backtop


Print 102 comment(s) - last by crazyblackman.. on Apr 29 at 11:58 PM


PlayStation Network customers have had their personal information and possibly credit cards stolen. Sony just now decided to tell them after six days of service outage for undisclosed reasons.
Playstation Network and billing system has been down for six days, company just now decide to let users know the worst

Sony Computer Entertainment America LLC has just announced some very bad news for Playstation Network (PSN) users (accessible via the PlayStation 3 and PSP) who have made purchases -- they have had their personal info and possibly credit card numbers stolen.

Writes Sony:
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
Sony contracted a cloud services provider, Qriocity to manage its customers' data.  Sound familiar?  That's not surprising.  In recent months email relationship firms Epsilon and SilverPop suffered similar data breaches, losing personal information of customers of Krogers, Walgreens, Best Buy, Chase Bank, and more.

But this recent breach is arguably the worse yet, given just how much data is said to have been stolen and the possibility that credit card data was stolen.

Sony states:
We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience.
But, it writes that customers are now responsible for monitoring their credit card statements and credit stores to watch for any damage.  In short the message reads something like, "Sorry guys, but you're on your own now!"

According to outraged commenters the PSN has been down for six days now, but Sony is just now owning up to the fact that there was a massive security breach.  Secondary sources point to the network being down since at least April 21.

One must wonder how many more companies will see their customers violated before tech firms start to get the idea that handing valuable data to small third-party providers might not be the best idea.  It may be cheap, but as these recent incidents show, the utter lack of security and accountability can lead to many a nightmare.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Meh
By JasonMick (blog) on 4/26/2011 5:07:10 PM , Rating: 3
quote:
It's just a credit card, you're protected against fraud automatically, so not really a big deal. Been through having my account info stolen before from Orbitz.com and I simply got a new card and a ton of mail for each fradulent transaction.


You do realize being the victim of credit card fraud affects your credit score and impacts your ability to get mortgages, etc.?

And that "automatic" protections takes a certain amount of effort and surveillance?

Maybe you're fine with malicious individuals gaining access to your credit card, but I'm sure not...

Why not just post your CC # here in the forums while you're at it, if you think there's no harm!

And also, consider -- individuals now have your full name, address, birth date, and email and can now order fake credit cards in your name and target you with phishing attempts/spam.

Great work, Sony.


RE: Meh
By Reclaimer77 on 4/26/11, Rating: 0
RE: Meh
By Paulywogstew on 4/26/2011 5:22:22 PM , Rating: 3
You can still get into netflix just load it up it'll ask you to sign in to the network just hit okay it'll error out then ask you again to sign in do it again it'll timeout or error out but netflix will be loaded and work.


RE: Meh
By FastEddieLB on 4/26/2011 7:05:06 PM , Rating: 1
I respect your opinion and frequently agree with you, but...

quote:
I don't even have a PS3


That right there invalidated your entire rant.


RE: Meh
By Reclaimer77 on 4/26/2011 9:44:44 PM , Rating: 2
quote:
That right there invalidated your entire rant.


Fist off, I was stating opinions and facts, not positing an argument. And secondly, how does that invalidate anything?

Don't be a hypocrite. I seriously doubt you never have an opinion on something you don't own. That's not even remotely realistic.

If I owned one, my opinion would be exactly the same, except even more anti-Sony. So please explain what you mean.


RE: Meh
By Bioniccrackmonk on 4/26/2011 10:09:59 PM , Rating: 2
The only part of your prior statement that is fact is that it is the big Portal 2 release. Everything else is your opinion.

What actually invalidated your rant is the fact that this article has NOTHING to do with Xbox/Microsoft and yet here you come with the same garbage that has been said back and forth for the last several years. Get over it. Move on.


RE: Meh
By Reclaimer77 on 4/26/11, Rating: -1
RE: Meh
By Bioniccrackmonk on 4/27/2011 8:56:27 AM , Rating: 2
quote:
Yeah it's called a "comparison". Look it up.


No, what you typed several comments ago was not a comparison as you didn't compare anything at all. You merely stated one very basic fact, Portal 2 release, and then proceeded to regurgitate the same dribble that has been said by 360/PS3 fan boys for the last several years. Get over it. Move on.


RE: Meh
By dubldwn on 4/26/2011 7:17:07 PM , Rating: 2
quote:
I can't believe Sony fanboi's claim it's "almost as good as Xbox Live". Ummm no. Not even close.

I use PSN instead of having cable and up until now I was satisfied with it. I never used Xbox; just curious, why is it better? Do they have movies/TV shows to rent/"buy"? How is the selection? Or are you referring to that game chat stuff?


RE: Meh
By FITCamaro on 4/26/2011 7:27:12 PM , Rating: 2
Being able to chat with your friends on Xbox Live without having to be in a game is one of many features Xbox Live offers that PSN does not.


RE: Meh
By Newspapercrane on 4/27/2011 11:49:09 AM , Rating: 4
Just curious:

How often do you honestly sit in front of your tv, with your xbox on just listening to your friends talk through a service which sounds worse than a tin-can attached to a string without playing a game?


RE: Meh
By thurston on 4/26/2011 11:27:23 PM , Rating: 3
quote:
My friend and I were looking forward to playing it online on his PS3 against our friends, no dice.


You know someone who considers you their friend?


RE: Meh
By MozeeToby on 4/26/2011 5:25:45 PM , Rating: 4
About 2 weeks ago I got a call from my CC company that someone had attempted to use my card in a neighboring state (indeed one that I have traveled to and through in the recent past). They detected that the charge was fraudulent (I'm guessing based on the card number being used in two locations which were physically too far apart to be completed in that amount of time) and denied the charge. Obviously I reviewed my statement carefully but there was not one invalid charge on it.

The protection CC companies give you is powerful and automatic, after all, you are not liable for the charges, that means they need to either pay up or take legal action with the stores, both of which cost them time and money.

Finally, a stolen card does not affect your credit rating unless your card issuer screws up how they handle the situation. So long as they state 'Lost/Stolen' as the reason the old account was closed, and the new account keeps the old account's opening date, you won't have lost anything. If they don't do this, you can appeal to have the data corrected and you will almost certainly win.


RE: Meh
By JasonMick (blog) on 4/26/2011 5:41:40 PM , Rating: 3
quote:
About 2 weeks ago I got a call from my CC company that someone had attempted to use my card in a neighboring state (indeed one that I have traveled to and through in the recent past). They detected that the charge was fraudulent (I'm guessing based on the card number being used in two locations which were physically too far apart to be completed in that amount of time) and denied the charge. Obviously I reviewed my statement carefully but there was not one invalid charge on it.

The protection CC companies give you is powerful and automatic, after all, you are not liable for the charges, that means they need to either pay up or take legal action with the stores, both of which cost them time and money.

Finally, a stolen card does not affect your credit rating unless your card issuer screws up how they handle the situation. So long as they state 'Lost/Stolen' as the reason the old account was closed, and the new account keeps the old account's opening date, you won't have lost anything. If they don't do this, you can appeal to have the data corrected and you will almost certainly win.


Well I'm glad your situation worked out well. I'm not saying that in a lot of cases banks don't resolve these kinds of this automatically or almost automatically.

It's just SOME CASES where they don't (for example, what if the charge came from your home state -- that would be "believable")...

And like you said, you could work to make sure that your credit score was not impacted, but that might take a great deal of time and effort on your part.

The point is there is reasons why people don't just post their CC #s in public forums.

Is the damage of lost personal info and CC #s irrecoverable? No, of course not. Is it a massive pain in the @$$? Most definitely.


RE: Meh
By Lazarus Dark on 4/26/2011 5:51:36 PM , Rating: 2
And in my experience, even if you have absolute proof that some charge is an error, it still takes an act of Congress for the three Experian, Transunion, or Equifax to remove that error from thier records. I actually still have an error they just refuse to remove, no matter the absolute evidence I have. Thankfully my wifes credit is spotless, so we just use hers when we need to.


RE: Meh
By Solandri on 4/27/2011 2:30:52 AM , Rating: 2
They won't listen to you. But they'll listen to the credit card company/bank which listed the erroneous info to your credit report. I had Amex file a negative on my report due to an error (mistakenly reported late payments on my workplace's company card to my credit report). I played phone tag with Amex, got them to correct the error and send a letter to the credit agencies saying to remove the negative. And within a month it was gone.

(Which is not to say that they shouldn't listen to you. I absolutely agree that if those three screw up your life because of their error, they should be the ones paying to fix it, not you.)


RE: Meh
By Lazarus Dark on 4/27/2011 10:11:57 PM , Rating: 2
It was a financing company, Equitable Acceptance (legal loan sharks as far as I'm concerned). My bank records prove they received every payment on time, but their records are all screwed up. My bank, Bank of America, called them and confirmed that all payments had been sent to them electronically to the same routing number. Equitable said, yeah you're right, then promptly forgot speaking to them and continued to report me as having not paid on time for a year period. So, my bank says yes, now they say no, and the Big Three credit report agencies wont respond.


RE: Meh
By BansheeX on 4/27/2011 2:41:36 AM , Rating: 2
Most people aren't aware that they can put a freeze on their credit reports with all three credit agencies, thereby preventing thieves of personal data from issuing new credit cards under your stolen SS number. Of course, I'm of the opinion that consumer credit is unnecessary and a perversion of the concept behind savings and loans. But I still want to make it harder for criminals to game it.

In this case, having new credit in your name issued is not the risk because an SS# was not stolen. If you know your CC number has been stolen, immediately cancel the card and issue a new number. People who don't care because they're not liable for fraud are idiots: you should care that some criminal just made off with products you would have had to labor years for. Not only that, fraud bids up prices because it creates artificial demand and sucks up resources spent to recover losses or catch thieves. Don't just sit there and let it happen because you think it's not your problem: it is.


RE: Meh
By BioHazardous on 4/26/2011 10:27:03 PM , Rating: 1
quote:
It's just SOME CASES where they don't (for example, what if the charge came from your home state -- that would be "believable")...


What if the people who stole your info and identity ordered stuff online and shipped it to your address as though you ordered it?

Oh wait that's what happened to me and the issuing bank for my credit card just took care of it.

quote:
The point is there is reasons why people don't just post their CC #s in public forums.


People don't post their info on forums or share it with random strangers because they'd be in clear violation of their policy with the credit card company and thus be liable for any fraudulent charges.

Was it slightly annoying to have to fill out the forms and deal with the phone calls from my card company? Sure a little, but it didn't cost me a thing and it didn't impact my life or my credit rating in any way shape or form. That's why I prefer credit cards, I'm protected.

Is the massive theft of data a big deal? Yes. Will it impact me personally or my credit? No.

Let's not all get hysterical about things we know little about.


RE: Meh
By fic2 on 4/26/2011 8:18:40 PM , Rating: 2
I have kind of the opposite story. A few years ago charges in a state 1000 miles away started appearing on my CC. These were for utility stuff - internet, electricity, etc. My CC company didn't notice that utility stuff was being paid in two states and that I hadn't changed my address. They did cancel charges and the card. Then a couple of years ago they put a stolen credit alert on my account because I had been to the gas station that I usually go to, the Best Buy and Home Depot closest to my house.


RE: Meh
By slyck on 4/26/2011 8:33:45 PM , Rating: 2
I've had mine stolen twice and the only thing the credit card company knows to do is screw up. It was Discover, and after I let them know which charges were legitimate and which not, they cancelled payment on most of the legitimate charges while paying for most of the fraudulent ones. I got phone calls from irate businesses and had to spend my time straightening out the morons at Discover. You can't trust any of these crooked card companies.


RE: Meh
By Zoomer on 4/26/2011 11:17:25 PM , Rating: 2
Try again at a less bottom tier issuer/network. If you had an Amex or even Chase, the experience would be far different.


RE: Meh
By omnicronx on 4/26/2011 9:07:06 PM , Rating: 2
While its great that you had a nice experience, I don't see why anyone is trying to downplay the fact that there is a possibility that hundreds of thousands of personal and/or credit card information was stolen.

The protection we receive is irrelevent, nobody should never have to go through the process of having to verify and cancel credit cards.

While you are correct it should not impact your credit rating, nobody here can downplay the seriousness of this situation.


RE: Meh
By LRonaldHubbs on 4/26/2011 5:56:09 PM , Rating: 3
I had my CC # stolen and several hundred dollars in fraudulent purchases were made from somewhere in Asia. My card was frozen, I received a call from the CC company, and I confirmed that I did not make the purchases. They mailed me a new card and an affidavit to sign, and that was that. I took out a 30-year mortgage a couple months later with the lowest possible rate at the time, and the incident did NOT show up on my credit report. I still have excellent credit. Actually, the only things I got marked down for were short credit history, canceling a Master Card that I had (not the card that was stolen), and having too many credit checks in one year (when I got an apartment the utility companies and the landlord all ran credit checks).

quote:
Why not just post your CC # here in the forums while you're at it, if you think there's no harm!

That's just stupid and possibly a violation of your card agreement. At least one of my card agreements says that fraud protection hinges on me reasonably protecting my card information.

quote:
And also, consider -- individuals now have your full name, address, birth date, and email and can now order fake credit cards in your name and target you with phishing attempts/spam.

THAT is the bigger concern here, IMO, unlike the CC # which is a non-issue for anyone with fraud protection.


RE: Meh
By omnicronx on 4/26/2011 9:18:07 PM , Rating: 5
Please stop trying to downplay the seriousness of the situation. The possibility CC information being stolen in mass is of no laughing matter.

Furthermore just because you recover anything that was stolen, does not mean the credit card company does. Who knows what you could be funding, Anonymous itself? crime? terrorism? who knows?

I really just don't understand your argument, as clearly its a big deal. Many people have a problem using their credit card information online in the first place, do you seriously think this won't make people think twice about plugging their CC information into the Sony Marketplace now that this has occured? I know I won't again.


RE: Meh
By PrinceGaz on 4/26/2011 9:35:48 PM , Rating: 2
The fact it has been down for several days shows something is very very wrong with their system, and that it is indeed very likely sensitive information is now in the hands of scammers.

The only safe option is to cancel any cards whose info you've given as they should be assumed to be compromised (tell your card provider it has been stolen), and hopefully bank-account details are more robust as changing account numbers is a much bigger hassle, but if you've provided account numbers and sort codes to PSN, you should inform the relevant bank of this and you need it changed as the detqails have probably been stolen.


RE: Meh
By StevoLincolnite on 4/26/2011 10:57:24 PM , Rating: 3
RE: Meh
By Solandri on 4/27/2011 2:48:59 AM , Rating: 2
quote:
Furthermore just because you recover anything that was stolen, does not mean the credit card company does.

The credit card company doesn't lose anything to fraud. Their merchant services agreements make the merchant liable for any fraud. So it's the merchant who gets stuck with the bill for fraud, not the card holder nor the credit card company.


RE: Meh
By LRonaldHubbs on 4/27/2011 1:59:47 PM , Rating: 2
quote:
Please stop trying to downplay the seriousness of the situation. The possibility CC information being stolen in mass is of no laughing matter.

Sorry, I actually didn't mean to downplay the situation. Mass theft of personal information is a big deal, I get that. My intention was to counter Jason's statement that CC theft hurts your credit score and ability to get a mortgage, because in my case that was not true at all. I said nothing about how it affects the CC company or merchant though. I'm just saying that if my experience is the norm (which I don't know if it is or not), then a consumer whose CC # has been stolen doesn't have much to worry about. In the greater scheme, yes it is a big deal that this happened.

quote:
Many people have a problem using their credit card information online in the first place, do you seriously think this won't make people think twice about plugging their CC information into the Sony Marketplace now that this has occured? I know I won't again.

People have a problem using their CC online because they are paranoid and behind the times. I hear the complaints about this all the time be it from my parents or older co-workers who outright fear making online purchases -- people who don't think twice about handing their CC to a waitress or reading the # off over the phone. My experience with CC theft actually made me LESS worried about it. Regarding future use of the Sony Marketplace, well, let's just say that Sony doesn't get my business and probably never will. I have no concerns at all about continuing to use online vendors in general though.


RE: Meh
By spathotan on 4/26/2011 6:27:58 PM , Rating: 4
And all you're going to do is sit there and blame Sony for this? Forgive and forget the hackers that did this, right?


RE: Meh
By miccla on 4/26/2011 9:20:54 PM , Rating: 2
"Don't Hate The Playstation. Hate The Game(r)"


RE: Meh
By OCedHrt on 4/26/2011 6:43:49 PM , Rating: 2
I'm more concerned about the logins and passwords. Does this mean that they were stored not encrypted or that whoever got in was able to decrypt them?


RE: Meh
By Solandri on 4/27/2011 3:11:14 AM , Rating: 2
When they say logins and passwords were stolen, they're talking about the password file. The way you're supposed to store logins and passwords is with a one-way hash. That's a one-way mathematical function which turns "username" into encrypted gibberish (the hash). But only "username" will make that specific hash, and there's no known mathematical way to convert that hash back to "username". You store the hash (the encrypted gibberish) in the password file, instead of the actual login and password. When a user tries to login, you run the hash on what they type, and compare that hash to your stored hash to see if it matches.

So assuming they built their system competently, the logins and passwords should be safe even if the password file was stolen. However, although there's no known mathematical way to reverse the hash, there's always the possibility that some criminal genius has figured out some new way to do it. And with sufficient computing power, you can build a hash table (run the hash algorithm on every possible letter/number combo) for all usernames/passwords less than (say) 6 characters. Then it becomes a simple matter of looking up the hash and matching it up with the login or password. So it's still recommended that you change your password.

(This is why dictionary words are very poor passwords. There are trillions of letter/number combos that can make something the length of a typical password. Building up a hash table for all those possibilities is virtually impossible. But there are only a few tens of thousands of words in the dictionary. Building a hash table for all of them is trivial.)


RE: Meh
By sprockkets on 4/26/2011 6:58:59 PM , Rating: 1
quote:
Why not just post your CC # here in the forums while you're at it, if you think there's no harm!


ok

4870 5600 0137 7755

exp 01/12

cc 724


RE: Meh
By Hyperion1400 on 4/26/2011 8:29:58 PM , Rating: 2
So uh... who wants to go to jail? Kmon, I'm taking 2:1 odds that this will actually work! It's only a little a$$ pounding?
Who's game?


RE: Meh
By Zoomer on 4/26/2011 11:13:23 PM , Rating: 2
Also rather futile since it will fail AVS and be flagged anyway. I suppose one could do manual entry on a POS terminal they control, but that's rather pointless since they won't be able to get to the money and would leave a clear trail leading back to them.


RE: Meh
By corduroygt on 4/26/2011 11:17:38 PM , Rating: 2
Ok, now also give your full name and address please.


RE: Meh
By Motoman on 4/26/2011 11:23:50 PM , Rating: 2
Don't forget your mother's maiden name.


RE: Meh
By sprockkets on 4/27/2011 7:11:44 AM , Rating: 2
I posted a cc. Nobody said it had to be a working one :)

Well, I guess it does work. But it's just a Asus rebate card, and yeah, it has a balance of $0 on it since I used it already.

It's all in good fun.


RE: Meh
By thurston on 4/26/2011 11:55:25 PM , Rating: 2
About 10 minutes worth of searching on google and I believe your first name is Joe and you live in Orlando Fl. Am I right?


RE: Meh
By sprockkets on 4/27/2011 7:08:17 AM , Rating: 2
Yup. Probably have that info somewhere.


RE: Meh
By Zoomer on 4/26/2011 11:09:12 PM , Rating: 2
quote:
You do realize being the victim of credit card fraud affects your credit score and impacts your ability to get mortgages, etc.?

That's not even anywhere near true. Perhaps id theft, but certainly not for cc fraud. The end user typically isn't out a cent for these. Most times, they will be contacted by their bank's fraud dept as these transactions are really off.
quote:
And that "automatic" protections takes a certain amount of effort and surveillance?

Like reading your statement before paying it?
"But...but...READ???"
quote:
And also, consider -- individuals now have your full name, address, birth date, and email and can now order fake credit cards in your name and target you with phishing attempts/spam.

Except for email, your name, address and birth date are public record if you have been born and own a house.

Sure, it's a risk and is bad, but it's nowhere near as bad as you make it out to be.


RE: Meh
By Wolfpup on 4/27/2011 1:56:36 AM , Rating: 2
This was the worst possible news. I don't care that much if the network's down-all I really use it for is checking how many trophies I have, and the game patching still works. But this ain't good.

The email I got at least seemed really well done, though I wish Sony would somehow be able to help more.

I guess I was probably affected by the Best Buy breach a few months back too. I don't THINK anything bad's come of that. Suppose I should check my credit report...haven't done that in a few years since it's sort of intimidating and a hassle.


RE: Meh
By InvertMe on 4/27/2011 9:30:34 AM , Rating: 2
quote:
You do realize being the victim of credit card fraud affects your credit score and impacts your ability to get mortgages, etc.?


No it doesn't. Not at all. A few years back when credit card fraud was "new" you could have a negative impact for a while but with a few letters it would be corrected (I know because it happened to me) but now the process is so refined you will not see any impact at all.


"Death Is Very Likely The Single Best Invention Of Life" -- Steve Jobs














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki