The Playstation 3 is IDENTITY THEFT

xpost

1password has dropbox sync support for the password list; I just installed both programs on my work computer too and it works great. the iOS 1password apps support it too. I think it's like $40 for the app + the software, which is totally a reasonable amount to pay for peace of mind during a situation like this.

oh and 1password basically adds logins/passwords to its database in realtime as you browse (it's a browser plugin, not just a standalone program) - to add the 100 sites where you've bought stuff from, just visit them, log in normally, and 1password will ask you if you'd like to add it to your list.

Hmm... this is actually weighing heavily on my post-E3 purchase decision. Hope Sony explains this screw up adequately and soon.

1password scares me. Just seems like bad practice to keep passwords "written down" in one place no matter where it is. What if the password for 1password gets hacked, or their service compromised?

that's why you sign up for 2passwords as well

xpost

it's not a service - the passwords (including the master password for the software) are stored locally in a heavily encrypted file; you have the option of putting it in a Dropbox folder & pointing the 1password program towards that location to sync to your devices/other computers/etc. there's no master database for anyone to hack into - they'd have to get into your actual computer and install a keylogger in order to crack it, and frankly at that point you've got bigger problems to deal with.

sorry if I sound like a 1pass sales rep, this thing is just a lifesaver IMO

*registers 3passwords.com*

So what are the minimum number of steps that you guys think people should take in the wake of this security breach? Change of email password? New credit card?

burn everything you own, move to woods

1. change email password; monitor credit card account (btw, you should already be monitoring your cc account anyway so this shouldn't be an additional burden)

2. if fraudulent charges pop up, contest them immediately and change your card number

yeah, i always monitor my credit card account on a weekly basis

Sony have my email address. Why haven't they emailed me to at least notify me?

man I feel like a good principle in this new brave age of cyber terrorism is just to take nothing for granted and get your credit card # changed every 3 months

also change your name, age, and gender every 3 months for maximum protection

My one trick with some of these kind of sites is not to give my real DOB and certainlynever fill in my real phone # or address. Unless I'm being physically mailed something, they dont need any of that. Make my DOB 01/1/someyear, and my phone number 0312345678. And when I order online things, I get em sent to work.

Sony have my email address. Why haven't they emailed me to at least notify me?

They don't have it any more, some guy stole it.

http://www.eurogamer.net/articles/2011-04-28-sony-your-card-data-data-was-encrypted

blocked, i'd say give me the gist but i can read the url i guess

Blocked?

Gist: CC tables were encrypted, no evidence those tables were accessed, still a possibility that they were. Check yo self.

Also they have confirmed that the usernames, passwords, email addresses, addresses, etc. from the user table was unencrypted and has been taken.

Again why am I having to read this in the press? Why haven't I heard from Sony?

Though JimD's explanation is admittedly persuasive

If Geohot taught us anything, it's how good Sony is at encrypting data. They'll have used the same key for all the encryption, probably, and the credit card data will be open to anyone with a few days to leave a computer decrypting.

One of my friends went to the bank to cancel his cards, and they said the data stolen is enough for someone to apply for credit in his name, but I think that was a ploy to sell him a protection plan at £5/month!

Should be ok if I used paypal on PSN Y/N?

¯\(°_°)/¯

here's another take:

http://forums.sarcasticgamer.com/showpost.php?p=645846&postcount=734

Sony have my email address. Why haven't they emailed me to at least notify me?

I got an email. Nothing in it that wasn't already on the statements on their sites.

Valued PlayStation Network/Qriocity Customer:

We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:

1) Temporarily turned off PlayStation Network and Qriocity services;

2) Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and

3) Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence that credit card data was taken at this time, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, to be on the safe side we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security, tax identification or similar number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your account statements and to monitor your credit or similar types of reports.

We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at www.eu.playstation.com/psnoutage should you have any additional questions.

Sincerely,
Sony Network Entertainment and Sony Computer Entertainment Teams

Sony Network Entertainment Europe Limited

http://www.eu.playstation.com/psnoutage

just redirects to http://uk.playstation.com/ for me

I have two PSN accounts and still no email.

ah here we go - http://uk.playstation.com/psnoutage

p snoutage

pretty snoutage imo

posting this coz I love the way the guy swears (nsfw swears obv)

https://www.youtube.com/watch?v=YD0lsbVUYe0

oh wait, 3 mins in he starts comparing hacking to rape, sorry

Well, he's making a hyperbolic analogy for loud sweary effect. I lolled.

grey lady wags its finger disapprovingly
http://www.nytimes.com/2011/04/28/arts/video-games/sony-playstation-security-flaw-tests-consumer-trust.html?ref=video-games

i like scheisel better than the average eukyarote but this kind of serious cat stuff following his slavering fanboy diablo iii preview is nagl

I finally got my email from Sony last night

I just got the email. Thanks I guess.

man all this & i still cant play mortal kombat

Got round to checking, and it's so long since there was anything I actually wanted to buy on PSN that the card details they've lost were for a card which has already expired anyway. A year ago.

i finally got my email! yay! i feel so grown up

got mine. might save it to my usb fucking stick

that just doesn't sound right at all

Bit scared to turn on my PS3 -- is there any way right now for me to see what CC I had stored on PSN, if indeed I had one stored there?

Try turning it on without it being plugged into the internet.

it's already been taken, no worries about turning it on now.

Check your email history, search for anything sent from DoNotRe✧✧✧@a✧.playstat✧✧✧.n✧✧. Should tell you which cc you used.

Er.

DoNotReply. ac. playstation. net.

Turning on your Playstation, leaving it off, or whatever else is moot now because whatever could have been copied was on the remote end.

Found the email, no CC listed (does have my real address unfortunately) but I did buy a game over PSN sometime later...

never got an email