backtop


Print 102 comment(s) - last by crazyblackman.. on Apr 29 at 11:58 PM


PlayStation Network customers have had their personal information and possibly credit cards stolen. Sony just now decided to tell them after six days of service outage for undisclosed reasons.
Playstation Network and billing system has been down for six days, company just now decide to let users know the worst

Sony Computer Entertainment America LLC has just announced some very bad news for Playstation Network (PSN) users (accessible via the PlayStation 3 and PSP) who have made purchases -- they have had their personal info and possibly credit card numbers stolen.

Writes Sony:
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
Sony contracted a cloud services provider, Qriocity to manage its customers' data.  Sound familiar?  That's not surprising.  In recent months email relationship firms Epsilon and SilverPop suffered similar data breaches, losing personal information of customers of Krogers, Walgreens, Best Buy, Chase Bank, and more.

But this recent breach is arguably the worse yet, given just how much data is said to have been stolen and the possibility that credit card data was stolen.

Sony states:
We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience.
But, it writes that customers are now responsible for monitoring their credit card statements and credit stores to watch for any damage.  In short the message reads something like, "Sorry guys, but you're on your own now!"

According to outraged commenters the PSN has been down for six days now, but Sony is just now owning up to the fact that there was a massive security breach.  Secondary sources point to the network being down since at least April 21.

One must wonder how many more companies will see their customers violated before tech firms start to get the idea that handing valuable data to small third-party providers might not be the best idea.  It may be cheap, but as these recent incidents show, the utter lack of security and accountability can lead to many a nightmare.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Hashed Passwords
By Murst on 4/26/2011 5:06:15 PM , Rating: 5
I really don't understand how passwords could have been obtained by the hacker.

It is pretty much industry standard to store password hashes, and not the passwords themselves. If the passwords were stored as clear text, that should be negligence.




RE: Hashed Passwords
By lightfoot on 4/26/2011 5:23:38 PM , Rating: 1
If credit card data was compromised, then all bets are off. Industry standards or not.

Credit card data typically must be stored at least as securely as password data.

Even if a hash is stored and not the password it is fairly trivial to reverse the hash if you know the hashing algorithm (which we should assume was also compromised.)


RE: Hashed Passwords
By Murst on 4/26/2011 5:40:10 PM , Rating: 3
quote:
Even if a hash is stored and not the password it is fairly trivial to reverse the hash if you know the hashing algorithm (which we should assume was also compromised.)

I don't know why you would assume that. There is a significant difference between data being compromised and the hashing algorithm being compromised. Cracking the passwords from the hashes should also be pretty much impossible, since it is likely that some form of time sensitive salt was added to the password hash.

If the hashing algorithm was compromised, that would pretty much mean that the hacker not only got access to the database, but also got access to the source code of the PSN servers/software.


RE: Hashed Passwords
By lightfoot on 4/26/2011 7:52:52 PM , Rating: 1
quote:
I don't know why you would assume that. There is a significant difference between data being compromised and the hashing algorithm being compromised. Cracking the passwords from the hashes should also be pretty much impossible, since it is likely that some form of time sensitive salt was added to the password hash.

Why on earth would you assume anything wasn't compromised? They have already admitted to a MASSIVE data breach and their network is still down. They also don't appear to have audit trails of exactly what was breached. Assuming that they handled password security correctly is a huge assumption when it is clear that they weren't even handling credit card security correctly.

If you added a salt to the hashing algorithm it too would need to be stored (you must be able to duplicate the hash to validate that the password is correct.) This makes it more difficult to generate a lookup table of hashed passwords, but not impossible.

To unhash all of the passwords may be cost prohibitive, but only a single password needs to be compromised to be considered a breach.

We can continue making assumptions about how good their security should have been, but it's kind of moot given the fact that they have already been breached.


RE: Hashed Passwords
By donjuancarlos on 4/27/2011 9:12:59 AM , Rating: 2
Nah to all this password cracking stuff. My money is on social engineering. Some admin likely gave up his password or downloaded and ran an email attachement...


RE: Hashed Passwords
By lightfoot on 4/27/2011 12:18:54 PM , Rating: 2
Actually we are discussing how difficult it would be to extract all the user passwords from the database after the database was compromised.

We know that the system was compromised - Sony admitted as much.

The question is now that the system has been compromised what security did Sony have in place to protect sensitive user data?

Clearly the username and most customer details were stored as clear text in the system and have been compromised.

The credit card account numbers should have been stored using no less than 128-bit 3DES encryption according to the Payment Card Industry Data Storage Standard (PCI DSS.)

The discussion here is if the 3DES encryption was breached why some people assume that a more basic hashing algorithm was not. And if Sony was not using 128-bit 3DES for the credit card account numbers why would they assume that they were using a more secure system for the account passwords?


RE: Hashed Passwords
By lightfoot on 4/27/2011 12:28:04 PM , Rating: 2
quote:
If the hashing algorithm was compromised, that would pretty much mean that the hacker not only got access to the database, but also got access to the source code of the PSN servers/software.

Or they could have gotten their hands on the executable code and had a halfway decent decompiler... No original source code required. If the database server was compromised it's a fair bet that the app server was also compromised given the fact that the two servers would likely need to communicate with one another.

In any case it is unlikely that it (the application) was also compromised, but we can't assume that it wasn't.


RE: Hashed Passwords
By MozeeToby on 4/26/2011 5:40:00 PM , Rating: 3
quote:
Even if a hash is stored and not the password it is fairly trivial to reverse the hash if you know the hashing algorithm (which we should assume was also compromised.)
Not if they add a randomized salt, which isn't industry practice yet, but probably should be. And even if you know the hashing algorithm, it can still be too computationally complex to reverse it. For example, ask a computer to calculate 3969 * 7351 * 2539 and you'll get an answer back in milliseconds. On the other hand, ask a computer to calculate the prime roots of 74,078,166,141 and you'll be waiting for a much longer time.


RE: Hashed Passwords
By JasonMick (blog) on 4/26/2011 5:43:22 PM , Rating: 3
quote:
On the other hand, ask a computer to calculate the prime roots of 74,078,166,141 and you'll be waiting for a much longer time.


Let's hope they don't have quantum computers!

(for the record, quantum computers can't currently calculate huge primes, but that's one of the purposes they're expected to eventually fulfill...)


RE: Hashed Passwords
By MrTeal on 4/26/2011 6:12:04 PM , Rating: 5
quote:
Let's hope they don't have quantum computers!


If they did, I think they would be to busy making billions legally to bother with stealing some gamers' CC numbers. :)


RE: Hashed Passwords
By someguy123 on 4/26/2011 6:56:10 PM , Rating: 1
Maybe they were testing it expecting it to fail, then were suddenly flooded with credit card numbers?


RE: Hashed Passwords
By BigDH01 on 4/26/2011 11:16:54 PM , Rating: 2
Define fairly trivial. SHA1 has yet to be reversed. If the passwords were hashed with SHA1 then the attacker is basically stuck looking for collisions with brute force or dictionary attacks. I think the one thing to take away from this is to require users to make strong passwords.


RE: Hashed Passwords
By Flunk on 4/27/2011 9:35:27 AM , Rating: 2
Your comment is only valid for two-way encyption. The passwords were stored with one way encryption. The hashes are not reversible. What you'd have to do is create rainbow tables of all the valid hashes and compare them to the actual hashes.

This means that if you have an obvious dictionary-based password it's fairly easy to derive, but more complex things would need a lot of compute time to discover.


RE: Hashed Passwords
By lightfoot on 4/27/2011 12:05:44 PM , Rating: 2
If even a single account is compromised using a lookup table of the 100 most common passwords then user account passwords have been compromised. Period. You don't need to break every password in the system for it to be considered a breach.

And hashes by definition don't need to be reversible, just repeatable and computationally easy to compute. This makes creating a lookup table a trivial task. Using a salt will obviously increase the difficulty, but does not make the cracking process any more complex, just more time consuming.


RE: Hashed Passwords
By AnnihilatorX on 4/27/2011 4:31:28 AM , Rating: 2
Even if hashes are used, depending on encryption, hash tables are available for short passwords up to certain length. I bet million of users in PS network there bound to be some stupid passwords there.


RE: Hashed Passwords
By mcnabney on 4/27/2011 10:26:48 AM , Rating: 1
How much easier would it be to discover the nature of the hash if the hackers also have several of their own profiles to use as a key. They would know the actual passwords for their own accounts and I would think that having both sets of data would allow them to discern how the hashing mechanism functions.

Or maybe they didn't hash the passwords at all. In which case every executive as Sony needs a cockpunch to go with their pinkslip.

I also wonder if the security question/answers were also compromised. Those, along with email addresses could create a lot of chaos 'outside' of Sony.


RE: Hashed Passwords
By Newspapercrane on 4/27/2011 11:43:52 AM , Rating: 2
I was thinking Guillotine... or mandatory Seppuku.


RE: Hashed Passwords
By cochy on 4/27/2011 9:48:26 PM , Rating: 2
That is exactly why a random salt is used so that rainbow tables are irrelevant. The salt is added to all passwords so to reverse the hash you would need to compromise the salt as well.

My information was stored at PSN so I must say I'm besides myself at this display of complete negligence by Sony. I will call them tomorrow to see if my password and secret questions were indeed stored as plain text. If so, well that's just unbelievable.


Question for PS3 owners
By thurston on 4/26/2011 11:40:49 PM , Rating: 2
I just bought a PS3 over the weekend and found out the Playstation Network was down when I hooked it up. When it's back up and running is a CC required to create an account like iTunes or is it just required when making purchases?




RE: Question for PS3 owners
By OAKside24 on 4/27/2011 6:25:38 AM , Rating: 2
When I set up my account (years ago), credit card information was not required. It was only required when buying something on the PlayStation Store.

My bank (local but large credit union) hasn't even allowed me to use my MasterCard (blocking even verification and saving of card info) on PSN over a year. I think I ended up buying a PSN card. I guess that actually worked out okay considering this mess.

I'm still very unhappy about the way Sony handled this, allowed it in the first place, and that all of my other information (including password) was likely compromised. Sony has taken the lead from Apple in my book, as far as tech corporations that I despise the most.


RE: Question for PS3 owners
By spread on 4/27/2011 1:02:10 PM , Rating: 2
You could always buy those PSN "gift cards" and input a code to PSN. That way you don't have to give them a credit card number.


RE: Question for PS3 owners
By rburnham on 4/28/2011 5:23:11 PM , Rating: 2
That is a great idea, and if you get them at Best Buy, you get Rewards Points for it. It's a win-win! But no, setting up a PSN account does not require a credit card.


Such is the price of technology.
By Yoshino Kurokawa on 4/26/2011 7:06:26 PM , Rating: 1
The thing that gets me is the continued strife and ambivalent finger-pointing.

In this day and age, with everyone using credit cards and log-ins for everything from socializing to major capital activities, hackers and potential evildoers will ever continue to be a problem. Even those of us that are posting here in this blog, right now, are open to attack.

It's not like this hasn't happened before - and it will happen again. So why do people keep acting like it's the first time or something? Mind you - I'm not condoning this in any sense of the idea. A crime is a crime - people like this should be buried at low tide. Yet - with the ever-present threat, and no signs that it will top anytime soon - tightening our effects is about our only course.

That, or declaring martial law or something. Or vitrification - that's it.

You can either remove yourself from the grid entirely - live on an island, and commune with the seagulls and crabs - or adapt, and do your best to keep your information secure, and follow up on any issues quickly, and stop all of this damned finger-pointing. After all - pointing at every major company, website and anything with a pulse has to get old at some point.




RE: Such is the price of technology.
By AnnihilatorX on 4/27/2011 4:36:45 AM , Rating: 2
Company which stores sensitive details, should retain responsibility for data security. Even though they've taken adequate measures to protect it, it should still retain responsibility for leaks. Any successful vector of attack conducted by hackers can potentially be looked at and improved upon.

If Dailytech has my credit card detail and it got attacked and leaked, you are basically saying I should blame myself?


By marvdmartian on 4/27/2011 8:39:41 AM , Rating: 1
I agree that the vast majority of the responsibility of safely storing the information belongs with the company that has requested that info in the first place. Let's face it, there are plenty of companies out there, including (but not limited to) utility companies, telephone companies, entertainment (including cable/satellite) companies, etc, that ask a LOT more personal information than they probably really need, of their customers.

Seriously, it won't surprise me if there's not a class action lawsuit brought against Sony within the next week or so.


By Yoshino Kurokawa on 4/27/2011 3:01:57 PM , Rating: 2
I'm not saying that they shouldn't be responsible - I'm saying that, in reality, nothing is 100% hack-proof, and it's foolish to think so.

And that it's our responsibility, as with all things, to keep an eye on what we have and to deal with the unfortunate should it occur.

I'm just saying that getting mad at every single company that gets hacked is like getting mad at every single tornado that hits Texas. For every security update we do, someone will take the time to find an end-run. It's becoming clear that relying on the companies to come up with a magic elixir to keep us completely safe is a wasted endeavor.

And like tornados, you can't stop them entirely. If you don't like them, you can either move (or in this case, don't give the companies sensitive information), or prepare yourself for the unfortunate.


By BZDTemp on 4/26/2011 6:44:03 PM , Rating: 2
Guess I can do it again :-/

It's most all the extra spam that is gonna be annoying here but that is worse enough.




Yeah this sucks....
By Nfarce on 4/26/2011 11:23:19 PM , Rating: 2
First of all, I am VERY disappointed in Sony's response. Or lack thereof actually. There are several PS3-only games I play online. Next Tuesday Motorstorm Apocalypse comes out (finally) and I plan on getting that.

Second, it's pretty obvious this happened because Sony pissed off a rogue ANONYMOUS-related (or sympathetic) hacker due to not allowing Linux support for pirated software. ANON said months ago they were pissed at Sony but would not, as a group, do anything to disrupt the PS3 gaming community. So much for the company you keep.

The repercussions of this will be interesting to watch. You have to corporate-hating basement dwelling nerds with no life sympathetic to the hackers, and then you have the rest of us who enjoy letting off steam after a hard days work and crank up the PS3.

Of course, there are those of us PS3 users who have the alternative to crank up the PC and game. Thank God for that. This stunt is uncool beyond fashion. Hope the hacker(s) enjoy watching the tens of millions of PS3 gamers who can't enjoy what they spent hundreds, if not thousands, on entertainment.




Wow
By atlmann10 on 4/26/2011 11:43:06 PM , Rating: 2
Let it go for almost a week! They are going to get sued backwards and forwards.




One More Strike Against "The Cloud"
By Arsynic on 4/27/2011 9:25:11 AM , Rating: 2
Companies who outsource certain services to other companies believing that if they do so they don't have to worry about security ("let them handle it") are in for a rude awakening.





this blows
By tekzor on 4/27/2011 1:59:12 PM , Rating: 2
I just got my psp go and cant do jack squat with it, LOL.




6 days for notice ??
By KOOLTIME on 4/27/2011 5:03:46 PM , Rating: 2
WoW this is major negligence,

Name address is one thing as most people have that public in most phone directories.

But bank / credit info stolen and not being told while some scammer maxes their credit limits, is simply criminal on their part to have not told customers immediately upon knowledge of such actions occurred. So they can protect their financial info, and security to let them know to stop scammer attacks, if any occurred due to the breach.




Sounds Scammy?
By METALMORPHASIS on 4/28/2011 12:38:08 AM , Rating: 2
I do things legally with my legit password(s)& credentials and sometimes have a hard time loging in and out of sites! If I sneeeze or fart everyone looks at me. You can't steal bubblegum without having a camera up your ass. I find it hard to believe that sites can be hacked into.Someones not doing their job or its an inside job.




Ha.
By Mr. Xbox on 4/28/2011 4:28:17 PM , Rating: 2
$60 dollars a year doesn't sound too bad now to you Sony users. I hope if or when Microsoft gets hacked they would let me know right away instead of keeping me in the dark for a whole week.




You Get What You Pay For...
By Arsynic on 4/27/2011 9:20:20 AM , Rating: 1
This is what happens in the ghetto of online gaming services...

Sony had to cut some corners in order to keep PSN free!




Meh
By BioHazardous on 4/26/11, Rating: -1
RE: Meh
By JasonMick (blog) on 4/26/2011 5:07:10 PM , Rating: 3
quote:
It's just a credit card, you're protected against fraud automatically, so not really a big deal. Been through having my account info stolen before from Orbitz.com and I simply got a new card and a ton of mail for each fradulent transaction.


You do realize being the victim of credit card fraud affects your credit score and impacts your ability to get mortgages, etc.?

And that "automatic" protections takes a certain amount of effort and surveillance?

Maybe you're fine with malicious individuals gaining access to your credit card, but I'm sure not...

Why not just post your CC # here in the forums while you're at it, if you think there's no harm!

And also, consider -- individuals now have your full name, address, birth date, and email and can now order fake credit cards in your name and target you with phishing attempts/spam.

Great work, Sony.


RE: Meh
By Reclaimer77 on 4/26/11, Rating: 0
RE: Meh
By Paulywogstew on 4/26/2011 5:22:22 PM , Rating: 3
You can still get into netflix just load it up it'll ask you to sign in to the network just hit okay it'll error out then ask you again to sign in do it again it'll timeout or error out but netflix will be loaded and work.


RE: Meh
By FastEddieLB on 4/26/2011 7:05:06 PM , Rating: 1
I respect your opinion and frequently agree with you, but...

quote:
I don't even have a PS3


That right there invalidated your entire rant.


RE: Meh
By Reclaimer77 on 4/26/2011 9:44:44 PM , Rating: 2
quote:
That right there invalidated your entire rant.


Fist off, I was stating opinions and facts, not positing an argument. And secondly, how does that invalidate anything?

Don't be a hypocrite. I seriously doubt you never have an opinion on something you don't own. That's not even remotely realistic.

If I owned one, my opinion would be exactly the same, except even more anti-Sony. So please explain what you mean.


RE: Meh
By Bioniccrackmonk on 4/26/2011 10:09:59 PM , Rating: 2
The only part of your prior statement that is fact is that it is the big Portal 2 release. Everything else is your opinion.

What actually invalidated your rant is the fact that this article has NOTHING to do with Xbox/Microsoft and yet here you come with the same garbage that has been said back and forth for the last several years. Get over it. Move on.


RE: Meh
By Reclaimer77 on 4/26/11, Rating: -1
RE: Meh
By Bioniccrackmonk on 4/27/2011 8:56:27 AM , Rating: 2
quote:
Yeah it's called a "comparison". Look it up.


No, what you typed several comments ago was not a comparison as you didn't compare anything at all. You merely stated one very basic fact, Portal 2 release, and then proceeded to regurgitate the same dribble that has been said by 360/PS3 fan boys for the last several years. Get over it. Move on.


RE: Meh
By dubldwn on 4/26/2011 7:17:07 PM , Rating: 2
quote:
I can't believe Sony fanboi's claim it's "almost as good as Xbox Live". Ummm no. Not even close.

I use PSN instead of having cable and up until now I was satisfied with it. I never used Xbox; just curious, why is it better? Do they have movies/TV shows to rent/"buy"? How is the selection? Or are you referring to that game chat stuff?


RE: Meh
By FITCamaro on 4/26/2011 7:27:12 PM , Rating: 2
Being able to chat with your friends on Xbox Live without having to be in a game is one of many features Xbox Live offers that PSN does not.


RE: Meh
By Newspapercrane on 4/27/2011 11:49:09 AM , Rating: 4
Just curious:

How often do you honestly sit in front of your tv, with your xbox on just listening to your friends talk through a service which sounds worse than a tin-can attached to a string without playing a game?


RE: Meh
By thurston on 4/26/2011 11:27:23 PM , Rating: 3
quote:
My friend and I were looking forward to playing it online on his PS3 against our friends, no dice.


You know someone who considers you their friend?


RE: Meh
By MozeeToby on 4/26/2011 5:25:45 PM , Rating: 4
About 2 weeks ago I got a call from my CC company that someone had attempted to use my card in a neighboring state (indeed one that I have traveled to and through in the recent past). They detected that the charge was fraudulent (I'm guessing based on the card number being used in two locations which were physically too far apart to be completed in that amount of time) and denied the charge. Obviously I reviewed my statement carefully but there was not one invalid charge on it.

The protection CC companies give you is powerful and automatic, after all, you are not liable for the charges, that means they need to either pay up or take legal action with the stores, both of which cost them time and money.

Finally, a stolen card does not affect your credit rating unless your card issuer screws up how they handle the situation. So long as they state 'Lost/Stolen' as the reason the old account was closed, and the new account keeps the old account's opening date, you won't have lost anything. If they don't do this, you can appeal to have the data corrected and you will almost certainly win.


RE: Meh
By JasonMick (blog) on 4/26/2011 5:41:40 PM , Rating: 3
quote:
About 2 weeks ago I got a call from my CC company that someone had attempted to use my card in a neighboring state (indeed one that I have traveled to and through in the recent past). They detected that the charge was fraudulent (I'm guessing based on the card number being used in two locations which were physically too far apart to be completed in that amount of time) and denied the charge. Obviously I reviewed my statement carefully but there was not one invalid charge on it.

The protection CC companies give you is powerful and automatic, after all, you are not liable for the charges, that means they need to either pay up or take legal action with the stores, both of which cost them time and money.

Finally, a stolen card does not affect your credit rating unless your card issuer screws up how they handle the situation. So long as they state 'Lost/Stolen' as the reason the old account was closed, and the new account keeps the old account's opening date, you won't have lost anything. If they don't do this, you can appeal to have the data corrected and you will almost certainly win.


Well I'm glad your situation worked out well. I'm not saying that in a lot of cases banks don't resolve these kinds of this automatically or almost automatically.

It's just SOME CASES where they don't (for example, what if the charge came from your home state -- that would be "believable")...

And like you said, you could work to make sure that your credit score was not impacted, but that might take a great deal of time and effort on your part.

The point is there is reasons why people don't just post their CC #s in public forums.

Is the damage of lost personal info and CC #s irrecoverable? No, of course not. Is it a massive pain in the @$$? Most definitely.


RE: Meh
By Lazarus Dark on 4/26/2011 5:51:36 PM , Rating: 2
And in my experience, even if you have absolute proof that some charge is an error, it still takes an act of Congress for the three Experian, Transunion, or Equifax to remove that error from thier records. I actually still have an error they just refuse to remove, no matter the absolute evidence I have. Thankfully my wifes credit is spotless, so we just use hers when we need to.


RE: Meh
By Solandri on 4/27/2011 2:30:52 AM , Rating: 2
They won't listen to you. But they'll listen to the credit card company/bank which listed the erroneous info to your credit report. I had Amex file a negative on my report due to an error (mistakenly reported late payments on my workplace's company card to my credit report). I played phone tag with Amex, got them to correct the error and send a letter to the credit agencies saying to remove the negative. And within a month it was gone.

(Which is not to say that they shouldn't listen to you. I absolutely agree that if those three screw up your life because of their error, they should be the ones paying to fix it, not you.)


RE: Meh
By Lazarus Dark on 4/27/2011 10:11:57 PM , Rating: 2
It was a financing company, Equitable Acceptance (legal loan sharks as far as I'm concerned). My bank records prove they received every payment on time, but their records are all screwed up. My bank, Bank of America, called them and confirmed that all payments had been sent to them electronically to the same routing number. Equitable said, yeah you're right, then promptly forgot speaking to them and continued to report me as having not paid on time for a year period. So, my bank says yes, now they say no, and the Big Three credit report agencies wont respond.


RE: Meh
By BansheeX on 4/27/2011 2:41:36 AM , Rating: 2
Most people aren't aware that they can put a freeze on their credit reports with all three credit agencies, thereby preventing thieves of personal data from issuing new credit cards under your stolen SS number. Of course, I'm of the opinion that consumer credit is unnecessary and a perversion of the concept behind savings and loans. But I still want to make it harder for criminals to game it.

In this case, having new credit in your name issued is not the risk because an SS# was not stolen. If you know your CC number has been stolen, immediately cancel the card and issue a new number. People who don't care because they're not liable for fraud are idiots: you should care that some criminal just made off with products you would have had to labor years for. Not only that, fraud bids up prices because it creates artificial demand and sucks up resources spent to recover losses or catch thieves. Don't just sit there and let it happen because you think it's not your problem: it is.


RE: Meh
By BioHazardous on 4/26/2011 10:27:03 PM , Rating: 1
quote:
It's just SOME CASES where they don't (for example, what if the charge came from your home state -- that would be "believable")...


What if the people who stole your info and identity ordered stuff online and shipped it to your address as though you ordered it?

Oh wait that's what happened to me and the issuing bank for my credit card just took care of it.

quote:
The point is there is reasons why people don't just post their CC #s in public forums.


People don't post their info on forums or share it with random strangers because they'd be in clear violation of their policy with the credit card company and thus be liable for any fraudulent charges.

Was it slightly annoying to have to fill out the forms and deal with the phone calls from my card company? Sure a little, but it didn't cost me a thing and it didn't impact my life or my credit rating in any way shape or form. That's why I prefer credit cards, I'm protected.

Is the massive theft of data a big deal? Yes. Will it impact me personally or my credit? No.

Let's not all get hysterical about things we know little about.


RE: Meh
By fic2 on 4/26/2011 8:18:40 PM , Rating: 2
I have kind of the opposite story. A few years ago charges in a state 1000 miles away started appearing on my CC. These were for utility stuff - internet, electricity, etc. My CC company didn't notice that utility stuff was being paid in two states and that I hadn't changed my address. They did cancel charges and the card. Then a couple of years ago they put a stolen credit alert on my account because I had been to the gas station that I usually go to, the Best Buy and Home Depot closest to my house.


RE: Meh
By slyck on 4/26/2011 8:33:45 PM , Rating: 2
I've had mine stolen twice and the only thing the credit card company knows to do is screw up. It was Discover, and after I let them know which charges were legitimate and which not, they cancelled payment on most of the legitimate charges while paying for most of the fraudulent ones. I got phone calls from irate businesses and had to spend my time straightening out the morons at Discover. You can't trust any of these crooked card companies.


RE: Meh
By Zoomer on 4/26/2011 11:17:25 PM , Rating: 2
Try again at a less bottom tier issuer/network. If you had an Amex or even Chase, the experience would be far different.


RE: Meh
By omnicronx on 4/26/2011 9:07:06 PM , Rating: 2
While its great that you had a nice experience, I don't see why anyone is trying to downplay the fact that there is a possibility that hundreds of thousands of personal and/or credit card information was stolen.

The protection we receive is irrelevent, nobody should never have to go through the process of having to verify and cancel credit cards.

While you are correct it should not impact your credit rating, nobody here can downplay the seriousness of this situation.


RE: Meh
By LRonaldHubbs on 4/26/2011 5:56:09 PM , Rating: 3
I had my CC # stolen and several hundred dollars in fraudulent purchases were made from somewhere in Asia. My card was frozen, I received a call from the CC company, and I confirmed that I did not make the purchases. They mailed me a new card and an affidavit to sign, and that was that. I took out a 30-year mortgage a couple months later with the lowest possible rate at the time, and the incident did NOT show up on my credit report. I still have excellent credit. Actually, the only things I got marked down for were short credit history, canceling a Master Card that I had (not the card that was stolen), and having too many credit checks in one year (when I got an apartment the utility companies and the landlord all ran credit checks).

quote:
Why not just post your CC # here in the forums while you're at it, if you think there's no harm!

That's just stupid and possibly a violation of your card agreement. At least one of my card agreements says that fraud protection hinges on me reasonably protecting my card information.

quote:
And also, consider -- individuals now have your full name, address, birth date, and email and can now order fake credit cards in your name and target you with phishing attempts/spam.

THAT is the bigger concern here, IMO, unlike the CC # which is a non-issue for anyone with fraud protection.


RE: Meh
By omnicronx on 4/26/2011 9:18:07 PM , Rating: 5
Please stop trying to downplay the seriousness of the situation. The possibility CC information being stolen in mass is of no laughing matter.

Furthermore just because you recover anything that was stolen, does not mean the credit card company does. Who knows what you could be funding, Anonymous itself? crime? terrorism? who knows?

I really just don't understand your argument, as clearly its a big deal. Many people have a problem using their credit card information online in the first place, do you seriously think this won't make people think twice about plugging their CC information into the Sony Marketplace now that this has occured? I know I won't again.


RE: Meh
By PrinceGaz on 4/26/2011 9:35:48 PM , Rating: 2
The fact it has been down for several days shows something is very very wrong with their system, and that it is indeed very likely sensitive information is now in the hands of scammers.

The only safe option is to cancel any cards whose info you've given as they should be assumed to be compromised (tell your card provider it has been stolen), and hopefully bank-account details are more robust as changing account numbers is a much bigger hassle, but if you've provided account numbers and sort codes to PSN, you should inform the relevant bank of this and you need it changed as the detqails have probably been stolen.


RE: Meh
By StevoLincolnite on 4/26/2011 10:57:24 PM , Rating: 3
RE: Meh
By Solandri on 4/27/2011 2:48:59 AM , Rating: 2
quote:
Furthermore just because you recover anything that was stolen, does not mean the credit card company does.

The credit card company doesn't lose anything to fraud. Their merchant services agreements make the merchant liable for any fraud. So it's the merchant who gets stuck with the bill for fraud, not the card holder nor the credit card company.


RE: Meh
By LRonaldHubbs on 4/27/2011 1:59:47 PM , Rating: 2
quote:
Please stop trying to downplay the seriousness of the situation. The possibility CC information being stolen in mass is of no laughing matter.

Sorry, I actually didn't mean to downplay the situation. Mass theft of personal information is a big deal, I get that. My intention was to counter Jason's statement that CC theft hurts your credit score and ability to get a mortgage, because in my case that was not true at all. I said nothing about how it affects the CC company or merchant though. I'm just saying that if my experience is the norm (which I don't know if it is or not), then a consumer whose CC # has been stolen doesn't have much to worry about. In the greater scheme, yes it is a big deal that this happened.

quote:
Many people have a problem using their credit card information online in the first place, do you seriously think this won't make people think twice about plugging their CC information into the Sony Marketplace now that this has occured? I know I won't again.

People have a problem using their CC online because they are paranoid and behind the times. I hear the complaints about this all the time be it from my parents or older co-workers who outright fear making online purchases -- people who don't think twice about handing their CC to a waitress or reading the # off over the phone. My experience with CC theft actually made me LESS worried about it. Regarding future use of the Sony Marketplace, well, let's just say that Sony doesn't get my business and probably never will. I have no concerns at all about continuing to use online vendors in general though.


RE: Meh
By spathotan on 4/26/2011 6:27:58 PM , Rating: 4
And all you're going to do is sit there and blame Sony for this? Forgive and forget the hackers that did this, right?


RE: Meh
By miccla on 4/26/2011 9:20:54 PM , Rating: 2
"Don't Hate The Playstation. Hate The Game(r)"


RE: Meh
By OCedHrt on 4/26/2011 6:43:49 PM , Rating: 2
I'm more concerned about the logins and passwords. Does this mean that they were stored not encrypted or that whoever got in was able to decrypt them?


RE: Meh
By Solandri on 4/27/2011 3:11:14 AM , Rating: 2
When they say logins and passwords were stolen, they're talking about the password file. The way you're supposed to store logins and passwords is with a one-way hash. That's a one-way mathematical function which turns "username" into encrypted gibberish (the hash). But only "username" will make that specific hash, and there's no known mathematical way to convert that hash back to "username". You store the hash (the encrypted gibberish) in the password file, instead of the actual login and password. When a user tries to login, you run the hash on what they type, and compare that hash to your stored hash to see if it matches.

So assuming they built their system competently, the logins and passwords should be safe even if the password file was stolen. However, although there's no known mathematical way to reverse the hash, there's always the possibility that some criminal genius has figured out some new way to do it. And with sufficient computing power, you can build a hash table (run the hash algorithm on every possible letter/number combo) for all usernames/passwords less than (say) 6 characters. Then it becomes a simple matter of looking up the hash and matching it up with the login or password. So it's still recommended that you change your password.

(This is why dictionary words are very poor passwords. There are trillions of letter/number combos that can make something the length of a typical password. Building up a hash table for all those possibilities is virtually impossible. But there are only a few tens of thousands of words in the dictionary. Building a hash table for all of them is trivial.)


RE: Meh
By sprockkets on 4/26/2011 6:58:59 PM , Rating: 1
quote:
Why not just post your CC # here in the forums while you're at it, if you think there's no harm!


ok

4870 5600 0137 7755

exp 01/12

cc 724


RE: Meh
By Hyperion1400 on 4/26/2011 8:29:58 PM , Rating: 2
So uh... who wants to go to jail? Kmon, I'm taking 2:1 odds that this will actually work! It's only a little a$$ pounding?
Who's game?


RE: Meh
By Zoomer on 4/26/2011 11:13:23 PM , Rating: 2
Also rather futile since it will fail AVS and be flagged anyway. I suppose one could do manual entry on a POS terminal they control, but that's rather pointless since they won't be able to get to the money and would leave a clear trail leading back to them.


RE: Meh
By corduroygt on 4/26/2011 11:17:38 PM , Rating: 2
Ok, now also give your full name and address please.


RE: Meh
By Motoman on 4/26/2011 11:23:50 PM , Rating: 2
Don't forget your mother's maiden name.


RE: Meh
By sprockkets on 4/27/2011 7:11:44 AM , Rating: 2
I posted a cc. Nobody said it had to be a working one :)

Well, I guess it does work. But it's just a Asus rebate card, and yeah, it has a balance of $0 on it since I used it already.

It's all in good fun.


RE: Meh
By thurston on 4/26/2011 11:55:25 PM , Rating: 2
About 10 minutes worth of searching on google and I believe your first name is Joe and you live in Orlando Fl. Am I right?


RE: Meh
By sprockkets on 4/27/2011 7:08:17 AM , Rating: 2
Yup. Probably have that info somewhere.


RE: Meh
By Zoomer on 4/26/2011 11:09:12 PM , Rating: 2
quote:
You do realize being the victim of credit card fraud affects your credit score and impacts your ability to get mortgages, etc.?

That's not even anywhere near true. Perhaps id theft, but certainly not for cc fraud. The end user typically isn't out a cent for these. Most times, they will be contacted by their bank's fraud dept as these transactions are really off.
quote:
And that "automatic" protections takes a certain amount of effort and surveillance?

Like reading your statement before paying it?
"But...but...READ???"
quote:
And also, consider -- individuals now have your full name, address, birth date, and email and can now order fake credit cards in your name and target you with phishing attempts/spam.

Except for email, your name, address and birth date are public record if you have been born and own a house.

Sure, it's a risk and is bad, but it's nowhere near as bad as you make it out to be.


RE: Meh
By Wolfpup on 4/27/2011 1:56:36 AM , Rating: 2
This was the worst possible news. I don't care that much if the network's down-all I really use it for is checking how many trophies I have, and the game patching still works. But this ain't good.

The email I got at least seemed really well done, though I wish Sony would somehow be able to help more.

I guess I was probably affected by the Best Buy breach a few months back too. I don't THINK anything bad's come of that. Suppose I should check my credit report...haven't done that in a few years since it's sort of intimidating and a hassle.


RE: Meh
By InvertMe on 4/27/2011 9:30:34 AM , Rating: 2
quote:
You do realize being the victim of credit card fraud affects your credit score and impacts your ability to get mortgages, etc.?


No it doesn't. Not at all. A few years back when credit card fraud was "new" you could have a negative impact for a while but with a few letters it would be corrected (I know because it happened to me) but now the process is so refined you will not see any impact at all.


RE: Meh
By Murst on 4/26/2011 5:10:42 PM , Rating: 2
Really, no big deal?

Considering that email, password, and security questions/answers were also compromised, it doesn't take much to see that pretty much any account that uses these security questions and answers could also now be compromised (whether you use the same passwords or not)...


Sounds fishy...
By crazyblackman on 4/26/11, Rating: -1
RE: Sounds fishy...
By Smilin on 4/26/2011 6:43:30 PM , Rating: 2
Sorry, would love to have a paranoid hyperbole riddled fanboi fight but I'm too busy...

Busy watching Netflix without any auth loop and using my utter failure of a Kinect controller to see that one part again. "Xbox, rewind..faster....Play"...ah there we go...try that with your glowing dildo.

When I'm done I think I'll play Portal 2 co-op again (yeah everyone on XBL already finished it once..you'll get to start in a week or two hopefully).

I'll give you fanboi props though... That free Xbox Live Gold weekend might not be a coincidence at all. Maybe you should check it out once you're done setting up monitoring on your credit reports.


RE: Sounds fishy...
By crazyblackman on 4/26/2011 8:02:09 PM , Rating: 1
LOL. Thanks man. You obviously aren't that busy. You waved your hand 4 or 5 times to get Kinect to react and pause Star Trek so you could respond to my post.

You and I both know that Kinect is worthless for Netflix and gaming altogether. Honestly...isn't it easier to just use a remote or a controller to rewind and pause your movie?

I checked my credit card acct already, I'm safe. Still not enough to make me buy a 360 though. LOL.


RE: Sounds fishy...
By themaster08 on 4/27/2011 2:41:08 AM , Rating: 2
Only in a blind fanboy's world is the fastest selling electronic gadget of all time considered as a failure.

quote:
Honestly...isn't it easier to just use a remote or a controller to rewind and pause your movie?
Honestly...isn't it easier to just use a pen and paper to write a letter instead of using a computer?

Maybe you can use this time off from gaming to realise what a jackass you are.


RE: Sounds fishy...
By Alexvrb on 4/26/2011 7:53:36 PM , Rating: 2
Man just when I thought Pirks had the market cornered on fanboytrollery, you show up!


RE: Sounds fishy...
By crazyblackman on 4/26/2011 8:09:01 PM , Rating: 1
You kidding? Pirks got nothing on me. Wait. Who is Pirks?


RE: Sounds fishy...
By B3an on 4/27/11, Rating: 0
RE: Sounds fishy...
By crazyblackman on 4/27/2011 4:17:26 AM , Rating: 1
Wow. The most fastest selling, utterly useless gaming device ever.

What do you use yours for? Gaming? No. There's only so much dancing a guy can do.

So you paid 150 hard earned dollars just to say "Xbox pause, Xbox rewind?" Seriously? Wow. All I can say is...good job Microsoft.

"It you build it, 10 million 360 owning idiots will buy it."


RE: Sounds fishy...
By themaster08 on 4/27/2011 8:44:05 AM , Rating: 2
quote:
Wow. The most fastest selling, utterly useless gaming device ever.
The PlayStation 3 has been nothing but an absolute failure for Sony (with the exception of pushing the BluRay format), considering their previous consoles were both all-time best sellers.

Sony's lack of innovation has really showed in this round. Their PSN has tried so hard to replicate the quality of Xbox Live, with now offering PlayStation Plus, and successes of the Wii, with its use of PlayStation Move.

Sony had something great with the iToy. They failed to really capitalise on that, instead they tried to impress the likes of people like you, with the same old ZOMG 7-corezzz attitude, and look where it has got them.

This PSN debacle will severely tarnish Sony's reputation in the console space. Their response to the situation has been dire. But you continue to blindly defend your console as though it is a member of your family, like a good little sheep.

The market for casual games is much larger in terms of audience than your little world of Call of Duty and Uncharted, my friend. With the massive success of the Wii, pinning the way for the vast smartphone gaming industry we are seeing, now becoming a threat to your "hardcore" gaming.

If name calling and mockery of successes and disregarding the failures of Sony help you to sleep at night, then feel free to do so to your heart's content. However, the harsh reality for you, my friend, is that it makes absolutely no difference.
Nintendo and casual game designers will be laughing all the way to the bank, while you're still throthing at the mouth.


RE: Sounds fishy...
By crazyblackman on 4/27/11, Rating: 0
RE: Sounds fishy...
By bfellow on 4/27/2011 2:14:57 PM , Rating: 2
I have a PS3. There's no freaking way I'll buy a Move. It's basically a Wii clone that looks like an ice cream cone.


RE: Sounds fishy...
By crazyblackman on 4/27/2011 3:07:32 PM , Rating: 1
"I have a PS3. There's no freaking way I'll buy a Move. It's basically a Wii clone that looks like an ice cream cone."

And...you already have a Wii? Yes? No? Is the shape a determining factor in your decision or maybe you don't like motion gaming or...maybe you had a traumatic experience with ice cream cones, or...

Ok...whatever.

I have 2 move controllers and I have never had a Wii. I haven't used them lately as I've been a bit too lazy, but I will in the near future. They are extremely accurate and add another dimension to HD gaming, unlike Project Natal, which is limited and a COMPLETE FAILURE AS A GAMING DEVICE.

The move controller also acts as a very capable remote control for nerds to use while watching Star Trek. It can even do so from the other room, without the use of the Playstation Eye.

As far as this PSN debacle goes, it will pass. No system is safe from hacking. Sony will correct this and bounce back. Playstation Move supported software will continue to grow.

Kinect will continue to be a flailing disappointment.


RE: Sounds fishy...
By themaster08 on 4/27/2011 3:46:05 PM , Rating: 1
Calm down, my friend. The ongoing successes of the Xbox 360, Kinect and Wii are nothing to get all hot and flustered about. I realise you need another outlet now you're unable to play Call of Duty online, but this is not the healthy way.

Perhaps you should try getting laid, whilethe PS3 continues to be an absolute failure :)


RE: Sounds fishy...
By crazyblackman on 4/27/2011 5:27:44 PM , Rating: 1
LOL...Its cool man. I ain't mad at all. You ever heard of single player offline games or inviting a friend over for some 2 player competition? We are sooo spoiled by the internet and online gaming nowadays. Unlike some,I can wait patiently until Sony sorts things out and to the other end, my beautiful lady eases all my stress, not Sony.

(LOL...Kinect is still worthless though.) OK? LOL. Peace man.


RE: Sounds fishy...
By Strunf on 4/28/2011 12:37:12 PM , Rating: 3
If you are spoiled by the Internet or online gaming WTF are you doing with a PS3, Xbox or wii? a PC is just way better at both...


RE: Sounds fishy...
By crazyblackman on 4/28/2011 8:30:01 PM , Rating: 2
Kind of a stupid question, but I'll answer it.

I meant "we as in this generation of gamers are spoiled by online gaming", but you obviously couldn't figure that out on your own.

I don't feel its feasible to keep upgrading my "gaming rig" every time some new game comes out with higher pc graphics card requirements. I am a console gamer because I prefer 10 yr consoles over the declining PC gaming market. Its just much easier to play games on a console for most people than constantly trying to match specs for PC configurations. PC gaming is dead to me anyway. I don't play any of that role playing wizardy nerdy crap, I am mostly a sports gamer. Is that answer ok with you?


RE: Sounds fishy...
By Strunf on 4/29/2011 8:23:15 AM , Rating: 2
This thing of constant upgrade need for PCs is a myth... the PS3 came out like 5 years ago, a decent PC from back then can still play today's games. There's no miracles, PC games support much higher resolutions, more effects, and other options than ANY console game, your hardware is frozen in time and as such your games can't really improve that much, PC games on the other hand keep getting better and of course if you want to push all the options to highest then your PC has to be a good one, if you push everything to low then you have the PS3/Xbox360 quality that even a $400 PC can run.

Also PC games tend to be at least 20% cheaper than console games...


RE: Sounds fishy...
By crazyblackman on 4/29/2011 2:48:53 PM , Rating: 2
Are there any ONLINE OR OFFLINE sports games on PC? No? Let's move on then. OK?

IT'S NOT ABOUT GRAPHICS! IT'S ABOUT THE GAMES! WHO CARES IF THE RESOLUTION IS BETTER ON PC IF THE GAME IS ONLY AVAILABLE ON CONSOLES?

ARE YOU LISTENING AT ALL? OBVIOUSLY NOT. (Foghorn Leghorn voice) HEY BOY, I SAY, I SAY, HEY BOY...PAY ATTENTION SON!!!


RE: Sounds fishy...
By Strunf on 4/29/2011 8:02:12 PM , Rating: 2
hmm dude stop the weed... there are PLENTY of Online/offline sports games on PC, seriously where did you get the idea that there isn't?...

You life is made of myths... maybe you should open the windows some times and see the world for yourself!


RE: Sounds fishy...
By crazyblackman on 4/29/2011 11:58:22 PM , Rating: 1
I don't give a really give a damn about hockey AT ALL.

Name one CURRENT non browser based NFL football game on PC.

Name one CURRENT non browser based boxing game on PC.

I am already aware of NBA2k11 on PC, but I still would rather play it on a console.

Name one reason why you're not completely full of shit and not worth me responding to.


RE: Sounds fishy...
By Reclaimer77 on 4/27/2011 9:36:30 PM , Rating: 2
quote:
The market for casual games is much larger in terms of audience than your little world of Call of Duty and Uncharted, my friend.


Yeah well, Lady Gaga sells more than Led Zeppelin. Just cause a bunch of kids push sales in a market, doesn't mean it's good or better.


"We’re Apple. We don’t wear suits. We don’t even own suits." -- Apple CEO Steve Jobs














botimage
Copyright 2015 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki