PS3 PSN Potential Security Breech

Online now: Bing (sucks), DEyncourt, Google [Bot], juice, maurvir
Post Reply
About time a statement from Sony was released vaguely detailing why PSN went down and why it is not yet back up. No word on how serious the intrusion was. I'm guessing it was probably just someone getting through some FW's and raising red flags. Because they haven't informed me or any of their other customers about a possible sensitive data breech, but than why wait so long to release a statement that addresses the cause of the PSN shutdown?
Quote:
An external intrusion on our system has affected our PlayStation Network and Qriocity services. In order to conduct a thorough investigation and to verify the smooth and secure operation of our network services going forward, we turned off PlayStation Network & Qriocity services on the evening of Wednesday, April 20th. Providing quality entertainment services to our customers and partners is our utmost priority. We are doing all we can to resolve this situation quickly, and we once again thank you for your patience. We will continue to update you promptly as we have additional information to share.
http://blog.us.playstation.com/2011/04/22/update-on-playstation-network-qriocity-services/

OMG 5 days and still no PSN. I'm starting to suffer from frag withdrawal.
NightCougar of the Dawn +9650 postcount
User avatar
This is why you have a gaming PC :P

Surprised this didn't happen sooner. Sony has always toted the security of their hardware/software. Was thinking of getting our my Star Ocean TLHI and finally starting on it but now I think i'll just wait. Probably some patches or something that I'd need.
Quote:
Sony admits utter PSN failure: your personal data has been stolen
What did they get?

Here is the data that Sony is sure has been compromised if you have a PlayStation Network Account:

Your name
Your address (city, state, and zip)
Country
E-mail address
Birthday
PSN password and login name

Stupid uncouth individuals, I hope someone sues the fiddlesticks out of Sony. How the hell are you going to wait 6 stick fiddling days before informing the millions and millions of people who use your service that their sensitive data had been stolen? stick fiddling lawsuit is all I'm saying.
NightCougar of the Dawn +9650 postcount
User avatar
Not even sure what I had on there. I never used a credit card on it. All my PSN purchases were off PSN cards.
NightCougar of the Dawn +9650 postcount
User avatar
Hey, they never sent me a letter informing me of this.
NightCougar of the Dawn wrote:
Hey, they never sent me a letter informing me of this.

Nor did they e-mail any of their customers about it. They posted it to a damn Blog 6 days after they knew.
PS3 - It Only Does Identity Theft Parody Ad
At least someone has a sense of humour about this.
NightCougar of the Dawn +9650 postcount
User avatar
Well I finally got the e-mail:

===================================

PlayStation(R)Network

===================================

Valued PlayStation(R)Network/Qriocity Customer:

We have discovered that between April 17 and April 19, 2011,
certain PlayStation Network and Qriocity service user account
information was compromised in connection with an illegal and
unauthorized intrusion into our network. In response to this
intrusion, we have:

1) Temporarily turned off PlayStation Network and Qriocity services;

2) Engaged an outside, recognized security firm to conduct a full
and complete investigation into what happened; and

3) Quickly taken steps to enhance security and strengthen our
network infrastructure by rebuilding our system to provide you
with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill
as we do whatever it takes to resolve these issues as quickly and
efficiently as practicable.

Although we are still investigating the details of this incident,
we believe that an unauthorized person has obtained the following
information that you provided: name, address (city, state, zip), country,
email address, birthdate, PlayStation Network/Qriocity password and login,
and handle/PSN online ID. It is also possible that your profile data,
including purchase history and billing address (city, state, zip),
and your PlayStation Network/Qriocity password security answers may
have been obtained. If you have authorized a sub-account for your
dependent, the same data with respect to your dependent may have
been obtained. While there is no evidence at this time that credit
card data was taken, we cannot rule out the possibility. If you have
provided your credit card data through PlayStation Network or Qriocity,
out of an abundance of caution we are advising you that your credit
card number (excluding security code) and expiration date may have
been obtained.

For your security, we encourage you to be especially aware of email,
telephone and postal mail scams that ask for personal or sensitive
information. Sony will not contact you in any way, including by email,
asking for your credit card number, social security number or other
personally identifiable information. If you are asked for this information,
you can be confident Sony is not the entity asking. When the PlayStation
Network and Qriocity services are fully restored, we strongly recommend that
you log on and change your password. Additionally, if you use your PlayStation
Network or Qriocity user name or password for other unrelated services or
accounts, we strongly recommend that you change them as well.

To protect against possible identity theft or other financial loss, we
encourage you to remain vigilant, to review your account statements and
to monitor your credit reports. We are providing the following information
for those who wish to consider it:
- U.S. residents are entitled under U.S. law to one free credit report annually
from each of the three major credit bureaus. To order your free credit report,
visit www.annualcreditreport.com or call toll-free (877) 322-8228.

- We have also provided names and contact information for the three major U.S.
credit bureaus below. At no charge, U.S. residents can have these credit bureaus
place a "fraud alert" on your file that alerts creditors to take additional steps
to verify your identity prior to granting credit in your name. This service can
make it more difficult for someone to get credit in your name. Note, however,
that because it tells creditors to follow certain procedures to protect you,
it also may delay your ability to obtain credit while the agency verifies your
identity. As soon as one credit bureau confirms your fraud alert, the others
are notified to place fraud alerts on your file. Should you wish to place a
fraud alert, or should you have any questions regarding your credit report,
please contact any one of the agencies listed below:

Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division,
P.O. Box 6790, Fullerton, CA 92834-6790

- You may wish to visit the website of the U.S. Federal Trade Commission at
www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania
Avenue, NW, Washington, DC 20580 for further information about how to protect
yourself from identity theft. Your state Attorney General may also have advice
on preventing identity theft, and you should report instances of known or
suspected identity theft to law enforcement, your State Attorney General,
and the FTC. For North Carolina residents, the Attorney General can be
contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone
(877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney
General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202;
telephone: (888) 743-0023; or www.oag.state.md.us.

We thank you for your patience as we complete our investigation of this
incident, and we regret any inconvenience. Our teams are working around the
clock on this, and services will be restored as soon as possible. Sony takes
information protection very seriously and will continue to work to ensure that
additional measures are taken to protect personally identifiable information.
Providing quality and secure entertainment services to our customers is
our utmost priority. Please contact us at 1-800-345-7669 should you have any
additional questions.

Sincerely,

Sony Computer Entertainment and Sony Network Entertainment
Quote:
Sony Offering Free ‘AllClear ID Plus’ Identity Theft Protection in the United States

The details of the program include, but are not limited to:

Cyber monitoring and surveillance of the Internet to detect exposure of an AllClear ID Plus customer’s personal information, including monitoring of criminal web sites and data recovered by law enforcement. If his/her personal information is found, the customer will be alerted by phone and/or email and will be provided advice and support regarding protective steps to take. The customer will also receive monthly identity status reports. Debix works with an alliance of cyber-crime experts from the government, academia and industry to provide these services.

Priority access to licensed private investigators and identity restoration specialists. If an AllClear ID Plus customer receives an alert, or otherwise suspects that he/she may be the victim of identity theft, the customer can speak directly, on a priority basis, with an on-staff licensed private investigator, who will conduct a comprehensive inquiry. In the case of an identity theft, the customer can work with an identity restoration specialist to contact creditors and others, and take necessary steps to restore the customer’s identity.

A $1 million identity theft insurance policy per user to provide additional protection in the event that an AllClear ID Plus customer becomes a victim of identity theft. This insurance would provide financial relief of up to $1 million for covered identity restoration costs, legal defense expenses, and lost wages that occur within 12 months after the stolen identity event.

TechnoBill Freakazoid
User avatar
1 Billion dollar lawsuit?

http://www.gamepro.com/article/news/219 ... n-dollars/

Quote:
A Canadian law firm, representing a plaintiff who claims Sony has breached her privacy, is suing the company and all its subsidiaries for $1 billion Canadian dollars.



21 year old Natasha Maksimovic (not pictured above) has enlisted the services of Toronto law firm McPhadden Samac Tuovi LLP to claim damages in excess of $1 billion (Canadian) against all Sony subsidiaries, including Sony Japan, Sony USA and Sony Canada. Maksimovic claims that Sony has breached her privacy and must "pay the costs of credit monitoring services and fraud insurance coverage for two years."

"If you can't trust a huge multi-national corporation like Sony to protect your private information, who can you trust?" Maksimovic said, proving she's never played Final Fantasy VII or indeed dealt with a huge multi-national corporation before. "It seems Sony focuses more on protecting its games than its PlayStation users."

Sony has 20 days to file a statement of defense.


That is just ridiculous.
I dont think she's suing for 1 billion in damages for herself. I think it is that, if Sony provides the credit monitoring services to all those whose information was exposed, the entire class action suit could amount to 1 billion in damages.
TechnoBill wrote:
1 Billion dollar lawsuit?

Image
TechnoBill Freakazoid
User avatar
Uh, if you followed the link Uki that is the graphic they used.

You are a little late to the game.
Subsequent topic  /  Preceding topic
Post Reply

PS3 PSN Potential Security Breech