PS3: PSN update: Sony says private info may have been stolen!

I have an limit of €1000 , but lets look at this in perspective.
There are from what we are told 70 million psn accounts, lets say 40 million accounts have creditcard details.
The chance that they are using your creditcard details, is so small that you sooner win the lottery or die of cancer.
Add to that, that they don't have the security number and the expiration date wich they would have to guess right.
Now the chances are so small that you would sooner see a gorilla reciting Plato.
But ofcourse according to the law of big numbers, somewhere some poor sob is going to get hit.
But then again if you check your spendings you will have 30 days time to cancel ANY transaction.

 

That would be me then. We have a card on their which has to much on it to be able to close in a short period of time. We will have to rely on the banks picking up on unusual transactions and our own manual checking until we can sort out the cc with another provider.

I agree with Dragonhammer about the law of averages but would like to point out they have the security number and expiry date as the cc details we entered include this info as far as I can remember.

 

It is worthwhile remembering....

They have also stolen passwords and email account details.

So if you can be linked by your email, and have used the same PW elsewhere, it is time to change it now. The law of averages isn't much to someone who can set up a computer program to check your login details very quickly on other common sites.

Even worse for me is the compromise of the "secret question" which I cannot remember what I set (and cannot check as PSN is down) to make sure I have not used that challenge paring on any of my other accounts. Once its up I will need to check where I have used that, change it, and remember NEVER to use it again.

Its things like that that worry me more than my CC card being abused, which would be annoying, but could be proved to be fraudulent at no cost to me.

 

Bit of a pickle isn't it.

 

It was my impresion they got card expiration dates and possibly the 3 digits from the back of the cards as well.

I guess the biggest issue is we don't know who has our info and how much of it they have

I changed all my passwords after reading your earlier post Ulric. Very good advice.

 

Analysts say this could cost Sony up to 20bil and someone in Alabama's started up a class action lawsuit.

I wonder if after all is said and done if Sony will start charging for PSN like Xbox Live.

 

Someones started a class action suit what a surprise....

 

Yeah i reckon its best to cancel your card, i have now and taken out identiy theft protection. Might sound a little paranoid but better to be safe then sorry. I know alot of people say blame the hackers but if sony had adequate security they would have been able to be hacked.

Ive changed all my passwords as well now, thankfully i use a number of emails rather then the same one so its not so easy to get lucky with me.

 

LOL. When I mentioned it in a post before I was joking. I should have known it would not take long for someone to start one. :w

Keep people away from COD that long and someone is going to have to pay damn it!

Seriously though, yes it is a pain in the arse, yes my privacy has been compromised, but surly SONY is not the bad guy here (excluding the issue of protecting our info and time of notification issue for a minute as we don't know all the facts yet).

The bad guy is the hackers surely? SONY is as much a victim as we are I would think?

Here is a novel approach, how about the 70+ million users donate $1 each to SONY so they can A) build a better system for us all and B) do what ever it takes to bring these wankers to justice?

Instead of looking for a scape goat to take our vengeance out on, how about we all help in fixing the issue and not drive a company to the wall in the process. Don't get me wrong I am no fan of large corperations, but many people depend on SONY for their living and many of us depend on SONY for our entertainment.

Just once lets focus on the right bad guy ... just to change things up?

 

The jerkholes that didn't encrypt the data after the last intrusion a while back?

 

I'm with you Pure_Mongrel except for the donation part Sony make enough money from us .

An update I saw on the Internode forums
Games On Net :: General News: Silver Linings: Sony Online Entertainment Not Actually Compromised

 

If it is found that SONY are at fault ... then I call dibs on kicking those directly responsible in the nuts first!

 

Sony for it's size should have had multiple 3rd parties running PCI standard checks and employing whitehats to attempt cracking their system.

I don't blame a single soul for wanting a class action on this. When 70+mil people could be effected by identiy theft it needs to happen. Corps need to learn that you can't short change on security. The only way they learn a thing of losing money...lots of money.

I don't blame Sony for a hack attempt. I blame Sony for not protecting my information.

Now the hackers if they are attempting to make a statement have. They just lost the support of millions of people. They are now being hunted not only by law enforcement but also by one of the worlds largest corps. I hope they enjoy the next couple of months cause I am sure it's only a matter of time.

 

They could be doing all of those things and more but some clever prick(s) made it in anyway. If they were deliberately negligent that is a different kettle of fish but I would be really surprised if a company of that size, experience and reputation would go down that path the stakes as we are seeing are to high.

Sony are going to get hammered (for the delay in informing the market I agree they probably should) and I believe it is a wake up call for the industry as a whole. I am not a big fan of corporations their practices infuriate me at times but I cannot help but roll my eyes whenever I see the litigation refuse come out of the woodwork.

 

New PS3 Firmware To Come With PSN Relaunch|Just Push Start

They are rebuilding and moving the servers to a more secure location?

Was this a hack or a physical break in?

 

PSN: The Security Scandal - Page 1 | DigitalFoundry | Eurogamer.net

Another good read. It points out how there are IRC chat logs from Feb 16th that point out that sony was using old versions of Apache and Red Hat with known security flaws. Along with transmitting CC details in the clear. I don't know if it's true but if so it is pure negligence.

Second huge point
"In short, there is no actual need whatsoever for your password to be stored server-side at all. Sony's statement suggests that it was actually storing sensitive information in plain text format, which defies belief. The only other explanation is that hackers only got access to the hashes and may have compromised a small minority of passwords by running this data through something like a dictionary look-up. However, from the tone of Sony's apology this does not appear to be the case."

 

Those are some very valid points. Seems I need to retract my "be nice to SONY" sentiment.

 

I was walking through JB today and realized that they have PSN cards for sale. I will be using this method of filling my PSN Wallet in future. Will try too reduce the amount of CC usage and storage locations in future.

 

Okay we know they have been hacked, but were's the proof that these hackers/protesters are going to use the info?

I belive the group was called anomous (sorry for the spelling) and had a geniune grudge (or so they felt) against Sony. As far as I can see the only ones starting the shit are the police and sony.

I agree if you you were sily enough to tie a credit card to your account, fix it and in future use different methods to pay or play your games, there out there.

I have a felling this story has a lot more to play out!