Playstation Network suspended 'for day or two'

Discussion in 'other security issues & news' started by Dermot7, Apr 22, 2011.

Thread Status:
Not open for further replies.
  1. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
  2. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
  3. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,957
    Location:
    DC Metro Area
    Sony Shuts Down PlayStation Network Indefinitely

    Internet gamers were frustrated last week when Sony shut down its PlayStation Network. Now, they might have reason to be worried.

    Sony said on Monday that it is keeping its PlayStation Network videogame service offline indefinitely.

    On Monday, the Japanese electronics giant said it is keeping its PlayStation Network videogame service offline indefinitely following a hacking attack it now says may have compromised user’s information.

    To ensure the network’s integrity, Sony said it is currently rebuilding the service, which connects more than 75 million PlayStation customers over the Internet, letting them play videogames and chat together. “This is a time intensive process and we’re working to get them back online quickly,” Sony spokesman Patrick Seybold said in a blog post.

    Sony is still investigating the “external intrusion” that forced the electronics giant to shut down its network last Wednesday. In an email, the company also said it is also trying to figure out if any personal information, such as credit card numbers, may have been compromised in the attack.

    Last week’s outage came at a particularly bad time for the videogame giant. Many of its teenage customers were hoping to virtually punch, kick and choke each other in new videogames, including Warner Bros. Entertainment’s Mortal Kombat, over the three-day Eastern weekend.

    Instead, many of them griped on Facebook, Twitter and even the Digits Blog. Many of the upset gamers said they wanted more transparency from Sony as the process of rebuilding its service continues. Others threatened to switch sides, as it were, and join Microsoft’s Xbox Live service, which largely offers the same features as the PlayStation Network.

    Not all gamers were distraught and some said the furor was over the top. “You would have thought the world had just ended,” Matt, a commenter on the Digits blog, wrote.

    http://blogs.wsj.com/digits/2011/04/25/22402/
     
  4. x942

    x942 Guest

    PSN Compromised; So is your data!

    SOURCE: http://www.ps3hax.net/2011/04/important-psn-update-your-personal-information-has-been-compromised/

    Now that is kind of scary! Glad I use pre-paid CC's. Be sure to update passwords and so on.
     
  5. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,966
    Location:
    U.S.A.
    Merged Threads to Continue Same Topic!
     
  6. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,957
    Location:
    DC Metro Area
    Sony: PlayStation Network Hack Nabbed Personal Info, Maybe Credit Cards

    ARTICLE DATE: 04.26.11


    Sony confirmed Tuesday that hackers have managed to obtain personal information Sony stored within the PlayStation Network, possibly including credit cards. The service will be down, at most, another week.

    In an update posted to the PlayStation Blog, Sony senior director of corporate communications and social media Patrick Seybold noted that the "malicious actions" has caused Sony to send a email to all of its customers.

    That email will tell subscribers that Sony has turned off the PlayStation Network and Qriocity cloud-music service; engaged an outside security firm; and "taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information".

    "Thank you for your patience while we work to resolve the current outage of PlayStation Network & Qriocity services," Seybold wrote. "We are currently working to send a similar message to the one below via email to all of our registered account holders regarding a compromise of personal information as a result of an illegal intrusion on our systems. These malicious actions have also had an impact on your ability to enjoy the services provided by PlayStation Network and Qriocity including online gaming and online access to music, movies, sports and TV shows.

    "We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week," Seybold added. "We're working day and night to ensure it is done as quickly as possible. We appreciate your patience and feedback."

    ...

    What information may be at risk? Sony explains:

    "Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained," the email states. "If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."

    Sony also warned that the hackers may either use or pass along this information to scammers. "Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information," Sony said. "If you are asked for this information, you can be confident Sony is not the entity asking."

    Sony did not raise the issue of refunds or any compensation. Instead, it signed off on a somewhat apologetic note. "We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience," Sony said. "Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information."

    http://www.pcmag.com/article2/0,2817,2384353,00.asp
     
  7. x942

    x942 Guest

    Sorry about that! didn't see this thread.

    Anyways I hope they bring it up soon or I will go to Steam for games ;)
     
  8. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,957
    Location:
    DC Metro Area
  9. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,050
    Location:
    USA
    I couldn't be more thrilled about this. Sony will never sell me another anything ever. :mad:
     
  10. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,486
    Location:
    Poland - Cracow
  11. scott1256ca

    scott1256ca Registered Member

    Joined:
    Aug 18, 2009
    Posts:
    144
    I'll bet a lot of companies do stupid with information like this, putting sensitive information at risk.

    There is no reason that PSN should not be separate from the billing system. All PSN should NEED to do is make a call to the billing system and find out if the account is in good standing. PSN should log you in securely and then not have to do much more than transmit the account id, the amount of time they have been online with the current session to the billing system and ask for a "good to go or not?" response, maybe also requesting an estimate of how much play time the person has left in their account and update that every minute or two.

    It may not be the absolute simplest system, but look at what has happened now. They have put at risk 75 million credit card numbers.
     
  12. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,050
    Location:
    USA
    I got word from the bank today that they are sending a replacement card. You can bet Sony won't get the information on this one.
     
  13. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    From what I have read, they have been also storing all the information unencrypted. Very very very careless and lame. :blink: :thumbd:
     
  14. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    (Again) from 'TheRegister', a speculative but very interesting piece on the recent PSN hack, chatlog info (link) indicating usage of consoles with old firmware containing exploits which, together with a modded version of SSLSniff and a console modded from consumer model to developer model, might allow direct access to the PSN network.
    As in, 'could some folks gain access to the PSN as if they were Sony devs, upload malicious firmware and try to create a massive PS consoles botnet'?

    Speculative? Yes, for sure. Interesting read? Absolutely. (As in 'serious money-making Hollywood scenario' :)) link
     
  15. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
  16. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    PS3 + Playstation + Sony = Officially dead to me

    Yep, I cancelled my account and dumped the 5 month old PS3 on Ebay. :thumb:

    I have had to cancel a debit card linked to the playstation account and order a new one. I've also had to change a few account passwords here and there.

    The whole idea of buying online and attaching cards to online accounts, for me, will only happen with use of 'pay-as-you-go' cards. I have always used a pay-as-you-go card I have for all my transactions online. But I got lazy, and JUST ONCE ... JUST ONCE I used my bank debit card to purchase something from the playstation network and have been stung. So be warned!

    I'm just hoping no fraud happens in my name now. I have disclosed all my details (I've read rumours that the only information Sony/PSN has bothered to protect/encrypt are the 3 digits on the back of registered cards).

    Very worrying, thanks Sony/PSN :thumbd:
     
  17. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    Sony press release on PSN re-activation (some regions this week), new security measures at their datacenters, a firmware upgrade, PSN account verification, complementary offerings (“Welcome Back” CompensationAppreciation Program) and their search for a (first time) CISO/Chief Information Security Officer.

    'Tokyo, May 1, 2011 – Sony Computer Entertainment (SCE) and Sony Network Entertainment International (SNEI, the company) announced they will shortly begin a phased restoration by region of PlayStation®Network and Qriocity™ services, beginning with gaming, music and video services to be turned on. The company also announced both a series of immediate steps to enhance security across the network and a new customer appreciation program to thank its customers for their patience and loyalty.

    Following a criminal cyber-attack on the company’s data-center located in San Diego, California, U.S.A., SNEI quickly turned off the PlayStation Network and Qriocity services, engaged multiple expert information security firms over the course of several days and conducted an extensive audit of the system. Since then, the company has implemented a variety of new security measures to provide greater protection of personal information. SNEI and its third-party experts have conducted extensive tests to verify the security strength of the PlayStation Network and Qriocity services. With these measures in place, SCE and SNEI plan to start a phased rollout by region of the services shortly. The initial phase of the rollout will include, but is not limited to, the following:
    ...
    link
     
  18. scott1256ca

    scott1256ca Registered Member

    Joined:
    Aug 18, 2009
    Posts:
    144
    WOW!! The did extensive testing for a whole WEEK!!!!

    Come on! Anyone who writes software knows they can't have made any significant changes to their security IF they were exposing account details of all users to someone logging on to PSN and exercising some exploit. I think true security would require a redesign of where and how personal account info gets stored (i mean your address/card number etc.) and how it gets communicated to PSN. No way does that get done, then recoded, debugged and audited by "experts" in just over a week.
     
  19. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Sony :thumbd:
     
  20. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,957
    Location:
    DC Metro Area
    Another Sony Online Games Site Down

    PlayStation Hack Prompts Suspension of Sony Online Entertainment Games Site

    05.02.11

    In the wake of the Sony PlayStation Network outage, Sony has taken down another arm of its online gaming offerings.

    Sony Online Entertainment is is now inaccessible; a note on the service's Web site says Sony was forced to "take the SOE service down temporarily."

    "In the course of our investigation into the intrusion into our systems we have discovered an issue that warrants enough concern for us to take the service down effective immediately. We will provide an update later today (Monday)," the note continued.

    SOE provides access to massively multiplayer online games, including the "Everquest" series and "Star Wars Galaxies."

    http://www.pcmag.com/article2/0,2817,2384771,00.asp
     
  21. x942

    x942 Guest

    SO glad i closed my account down when the announced the new TOS. They still have not sent my the remainder from my PSN wallet however and will no longer reply to my emails. SONY FIX THIS AND REFUND THOSE WHO ASKED FOR IT. SCE is failing drastically. I was hopping to get an NGP but now I won't unless some VERY good homebrew is released. Than again sony may store the GPS data unencrypted and let some one steal it :/

    Honestly security isnt even hard to do but sony doesn't get that. They use no encryption or weak encryption (non random seeds). What they need to do is hire some cryptography experts who can setup a secure system from the ground up. Something like this:

    1) HDD Encrypted with AES-256 BIT XTS mode (each console has a unique key embedded in the CPU's SPU that is generated on first boot).
    2) Generate seeds and random numbers with a proven random number scheme.
    3) Encrypt FW the same way as now but with proper keys (as per above)
    4) Encrypt all network communication wit SSL/TLS or a VPN
    5)use 2-factor authentication before the allow connection to PSN; SSL/TLS handshake + a secure token and/or key.
    6) Still implement all of the existing security but beef it up a bit more; The only true weakness was the use of non random numbers on the ps3.
    7) secure all data store on servers with AES 256-bit key (again unique to the user/console ID) or and RSA+DSA 4056 bit key (In the event Public Key Cryptography is a must).
    :cool: Isolate this data so if main server get compromised personal data is safe.
    9) DO NOT STORE ANY DATA UNENCRYPTED ESPECIALLY CREDIT CARD NUMBERS!!!!!!!!

    That's all /rant
     
  22. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    been a LONG TIME since i bought ANYTHING sony and never will again
     
  23. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,957
    Location:
    DC Metro Area
    Sony says 25 million more users at risk in second data hack


    11:09pm EDT


    TOKYO/NEW YORK (Reuters) - Sony's Internet security crisis deepened on Monday with the company revealing hackers had stolen data of another 25 million users of its PC games system in a second massive breach for the consumer electronics giant.

    Sony's latest revelation comes just a day after Sony No. 2 Kazuo Hirai announced measures had been put in place to avert another cyberattack like that which hit its PlayStation Network, hoping to repair its tarnished image and reassure customers who might be pondering a shift to Microsoft's Xbox.

    The attack that Sony disclosed on Monday took place a day before a massive break-in of a separate video game network that led to the theft of 77 million users accounts. Sony revealed the initial attack last week.

    The Japanese electronics company said it discovered the break-in of its Sony Online Entertainment PC games network on May 2. The breach also led to the theft of 10,700 direct debit records from customers in Austria, Germany, the Netherlands and Spain and 12,700 non-U.S. credit or debit card numbers, it said.

    The PlayStation network lets video game console owners download games and play against friends. The Sony Online Entertainment network, the victim of the latest break-in, hosts games played over the Internet on PCs.

    Sony said late on Monday that the names, addresses, emails, birth dates phone numbers and other information from 24.6 million PC games customers was stolen from its servers as well as an "outdated database" from 2007.

    A spokesman for the online games unit based in San Diego said the service was taken down at 1:30 am Pacific time on Monday.

    Sony spokeswoman Sue Tanaka, asked about the risk other data could be at risk, listed the precautions that the company has taken such as firewalls,

    "They are hackers. We don't know where they're going to attack next," Tokyo-based Tanaka said.

    The PlayStation Network incident has sparked legal action and investigations by authorities in North America and Europe, home to almost 90 percent of the users of the network, which enables gamers to download software and compete with other members.

    On Monday, Sony declined to testify in person in front of a U.S. congressional hearing, but agreed to respond to questions on how consumer private data is protected by businesses in a letter on Tuesday, said a spokesman for Rep. Mary Bono Mack, a Republican Congresswoman from California, who is leading the hearing.

    http://www.reuters.com/article/2011/05/03/us-sony-idUSTRE73R0Q320110503
     
  24. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Legal action, how useless. Use some real security actions.
     
  25. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    Sony attacked again, 12,700 non-US CC numbers feared stolen
    By Ben Kuchera | Last updated about 6 hours ago

    The hits just keep on coming when it comes to Sony's online services. We've been promised that the PlayStation Network will be back online very soon, but now Sony Online Entertainment has taken its services offline. This is the company that brought us DC Universe Online, the for-pay superhero MMO.

    Here's what Sony has announced so far:

    Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems. We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password.

    In a twist, the company has also announced a number of older credit card numbers and expiration dates from an older, 2007 database may have been compromised. "...12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained—we will be notifying each of those customers promptly," Sony explained.

    The services have been taken offline, the security is being strengthened, and an outside, "recognized" security firm has been called in.

    This could be a much larger problem than the PSN hack, with for-pay games being taken offline, and older credit card data being potentially stolen. We'll be following this story as it develops.
     
Loading...
Thread Status:
Not open for further replies.