PSN Network Hacked
SentrySteve
.txt Join Date: 2002-03-09 Member: 290Members, Constellation
.txt Join Date: 2002-03-09 Member: 290Members, Constellation
in Off-Topic
<div class="IPBDescription">Incase any PS3 user has not heard</div><a href="http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/" target="_blank">http://blog.us.playstation.com/2011/04/26/...k-and-qriocity/</a>
The fun parts:
<!--quoteo--><div class='quotetop'>QUOTE </div><div class='quotemain'><!--quotec-->we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.<!--QuoteEnd--></div><!--QuoteEEnd-->
<!--quoteo--><div class='quotetop'>QUOTE </div><div class='quotemain'><!--quotec-->When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.<!--QuoteEnd--></div><!--QuoteEEnd-->
The fun parts:
<!--quoteo--><div class='quotetop'>QUOTE </div><div class='quotemain'><!--quotec-->we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.<!--QuoteEnd--></div><!--QuoteEEnd-->
<!--quoteo--><div class='quotetop'>QUOTE </div><div class='quotemain'><!--quotec-->When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.<!--QuoteEnd--></div><!--QuoteEEnd-->
Comments
It is a rather nice coincidence that PSN was down during a free gold weekend for Xbox Live.
And the 360 still has the 52% failrate.
This is all but forgotten in the wake of this big blow to Sony. They cant fight the free crowd being so uptight. A sure blow to capitalism for Sony.
Im a ps3 owner and couldnt care less cause most games I do play on console are for single playing..while the PC is for anything else. I was hoping for something like this to happen to them. Well deserved and I hope they are as happy as I am.
I'm sure they did this. Unfortunately, these days what you do is get the encrypted password, even one that can't be unencrypted, and run it through a so called 'rainbow table' which is a massive look up of encrypted passwords from known inputs. It's why you shouldn't use dictionary words in your passwords. These are likely guesses, so it's easy to put together permutations of them, encrypt them the same way applications do, and store both the raw password and the encrypted password.
When you find an encrypted password, you got em!
Where do you get that statistic from? That debunked GameInformer article? (Was a reader survey, not actual fail-rate numbers) Still have yet to have one RROD on me (I own three, they work great as cheap media extenders if you run TVersity), and last I'd heard the actual fail-rate was closer to 30%, and even then only applied to the early-run systems.
<!--quoteo(post=1842705:date=Apr 27 2011, 08:17 AM:name=Rob)--><div class='quotetop'>QUOTE (Rob @ Apr 27 2011, 08:17 AM) <a href="index.php?act=findpost&pid=1842705"><{POST_SNAPBACK}></a></div><div class='quotemain'><!--quotec-->I'm sure they did this. Unfortunately, these days what you do is get the encrypted password, even one that can't be unencrypted, and run it through a so called 'rainbow table' which is a massive look up of encrypted passwords from known inputs. It's why you shouldn't use dictionary words in your passwords. These are likely guesses, so it's easy to put together permutations of them, encrypt them the same way applications do, and store both the raw password and the encrypted password.
When you find an encrypted password, you got em!<!--QuoteEnd--></div><!--QuoteEEnd-->
This is what MD5 salting is for; have to create rainbow tables for the specific salt used, which effectively just turns it into a massive dictionary attack instead.
Though I'm truly surprised at the number of 'secure' systems that don't even bother with a basic salt, much less a per-database secondary salt.
<img src="http://img.photobucket.com/albums/v247/DrForester/SonyIsntGoodWithComputers.gif" border="0" class="linked-image" />
... now imagine if this happened to Valve. Steam down, can't play most of your games, and all the info you entered when making purchases in the hands of the hackers. I don't think gloating is in order, it could be us next time.
yup.
More proof you shouldn't let people have your personal info on file when possible. Manual entry ftw.
While the failrate was nearer 40% perhaps, Microsoft provided EXCELLENT customer service for everyone affected. I had one RROD, shipped it from Norway to England..got a new one delivered on my door 2 weeks later. +3 free Gold months. MS got a big thumbs up for that one..quite a pleasant surprise :)
Perhaps you missed the presentation where Gabe gave out his username and password to showcase Steam Guard.
But Gabe's password and username were easy to begin with.
Look at it this way: Sony have more experience manufacturing electronics hardware, Microsoft have more experience manufacturing system software.
user: gaben
password: ilikecake
I lol'd
You're kind of obligated to :D
Aight, but this was a cookies joke... which... ehm... AH nevermind!
Damn...
That's crazy. A group/someone has data on peoples' credit cards from around the globe.
I did hear in an update that they didnt get the security / CVV numbers. Without those numbers the cards <i>should</i> be worthless.
I only wish I remembered the password I used on my PSN account and I don't even have a way to check until they bring it back online...
In the UK, it is physically possible to push transactions through without them. I'm not entirely sure how, but I know enough from talking to agents at VISA and Mastercard to know it can be done. It's probably because some places like post offices and supermarkets still have systems online that allow you to sign for a card; so if you can make a duplicate card from a card number, with no one checking any information, a simple swipe, fake signature.. easy done.