Topic: PSN = Privacy? Security? Never!

[BranDonk Kong]

How is 2.4 billion ridiculous? $240 million is like a slap on the wrist, that's $3 per person who was a victim of their bullshit, $2.4 billion is only $30 a pop. This is like criminal neglect, 77 million counts of it. This whole mess is probably going to ruin a lot of people's lives, so if it drives Sony out of business, then **** them, they deserve it. I like how the PSN TOS says they have no liability if someone steals our info, too bad the law says otherwise.

[Shaymin]

The cost was assuming it would cost $312 per PSN account to provide full compensation for the breach. With over 70+ million accounts, that's where $24bn comes from.

[Ceric]

I've been in about 4 class action suites most of them won and guess how much I've gotten from them.  $0  The only people who make any money of these things are the lawyers.

[broodwars]

I've been in about 4 class action suites most of them won and guess how much I've gotten from them.  $0  The only people who make any money of these things are the lawyers.

Indeed.  It's probably mutually beneficial for both Sony and us if Sony themselves just compensates us for their mistakes, as we'll never see anything from Class Action Lawsuits even if the consumers win.  Whatever happens, though, Sony's made their bed with the PSN and now they have to deal with the consequences.  I don't want Sony destroyed by this, as I feel they offer a truly great gaming experience that benefits the industry as a whole in their own way.  Besides, they and Microsoft balance each other out well.  But I do want them taught a hard lesson, and I want them to show their consumers that they will bend over backwards to make amends for it.  It's the only way they can possibly recover from this.  And I still want that goddamn hacker caught, as no one seems to be following the fact that this guy so far seems to have gotten away with it while everyone's been busy yelling at Sony for their role in this.

In all honesty, I wonder if we're going to look back on this as a "good thing" in the grander scheme of things.  I wonder how many people got a good, hard, important lesson with this debacle about the fragility of online financing and how important it is to keep an eye on your credit cards online (even when using sites that you would think could ordinarily be trusted).  At least something good could come out of this.

[broodwars]

Well, the Playstation Blog's begun Damage Control with a press release answering a few common questions (for some reason, I'm surprised they didn't answer the commonly asked silly question about whether trophies are safe), which you can find here.  Sony's now saying that they merely warned their customers about a potential leak of credit card information for the sake of being careful, and that they do not think that information was stolen (as they state that it was encrypted).  They are completely certain that personal information was stolen, though, as that was not encrypted.  Well, we'll see.  I hope they're right, though I suspect not.

[bustin98]

=

[Chozo Ghost]

This sort of criminal neglect by a mega corp is comparable to the BP oil spill, which actually happened a year before on the exact same day.

I hope Sony does get ruined by this. This is only one of about a hundred reasons why the company deserves to die. Plus if they were removed from the market it would do wonders for Nintendo.

[BlackNMild2k1]

It's nice to have Sony around pushing the Tech Envelope and making what was too expensive, now affordable.

[TrueNerd]

I never thought I'd say this, but I am thrilled my credit card got physically stolen a month ago. I never put my new one on PSN. Enjoy my canceled credit card number, suckers!

[King of Twitch]

Talk like that Chozo Ghost and you're going to get me all hot and bothered.

[Stogi]

Well they just sent me a long winded email about what I can do to protect myself including contacting the FTC.

I don't have a CC on file nor have I used my PSN account since my PS3 was jailbroken back in October. Still, crazy ****.

[Chozo Ghost]

How much harm can someone do with just your name, address, and birthday? Is this information something that we need to worry about falling into the wrong hands? Its not like they have SSN numbers, and the name and address stuff could always have been obtained from a phone book anyway, so is that something we need to worry about?

[Enner]

How much harm can someone do with just your name, address, and birthday? Is this information something that we need to worry about falling into the wrong hands? Its not like they have SSN numbers, and the name and address stuff could always have been obtained from a phone book anyway, so is that something we need to worry about?

Going on words I can remember from listening to podcasts all day, the personal information (which includes answers to challenge questions) can be used by a thief to gain control to an account through "Forgot Password" challenge questions or a customer service representative. The latter is a method of social engineering, I think?

It's nice to have Sony around pushing the Tech Envelope and making what was too expensive, now affordable.

Hmm, aren't there other electronics companies like Samsung and Panasonic to fill the hypothetical Sony void? Then again, from what I hear in Consumer Electronics Shows, Sony has the skunk works putting out some truly crazy concepts and prototypes.

[lolmonade]

Well they just sent me a long winded email about what I can do to protect myself including contacting the FTC.

I don't have a CC on file nor have I used my PSN account since my PS3 was jailbroken back in October. Still, crazy ****.

I got that email as well.  Doesn't seem like it's any more information than what was posted on their blog, but I guess it's nice they decided to email users in case they don't read the blog regularly...7 days later...

[BlackNMild2k1]

It's nice to have Sony around pushing the Tech Envelope and making what was too expensive, now affordable.

Hmm, aren't there other electronics companies like Samsung and Panasonic to fill the hypothetical Sony void? Then again, from what I hear in Consumer Electronics Shows, Sony has the skunk works putting out some truly crazy concepts and prototypes.

None of those other tech companies are producing tech on the same volume a Sony. I'm talking about things like Bluray players in the PS3 & OLED screens in the NGP (Cell and whatever else they pack in and sell at a loss). Those are all things Sony is willing to eat the cost of to mass produce in high enough volume so that it not only becomes cheaper for them, but everyone else too.

[UncleBob]

Good news, everyone.  You don't have to worry about your credit card info in the wake of this huge SONY breach.  SONY said that the credit card numbers on their servers were encrypted.

And SONY's really good at encrypting things...

[Chozo Ghost]

There's also really no proof at this point that whoever hacked the PSN really cared about committing credit fraud anyway. For all we know it may have just been the result of self righteous hackers who wanted to **** things up for Sony because of the whole GeoHotz thing. Don't you think the timing of this is a little strange? It happened not long after Anon declared war on Sony. While Anon themselves denied involvement, it may have been the work of a more hardline splinter group.

So until we know otherwise there's no particular reason to think the hackers were after credit card info. They may have just wanted to throw a monkey wrench into the PSN and mess things up for Sony just for the sake of causing mischief and giving Sony a headache. That said, they may have even feigned going after CC info because they knew that would cause more problems and public outcry against Sony (and it has).

[UncleBob]

It was either:

A) A group of hackers who just wanted to screw with SONY, or
B) A group of hackers who were legitimately after useful data.

Obviously, those in group B are a concern.  Those in group A... well, what better way to screw with SONY than to actually get the credit card numbers, abuse them, then leave SONY on the legal hook for not protecting consumer data?  Even if they didn't set out to acquire something like credit card information, *if* they managed to access it, the temptation would be awfully, awfully sweet.

Either way, I wouldn't be a fan of those odds.

[Chozo Ghost]

Its possible that the hackers involved in this do have a conscience and wouldn't want to commit fraud against innocent consumers. We don't really know their motives or objectives at this point. I just think the timing is interesting. If this happened months from now out of the blue it would be one thing, but this happened on the tail of the Geohotz/Anon thing so I think there is a strong possibility it is just something related to that, and if that's the case then its less likely credit fraud was the objective. But like I said, all we can do is speculate.

Naturally, whoever did this isn't going to want to openly blog and admit they did it and explain what they did and why. Especially with the FBI actively investigating this. They may not have harmed consumers or wanted to harm consumers, but they harmed Sony and the legal penalties I would imagine would be pretty severe. So I don't think we're going to get any answers from whoever was behind it.

[Plugabugz]

Financial Fraud Action (FFA), which represents card firms, says Sony is due to pass it the details of all card numbers that may have been stolen, which FFA will then distribute to banks and building societies.

FFA says this is standard procedure after a hack.

It therefore says anyone who has entered their card number on the PlayStation network does not need to contact their provider as firms will cancel many cards automatically.

So anyone in the UK need not worry.

http://www.moneysavingexpert.com/news/cards/2011/04/sony-playstation-users-data-stolen-in-hack

[Stogi]

It doesn't matter if it were self-righteous hackers or just thieves, the outcome would be the same. And I think whomever did it, did it now so people would assume they were the first even if they were the latter.

[Shaymin]

Something posted on the PlayStation blog today - as part of the closing of the barn door after the horse escaped, they're relocating the servers.

They also emphasized that there were physical measures in place to prevent breaches.

Why would they emphasize that?

[Chozo Ghost]

Is that suggesting someone physically hacked the servers? As in, someone was physically in the same room as where the servers are located and hacked them from there?

[broodwars]

Is that suggesting someone physically hacked the servers? As in, someone was physically in the same room as where the servers are located and hacked them from there?

Unlikely, since allegedly this was going on for 3 days before the hacker was discovered.  Besides, it would be even more likely that the hacker would be caught if they were actually doing it in person.  We'd have likely heard about it by now.

[oohhboy]

I H4XX0RZ UR S3RV4!!!111!