Hackers stole personal data from PlayStation Network
  • Yeah, it has. Not to this degree of course but a number of the XBL admins and main major players in Microsoft have had their XBL accounts and personal websites hacked by people who were pissed for being banned from Live in the last couple of years. In some of these cases, especially moderators, it allowed them to access the account and make use of their admin privildges to unban others and cause general havoc.

    The reason this happened is Sony's fault really when it comes down to it. When they decided to remove the Other OS option because they believed it was a security risk, it pushed the people out there who'd made use of Other OS to actually then start looking for hacking exploits on the system to get it back. Had they not done this then it's unlikely a heavy push on breaking the system would have ever occured as it has in the past year or so. I'm not saying it never would have but they basically pissed off the wrong type of people.

    The main way it seems this hacking was done was by people finding a way to edit the firmware to allow consoles to become debug units, once that was in place people were able to engineer a way into "secure" Sony servers via a hole in the developers network.
  • JayneJayne
    Moderator
    Is that what happened? This is a revenge thing?

    I can understand the XBL hack. Not condone, of course, but it was a "fight the man" thing that's really the essence of the hacker ethic. I do remember getting a message from XBL about a hack a while back, but it wasn't as alarming sounding as this (and coming from me who's just this side of paranoid about identity theft, that's saying alot.) Of course, I'm accustomed to getting notices about security issues with MS products, so it could be that I'm just desensitized when it comes to them and breaches.

    Still, this situation with Sony seems to be much broader and less discriminating than the XBL hack, at least as far as the press release reads. When you start messing with innocent 3rd parties, you're truly a criminal.
  • DanBirlewDanBirlew
    Administrator
    Well, I just spent forty minutes at the bank, blocking my old check card, ordering a new one. They also had to call and confirm my pending charges. All because Sony seriously dropped the ball on this one. And I probably would have been more understanding had they not mass-emailed PSN members to say (basically) "Yeah we got hacked. We waited seven days to tell you. Don't like it? Go contact Experian and monitor your credit, then." Absolutely inflammatory. And not what loyal customers deserve. If Sony has any sense they will provide the PSN service for FREE for a WEEK once it's ready again. Else I don't see how they're going to win their customers back.
  • Jayne - In regards to the situation, Sony hasn't officially confirmed it but considering the firmware hack went up online near the start of the month which allowed people on to the dev network it really seems the most likely (the hack turned them into Debug units, something Dan probably knows about the functions of - occasionally being given dev units for small periods of time I believe when working on guides - right?). Some of the things those have been shown to do on videos posted on the net is allow people to give themselves PSN Plus for free and add money to accounts with non existant credit cards, sometimes hundreds of dollars at a time, and use that to buy legitimate items off the PSN.

    I guess within the two or so weeks that it was available before the PSN was taken off, people tinkered with it and found their way through. My guess though as I said. But the rest of that, why people are hacking firmware is purely a result of what came before it when they were first starting to get Other OS back (which eventually then led to "jailbroken" PS3's which could also play pirated software once their main security was broken - see the George Hotz lawsuit which just recently got settled).

    I honestly think blocking your card is probably over-reactionary to me, no offense Dan (and I do say this with a working CC on my account). If for some reason the data has been decrypted, given the fact that there is somewhere in the number of 70 million users (and probably half of those have CC's on them I'd say) I somehow doubt the chances of major CC fraud happening. Yes, you could be one the unfortunate number of the accounts that would be affected, but additionally online data does require the security code on your card, which while in itself can probably be worked out eventually my understanding is it would take time (along with every other card) and Sony didn't keep them, just the basic numbers.

    The other reason I'm okay is because it's such a major public thing, the banks own insurance cover will cover me if it ever happened because the data was kept on something that was believed to be secure until the event and knowledge about the event is out there so it's easy to point as a likely source (unless I do something stupid with the card). I've just notified my bank that your card was kept on there via phone, where they've added a note in case I ever need to call them, and I'll keep an eye on card statements in the coming months. They've just notified me that future cards being kept on the PSN just won't be covered because of this issue but I'll be okay on the current one should it come up before it expires in about six months or so. Once it comes close to expiry I'll request a new card with new number rather than a new issued one and it won't be a hassle or cost and just never keep it saved on the PSN.

    I also noticed on Kotaku they said it took the first investigation by the data security company they hired until Monday to realize just how serious the breach had been. Given the size of the network, I kinda get that. So I guess there is a bit of slack needed.

    On the flipside too, I don't think Sony owes anyone other than developers, especially indie ones, and paying PSN+ users anything, and in the latter it's just extending their membership for the length of time they missed out on. The network is already technically free and signing the terms and conditions you do agree to the potential risks (there is also a link to the CC subsection explaining the risks when you agree to saving the card too).

    Additionally any online service anywhere, comes with a risk of theft, identity fraud, and the like. Call me a realist about it, but this is just something that can happen. You're right, they'll likely be unable to win customers back after such a massive scandal and who knows they may provide free stuff for everyone for it to try like you want, but doing that they're potentially even rewarding some people involved in causing this in the first place.
  • JayneJayne
    Moderator
    Maybe things with identity theft work differently in different economies, but my fear would be the ripple effects of reverse engineering the data into a full-blown personal economic crisis.

    I use my AMEX for all online stuff because they proved to be particularly good with fraud issues (this from experience gained through a divorce). I have confidence that if something goes awry with my AMEX card number, I'm protected. My ATM/Debit card never sees the light of day. I don't even like carrying it with me, and honestly, I think if you use that card for purchases (online or even in B&M POS's) you're asking for trouble.

    The scary thing with this PSN hack isn't that cc numbers were obtained, but other personal information was, as well. With a CC number, name, and address, you're 85% of the way to getting the type of info that could be used to obtain credit fraudulently. To open a store credit card account, all you need is the above info, a photo ID (easily faked) and another credit card. So for me, it's not the obvious first-pass problem, but the secondary effects that are most worrisome, particularly because many times ID theft isn't detected until things have gotten really out of hand (i.e. liens and collections from unpaid balances) or when you need credit yourself, like when applying for a mortgage. Straightening out that sort of hell takes more time and energy than most people realize, and sometimes the damage is permanent.

    I realize that this says more about the legal system in the US and the way the banking industry works, but it is what it is, and quite frankly, if I worry about money issues, this is the sort of thing that keeps me up at night. Not that someone could buy a Bentley on my AMEX, but that I'd be held responsible for it and have to prove a negative (that it was not me).
  • I guess I forgot to say earlier, don't get me wrong about this - if I saw the evidence of it happening clearly rather than the potential I'd be reacting differently. Purely I understand the risks and every individual should respond to it the way they see fit. I just see that because the numbers are so great in this situation, it will probably start being obvious if the information has been decrypted and fraud is taking place, because it will be on a wide scale. So far aside from a couple of rumored thefts it doesn't yet look like anything has happened. However if something became apparant I'll be ringing my bank immediately to do what was needed.

    The US system has definite issues with identity theft that I never knew were possible till I heard stories of people who went through it. Michael Baroody, who I worked with on REFan for the past several years was constantly telling me what was happening a few years back when his wife's identity was stolen after originally a transaction she did online. It took a lot more effort to clear the issue and the debt placed in her name than should ever be the case. It would make for an interesting doco to look at the concept and impact in the United States.
  • DanBirlewDanBirlew
    Administrator
    @Rombie Identity theft only needs to happen to you once for you to become absolutely stoic that it never happen to you again. Perhaps like you're saying it only happens to Americans, but then that means you don't understand the experience. Last time my identity was stolen I was on the phone for two hours denying purchases the banks wanted to prove I made in Montana, a state I have never, ever visited, and never will. At that point I told the operator I would call them back. And much to my surprise the operator complained. :o So I had to point out how much time I'd been on the phone, and how it wasn't human and I needed to use the restroom. And then, finally, they quit fucking with me and started helping me.

    And that wasn't the end of it. Not by a ling shot.

    No, ID theft only needs to happen to you once, and then basically nothing you doto try to prevent it is overreacting. Blocking my CC and ordering a new one was the best option. But still not an option I would prefer to undertake. And most experts agree that Sony not only provoked hacker attacks, but failed completely to protect against intrusion. Complete bungle. Inexcusable.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Login with Facebook Sign In with Google Sign In with OpenID Sign In with Twitter

In this Discussion