bit-gamer.net

PSN user details, credit cards compromised

PSN user details, credit cards compromised

PlayStation Network users may have had their personal and financial details stolen.

Sony has revealed that the group responsible for the recent attack on the PlayStation Network, which has resulted in the service being down for the last week, gained access to the personal details of PSN users - possibly including credit card and financial details.

'Although we are still investigating the details of this incident, we believe that an unauthorised person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID,' reads Sony's official statement.

'It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained.'

'If you have authorised a sub-account for your dependent, the same data with respect to your dependent may have been obtained.'

Sony has clarified that, while no evidence currently proves financial information may have been taken, they have not yet ruled out the possibility.

Sony has encouraged users to remain vigilant of their account details while it continues to investigate and repair the intrusion. Sony has confirmed that independent security firms have been brought in to help solve the issues.

Earlier this month hacking group Anonymous launched an attack on Sony's PSN as part of a protest against Sony's prosecution of hacker George 'Geohot' Hotz. Anonymous then warned Sony it would launch an even bigger attack, though clarified it would not attack PSN again.

Let us know your thoughts in the forums.

56 Comments

Discuss in the forums Reply
shigllgetcha 26th April 2011, 22:35 Quote
Haha makes sense given the length of the outage.
smc8788 26th April 2011, 22:56 Quote
Oh great
faugusztin 26th April 2011, 23:14 Quote
Somehow i expect a nice big class action lawsuit against Sony in near future.
dave_salmon 26th April 2011, 23:26 Quote
Just spotted THIS on ARS.
Krikkit 26th April 2011, 23:53 Quote
Holy christ that's an epic fail. Thanks Sony.
Pieface 26th April 2011, 23:58 Quote
Quote:
Originally Posted by dave_salmon
Just spotted THIS on ARS.
Quote:
To be fair, Sony does apologize for the inconvenience.

You just feel like saying piss off. Inconvenience? No. They lost all our personal information. I mean it's Sony, one of the top electrical companies in the world.
Sloth 27th April 2011, 00:00 Quote
Quote:
Originally Posted by Krikkit
Holy christ that's an epic fail. Thanks Sony.
Thanks hackers.

Who's to say it wouldn't have happened just the same with a system like XBL or, God help us, Steam. History has shown many times that security systems aren't perfect (I'm sure MS wishes this were so, no more service packs or updates!), just a few months ago it was some network of websites that had its user account information hacked into.
Pieface 27th April 2011, 00:07 Quote
LOL at the comments though.
Quote:
The more i read about this, the more it confirms my theories that this was done by people who hates Sony and who want their customers to leave them to turn to for example Xbox instead. I’d like to call them Xbox fans jealous of the free services of PSN, but who knows if we’ll ever find out the truth.

In other words, those who feel like they are at cross-roads right now; don’t let these *******s win! Stay with Sony and show them that things like these won’t make us forget all the good that Sony has given us in the past.

Damn you Xbox!!!! ****ing moron.
Sloth 27th April 2011, 00:12 Quote
Quote:
Originally Posted by Pieface
LOL at the comments though.

Damn you Xbox!!!! ****ing moron.
Get out the tinfoil hats ladies and gentlemen! :)

I'm just waiting for someone to go say it was Microsoft or Nintendo who did it.
Krikkit 27th April 2011, 00:14 Quote
Quote:
Originally Posted by Sloth
Thanks hackers.

Who's to say it wouldn't have happened just the same with a system like XBL or, God help us, Steam. History has shown many times that security systems aren't perfect (I'm sure MS wishes this were so, no more service packs or updates!), just a few months ago it was some network of websites that had its user account information hacked into.

Why wasn't the possibility of this considered when Sony knew full well that Dev firmware was out there? Surely someone should have twigged that this could happen? Hackers will be hackers, if there's a will there's a way and all that, but you've got to design a system to be robust enough to protect personal information.
Sloth 27th April 2011, 00:25 Quote
Quote:
Originally Posted by Krikkit
Why wasn't the possibility of this considered when Sony knew full well that Dev firmware was out there? Surely someone should have twigged that this could happen? Hackers will be hackers, if there's a will there's a way and all that, but you've got to design a system to be robust enough to protect personal information.
I admittedly am not a software engineer, but I highly doubt it's that simple. If you could just throw money, time, and manpower at a problem until it's fixed then we'd already have a cure for every known disease and advanced space travel for getting humans to Mars simply by the sheer amounts of effort thrown at them. Software security seems to be a very similar field in that respect. Apply more resources and you'll have a higher chance of being secure, but there's no set guarantee such as "put in $10 billion and a team of 200 engineers and you'll be safe".

This outage certainly will not be good for Sony. It's just not good business for them to have been lazy on security, and you don't get a company to that size by using bad business.
Plugs 27th April 2011, 00:31 Quote
i think its a case that developer consoles were completely trusted
if so, the main fail here is that sony shouldnt have had those "trusted" machines connected to the same network as the main psn
Showerhead 27th April 2011, 00:31 Quote
http://i.imgur.com/FXUii.jpg

I still get a laugh out of everyone around the internet believing it was anon or geohot as if there are no other crackers out there. That and the attack is unlike anything that anon do.
Pieface 27th April 2011, 00:48 Quote
Quote:
Originally Posted by Showerhead
http://i.imgur.com/FXUii.jpg

I still get a laugh out of everyone around the internet believing it was anon or geohot as if there are no other crackers out there. That and the attack is unlike anything that anon do.

Duh, did you not read my post earlier. It's obviously Xbox fanboys wanting to convert PS3 owners! There's no other reason!!!
faugusztin 27th April 2011, 00:54 Quote
As i said, this will end up as a class action lawsuit against Sony, where at least US PS3 owners will get a huge compensation and Sony will be happy if there won't be a investigation against them.

And this pretty much zeroes any profit Sony made from PS3, because the payments they will have to pay to users will be enormous.
knuck 27th April 2011, 00:55 Quote
I haven't turned on my ps3 in forever. Will I lose MegaMan 9 ? (the only thing I ever bought on PSN)
Plugs 27th April 2011, 01:07 Quote
Quote:
Originally Posted by knuck
I haven't turned on my ps3 in forever. Will I lose MegaMan 9 ? (the only thing I ever bought on PSN)
you wont lose games

but it is unknown if any credit card details you may have used have been taken

and all the psn info you might use for other accounts
outlawaol 27th April 2011, 03:39 Quote
Quote:
Originally Posted by Plugs
you wont lose games

but it is unknown if any credit card details you may have used have been taken

and all the psn info you might use for other accounts

This concerns me the most.

All I got to say is that Sony had better get their **** together...
logonui 27th April 2011, 10:45 Quote
No system that connects to the outside world is completely safe no matter how much time and money is spent securing it, anyone who has worked with windows in a technical sense is well aware of this!

It doesn't help that the recent sony lawsuits (regardless of what side of the fence you sit on) have probably made them a target.
mulberrycrush 27th April 2011, 11:44 Quote
Thanks hackers.. making the world a better place. Every little helps.
Nutyy 27th April 2011, 11:44 Quote
Thanks for royaly screwing me Sony. Now i gotta go to the bank and change a few passwords but atleast i entered fake personal details :(
shigllgetcha 27th April 2011, 11:46 Quote
If you use the same password for everything itd be a good time to change it, if your email address was taken and you use the same password for your email account as your PSN account. (edit:the post above went in the same time as i posted this)

Thankfully I hadnt connected my credit card to my PSN account
Nutyy 27th April 2011, 11:51 Quote
No my email password is different but the passwords i needed to change were non critical stuff such as a forum i use ..... :(
Odini 27th April 2011, 11:52 Quote
Quote:
Originally Posted by Pieface

Duh, did you not read my post earlier. It's obviously Xbox fanboys wanting to convert PS3 owners! There's no other reason!!!

Or perhaps part of a great PC revolution, breaking the shackles that are the restrictive consoles in a tremendous shower of glory! Hackers of the world UNITE!

Or perhaps I should just stop watching that film...
Glix 27th April 2011, 11:53 Quote
Sony's system? Oh you mean the outsourcing to a cheap service provider...

Does nobody learn, the last company you should be trusting is Sony, when have they ever made a decision that bodes well for their customers?
Jake123456 27th April 2011, 12:21 Quote
Feel sorry for all the PSN User atm...Was so glad I bought a Wii instead :D
Technobod 27th April 2011, 12:26 Quote
Might just have been simpler for Sony to say what data wasn't compromised...
Wouldn't have been a long statement.
Cerberus90 27th April 2011, 12:43 Quote
Quote:
Originally Posted by Nutyy
No my email password is different but the passwords i needed to change were non critical stuff such as a forum i use ..... :(

I'm in the same boat as you, but, don't really see the point in changing them, as, whoever has gotten these details is going to have to do some pretty in depth spying to try and find out which account on whatever site is mine, and then find out the username that's connected with my email.

Even if they do, they'll only get onto forums and non critical stuff, so not worth doing.
If they've gotten cc details, that's all they'll be interested in.
impar 27th April 2011, 12:47 Quote
Greetings!
Quote:
Originally Posted by Krikkit
Holy christ that's an epic fail. Thanks Sony.
I would blame hackers and the parasites that took advantage of the system and expect Sony to patch the holes.
goultech 27th April 2011, 12:56 Quote
I wonder who could have done it..... http://www.bit-tech.net/news/gaming/2011/04/14/anonymous-threatens-sony/1
Anonymous did say though that they stopped the attacks due to affecting the users experience, I'm sure taking personal information is still affects the users experience.
logonui 27th April 2011, 13:40 Quote
Quote:
Originally Posted by goultech
I wonder who could have done it..... http://www.bit-tech.net/news/gaming/2011/04/14/anonymous-threatens-sony/1
Anonymous did say though that they stopped the attacks due to affecting the users experience, I'm sure taking personal information is still affects the users experience.

I'm not saying that this necessarily reflects my own beliefs, but you could also take the viewpoint that it only affects the user experience if they do something with the details, yes passwords have to be changed as a security measure but if the info was only taken to sully Sony's name then it seems to have worked. It's Sony who've taken down the service not the hackers.
blackerthanblack 27th April 2011, 13:48 Quote
Quote:
Originally Posted by Sloth
Get out the tinfoil hats ladies and gentlemen! :)

I'm just waiting for someone to go say it was Microsoft or Nintendo who did it.

It was Microsoft or Nintendo who did it.
impar 27th April 2011, 13:52 Quote
Greetings!
Quote:
Originally Posted by blackerthanblack
It was Microsoft or Nintendo who did it.
I heard it was Valve, via Portal 2 Steam on PSN.

PS:
PSN Users Reporting Hundreds of Dollars Stolen From Them
Neoki 27th April 2011, 13:56 Quote
Where do UK PS3 owners stand on the ID Theft.

What do we need to do, i.e cancel cards etc.
REM_Jupiter 27th April 2011, 14:31 Quote
As a person who's worked in the Banking and I.T. environment I’ll enlighten everyone and highlight that this isn't anything new. Compromises and Hackings like this happen on a daily basis were personal and financial information is stolen. Regardless of how big or small a company is any company and no matter how much money they throw at there security it can suffer from a security breach. That’s the problem with fraud and hacking in the modern world as there will always be people who try to subvert security of companies and make a quick buck in the process by either using or selling the data they obtain. There are good examples of compromises this year alone such as Play.com and Lush who are just two out of hundreds of companies that have been affected by compromises the difference about these companies and Sony is the fact that there willing to tell there customers were others don't even bother.

If your concerned about your data and financial info then my advice is to cancel your debit/credit card and have it replaced in addition to this change your passwords that will be linked to your email which was registered through Sony. If you live in the UK and wish to go a step further contact either Equifax or Experian and have a protective registration applied to your credit file to protect the possibility of identity theft.

As a customer of both the PS3 & Xbox 360 I’d highlight that it can affect both companies now and in the future so if you own a 360, Wii or PC don't sit all high and might on your thrown smugness as it can easily happen to you as well it’s just a matter of time.

Final advice to all is honestly not to panic and go about your lives as its happened now and apart from what I highlighted above there's very little you can do about it.
Jedra 27th April 2011, 14:34 Quote
Quote:
Originally Posted by Odini
Or perhaps part of a great PC revolution, breaking the shackles that are the restrictive consoles in a tremendous shower of glory! Hackers of the world UNITE!

Or perhaps I should just stop watching that film...

Perhaps you should ;-)

These aren't some social vigilantes looking to free anyone, they are plain and simple criminals. Personally if they were caught I would hang them by the testicles (or other suitable gender specific body part[s]) and leave them to rot. Same goes for game pirates and virus writers.
Jedra 27th April 2011, 14:37 Quote
Quote:
Originally Posted by Neoki
Where do UK PS3 owners stand on the ID Theft.

What do we need to do, i.e cancel cards etc.

If I were you I would change the password on any other account you have that uses your email address as a user-id (including your PSN account). Also if you had a credit/debit card registered through PSN I would watch the account like a hawk for the next few days/weeks/months.
smc8788 27th April 2011, 14:44 Quote
I just got my bank to cancel my card and send me a new one, it usually only takes a couple of days so it's not a massive inconvenience.
Jake123456 27th April 2011, 15:01 Quote
Quote:
Originally Posted by goultech
I wonder who could have done it..... http://www.bit-tech.net/news/gaming/2011/04/14/anonymous-threatens-sony/1
Anonymous did say though that they stopped the attacks due to affecting the users experience, I'm sure taking personal information is still affects the users experience.

If you check there Anonymous Newsite, they say themselves "For once it wasn't us" Maybe it was, maybe it wasn't who knows? Sounds suspicious to me...But like everyone said, it has to be Nintendo or Microsoft ;)
Woodspoon 27th April 2011, 15:05 Quote
After years of putting up with console owners saying how insecure PC's are, it's time for a quiet chuckle.
He he he
Highland3r 27th April 2011, 15:28 Quote
The worst part of this (for me) isn't the disclosure of passwords (they're changeable) or credit card information (again, cancel card get a new one) but potentially the release of security questions & answers....
Pretty hard to change your mothers maiden name or place of birth (unless you make up something new but that introduces the risk you'd forget it).

Maybe not a huge concern, but could allow malicious people future access to peoples accounts even post a password change.

Sucks, we don't even own a PS3 - we use Qirocity via Blu-Ray player which shares the PSN network.
liratheal 27th April 2011, 15:44 Quote
Thank god for A: Not telling PSN to store my details for the one purchase I made, B: Using an email address exclusive to PSN, C: Not needing to care.
Nicho133 27th April 2011, 16:10 Quote
A bit off-topic but this kind of reminds me of why I don't trust the cloud. Imagine in the future if we all stored our data in the cloud, and someone hacked into the service and got access to every piece of data you have.

On topic, the PSN network has been down for a while now, hopefully they can get it back up and running soon.
Neoki 27th April 2011, 17:52 Quote
Damn you beat me to it :P
Nutyy 27th April 2011, 18:16 Quote
Just went down to my bank and they reassured me that i would be safe keeping my current details and if my account was wiped they would offer a full refund and offer a new card. So now i know im safe
Guinevere 27th April 2011, 18:24 Quote
Quote:
Originally Posted by Plugs
i think its a case that developer consoles were completely trusted

My understanding is they were connected to a "trusted" network and it was that fact which allowed some piggy-backing to go on.
dave_salmon 27th April 2011, 19:30 Quote
Just saw a Beeb news report that ended with the words "..it's not clear if the playstation netwrok will be up again." Wut?


Edit: I don't actually think it's dead and not coming back, I was just pointing to funnies..
dave_salmon 27th April 2011, 19:36 Quote
Quote:
Originally Posted by Nicho133
A bit off-topic but this kind of reminds me of why I don't trust the cloud. Imagine in the future if we all stored our data in the cloud, and someone hacked into the service and got access to every piece of data you have.


I don't like the idea of clouds either. I read an article about how they'd like everything to become cloud based so you have some barebones hardware and a tiny amount of storage and your OS/programs/games/files/etc will be streamed to you.
Spreadie 27th April 2011, 20:07 Quote
"All your Mastercards are belong to us"
Cerberus90 27th April 2011, 21:00 Quote
Quote:
Originally Posted by Spreadie
"All your Mastercards are belong to us"

:D:D;)
Seabrook 28th April 2011, 04:38 Quote
Apparently the credit card details were encrypted, and therefore not lost. But all the person details weren't encrypted... Seems a bit of an odd system to me. Surely everything should be encrypted, even my grandmother would know to do that...
dave_salmon 28th April 2011, 07:51 Quote
Another ARS article.

Apprently a few dozen people are convinced they have been the victims of fraud. The quoted stories do smell of comment from the sorts of idiot and troll that lurke the boards over there.
boo3a 28th April 2011, 08:45 Quote
its a sad period in gaming history... just sad and dark :(
full story + history for those who dont know the full story:
http://www.gigalb.com/category/gaming/
985323 29th April 2011, 10:16 Quote
From the PSN blog: "The personal data table, which is a separate data set, was not encrypted."
themax 29th April 2011, 16:40 Quote
Rueters and the The Guardian are reporting that hackers in underground forums are shopping around a DB of information taken (2.2 million accounts) from the PSN server containing the CC# and CVV. Sony has never asked nor required the CVV so I question the validity of that claim, which is now making headlines already.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums