The Old Sony Megathread

[zero]

For fuck's sake. Okay, NOW people have every right to be fucking furious, this makes the RROD look like minor issue.

[King Ellis]

Luckily, Matzat is safe from this issue because no one wants to pretend to be him.

[Herr Matzat]

Edited April 26, 2011 by Michael Matzat on a Plane

[TCO]

Haha, this is just ridiculous now. I love how it took them a week to announce it when they clearly had this information a few days a go at the latest.

My PSN password is different to everything I use online so that's not a big deal to me anyway.

[Lyons]

lol Sony.

[Herr Matzat]

I don´t mind changing passwords all over the place, the important ones (e.g. bank, paypal ect.) got different passes anyway. But i disliky the idea of my real mailbox exploding with tons of spam paper and my cc data being with someone.

[Ruki]

I've only used my credit card for Netflix....am I boned?

[Baddar]

Eh, I'm not too bothered - change a bunch of pw's and if I notice someone's bought £100 worth of beans in Newcastle, I'll cancel the card and claim the money back. Disaster for Sony? Yes, completely irresponsible. Disaster for me? Not so much.

[Herr Matzat]

Did you pay via PSN Store or is it amazon payments? (netflicks was amazons streaming servic, right?)

[KevinStorm]

Netflix has it's own billing service, so I doubt that's been compromised here.

[Herr Matzat]

Reaction time

http://www.joystiq.com/2011/04/26/sonys-failure-to-report-data-breach-incurs-ct-senator-blumentha/

April 26, 2011

Mr. Jack Tretton

President and CEO

Sony Computer Entertainment America

919 East Hillsdale Boulevard

Foster City, CA USA 94404

Dear Mr. Tretton:

I am writing regarding a recent data breach of Sony's PlayStation Network service. I am troubled by the failure of Sony to immediately notify affected customers of the breach and to extend adequate financial data security protections.

It has been reported that on April 20, 2011, Sony's PlayStation Network suffered an "external intrusion" and was subsequently disabled. News reports estimate that 50 million to 75 million consumers – many of them children – access the PlayStation Network for video and entertainment. I understand that the PlayStation Network allows users to store credit card information online to facilitate the purchasing of content such as games and movies through the PlayStation Network. A breach of such a widely used service immediately raises concerns of data privacy, identity theft, and other misuse of sensitive personal and financial data, such as names, email addresses, and credit and debit card information.

When a data breach occurs, it is essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised. Additionally, PlayStation Network users should be provided with financial data security services, including free access to credit reporting services, for two years, the costs of which should be borne by Sony. Affected individuals should also be provided with sufficient insurance to protect them from the possible financial consequences of identity theft.

I am concerned that PlayStation Network users' personal and financial information may have been inappropriately accessed by a third party. Compounding this concern is the troubling lack of notification from Sony about the nature of the data breach. Although the breach occurred nearly a week ago, Sony has not notified customers of the intrusion, or provided information that is vital to allowing individuals to protect themselves from identity theft, such as informing users whether their personal or financial information may have been compromised. Nor has Sony specified how it intends to protect these consumers.

PlayStation Network users deserve more complete information on the data breach, as well as the assurance that their personal and financial information will be securely maintained. I appreciate your prompt response on this important issue.

Sincerely,

/s/

Richard Blumenthal

United States Senate

[KevinStorm]

People shouldn't complain about their personal information being unsafe on a free service.

[Clawson]

I really hate humanity sometimes.

[zero]

AP has a story on it, suggesting that this could cost Sony up to $25 billion.

Source

[ChrisSteeleAteMyHamster]

Bloody bloody hacker. Ruining it for everyone.

[Herr Matzat]

People shouldn't complain about their personal information being unsafe on a free service.

Yes, i am with you. I bet most people entert their adresses and cc data to never spend a dime on there ever. Let alone PS+ or Qriocity being subscription services offered by Sony were you just HAVE to have your data in the system and could not just delet it after you bought something. If amazon or Apple (likely the two biggest CC Data colections on our planet) got hacked for being dipshits we should be all like "Tze lulz, iTunes is fr33, Apple should just sell your CC data themselfs and you are an ideot for having given it to them." Hell, browsing amazon is free aswell! Everything that happens byond that is your own responsibilety! You know, because browsing it is free! It´s not that you are tursting them with your data to actualy MAKE THEM MONEY.

Edited April 27, 2011 by Michael Matzat on a Plane

[Skummy]

People shouldn't complain about their personal information being unsafe on a free service.

Bull and shit.

Generally, if I put my personal information into a reportedly secure service, I expect it to be - you know - secure. And it's insane to blame me for using the service as it was designed when that information is compromised - it's the responsibility of the service provider who, in this case, is one of the largest technology companies in the world, and who have been massively compromised, and shown an alarming lack of customer relations.

They, presumably, knew there was at least a risk that data had been taken well before they announced it - quite possibly before the PSN went down in the first place. So why are they only telling us now, after more people could conceivably have been affected? Why wouldn't they tell us straight away, to allow us time to sort out their mess quicker? It's fucking appalling, and inexcusable.

I will point out that so far there's no hard evidence to suggest that card details have been taken - only names, addresses, dates of birth and passwords, and no reported figure as to how many. The press are reporting "70 Million" - but that's an estimate of the total number of PSN users, not how many have been affected.

The danger is if you use the same password for PSN that you use for everything else - doesn't take much to extrapolate one thing from another, and for a "hacker" to work his way from obtaining your password to trying it in a load of other places.

Generally, use different passwords for different things - especially anywhere that involves large amounts of personal data (e-mail, perhaps) or card details (banking, online shopping, Paypal etc.) - and never list your real date of birth anywhere unless it's strictly necessary. If someone gets hold of your name, it doesn't mean shit, but name and date of birth? Not so much.

....but, yeah, that's all stuff to prevent this happening again. Until we find out how many people have been affected by this, and how, what the fuck can we do?

[EWB's Best Poster.]

People shouldn't complain about their personal information being unsafe on a free service.

Bull and shit.

Generally, if I put my personal information into a reportedly secure service, I expect it to be - you know - secure. And it's insane to blame me for using the service as it was designed when that information is compromised - it's the responsibility of the service provider who, in this case, is one of the largest technology companies in the world, and who have been massively compromised, and shown an alarming lack of customer relations.

They, presumably, knew there was at least a risk that data had been taken well before they announced it - quite possibly before the PSN went down in the first place. So why are they only telling us now, after more people could conceivably have been affected? Why wouldn't they tell us straight away, to allow us time to sort out their mess quicker? It's fucking appalling, and inexcusable.

I will point out that so far there's no hard evidence to suggest that card details have been taken - only names, addresses, dates of birth and passwords, and no reported figure as to how many. The press are reporting "70 Million" - but that's an estimate of the total number of PSN users, not how many have been affected.

The danger is if you use the same password for PSN that you use for everything else - doesn't take much to extrapolate one thing from another, and for a "hacker" to work his way from obtaining your password to trying it in a load of other places.

Generally, use different passwords for different things - especially anywhere that involves large amounts of personal data (e-mail, perhaps) or card details (banking, online shopping, Paypal etc.) - and never list your real date of birth anywhere unless it's strictly necessary. If someone gets hold of your name, it doesn't mean shit, but name and date of birth? Not so much.

....but, yeah, that's all stuff to prevent this happening again. Until we find out how many people have been affected by this, and how, what the fuck can we do?

All of this pretty much. Look, I expect shitty security from say, farmville. What I dont expect shitty security from is a company's online service for expanding options from that exact same company's product. And when that company is sony? Thats not uncle bobs chicken farm, thats fucking SONY.

Theres no real confirmation that ID has been stolen. Theres no real confirmation that if there is, what exactly has been. But there are possibilities, and thats whats concerning us all.

Its not just sony though. Sure they are the targets today but shit like this? This is what changes the game. Hackers and people that scream for free info are just going to make it that much tighter and restricted. And for what? To avoid hackers.

I dont need this kind of fucking greif to play portal 2, you know?

[Skummy]

If it was "Anonymous", as was originally speculated, I doubt information would have been taken for malicious purposes. While they're not an easily defined "group", they generally work in a certain way, and while that often manifests itself as immature trolling, and has stretched to data theft, it's largely only been to target organisations they disagree with, or in acts of vigilante-ism. It's not their style to steal the card details of innocents.

They did announce plans to target Sony, but have denied their involvement in this, however, claiming that they've been used as a scapegoat for Sony's incompetence.

Whether they were involved or not, at least we can all agree on the incompetence.

But, yeah, this is a game-changer. This is the kind of hack-job you see in the movies, where a multi-national corporation is effectively brought to their knees by a guy in his basement. The kind of stuff hackers have been dreaming of doing for years. What next?

[Herr Matzat]

I asume next will still be kids crying about lost trophy data and not being able to play Modern Warfare blaming GeoHotz for all of this. People these days don´t seem to care enough about the grand sceem untill they actualy see someone trying to transfer monney of their acount.

Sony will be sorry but will put out no gifts (like paying for extra enshurance to secure people whos data was lost) aside from your Subscirption getting the lost time added, fanboys will of cause defend this because PSN is free while capcom hopes that nobody remembers that some of their offline games can only be played wen you are logged into PSN. After a week of that sony will be sueing the pants of some kid that the fanboys threaten to kill in about every gaming related newspost, forum topic or blog article.

And i still stand by my claim that this would never have happend if they never killed other OS.

Edited April 27, 2011 by Michael Matzat on a Plane