Read if You've Ever Had a PSN Account

[Furianshi]

As you may have heard, the Playstation Network has recently been compromised. Today, Sony have released information on what actually went down when it happened. Here's the update that they've posted.

Main points from the update:

• Your name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID have all been obtained by an unauthorised party.
  
• It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have also been obtained.
  
• There is no evidence of it at this time, but to be cautious, Sony are advising you that your credit card number (excluding security code) and expiration date may have also been obtained.
  
• When the Playstation Network is back online, users are encouraged to change passwords ASAP.

[TamTam79]

I remember reading a while back that personal CC info wasn't even so much as encrypted over the PSN, so this isn't good news at all.

This sounds a little more serious than a simple CFW issue that people were talking about a few days ago.
_________________

[Furianshi]

Yeah, it does doesn't it. As far as credit card details go, Sony seem pretty confident that the security code (3 digit number on the back of the card that is required for most transactions) hasn't been accessed. Also, they have heard no reports of users having their credit cards hijacked so, while not much, it is a good sign.

[Fetidchimp]

So i guess sony better remove the psn in the next firmware
_________________
kill, kill, kill.....the white man. Kill the white man, kill

[ppjim3]

Sorry to put a little more salt on the wound, but the credit card security code doesn't mean all that much. I'm pretty heavy into coding e-commerce websites and you don't even need the security code to take money off a card, let alone billing address details. A CC number and an expiration is more than enough to jack any card over plenty of websites. If the CC details were actually taken (and I haven't done any more searching into this subject myself) then Sony have made one of the largest security mistakes I've seen on the net. The scope of their database is absolutely massive. Let's hope the CC numbers aren't out there, and if they are... there are so many that mine don't get pinched!
_________________

[TamTam79]

What irks me most about this, is it took a week for them to let us know what's gone on. And don't nobody waste their time trying to convince me that they didn't know or that it took this long for them to get it. I won't buy it.

Not sure how they're going to fix it, but I assume is a large job. Im more worried now about whats already happened.
_________________

[TamTam79]

http://thehill.com/blogs/hillicon-valley/technology/157777-blumenthal-wants-info-from-sony-on-playstation-network-data-breach

[Fetidchimp]

I didn't even know it happened until just then, some notification from them would have been nice.....a week is a fucking long time on the internet
_________________
kill, kill, kill.....the white man. Kill the white man, kill

[Frozencry]

gg blackhats.
_________________

[Furianshi]

@ppjim3: thanks for the info, wasn't aware of that.

For everyone else... Apart from monitoring your credit card account and possibly giving your card provider a call to discuss your concerns (if you've used your credit card over PSN), I'd also suggest now is the time to change any passwords you've used with other accounts that are the same as your PSN password.

Edit: PSN Hacked: How to Protect Yourself (IGN Article)

[Frozencry]

Also to confirm from some dev sources, looks like Sony's form of encryption with CC details and other such things was based in plain-text.

Credit card sent as plain text, example: creditCard.paymentMethodId=VISA&creditCard.holderN ame=Max&creditCard.cardNumber=XXXXXXXXXXXXXXXX&cre ditCard.expireYear=2012&creditCard.expireMonth=2&c reditCard.securityCode=XXX&creditCard.address.addr ess1=example street%2024%20&creditCard.address.city=city1%20&cr editCard.address.province=abc%20&creditCard.addres s.postalCode=12345%20

This is pretty disastrous. While I'm highly doubting the people who broke through PSN are actually going to use the credit details (it's likely a blatant attack from anon sources just to break Sony imo), the fact that they were capable of hitting 75 million accounts and stealing all that information is pretty insane.
_________________

[Frozencry]

Double post for interest.

In-depth discussion about the PSN security.
_________________

[Sweating Bullets]

This is going to get ugly pretty quickly

PSN Security Breach Prompts US Senator To Demand Answers From Sony

http://www.g4tv.com/thefeed/blog/post/712158/psn-security-breach-prompts-us-senator-to-demand-answers-from-sony/

[Shadow Wave]

does that mean the PSN is back up?
_________________
http://bencadphotography.com/
http://OXCGN.com/
http://www.play-asia.com/SOap-23-83-7wrp-49-en.html Cheap Games!

[TamTam79]

[Sweating Bullets]

[TamTam79]

[genxevo]

This is being reported on the ABC news Channel right now

[eckymosis]

I'm absolutely gobsmacked at how poorly protected our personal information, especially CC details are through PSN. You would expect a major corporation like Sony to at least invest some time and money in providing adequet security. Not to say that hackers can't bypass well protected data but the lack of protection to me shows that they didn't see protecting our details as a worth while expense or priority.

Just hope to God that I don't read an article over the next few weeks saying "PSN user CC account details found on Vietnamese website for $1 each!".
_________________

[grim-one]

[John Marston]

[theory]

Continue discussion in the original thread about this.

http://palgn.com.au/viewtopic.php?p=881367
_________________