PSN Hacked 80710A06 8002A203

[Symonator]

Even still astro having data encrypted to PCI DSS guidelines will not stop someone stealing CC info, the real issue here is what sonys security really is, but to take out a huge network for several days, to steal 70+mill user accounts info/cc etc is pretty daunting.

More to the point, with some of our info you can be used for fake credit with all our other info, some companies only need name, address, d.o.b, and a CC number... and will get credit in your name, the hackers might not even use the cc info for transactions but sell the info on for other people to use in the future for credit/fake id shit.

Or in a complete twist the hacker might not do anything at all with the info... tis all a mess!

[Astro]

Even still astro having data encrypted to PCI DSS guidelines will not stop someone stealing CC info, the real issue here is what sonys security really is, but to take out a huge network for several days, to steal 70+mill user accounts info/cc etc is pretty daunting.

More to the point, with some of our info you can be used for fake credit with all our other info, some companies only need name, address, d.o.b, and a CC number... and will get credit in your name, the hackers might not even use the cc info for transactions but sell the info on for other people to use in the future for credit/fake id shit.

Or in a complete twist the hacker might not do anything at all with the info... tis all a mess!

Guess it's a waiting game in terms of CC details I'll inquire with my bank and get a new one issued. (Even thought it's is a major pain in the arse)

In terms of my Email the only stuff attached to my PSN email are PSN all my e-commerce buying uses my Gmail account. (Ironically done just to have a email address that would just give important emails no spam BS)

So I guess by tomorrow sony would have just handed out my Name, Address and DOB. (With obviosuly PSN details changing pronto when PSN goes back up)

I guess I class that as pretty good unintentional data security breach counter measures lol.

[DJ-Daz]

There are 2 ways this can play out.

1. Lone hacker doing it for kudos/kicks. Gets screen shots and posts them to his mates/adversaries to impress them. Realises the the shit he's now in, goes into full blown panic, crashes his car while avoiding anything that looks remotely like a blue tight in his mirror.

2. It was a concerted attack designed to infiltrate and steal as much as humanly possible. Details will most certainly not be used by the hackers, but will be sold on to russian mafia types. These people then apply for credit by using the details stolen/purchased.


You can bet your ass that interpol will be looking for the culprits, as will the FBI and Scotland Yard. Annonymous have already had their collars felt, this will make them pucker up for sure.

[DJ-Daz]

Sony official Q&A:

Q.1 When did you realise the system had been intruded?

We discovered between April 17 and April 19 (EDIT:WTF? 2 days before anyone noticed?) there was an illegal and unauthorized intrusion into our network.

Q.2 How did you know that the system was intruded?

We watch for any issues that may be raised with respect to security and monitor for such issues both internally and externally.

Q.3 What is the main reason to this problem? Which parts of the system were vulnerable to the intrusion?

We are currently conducting a thorough investigation of the situation. Since this is an overall security related issue, we will not comment further on this case.

Q.4 What action did you take (are you taking)? Is there any possibility of further unauthorized access?

As soon as we learned of this issue, 1) we temporarily turned off PlayStation Network and Qriocity services in order to conduct a thorough investigation and to verify the smooth and secure operation of our network services, 2) we have also engaged an outside, recognized security firm to conduct a full and complete investigation into what happened, and 3) quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.

Q.5 How many were affected? How many per each region? What is the latest status of PlayStation Network registered account/ operating countries.

Our investigation indicates that all PlayStation Network/ Qriocity accounts may have been affected.

Q.6 Does that mean all users’ information was compromised? Tell us more in details of what personal information leaked.

In terms of possibility, yes. We believe that an unauthorized person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity password, login, password security answers, and handle/PSN online ID. It is also possible that your profile data may have been obtained, including purchase history and billing address (city, state/province, zip or postal code). If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. If you have provided your credit card data through PlayStation Network or Qriocity, it is possible that your credit card number (excluding security code) and expiration date may also have been obtained.

Q.7 Have you notified those users?

We are sending out e-mails directly to these users to their e-mail address registered on the PS Network accounts. Also, we have posted web notices, and additional necessary procedures have been followed by each region.

Q.8 Have you received reports or claims that their PSN ID information/ credit card had been used improperly?

Not at this point in time.

Q.9 I want to know if my account has been affected.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your account statements and to monitor your credit reports. Additionally, if you use the same user name or password for your PlayStation Network or Qriocity service account for other unrelated services or accounts, we strongly recommend that you change them. When the PlayStation Network and Qriocity services are back on line, we also strongly recommend that you log on to change your password.
For your security, we encourage you to be especially aware of email, telephone, postal mail or other scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking.

Q.10 What should I do to prevent any unauthorized use of my (credit card) personal information?

For your security, we encourage you to be especially aware of email, telephone, postal mail or other scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. Additionally, if you use the same user name or password for your PlayStation Network or Qriocity service account for other unrelated services or accounts, we strongly recommend that you change them. When the PlayStation Network and Qriocity services are back on line, we also strongly recommend that you log on to change your password.
To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your account statements and to monitor your credit reports.

Q.11 Since when have PSN/Qriocity become unavailable and in which region?

PSN/Qriocity services have not been available since April 20 (US time) in all regions.

Q.12 How come it is taking so much time to resume the service?

We are taking the investigation seriously. We decided to keep the service down to allow us to conduct a thorough investigation and verify smooth operation of our network services.

Q.13 How serious is this? Have the hackers broken the security on PSN/Qriocity? Are you taking necessary measures to prevent such outage happening in the future?

Since this is an overall security related issue, we will not comment further on this case but we are working to restore and maintain the services, including countermeasures against future intrusions.

Q.14 When will the service resume?

We are taking the investigation seriously. We will keep the service down to allow us to conduct a thorough investigation and verify smooth operation of our network services but are working hard to resume the services as soon as we can be reasonably assured security concerns are addressed.

Q.15 Seems like SOE service was also not available/ suffering outage. Is this true? Is this due to the same reason as the PSN/Qriocity outage?

SOE's service is available although a service interruption due to an external attack did occur. A thorough investigation is ongoing.

Q.16 I want my money back (subscription fee, content) since the PSN/Qriocity was not available.

When the full services are restored and the length of the outage is known, we will assess the correct course of action.

Q.17 There seems to be some games that cannot be played even offline?

Depending on the game titles, but mainly PSN games, some may require access to PSN for trophy sync, security check, etc.

Contact Details
Country Customer Support
Africa sonycustomercare.mea@ap.sony.com
Australia 1-300 365-911
Austria 0820 44 45 40
Belgium 011 516 406
Bulgaria support@sbhbg.com
Croatia playstation.hr@arsvenatus.hr
Cyprus 22352282
Czech Republic 222 864 199
Denmark 90137013
Estonia 6543484
Finland 600411911
France 0820 31 32 33
Germany 01805 766 977
Greece 801 11 92000
Hungary 1 814 4800
Iceland 591- 5100
India 1800-103-7799
Ireland 0818 365065
Israel 09-9711700
Italy 199 116 266
Latvia 67046049
Lithuania 37338655
Luxembourg 0820 31 32 33
Malta 234 360 00
Middle East - All sonycustomercare.mea@ap.sony.com
Netherlands 0495 574 817
New Zealand 09 415 2447
Norway 82068322
Poland 0 801 230 000
Portugal 707 23 23 10
Romania support@sbhbg.com
Russia 8-800-200-76-67
Slovakia 232 112 209
Slovenia 1 510 31 30
South Africa 0861 773783
Spain 902 102 102
Sweden 9002033075
Switzerland 0848 84 00 85
Turkey bilgi@eu.sony.com
UK 0844 736 0595

[DJ-Daz]

LOL, someone installed a rootkit on PSN!

[Symonator]

[Symonator]

Take alook at the data ps3hax has been sniffing.

Take a look at the traffic:
creditCard.paymentMethodId=CC_COMPANY&
creditCard.holderName=EXAMPLENAME&
creditCard.cardNumber=1234567890123456&
creditCard.expireYear=2012&creditCard.expireMonth=2&
creditCard.securityCode=123&
creditCard.address.address1=EXAMPLESTREET%2024%20&creditCard.address.city=EXAMPLECITY%20&
creditCard.address.province=EXAMPLEREGION%20&
creditCard.address.postalCode=12345%20
The credit card information should ALWAYS be encrypted. In ANY case. At least the security code. SONY is only relying on it’s https connection. With all those CFWs spreading around, this is not secure anymore. Same goes for the user details:
serviceid=IV0001-NPXS01001_00&
loginid=example@mail.com&
password=examplepassword&
first=true&
consoleid=EXAMPLEID123

Read more: http://www.ps3hax.net/2011/02/call-of-p ... z1KfdY20ex

and thats from a firmware.. jeez

[Astro]

Spending the next hour examining emails, passwords and making new ones when needed fun fun.

[DJ-Daz]

Wow fascinating read.
So in theory the hack that brought down PSN could have come from someone who gathered intel from sony's rootkit/Playstation 3?

It's not much of a stretch to think that if you can decrypt all that login info, you can spoof that info too to get deeper access to restricted areas. Once a weakness is found, you could be in and out many times before anyone would even know.

[Symonator]

And the ddos was probably a distraction, weaken the system into failing.
Who knows, but this is quite serious.. well i am going now, but everyone i know on facebook/twitter and youtube are talkin about it.. not great PR is it lmao.

night all, see what tomorrow brings

[DJ-Daz]

Another official update this morning:

We wanted to take this opportunity to clarify a point and answer one of the most frequently asked questions today.

There’s a difference in timing between when we identified there was an intrusion and when we learned of consumers’ data being compromised. We learned there was an intrusion 19th April and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly yesterday evening.

For those who were looking there’s also an FAQ with some more on frequently asked questions

Thank you for your continued patience and support.

So now they're saying the 19th, yet last night they said 17th, that gives the hackers a 10 day head start.
http://www.mess-hall.co.uk/forum/viewto ... 731#p20731

[YorkshirePud]

SIGH

well ive really lost all faith in sony almost now, i shant be migrating to another console, because despite this utter fucking cockup i like my playstation, its not the playstations fault, its mummy and daddys

fuckwits, im not changing my card though i cant be arsed, ill just keep an eye on it even more so than usual.

i wonder though can you guys tell me has someone managed to do this becase they could hack their ps3? im just curious if that has played a part in it. certainley its upset the l33t h4xxzors who think they are da boom

[theENIGMATRON]

I done some reading up on this and i must say i am fucking shocked!!

I turned on my PS3 last night to catch something on the BBCI Player.
And noticed the error Due to Auto Sign in.
So am shocked from the point the service is still Down,
its been like a week or more or something aint it?
Well i duno not used me PS3

But more so what i am shocked at is the Info that has been accessed.

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

I understand every company has its security issues
and sometimes things and places get exploited and infomration obtained!
But come on!! CC infomration!!!! Are they having a Joke!!!

For the number of users that store there info on there account,
and chances of this info now being in the hands of someone else!!

Whos to point the Finger at. Sony.........

Could we see a large number of court cases heading to sony????

[DJ-Daz]

@Dave, I can see a lot of people in the US suing Sony, and I can see banks doing the same if they loose any money because of this...
I honestly think Sony gaming will not survive this.
Microsoft must be having a week long party.

Also, if it's taken a week or more just to fingerprint the network, how much longer will PSN be down for?

[Symonator]

And dave works with a large company that deals with this info alot, he will know that somehow sony must of had a really shitty network to even allow anyone to get this amount of details.. i mean really, like i said before.. who is going to even trust sony ps3/store etc now? i wouldn't.