prove negligence? Just because the data breach happened doesn't mean that Sony acted negligent. It's going to take MASSIVE amounts of expert witnesses, as well as testimony to prove this case. I don't know who the law firm or lawyer is who filed this, but I have a good feeling that he (or she) has NO idea what they are about to get themselves into, and is hoping that Sony will settle versus go to court. Considering some estimates are into the range of 24 billion in possible damages I doubt Sony would settle unless it is for pennies on the dollar.

                This case is going to be VERY interesting to watch as it plays out...

                Comment


                • #9
                  Re: Playstation 3 "PSN" database hacked, 77 million persons' information stolen.

                  Originally posted by Ferris Bueller View Post
                  Also, according to their press release that I snagged off Gizmodo, they say that credit card information WASNT stolen, just userdata, and even if it was stolen, its encrypted with some ridiculous algorithm. Then again, this is coming from the same people that took a week to fess up that something was wrong in the first place. *grain of salt*
                  Originally posted by PSX-SCENE Forums
                  So was the "credit card" table really encrypted?

                  Rumors are following thru various underground "credit card" trading forums, and on the new #psnhack twitter list that a large section of the PSN database containing complete personal details along with over 2.2million working credit card numbers with the much-needed CVV2 code are being offer up for sale to the highest-bidder, after the "hackers" tried to sell the DB back to Sony for a price, but they of course didn't answer!

                  http://psx-scene.com/forums/cmps_index.php
                  I'll be honest SOP is for credit card data to be encrypted at or above US Department of Defense levels so I have a hard time buying the fact that any credit card info was stored unprotected. My personal guess would be this is a outside hacker group claiming responsibility who is just trying to make a quick payday off of the publicity and the 'sale' of junk data. After all if they stiff you, what would you do, go to the police? Yeah didn't think so...

                  Comment


                  • #10
                    Re: Playstation 3 "PSN" database hacked, 77 million persons' information stolen.

                    *worried face*
                    Anger is a gift - Malcolm X

                    Comment


                    • #11
                      Re: Playstation 3 "PSN" database hacked, 77 million persons' information stolen.

                      FYI, PSN is back online and Sony announced it's "welcome back" program today. Users get to choose two of five downloadable games, get a free month of PS+ (existing PS+ users get 60 days free), and a selection of free movie rentals. All this happens once the store goes online. Here are the details -

                      All PlayStation Network customers can select two PS3 games from the following list. The games will be available for 30 days shortly after PlayStation Store is restored and can be kept forever.

                      Dead Nation
                      inFAMOUS
                      LittleBigPlanet
                      Super Stardust HD
                      Wipeout HD + Fury

                      For PSP owners, you will be eligible to download two PSP games from the following list. The games will be available for 30 days shortly after PlayStation Store is restored and can be kept forever.

                      LittleBigPlanet (PSP)
                      ModNation Racers
                      Pursuit Force
                      Killzone Liberation

                      A selection of “On Us” rental movie titles will be available to PlayStation Network customers over one weekend, where Video Service is available. Those titles will be announced soon.
                      30 days free PlayStation Plus membership for non PlayStation Plus subscribers.
                      Existing PlayStation Plus subscribers will receive an additional 60 days of free subscription.
                      Existing Music Unlimited Premium Trial subscription members will receive an additional 30 days of free premium subscription.
                      Additional 30 days + time lost for existing members of Music Unlimited Premium/Basic subscription free of charge for existing Premium/Basic members.
                      To welcome users Home, PlayStation Home will be offering 100 free virtual items. Additional free content will be released soon, including the next addition to the Home Mansion personal space, and Ooblag’s Alien Casino, an exclusive game.
                      "No bastard ever won a war by dying for his country.
                      He won it by making the other poor dumb bastard die for his country."

                      - Attributed to General George Patton, Jr.

                      Comment


                      • #12
                        Re: Playstation 3 "PSN" database hacked, 77 million persons' information stolen.

                        Somebody almost stole my credit card details because of you...DAMN RIGHT YOU'LL BE GIVING ME FREE ACCESS TO OOBLAG'S ALIEN CASINO MOTHERFUDGER.
                        Anger is a gift - Malcolm X

                        Comment


                        • #13
                          Re: Playstation 3 "PSN" database hacked, 77 million persons' information stolen.

                          Yay, a free game that I didn't want to buy in the first place!

                          Comment


                          • #14
                            Re: Playstation 3 "PSN" database hacked, 77 million persons' information stolen.

                            good luck!

                            Comment


                            • #15
                              Re: Playstation 3 "PSN" database hacked, 77 million persons' information stolen.

                              Originally posted by SharinganTH1422 View Post
                              Somebody almost stole my credit card details because of you...DAMN RIGHT YOU'LL BE GIVING ME FREE ACCESS TO OOBLAG'S ALIEN CASINO MOTHERFUDGER.
                              Best response in the history of responses ever...
                              "No bastard ever won a war by dying for his country.
                              He won it by making the other poor dumb bastard die for his country."

                              - Attributed to General George Patton, Jr.

                              Comment

                              Connect

                              Collapse

                              TeamSpeak 3 Server

                              Collapse

                              Advertisement

                              Collapse

                              Twitter Feed

                              Collapse

                              Working...
                              X