The Playstation 3 is IDENTITY THEFT

The fun bit is imagining how Gabe Newell must be reacting to all this.

I'll be really curious to see how much of an impact (if any) this debacle has on the NGP since it's going to be PSN-only.

no hacker would be stupid enough to do anything with CC information now. best would be to wait several months. then little purchases here and there.

gah between this and the gawker thing it's enough to make me paranoid for life.

hoping they don't retain card details from over a year ago

why wouldn't they? if they stored all this shit unencrypted and unhashed, they're liable to do any goddamn thing

I'm trying to remember if the credit card info I used to buy Wipeout 2 years ago is before I changed my card or not. This kind of sucks. And I feel dumb for not having removed the credit card info associated with my PSN account after having made that one purchase.

I've checked my bacnk account like 5 times today but like I said any shenanigans wouldn't happen for awhile if the hax0rs are smart (and if they managed to get CC details in the first place, which hasn't been confirmed yet; though all the other information exposed is damaging enough in itself. I mean, with all that's been exposed, a hacker could probably just apply for a credit card in my name.)

eh, I don't think they have enough to do that; Sony's only confirmed that they got names, physical addresses, phone numbers, mailing addresses, birthday, email addresses/PWs, and possibly password security questions/answers. you definitely need more personal info than that (SS# in particular) to get credit, unless of course you've got the same login/password combo for your bank as for your PSN account (do not do this).

not that I'm excusing Sony in the slightest! I have to go to the bank today and get my card killed then disable all my bill autopayments then set them all up again when the new card comes in thanks to their decision to put the Dr. Nick Riviera of data security in charge of their team. they can also go fuck the sun for waiting a full week to give people a heads-up about their personal data being compromised; surely that's in violation of some consumer-protection laws (Gawker at least had the decency to let me know within a day or two of the weekend when all that shit went down). really hard to imagine that they won't get hit with a massive, massive suit over this.

speaking of Gawker, the one good thing about that whole ordeal was that it led me to pull the trigger on the 1Password suite which is why I'm reasonably copasetic about all this bullshit at the moment. imo it's must-have gear for anyone who uses the internet.

yeah, i was just looking at 1Password myself. i haven't done it yet though cause like, what if i need to register for a site at work and don't have 1Password? and what about all my existing sites? there's probably 100 sites i've bought something from over the last several years.

I guess I should go to the bank and get a new card, too. God damn it. This has also affected me at work (I work in the industry) as I had a bunch of content scheduled to release this week and it all got pushed out, so I am probably going to have a shitload of paperwork to fill out this week.

xpost

1password has dropbox sync support for the password list; I just installed both programs on my work computer too and it works great. the iOS 1password apps support it too. I think it's like $40 for the app + the software, which is totally a reasonable amount to pay for peace of mind during a situation like this.

oh and 1password basically adds logins/passwords to its database in realtime as you browse (it's a browser plugin, not just a standalone program) - to add the 100 sites where you've bought stuff from, just visit them, log in normally, and 1password will ask you if you'd like to add it to your list.

Hmm... this is actually weighing heavily on my post-E3 purchase decision. Hope Sony explains this screw up adequately and soon.

1password scares me. Just seems like bad practice to keep passwords "written down" in one place no matter where it is. What if the password for 1password gets hacked, or their service compromised?

that's why you sign up for 2passwords as well

xpost

it's not a service - the passwords (including the master password for the software) are stored locally in a heavily encrypted file; you have the option of putting it in a Dropbox folder & pointing the 1password program towards that location to sync to your devices/other computers/etc. there's no master database for anyone to hack into - they'd have to get into your actual computer and install a keylogger in order to crack it, and frankly at that point you've got bigger problems to deal with.

sorry if I sound like a 1pass sales rep, this thing is just a lifesaver IMO

*registers 3passwords.com*

So what are the minimum number of steps that you guys think people should take in the wake of this security breach? Change of email password? New credit card?

burn everything you own, move to woods

1. change email password; monitor credit card account (btw, you should already be monitoring your cc account anyway so this shouldn't be an additional burden)

2. if fraudulent charges pop up, contest them immediately and change your card number

yeah, i always monitor my credit card account on a weekly basis

Sony have my email address. Why haven't they emailed me to at least notify me?

man I feel like a good principle in this new brave age of cyber terrorism is just to take nothing for granted and get your credit card # changed every 3 months

also change your name, age, and gender every 3 months for maximum protection

My one trick with some of these kind of sites is not to give my real DOB and certainlynever fill in my real phone # or address. Unless I'm being physically mailed something, they dont need any of that. Make my DOB 01/1/someyear, and my phone number 0312345678. And when I order online things, I get em sent to work.

Sony have my email address. Why haven't they emailed me to at least notify me?

They don't have it any more, some guy stole it.

http://www.eurogamer.net/articles/2011-04-28-sony-your-card-data-data-was-encrypted

blocked, i'd say give me the gist but i can read the url i guess

Blocked?

Gist: CC tables were encrypted, no evidence those tables were accessed, still a possibility that they were. Check yo self.

Also they have confirmed that the usernames, passwords, email addresses, addresses, etc. from the user table was unencrypted and has been taken.

Again why am I having to read this in the press? Why haven't I heard from Sony?

Though JimD's explanation is admittedly persuasive

If Geohot taught us anything, it's how good Sony is at encrypting data. They'll have used the same key for all the encryption, probably, and the credit card data will be open to anyone with a few days to leave a computer decrypting.

One of my friends went to the bank to cancel his cards, and they said the data stolen is enough for someone to apply for credit in his name, but I think that was a ploy to sell him a protection plan at £5/month!

Should be ok if I used paypal on PSN Y/N?

¯\(°_°)/¯

here's another take:

http://forums.sarcasticgamer.com/showpost.php?p=645846&postcount=734

Sony have my email address. Why haven't they emailed me to at least notify me?

I got an email. Nothing in it that wasn't already on the statements on their sites.

Valued PlayStation Network/Qriocity Customer:

We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:

1) Temporarily turned off PlayStation Network and Qriocity services;

2) Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and

3) Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence that credit card data was taken at this time, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, to be on the safe side we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security, tax identification or similar number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your account statements and to monitor your credit or similar types of reports.

We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at www.eu.playstation.com/psnoutage should you have any additional questions.

Sincerely,
Sony Network Entertainment and Sony Computer Entertainment Teams

Sony Network Entertainment Europe Limited

http://www.eu.playstation.com/psnoutage

just redirects to http://uk.playstation.com/ for me

I have two PSN accounts and still no email.

ah here we go - http://uk.playstation.com/psnoutage

p snoutage

pretty snoutage imo

posting this coz I love the way the guy swears (nsfw swears obv)

https://www.youtube.com/watch?v=YD0lsbVUYe0

oh wait, 3 mins in he starts comparing hacking to rape, sorry

Well, he's making a hyperbolic analogy for loud sweary effect. I lolled.

grey lady wags its finger disapprovingly
http://www.nytimes.com/2011/04/28/arts/video-games/sony-playstation-security-flaw-tests-consumer-trust.html?ref=video-games

i like scheisel better than the average eukyarote but this kind of serious cat stuff following his slavering fanboy diablo iii preview is nagl

I finally got my email from Sony last night

I just got the email. Thanks I guess.

man all this & i still cant play mortal kombat

Got round to checking, and it's so long since there was anything I actually wanted to buy on PSN that the card details they've lost were for a card which has already expired anyway. A year ago.

i finally got my email! yay! i feel so grown up