PSN Hacked 80710A06 8002A203

[DJ-Daz]

I read last night on TSA's website that it was a LOIC hack that caused the problem. But after reading up on LOIC on wikipedia, LOIC is a DDoS counter measure.
So thats a no go.

I think and agree with Mathieulh that it's probably the rebug custom firmware that has caused Sony to shut down PSN. He seems to think that the developer side of PSN is open to people running REBUG, and that they are downloading shit loads of alpha and beta games for free.

I think it's this thats pissed Sony off and they are installing security to force devs to use usernames and passwords, and possibly hardware ID'd.

Just my thoughts.

[InfiniteStates]

I suspect it's spin - something has fucked them over and they don't want to admit it. Otherwise there would have been a warning, and I doubt it would be down for this long.

No doubt when it comes back online, they will tell us what awesome improvements they have made for us. For free.

[DJ-Daz]

No doubt when it comes back online, they will tell us what awesome improvements they have made for us. For free.

It IS back online... the added security means no one can get online anymore... a huge improvement for Sony... no more whinging customers.

[InfiniteStates]

No doubt when it comes back online, they will tell us what awesome improvements they have made for us. For free.

It IS back online... the added security means no one can get online anymore... a huge improvement for Sony... no more whinging customers.

PMSL that's priceless...no longer are Sony victims of malevolent hackers, they're just the incompetent idiots we all know and love

[YorkshirePud]

meh im still busy with the family they are leaving today though so ill need something to amuse me, hopefully it will be fixed today or tomorrow, still ill be happy to play some more SP games for a bit

[Symonator]

so sony just admitted all our personal info has been stolen and they do not know if that also includes credit card info, but they have everything else name, address, post code, age, dob, passwords... psn emails. transcations...not really acceptable is it?

If they took this info, they took the CC info too, no way they wouldn't.
http://blog.eu.playstation.com/2011/04/ ... ce-update/

How can anyone defend such lame security?

[DJ-Daz]

PSN WAS HACKED after all.
And the entire securty system was compromised including usernames, passwords, name, address, DOB, creditcards, fucking everything.

Official update:

Thank you for your patience while we work to resolve the current outage of PlayStation Network & Qriocity services. We don’t have an exact date to share at this moment as to when we will have the services turned on, but are working day and night to ensure it is as quickly as possible. We are currently working to send the following message via email to all of our registered account holders regarding a compromise of personal information as a result of this malicious attack on our servers, so please look for this information via email as well. Please note that we are as upset as you are regarding this attack and are going to proceed aggressively to track down those that are responsible

Valued PlayStation Network/Qriocity Customer,

We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:

1) Temporarily turned off PlayStation Network and Qriocity services;

2) Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and

3) Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity passwords and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence that credit card data was taken at this time, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, to be on the safe side we are advising you that your credit card number (excluding security code) and expiration date may also have been obtained.

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security, tax identification or similar number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your account statements and to monitor your credit or similar types of reports.

We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please check http://www.eu.playstation.com/psnoutage should you have any additional questions.

Sincerely,

Sony Network Entertainment and Sony Computer Entertainment Teams
Sony Network Entertainment Europe Limited (formerly known as PlayStation Network Europe Limited) is a subsidiary of Sony Computer Entertainment Europe Limited the data controller for PlayStation Network/Qriocity personal data.

[DJ-Daz]

Time to cancel credit cards and switch cards.
change your name, address and D.O.B. oh wait...
So basically Sony have given the hackers a 1 week head start to raid everyones accounts?

That has just made Sony look like a complete fucking joke.

[Symonator]

I know, honestly they must of knew this info already, they have to declare it straight away not a week later.

At this info it makes me wonder wtf has been going on.
I am not happy to see our CC info might be at risk (very high % imo) anyone who works with servers will know a server breach at a root level is basically the same rights as being the owner, they must have ALL info sony stored.

Trust is minus -100% right now.

[DJ-Daz]

There's no excuse for the time delay, but whats worse is the fact that nearly 70million users accounts could have been compromised

Thats a big number and requires immediate notification. PSN being down for a full 6days is bad enough and has caused a lot of bad blood, but failing to mention a complete and total breach of ALL security information could sound the death nell for the playstation and all related products, even devices that aren't yet on the market.

[Astro]

As you've all said what I was going to say I predict some admins at sony will be sacked pretty damn soon.

Not to mention lawsuits from here to kingdom come from the US.

[Symonator]

more to the point, they storing passwords as-is in a text folder/file? wtf? hashing is your friend sony..jesus.
Made work much easier for the "hackers".

[DJ-Daz]

Not to mention lawsuits from here to kingdom come from the US.

I'd imagine banks will be doing the same, creditcard changeovers cost money, and they'll want their pound of flesh too.

I've got the cash ready to go, XboX is looking more tempting every day.

@Sy, I'd imagine they real details are hashed, but it's not impossible to break... remember 4? The random number that Sony used to sign pkg's Pre-3.50?

Sony really are looking very bad at the 'mo, the Ps3 security was hacked when someone took a good look at it, now PSN is both stripped of all it's customers details.

security at Sony is going to be the butt end of many jokes.




Everything except security!

[Astro]

I hope to god they weren't that naive about CC/Debit details I mean I'm not a Data Security Industry employee but I know enough to keep the stuff locked behind secure server with some heavy bit encryption (say 256bit would do it)

If everything plays out ok(No CC info lost) we change our PSN login details (name address can be had from a phone book so no biggie and emails are easily made) (DOB obviously is meant also to be kept secure like passwords) and the breach is some what dampened.

[InfiniteStates]

I'll phone my CC people 2moz and mention it - it expires in June anyway.

Q.16 I want my money back (subscription fee, content) since the PSN/Qriocity was not available.

When the full services are restored and the length of the outage is known, we will assess the correct course of action.

Sweet - better be a fucking tasty compensation