PSN outage info - PS3ers - must read!

spaceboy · April 26, 2011, 05:23:22 PM

So to any of you that have a PS3 and have signed up for PSN you already know about the hacking incident and subsequent downtime. Please read the letter in the link below (you should be getting this I guess to your email account, but I thought I'd post it here too)

http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/

PZ · April 26, 2011, 05:27:13 PM

Nice one, space :-X

JRD · April 26, 2011, 05:28:57 PM

a true Global Moderator... ::)

mmosu · April 26, 2011, 07:54:28 PM

Sounds like a lot of "We don't have all the answers, but until then, let's just assume we're all screwed"

spaceboy · April 26, 2011, 09:13:49 PM

yeah, but they have confirmed some of the info, it's only the CC info that they haven't confirmed it seems.

PZ · April 26, 2011, 10:12:00 PM

My wife just read me an article that indicated millions of credit card numbers were compromised. Who knows what the real story is, but I suspect we should expect the worst. Sony (or any other lucid for-profit business) is never going to admit openly that they allowed credit card information to be hacked. The resultant law suits would continue into the next millenium.

RedRaven · April 26, 2011, 11:23:24 PM

Cheers Spaceboy, will make sure the PS3 owners I know who are not OWG members get the info too.

Part of me thinks it is good when massive companies are kept on their toes in this way, but NEVER if it is the end user that is targeted. And in light of recent events in Japan it also borders on the mean and spiteful, after all they could of just as easily hacked Microsoft, or even bigger multi-national companies that are engaged in all manor of shady, underhand and outright illegal activities. Why not target Oil companies, Corporate Banks, companies involved in de-forestation etc ?

mandru · April 26, 2011, 11:24:41 PM

Looking at the letter to the PS3 community on the link spaceboy provided one thing stands out clearly to me.

The letter has the suggestion that you should watch your credit card statement closely for suspicious activity and the instructions for how to obtain a free credit report were included but wouldn't avoiding unauthorized charges be better than trying to clean up after being robbed?

I would suggest that if you have a CC on file with PS3 go to the company that issued your card, explain to them what has happened with this security breach, give them a copy of the letter from PS3 and request new card number.

It is my understanding that when most card companies are made aware that the security of a card number is in jeopardy they will typically reissue a new card without fees or penalties. The letter from PS3 may also be useful in avoiding fees or penalties for the switch.

Scary stuff guys. :shocked

Fiach · April 27, 2011, 01:30:58 AM

Thanks for the heads up spaceboy, my wifes card was compromised a year or so ago, 10K ran up in a week on it, luckily we didnt have to pay, but I will keep an eye out when the statement arrives :)

Art Blade · April 27, 2011, 01:44:12 AM

I agree with mandru about simply and immediately getting a new CC and have the CC company block anything related to the old one.

As to what Red said.. you don't want to know what has happened and is happening all the time out there on the net regarding intrusion and data theft. Usually it doesn't make it to the headlines as companies and whatever institutions involved will do everything possible to stay away from publicity. Those who have access to that kind of information (about thefts and intrusions and so on) won't be surprised at all about what happened to Sony.

What surprises me, however, is that big companies, including banks, keep closing their eyes when it comes to their own security as in "we're safe. Oops, how did that happen?!" -- many times stuff like that happens because security is being breached by third party components (let's call them "advertisements and special offers") being patched into a until-then secure system and because too many departments (again, additionally external services, too) are working independently, adding and changing parts of the system without, for reasons only known to themselves, checking with other departments involved to make sure their new stuff is compatible with the system. I won't go more into detail here, by now you'll already have got the message.

Binnatics · April 27, 2011, 10:00:22 AM

Here's just one of the reactions at the site quoted: "Thankfully no evidence at this time that credit card data was taken."

I suggest that is 'sarcasticly' ment... I do think that there is a risk. But why the hell would they want to attack PSN? If it's some kind of an activist/anarchist he or she would have attacked other networks, not a gaming network. Maybe it's a freak who hates gaming.... One of these 'fathers shouting in the desert' because their son / daughter has gone mad gaming. He shouldn't be hunting for CC info I guess. Anyway, the most secure thing to do is what Mandru mentioned, I agree with that. I think they will be willing to help out, and who knows later present the bill to Sony.

Damn what a story. Maybe we should check Wikileaks... if it's still accessable that is...

spaceboy · April 27, 2011, 10:10:56 AM

Yeah that was good advice mandru, so I did go ahead and call to get a new card sent. The CS rep was aware from hearing it in the news and gave me no grief to change. She was very helpful. I'm not sure I needed to do it, but all it means is changing out other places I have that card setup for purchasing. Better safe than sorry.

For why Sony, I suppose it could have to do with the whole Sony suing Geohotz for jailbreaking the PS3 and posting on the 'net how to do it. They came to an agreement of sorts but not before Sony got the ire of Anonymous the hacking group. They did attack Sony's websites already, but said they'd leave PSN alone so as not to "hurt" gamers.

They haven't claimed this attack, it could just be some other hacker that was also pissed about geohotz, or just saw an opportunity thinking Anonymous would be blamed.

Crazy times my friends...

Binnatics · April 27, 2011, 10:29:11 AM

I remember hearing a DJ on the local radio being 'actually surprised' about anything being free on the internet... he suggested that in time we'll be paying for whatever we want to access, thinking of social media, online gaming, maybe even uploading stuff... He could be right, in fact internet still is a new fenomena in the world, and all different companies are struggling to get their needs and deeds out of it.
I wonder what this whole happening on the PSN would mean in this perspective... It could mean an extra pulse to Sony making the PSN a payed service, since they will have to spend truckloads of axtra funds to enrich their defence systems. On the other hand it could mean they won't, since this happening will cause them customers and they surtainly don't want to loose more...

Who knows what will happen to the internet in the near future..

mandru · April 27, 2011, 11:00:03 AM

Hopefully spaceboy Sony has plugged this current gap in their security now that they can see where the open door was and this won't be an ongoing issue.

Art Blade · April 27, 2011, 11:18:12 AM

Motivations to hack a system could be business competition and rivalry. Who'd gain the most? A direct rival? A security company (Hey, we can protect you!)? Some angry ex-employee who wants to show them? A not yet too famous hacker? That someone could also be a target, like the example given above of perhaps someone hacking PSN hoping Anonymous would be blamed.

spaceboy · April 27, 2011, 11:22:50 AM

yeah I hope so Mandru, it's been down a full week and no ETA (though it's expected within the week). They say they are rebuilding it (from scratch?). I'll wait as long as it takes to get it done right. Plenty of fun to be had offline as well.

@ binnatics - I doubt they'd start charging at least not right now. It would be an even bigger PR nightmare. They do have an optional paid service (that I subscribe to) that gives you free games and discounts, plus cloud saving of save files, perhaps they'll w@&k to promote that more.

Art Blade · April 27, 2011, 11:35:37 AM

Regarding "nothing is free" -- that DJ probably didn't know about or underestimated banner ads and advertisements in general. Look at youtube.. worth billions of dollars.

JRD · April 27, 2011, 11:50:11 AM

Regardless of what actually happened to the CC data or how the hacker`s gonna use it, I`m sure all web users will feel the consequences.

Our security measures are as tight as the threats we are able to foresee. When a breach like that happens, exposing around 70 million credit card numbers (that`s what I read, at least) you can bet that tighter measures are on the way, all filled with a well justified dose of paranoia. :-(

It will translate into new security protocols, more passwords, more hassle and in the end, a new hacker will bring it all down, two days or twenty years from now. >:((

Art Blade · April 27, 2011, 12:01:54 PM

They've got to think about secure ways of payments. And of how to secure personal data in general. The best idea I've come across so far is a single-use credit card number that authorises just one time the amount specified by the account holder and then it expires. Unfortunately that's not commonplace. As to security.. there is no security. If the stakes are high enough there will be attempts to break through.. nothing we can do about that.

Security doesn't create itself. It's humans behind it, they create security systems. If you put those humans on the other side, they'll breach them. Same thing, only a matter of perspective.

spaceboy · April 27, 2011, 12:07:08 PM

oh Art - You're perfect for Portal! GLaDOS will love you, you monster.

mandru · April 27, 2011, 12:24:40 PM

Quote from: Art Blade on April 27, 2011, 12:01:54 PM
They've got to think about secure ways of payments. And of how to secure personal data in general. The best idea I've come across so far is a single-use credit card number that authorises just one time the amount specified by the account holder and then it expires.

That gave me an idea.

I would think that there should be a way for the credit card companies to set up a "Single Vendor Credit Billing" number when requested by the customer for payment to a service provider through their normal card but only that vendor is able to draw on it for reoccurring charges like a monthly or other regular membership fee.

If some other agency not matching the profile of the approved vendor attempts to place a charge on that dedicated charge number the account snaps shut and the customer is notified immediately of the denial of an attempted misuse so that they can reestablish a new single vendor credit number in a timely fashion so that there will not be any loss of service.

Art Blade · April 27, 2011, 12:47:06 PM

While in my country we still don't have those single-use CC, we do have a system that allows an account holder to tell someone (a company) to withdraw money from the account specified. I believe it's called "direct debiting." Typically the account holder is able to withdraw the money, without explaining why, in return from the one who initially took it within six weeks in case something came up. The bank may also receive orders to cancel all of those direct debiting transactions.

Art Blade · April 27, 2011, 12:48:59 PM

Quote from: spaceboy on April 27, 2011, 12:07:08 PM
oh Art - You're perfect for Portal! GLaDOS will love you, you monster.

:-D

Binnatics · April 27, 2011, 02:24:32 PM

This direct-debit sounds good. Am I right that this means in fact a 'positive credit card', where you replace 'card' for 'account'? You put money on a specific area, and give a company access to that specific area to withdraw what you owe them. And the bank gives you the power to undo certain transactions if it's gotten hacked or whatever, a kind of ensurance, like CC's have?
That sounds good.

Me so far, I'm happy with I-deal. As long as you trust the company you're paying, it's a good and safe way in my opinion. I only do online bussiness when I'm absolutely sure the company isn't a fake. So once I'm paying I know it's okay. In this way, I don't leave delicate info somewhere, as far as I know.

What you guys think of the I-deal way of paying?

Art Blade · April 27, 2011, 03:10:46 PM

never heard of I-deal, but then again, I never do online business.

The direct-debiting is related to your regular bank account. It has nothing to do with CC (but CC would use the same bank account). So a regular example would be frequent payments such as paying the rent for your apartment or monthly bills for your mobile phone and that kind of thing. All you do is fill in a form with your bank account details, allowing the company (like, your mobile phone provider) to help themselves to whatever you owe them, like your landlord would always withdraw the monthly rent every 1st of a month. In case you see someone withdrew money from your account you don't recognise, you can tell your bank to get that money back from the account of the one who took it from yours. That's the way I pay most of my stuff, everything that is on a regular and frequent basis. Particularly useful if those amounts change for some reason, I don't have to do a thing, they just withdraw what is needed.

PSN outage info - PS3ers - must read!

Similar topics (1)