The Great 2011 PSN Outage Megathread *Post 1 updated*

Standard Toaster

Dravokivich

super_furry wrote: »

That would usually be true but Sony store and send all credit card information in plain text - http://arstechnica.com/gaming/news/2011/02/report-psn-hacked-showing-stunning-lack-of-credit-card-security.ars

I've read that link... it's only a problem if you are using custom firmware.

The only flaws with PSN is that the security protocols on the console are being removed by the "hackers" with custom firmware loaded onto the client.

Nothing in that article indicates if you are using legitimate Firmware from Sony that your details are at risk.

yawnstretch

Beefy78 wrote: »

Yes, so long as you report any fraud within 120 days of the transaction taking place. Basically check your statements.

I think it's extremely unlikely that card data has been compromised. It's not impossible, but it's a hundred times safer to use your card on PSN than it is to use it at a cashpoint or to pay for a round of drinks at a bar. Even if details were taken there's not much anyone can do with a card number without the three digit code to go with it, and Sony don't store that. Calling up your issuer and requesting a new card is probably unnecessary but if it makes you feel better then all power to you.

From what Sony are saying has been hacked, a lot of the info is in the public domain anyway. Your name and DOB are on the electoral register, or can be seen on all but the most private Facebook accounts.

The people who are in trouble are idiots like me who use hotmail/gmail/yahoo addresses with the same password as your PSN one. Once someone gets into your email then you're in trouble as internet banking and all sorts of other things are one step from there. I've changed my password for my email account this evening and would advise others to do the same.

My name and DOB are not on the electoral register, they're on the hidden one. I don't have a Facebook account.

I'm not a fan of identity theft so I go to great effort to keep this information safe.

I rang my cc company last night and put a fraud alert on my card but what can I do about my personal info being used?

NOTHING. This matters a lot to me and I'm pretty angry.

Varik

amacachi wrote: »

Except it's been shown that Sony send credit card and other details in plain text.

Plain text under SSL encryption.

Beefy78

amacachi wrote: »

Except it's been shown that Sony send credit card and other details in plain text.

Sony are a PCI level 1 company. As well as meaning that their network is subject to a quarterly scan to ensure that it is secure, that means that their systems and data protection procedures are independently audited by a Qualified Security Assessor. The QSA wouldn't sign off on their audit if Sony were just storing card details in an unecrypted Word document like has been suggested. The idea is laughable.

amacachi wrote: »

You don't get how computers and scripts work do you?

Please don't be so condescending.

Beefy78

yawnstretch wrote: »

My name and DOB are not on the electoral register, they're on the hidden one. I don't have a Facebook account.

I'm not a fan of identity theft so I go to great effort to keep this information safe.

I rang my cc company last night and put a fraud alert on my card but what can I do about my personal info being used?

NOTHING. This matters a lot to me and I'm pretty angry.

Nothing. And were I in that position having actively kept my details private then I'd be annoyed too. You should probably take some comfort in the fact that there are 77m people in the same boat though. The odds of anyone in particular being in trouble from this is probably pretty small.

The sad fact is though that as soon as you give this data up to any company then you run the risk of that data being compromised. Sony will be relatively secure compared to a lot of companies and Government departments.

Inbox

I just tried to change my paypal password,jesus Christ I can't work out how to do it :mad: Can anybody tell me what me what the process is.Online guides seem to be out of date. I fecking hate technology sometimes :D

Liamario

Someone from Silicon Republic is on newstalk at the moment.
Unfortunately, he sounds like a college student doing his first class presentation. I know what has happened over the last few days, but he has managed to confuse me. If I'm confused, the average Joe are wondering if he is even speaking English.

F1ngers

Inbox wrote: »

I just tried to change my paypal password,jesus Christ I can't work out how to do it :mad: Can anybody tell me what me what the process is.

Had a look there for you, couldn't find a way to do it.
Maybe if you went the "forgot my password" route - get the email, you may then be prompted to change it when you log in.

yawnstretch

Liamario wrote: »

Someone from Silicon Republic is on newstalk at the moment.
Unfortunately, he sounds like a college student doing his first class presentation. I know what has happened over the last few days, but he has managed to confuse me. If I'm confused, the average Joe are wondering if he is even speaking English.

Yeah, he should have rehearsed what he was going to say...

Will I Amnt

Inbox wrote: »

I just tried to change my paypal password,jesus Christ I can't work out how to do it :mad: Can anybody tell me what me what the process is.Online guides seem to be out of date. I fecking hate technology sometimes :D

Login-profile-password-edit,make sure you get it right,I was emailed to change my password and got suspicious halfway through and stopped which in turn got them suspicious thinking it wasn't me,ended up having my account suspended and hours of phonecalls trying to sort it.
It was a genuine email randomly asking me to change password,they are fairly meticulous when it comes to login info.

Liamario

yawnstretch wrote: »

Yeah, he should have rehearsed what he was going to say...

He kept saying 'basically'. I was embarassed listening to it. I even gave myself an uncontrollable facepalm.

eioneill

PlayStation(R)Network

===================================

Valued PlayStation(R)Network/Qriocity Customer:

We have discovered that between April 17 and April 19, 2011,
certain PlayStation Network and Qriocity service user account
information was compromised in connection with an illegal and
unauthorized intrusion into our network. In response to this
intrusion, we have:

1) Temporarily turned off PlayStation Network and Qriocity services;

2) Engaged an outside, recognized security firm to conduct a full
and complete investigation into what happened; and

3) Quickly taken steps to enhance security and strengthen our
network infrastructure by rebuilding our system to provide you
with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill
as we do whatever it takes to resolve these issues as quickly and
efficiently as practicable.

Although we are still investigating the details of this incident,
we believe that an unauthorized person has obtained the following
information that you provided: name, address (city, state, zip), country,
email address, birthdate, PlayStation Network/Qriocity password and login,
and handle/PSN online ID. It is also possible that your profile data,
including purchase history and billing address (city, state, zip),
and your PlayStation Network/Qriocity password security answers may
have been obtained. If you have authorized a sub-account for your
dependent, the same data with respect to your dependent may have
been obtained. While there is no evidence at this time that credit
card data was taken, we cannot rule out the possibility. If you have
provided your credit card data through PlayStation Network or Qriocity,
out of an abundance of caution we are advising you that your credit
card number (excluding security code) and expiration date may have
been obtained.

For your security, we encourage you to be especially aware of email,
telephone and postal mail scams that ask for personal or sensitive
information. Sony will not contact you in any way, including by email,
asking for your credit card number, social security number or other
personally identifiable information. If you are asked for this information,
you can be confident Sony is not the entity asking. When the PlayStation
Network and Qriocity services are fully restored, we strongly recommend that
you log on and change your password. Additionally, if you use your PlayStation
Network or Qriocity user name or password for other unrelated services or
accounts, we strongly recommend that you change them as well.

To protect against possible identity theft or other financial loss, we
encourage you to remain vigilant, to review your account statements and
to monitor your credit reports. We are providing the following information
for those who wish to consider it:
- U.S. residents are entitled under U.S. law to one free credit report annually
from each of the three major credit bureaus. To order your free credit report,
visit www.annualcreditreport.com or call toll-free (877) 322-8228.

- We have also provided names and contact information for the three major U.S.
credit bureaus below. At no charge, U.S. residents can have these credit bureaus
place a "fraud alert" on your file that alerts creditors to take additional steps
to verify your identity prior to granting credit in your name. This service can
make it more difficult for someone to get credit in your name. Note, however,
that because it tells creditors to follow certain procedures to protect you,
it also may delay your ability to obtain credit while the agency verifies your
identity. As soon as one credit bureau confirms your fraud alert, the others
are notified to place fraud alerts on your file. Should you wish to place a
fraud alert, or should you have any questions regarding your credit report,
please contact any one of the agencies listed below:

Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division,
P.O. Box 6790, Fullerton, CA 92834-6790

- You may wish to visit the website of the U.S. Federal Trade Commission at
www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania
Avenue, NW, Washington, DC 20580 for further information about how to protect
yourself from identity theft. Your state Attorney General may also have advice
on preventing identity theft, and you should report instances of known or
suspected identity theft to law enforcement, your State Attorney General,
and the FTC. For North Carolina residents, the Attorney General can be
contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone
(877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney
General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202;
telephone: (888) 743-0023; or www.oag.state.md.us.

We thank you for your patience as we complete our investigation of this
incident, and we regret any inconvenience. Our teams are working around the
clock on this, and services will be restored as soon as possible. Sony takes
information protection very seriously and will continue to work to ensure that
additional measures are taken to protect personally identifiable information.
Providing quality and secure entertainment services to our customers is
our utmost priority. Please contact us at 1-800-345-7669 should you have any
additional questions.

Sincerely,

Sony Computer Entertainment and Sony Network Entertainment

===================================

LEGAL
"PlayStation" and the "PS" Family logo are registered
trademarks and "PS3" and "PlayStation Network" are
trademarks of Sony Computer Entertainment Inc.
(C) 2011 Sony Computer Entertainment America LLC.

Sony Computer Entertainment America LLC
919 E. Hillsdale Blvd., Foster City, CA 94404

Sonovagun

So should I cancel my debit card?

WolfForager

Sonovagun wrote: »

So should I cancel my debit card?

Nah, just tell your bank to keep and eye on it, red flag it or whatever you call it.

shinzon

sonovagun wrote: »

So should I cancel my debit card?

you can tell your bank to put a fraud alert on the account, if any suspicious activity happens it will be flagged, but tbh if you want complete piece of mind then yeah cancel it, upto yourself

Shin

Liamario

I'm finding the mass hysteria to be both annoying and hilarious.

"THEY MIGHT POSSIBLY MAYBE HAVE AND MIGHT MAYBE NOT BE USING MY CREDIT CARD!!!! BURN THE HOUSE DOWN JUST TO BE SAFE!!!!!"

wayne040576

I remember the last time this happened with me, it was an Irish retailer that had their system compromised. My credit card company knew about it before I did and were keeping an eye out anyways. They called as soon as a dodgy transaction appeared.

Keep an eye on your online credit card account. Usually they try charging $1 to it to see if it's accepted before trying anything else.

I'm more pissed at the fact they got the address and email details. Now my email address which has been relatively clear up to now, may get spammed.

Grudle

Just spent an hour changing passwords on all the accounts I can think of.

What a waste of time, thanks Sony

shinzon

Liamario wrote: »

I'm finding the mass hysteria to be both annoying and hilarious.

"THEY MIGHT POSSIBLY MAYBE HAVE AND MIGHT MAYBE NOT BE USING MY CREDIT CARD!!!! BURN THE HOUSE DOWN JUST TO BE SAFE!!!!!"

As you rightly point out this may all come to nothing, but I doubt sony would announce to the world about Ccard details if something in that area had not of happened. the bad press alone would feck up sony big time

I think erring on the side of caution is warranted though when there is so little coming out of sony what are people to think, I use PSN cards myself and before that 3v so makes no diff to me, but to others whose cards are on the network I think they have a right to ask questions about what to do and people have a right to offer advice back.

Hysteria definitely no, caution most certainly yes

Shin

HeisenbergBB

wayne040576 wrote: »

Keep an eye on your online credit card account. Usually they try charging $1 to it to see if it's accepted before trying anything else.

Ya this happened a friend of mine recently. The charitible bastards donated a euro to St. Vincent de Paul before taking a few hundred. Bank refunded all the money tho.

Liamario

I was more referring to people who have been saying (not necessarily on boards) that they are going to sell their consoles or are now boycotting all Sony products.
I have Credit Card info connected to my PSN account, but all I can do is watch my statements and change passwords. Anything beyond similar steps is madness and hysteria.

shinzon

Liamario wrote: »

I was more referring to people who have been saying (not necessarily on boards) that they are going to sell their consoles or are now boycotting all Sony products.
I have Credit Card info connected to my PSN account, but all I can do is watch my statements and change passwords. Anything beyond similar steps is madness and hysteria.

ah right took it up wrong yeah thats just plain silliness tbh

Shin

Minstrel27

Liamario wrote: »

I was more referring to people who have been saying (not necessarily on boards) that they are going to sell their consoles or are now boycotting all Sony products.

What I will do is buy for the XBOX 360 instead of the Playstation 3 when possible. I am sick of Sony and their reluctance to inform their customers of what is going on.

That_Guy

Seems I've been sending a load of spam messages last night. Reckon my email address has been hacked. Just changed the password now so be advised if your day to day email address is linked to your PSN.

Dravokivich

That_Guy wrote: »

Seems I've been sending a load of spam messages last night. Reckon my email address has been hacked. Just changed the password now so be advised if your day to day email address is linked to your PSN.

Doesn't ave to be hacked to do that.

It can be "Spoofed."

http://en.wikipedia.org/wiki/E-mail_spoofing

Krieg

Not sure about the authenticity of this, I think parts of the chat were posted here already
http://pastie.org/private/97oth9v5tspkiztwwdmnga

<user2> creditCard.paymentMethodId=VISA&creditCard.holderName=Max&creditCard.cardNumber=4558254723658741&creditCard.expireYear=2012&creditCard.expireMonth=2&creditCard.securityCode=214&creditCard.address.address1=example street%2024%20&creditCard.address.city=city1%20&creditCard.address.province=abc%20&creditCard.address.postalCode=12345%20
<user2> sent as plaintext
<user3> uh
<user3> did you censor that card?
<user2> ya its fake
<user3> good
<user1> wow, plaintext :S
<user5> plaintext wow
<user3> im never putting in my details like that
<user2> ya is all fake lol
<user2> i never used cc on ps3
<user2> normally you ATLEAST enccrypt the securtity code, even if its ssl
<user5> id hope sony would do such in a safe manner
<user5> psn cards probably plain text to then
<user2> fake certs are known since years as vuln so companies encrypt such data twice normally
<user2> but hey its sony --> its a feature
<user5> lol
<user7> lol

<user2> another funny function i found is regarding psn downloads
<user2> its when a pkg game is requested from the store
<user2> in the url itself you can define if you get the game free or not. requires some modification in hashes and so on tho
<user3> ..
<user2> is like
<user8>
<user3> my god
<user2> drm:off
<user5> lol
<user2> lol

RAIN

I called my Bank, they told me not to Cancel the card, they are aware of the Sony issue and are being extra vigilante with Odd spending on users cards.

Thats enough for me. Changed a few passwords also, I'm happy enough.

Headshot

I cancelled my credit card today and I wont be getting my new on till next week :rolleyes:


Should i change the password to my email which is linked with PSN ?

Varik

Headshot wrote: »

I cancelled my credit card today and I wont be getting my new on till next week :rolleyes:


Should i change the password to my email which is linked with PSN ?

are they the same?