Sony's Playstation Network totally compromised

http://vgn365.com/2011/04/26/psn-users-reporting-hundred-of-dollars-stolen-from-them/

PSN Users Reporting Hundreds of Dollars Stolen From Them

Cycloptichorn

I would say that the pay rate for computer security experts across the industry just went up.

As Sony love suing it customers now it seem it had come time for their customers to sue them.

Perhaps if they had a larger IT department and a smaller legal department this would not had happen to them.

when this story broke yesterday (nice of sony to let me know, i got the email more than 3 hours after i saw the first news story), i called my mastercard provider to inform the that i had a card linked to the site, they said not to worry, which really surprised me, i'll be getting a statement in a couple of days so i guess i'll see what happens (i hadn't accessed the account in over a year and some of the card information was out of date (expiry date and security code), so that might be a saving grace)

The most important thing to do after a breach like this is make sure you do not use that password anywhere.

Shared passwords are worse than weak passwords for reasons such as this.

P.S. Because someone tagged this "Anonymous" I'll point out that they have nothing at all to do with this.

Yup.

That was me, and I agree that they have no culpability. However, they were tangling with Sony a little while ago over the whole GeoHot thing, and there's some suspicion that their involvement helped the whole thing get started.

Cycloptichorn

http://www.zdnet.com/blog/gamification/sony-security-hole-exposes-another-246-million-accounts/361

Sony security hole exposes another 24.6 million accounts
By Peter Cohen | May 3, 2011, 6:59am PDT

Summary
Just when you thought things couldn’t get any worse for Sony, the company admits to another security failure that exposed personal information on another 24.6 million user accounts.

Sony says hackers infiltrated the Sony Online Entertainment (SOE) systems around the same time as the recent break-in to Sony’s PlayStation Network (PSN). Data thieves made away with personal information from approximately 24.6 million SOE accounts, according to Sony.

An “outdated database from 2007″ was also copied which included 12,700 credit card and debit card numbers and expiration dates from customers in Austria, Germany, Netherlands and Spain. Sony noted that credit card security codes were not included in that database.

SOE systems power Sony’s multiplayer online games including EverQuest II, Free Realms and DC Universe Online. The service went down Monday morning in the United States with a maintenance message. Sony has since followed up with more details.

Over the weekend Sony executives held a press conference to discuss security problems with its PlayStation Network (PSN) and Qriocity media streaming service. Around April 18, data thieves broke into PSN and Qriocity’s databases and made away with personal information on 77 million account holders, including, possibly, credit card information on about 10 million subscribers.

The company failed to acknowledge the data breach until almost a week after it shut down access to the PSN and Qriocity services, raising sharp criticism from PSN users, security analysts and others.

A contrite Kazuo Hirai and other Sony executives took the dais at the Sunday press conference to apologize to Sony users affected by the initial security failure, promising to make amends by offering free access to PlayStation Plus content and other benefits.

Similarly, Sony is promising to overhaul SOE’s security procedures, and is offering some tepid enhancements to help encourage players to come back, once service has been restored.

This latest fiasco tips the total number of affected Sony user accounts to more than 100 million. While it looked like Sony had some hope of digging out from the initial PSN catastrophe intact, anyone who’s ever given Sony a credit card must be looking askew at the company now

Just to circle back to why I tagged it Anonymous,



Apparently there were some taunts left on Sony's system that would appear to be similar to Anonymous' past statements. Not that this constitutes proof or anything, but it's certainly part of the story.

Cycloptichorn

One more good reason to play only PC games.

http://consumerist.com/2011/05/security-expert-sony-knew-its-software-was-obsolete-months-before-psn-breach.html

I wouldn't own a console if they paid me to take it. Err, my credit card info was not compromised. I don't have to go now and change my passwords on hundreds of sites. I don't need to get new cards issued so that "anonymous" can't steal my identity .

http://ingame.msnbc.msn.com/_news/2011/05/05/6593542-report-hackers-plan-third-attack-on-sony

You used the same password on all your sites?????!!!!??

since i suffered no repercussions, i'm pretty happy with sony's welcome back goodies. two free games for the psp or ps3

the psp is a choice of two of four games (one of which i already own ),but i'm grabbing little big planet and some kind of racing game (sort of cartoon go-carts as near as i can tell, with modifiable racers, and design your own tracks)