PSN mass data theft GOD MY OH

[FinnKaenbyou]

Damn. Sounds like it WAS a good idea to cancel that card. -_-

[Letty Whiterock]

http://kotaku.com/#!5796651/credit-card-companies-see-no-sign-of-psn-hack-fraud

Hmm.

[helvetica]

Yes Kotaku is a bastion of journalism.  Personal data was taken, we know the CCs were stored in plaintext on your console AND TRANSMITTED IN PLAINTEXT (albeit encrypted with SSL).  We know at the very least the PSN servers were horribly insecure and ran outdated software with known vulnerabilities.

You think Sony wouldn't spend every penny right now trying to spin it the other way?

[Letty Whiterock]

You are by far the angriest person I've seen about this issue, more so than people I've watched get hit with actual fraudulent charges.

Yes, Sony fucked up big-time. This is being considered one of the top-5 worst data leaks (or whatever you want to call it) in our history. This is a PR nightmare, and the PlayStation brand will suffer as a result. They're facing an uphill battle with looming lawsuits, round-the-clock updates to their datacenter (in both updating the servers and their security, as well as physically moving the servers to a more secure location), and a campaign to convince people that the PlayStation brand is still any good, since the NGP is on the horizon, the PS3 still has years of life left, and the PlayStation Suite has been implemented in a number of devices such as the Xperia Play, which is mostly useless now due to the PSN outage (Suite, not the phone). It's 2011, and one of the biggest electronics companies in the world should not be this far behind in their knowledge of software securities. People have been affected by this, though Bloomberg, an legitimate organization dedicated to business-related news, plainly states that Wells Fargo, American Express, and MasterCard have not seen any unauthorized activity related to Sony. These people have to now go out of their way to get new cards, change passwords, and all sorts of precautions, in order to play it safe (though, this is definitely one good thing to come out of this: people get to take a good look at their own personal security).

With all of this information in the public eye, there is literally no amount of money that Sony could spend that would spin anything in any other way. You know that. They know that. They're trying their best to save face, and it's nice to see Sony is actually finally admitting they screwed up instead of pulling an Apple with the iPhone 4's antenna issue, but in the end, they know there's a lot of work to do that will never fully undo the damage done.

Yeah, Sony definitely shot themselves in the foot, face, and crotch with this one, but they did not kill your parents, your friends, and your pets. They are not the only big company out there with security this bad, I can guarantee you that; they just happened to get caught with it in the worst possible way. Sony is not the heart of evil. They're a company that did something incredibly dumb that potentially cost some innocent people money, which is never okay. My information was up on PSN as well, but you don't see me throwing chairs over it. I changed my shared passwords (something I should be doing anyway) and use only PSN cards (I have an old debit card up there that's since expired, so whatever). I took precautions, and I'll wait and see. If something happens, I'll talk to Visa and my bank. If nothing happens, what do I care? Should I write yet another angry e-mail to Sony? There's nothing I can do that hasn't already been done and will make the situation better or worse. After all, there are people who have been affected by this who plan on jumping on Portal 2 and getting The 3rd Birthday the moment PSN goes back up; that's pretty telling, I think, in one way or another.

Just calm down a little bit. This is not worth raising your blood pressure over.

[helvetica]

You know how much of a mess it is to try to clean up your credit after an identity theft?  NOONE helps you, you have to watch your credit all on your own and clean it yourself, it's retarded.  I had my identity stolen, found a couple of attempts at registering cell phone accounts on my account (thankfully I already ruined my credit :b).  It took me a week just to figure out who was even peeking at my credit.  I don't think you understand how absolutely hostile "fraud" cleanup is nowadays.  It's a bitch and a half to get charges reverse and if your card was your bank/debit card, they can take all your money and YOU have to prove they stole it.

I don't think you understand.  There are rules and regulations and supposedly SEVERE punishments in place for stuff like this.  PCI compliance is something you DO NOT FUCK WITH and yet here's Sony with amateur hour running ancient copies of Apache and getting owned by what looks more and more to be a simple script kiddie.  The fact that Sony is even going to get a chance to recover from this is disgusting, period.  If you or I lost even a thousandth of this data we'd be strung up by our necks and our lives ruined forever.  Sony?  Takes a couple quarter losses, settles some claims out of court and gives everyone a free game, and we forget about it 2 years later.

These scumbags stuck rootkits on people's machines and weaseled out of responsibility, these guys intentionally sold defective game consoles and tried to weasel out of covering warranty repair on them, and tried to string up people who dared to touch their precious box and run code that wasn't Sony Approved™.  I'm sorry, I have NO sympathy for their "plight".  This is all self inflicted and I hope they burn.  The ONLY tool we have against this is absolute consumer outrage, and if you're not fuming then well, they won frankly.  From now on there's going to be a cost benefit analysis done on seeing how valuable your financial data really is and if the fines would counter the savings from not giving a damn.  This level of absolute neglect is unconscionable.

[Drake]

http://pastie.org/private/4cg3okya5bfpeb8laldmq
this just in sony is retarded etc

[Sefam]

You know how much of a mess it is to try to clean up your credit after an identity theft?  NOONE helps you, you have to watch your credit all on your own and clean it yourself, it's retarded.  I had my identity stolen, found a couple of attempts at registering cell phone accounts on my account (thankfully I already ruined my credit :b).  It took me a week just to figure out who was even peeking at my credit.  I don't think you understand how absolutely hostile "fraud" cleanup is nowadays.  It's a bitch and a half to get charges reverse and if your card was your bank/debit card, they can take all your money and YOU have to prove they stole it.

I don't think you understand.  There are rules and regulations and supposedly SEVERE punishments in place for stuff like this.  PCI compliance is something you DO NOT FUCK WITH and yet here's Sony with amateur hour running ancient copies of Apache and getting owned by what looks more and more to be a simple script kiddie.  The fact that Sony is even going to get a chance to recover from this is disgusting, period.  If you or I lost even a thousandth of this data we'd be strung up by our necks and our lives ruined forever.  Sony?  Takes a couple quarter losses, settles some claims out of court and gives everyone a free game, and we forget about it 2 years later.

These scumbags stuck rootkits on people's machines and weaseled out of responsibility, these guys intentionally sold defective game consoles and tried to weasel out of covering warranty repair on them, and tried to string up people who dared to touch their precious box and run code that wasn't Sony Approved?.  I'm sorry, I have NO sympathy for their "plight".  This is all self inflicted and I hope they burn.  The ONLY tool we have against this is absolute consumer outrage, and if you're not fuming then well, they won frankly.  From now on there's going to be a cost benefit analysis done on seeing how valuable your financial data really is and if the fines would counter the savings from not giving a damn.  This level of absolute neglect is unconscionable.

So what if it makes more money for them? As much as I agree with you that this is absolutely fucking disgusting(I can't emphasize the fucking disgusting enough, I don't even think there's words to describe this), and that treating their customers as means to get even more money(Hey, it costs less to hire lawyers and lose people's data, let's do that instead!) with a lack of anything looking like ethics, well, unless "Lods of emone" counts as ethics. Sony is still not going to get their heads shoved in like they should.

I'm starting to hate companies that do ANYTHING possible to get that last dime instead of being reasonable. I'm starting to see a lot of these corporate sellouts EVERYWHERE.

The only thing we can do as consumers is stop buying from Sony, but then that cuts us off a lot of potentially good products, and in the longrun might not do anything.

[Garlyle]

Yes, they fucked up.  BUT.  In the interesting of getting away from people repeating the same rants over and over.

Let's just suppose, for a moment, that Sony is to up and flounder as a result.

What happens to everyone who had investments in PSN?  This doesn't just include users who can no longer access games - especially the people who bought a PSP Go, who has no legitimate, standard way to access any new content except to download it?  It also includes developpers who've been pumping hundreds of thousands - or hundreds of millions! - into games for the PS3, PSP, and PSN.  Ultimately, given the choice, would it be right to also force all those consumers who bought products to be left stranded?

It's a curious thing, because we've bought so into digital distribution as a medium of gaming that there are portable devices that are only able to recieve new content through that.  And yet this is the first serious, massive case of it where we have to ask - is this just the risk we buy into when we opt to purchase things digitally?  How do we deal with it if we do?  Do we simply accept that our money and the purchases made are now gone and there is nothing that can be done with it?

And just so people maybe get off of the hate train for a moment - assume my question applies to any digital distribution and/or massive online service system (XBLA, Virtual Console, Steam, etc etc).  Would your answer change if it were any of those?

[Dizzy H. "Muffin" Muffin]

Congress has some questions for Sony.

To make a more snide remark: man, it's times like this when I'm glad I can't afford a console ...

[Sefam]

Yes, they fucked up.  BUT.  In the interesting of getting away from people repeating the same rants over and over.

Let's just suppose, for a moment, that Sony is to up and flounder as a result.

What happens to everyone who had investments in PSN?  This doesn't just include users who can no longer access games - especially the people who bought a PSP Go, who has no legitimate, standard way to access any new content except to download it?  It also includes developpers who've been pumping hundreds of thousands - or hundreds of millions! - into games for the PS3, PSP, and PSN.  Ultimately, given the choice, would it be right to also force all those consumers who bought products to be left stranded?

It's a curious thing, because we've bought so into digital distribution as a medium of gaming that there are portable devices that are only able to recieve new content through that.  And yet this is the first serious, massive case of it where we have to ask - is this just the risk we buy into when we opt to purchase things digitally?  How do we deal with it if we do?  Do we simply accept that our money and the purchases made are now gone and there is nothing that can be done with it?

And just so people maybe get off of the hate train for a moment - assume my question applies to any digital distribution and/or massive online service system (XBLA, Virtual Console, Steam, etc etc).  Would your answer change if it were any of those?

It wouldn't differ if all of them were using old Apache servers to contain the information and if they gave the same kind of sticky Public Relations answers Sony gave to their consumers :V

This single event, no matter who was hit by it, is simply unacceptable. As TSO said, if any of us did that sort of things, and I quote, "we'd be strung up by our necks and our lives ruined forever. "

Congress has some questions for Sony.

To make a more snide remark: man, it's times like this when I'm glad I can't afford a console ...

Oh boy, we got shit.

[Garlyle]

You didn't answer my question at all.  Worse than  that, you outright ignored it and did precisely what I'm trying to get away from, which is the fact that this topic has largely become people repeating themselves over and over.

What I'm asking is; if Sony were to shut down, how exactly do we deal with the huge userbase who is now left stranded and developpers whose intended platform is now gone?  The point at the end about other methods is to try to get people to think outside of imminent Sony hate (and thus ignoring the consumers) and try to consider what should hopefully happen in the loss of any digital distribution service, regardless of circumstance.

In other words, if Sony were to be sunk by this, or at least the Playstation-centric branches, services, and products... how do we clean up the sudden end of a system, platform, and network?

[Sefam]

You didn't answer my question at all.  Worse than  that, you outright ignored it and did precisely what I'm trying to get away from, which is the fact that this topic has largely become people repeating themselves over and over.

Yes, I answered your last question, how else am I supposed to answer that one? "Oh if VALVe did this it would be all okay" /sarcasm note, I'l answer the other ones;

What happens to everyone who had investments in PSN?  This doesn't just include users who can no longer access games - especially the people who bought a PSP Go, who has no legitimate, standard way to access any new content except to download it?  It also includes developpers who've been pumping hundreds of thousands - or hundreds of millions! - into games for the PS3, PSP, and PSN.  Ultimately, given the choice, would it be right to also force all those consumers who bought products to be left stranded?

It's never right to leave your customers stranded, but that question is sort of...weird...Since, you know, the servers have to be fixed now, and need to be shut down to prevent any further abuse. I think you're taking the "choice" part out of context, because you don't REALLY have choice here, at least, not in Sony's shoes.

It's a curious thing, because we've bought so into digital distribution as a medium of gaming that there are portable devices that are only able to recieve new content through that.  And yet this is the first serious, massive case of it where we have to ask - is this just the risk we buy into when we opt to purchase things digitally?  How do we deal with it if we do?  Do we simply accept that our money and the purchases made are now gone and there is nothing that can be done with it?

Hmm, yes, if you read into Steam's subscriber agreement;

THE ENTIRE RISK ARISING OUT OF USE OR PERFORMANCE OF STEAM, THE SOFTWARE, AND MERCHANDISE REMAINS WITH YOU, THE USER. VALVE EXPRESSLY DISCLAIMS (I) ANY WARRANTY FOR STEAM, THE SOFTWARE, AND THE MERCHANDISE, AND (II) ANY COMMON LAW DUTIES WITH REGARD TO STEAM, THE SOFTWARE, AND THE MERCHANDISE, INCLUDING DUTIES OF LACK OF NEGLIGENCE AND LACK OF WORKMANLIKE EFFORT. STEAM, THE SOFTWARE, THE MERCHANDISE, AND ANY INFORMATION AVAILABLE IN CONNECTION THEREWITH ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS, "WITH ALL FAULTS" AND WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. ANY WARRANTY AGAINST INFRINGEMENT THAT MAY BE PROVIDED IN SECTION 2-312(3) OF THE UNIFORM COMMERCIAL CODE AND/OR IN ANY OTHER COMPARABLE STATE STATUTE IS EXPRESSLY DISCLAIMED. ALSO, THERE IS NO WARRANTY OF TITLE, INTERFERENCE WITH YOUR ENJOYMENT, OR AUTHORITY IN CONNECTION WITH STEAM, THE SOFTWARE, MERCHANDISE OR INFORMATION AVAILABLE IN CONNECTION THEREWITH. THIS SECTION WILL APPLY TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW.

B. LIMITATION OF LIABILITY.

NEITHER VALVE, ITS LICENSORS, NOR THEIR AFFILIATES SHALL BE LIABLE IN ANY WAY FOR LOSS OR DAMAGE OF ANY KIND RESULTING FROM THE USE OR INABILITY TO USE STEAM, YOUR ACCOUNT, YOUR SUBSCRIPTIONS AND THE SOFTWARE INCLUDING, BUT NOT LIMITED TO, LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES. IN NO EVENT WILL VALVE BE LIABLE FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, PUNITIVE, EXEMPLARY DAMAGES, OR ANY OTHER DAMAGES ARISING OUT OF OR IN ANY WAY CONNECTED WITH STEAM, THE SOFTWARE, MERCHANDISE THAT YOU ACQUIRE VIA STEAM, ANY INFORMATION AVAILABLE IN CONNECTION THEREWITH, OR THE DELAY OR INABILITY TO USE MERCHANDISE OR ANY INFORMATION, EVEN IN THE EVENT OF FAULT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, BREACH OF CONTRACT, OR BREACH OF VALVE'S WARRANTY AND EVEN IF VALVE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THESE LIMITATIONS AND EXCLUSIONS REGARDING DAMAGES APPLY EVEN IF ANY REMEDY FAILS.

IF YOU ARE A RESIDENT OF A EUROPEAN UNION COUNTRY, THE ABOVE PARAGRAPH MAY NOT APPLY TO YOU.

C. NO GUARANTEES.

VALVE DOES NOT GUARANTEE CONTINUOUS, ERROR-FREE, VIRUS-FREE OR SECURE OPERATION AND ACCESS TO STEAM, THE SOFTWARE, YOUR ACCOUNT AND/OR YOUR SUBSCRIPTIONS(S).

Basically, if you own 20 games on Steam, and Steam shuts down tomorrow, you just lost everything you bought and VALVe is not liable for the losses, because you agreed to the ToS when you purchased said games. While it's rather...impossible for Steam to just go down, it might happen in the future. None of the products you buy digitally will remain forever. But at the same time, I accept these terms of liability, because I don't...really collect game boxes. I mean, for example, I bought Portal 2 and finished it, I consider I've had my money worth of entertainment; I wouldn't be angry if I lost ownership over the game tomorrow because I already finished the game, and I probably won't ever go back to it. If I bought a game, and it didn't get in my account, I would be angry though.

[draganuv15]

I heard that the hackers put up a site to sell the stolen credit card details...
lol fail sony  :V

[Grand Octopus]

Kaz Hirai to brief media on data theft (this Sunday)

Sony Corp's No.2 Kazuo Hirai will brief media on Sunday about a huge security breach of its PlayStation Network, the first time an executive of the Japanese electronics giant will publicly address the case, which could prompt global legal actions.

Hirai, in line to succeed CEO Howard Stringer, will hold a news conference in Tokyo at 2:00 p.m. (1 a.m. EDT) on Sony's investigation of the case, its information management system and the schedule to resume services, the firm said in a news release on Saturday.

Sony warned on Tuesday that hackers had stolen names, addresses, and possibly credit card details from 77 million user accounts of its online video game network, which produces an estimated $500 million in annual revenues.

The disclosure of one of the biggest ever online data infiltrations came on Tuesday, a week after Sony shut down the network. Executives made no mention of the crisis hours earlier that day when they launched its first tablet computer.

The delay prompted anger among online users, although company said it was due to a forensic investigation.

It could lead to legal action around the globe and pose a challenge for Hirai, who Stringer has said is in pole position to succeed him.

In the United States, attorneys general, who act as consumer advocates, have begun investigating the matter or reviewing it with staff in several states, while U.S. regulators such as the Federal Trade Commission could get involved as well.

The chairman of the U.S. House of Representatives' Committee on Energy and Commerce, Mary Bono Mack, on Friday sent a letter to Hirai, who also serves as the chairman of Sony Computer Entertainment America, asking why the disclosure was delayed.

In Britain, a government watchdog launched an investigation of the incident.

Sony has been mulling a potential successor for Stringer, who has been vague about his plans from the next financial year that starts in April 2012.

Hirai, who was promoted in March to executive deputy president of Sony, used to run the firm's network products and services division including Sony's game businesses.

Sony shares took a hit on Thursday, falling nearly 5 percent in Tokyo. The bourse was closed on Friday, a national holiday.

Sony said it had encrypted all credit card numbers, which would make it extremely difficult for hackers to access that data. But criminals might use other personal information that was not encrypted to launch scams.

popcorn.gif

[Jitters]

Gaaa-aaaaaaaaaaaaaaaahhhhhhhhhhhhh.
Let the lesson of the Month be to never, never, ever, trust a huge Conglomerate/Corporate name again.  I'm guessing the vast majority never thought that hackers could cause millions of dollars of irreversible damage to Sony.
PSN being offline for weeks has no effect one me, since all the games I'm currently hooked on are either PC Games, or Offline Games. (The only Game I want is Uncharted 3, but that comes out in November.)
Still, Sony has screwed themselves over regardless, I mean, they didn't have any security measures for Personal Information? Really?
In any case, I'm affected, as I've used my Debit Card to purchase a few things from the PSN Store. I'm naturally calm about all this, should I be freaking out, and reinstating my Bank Account/Debit Card? 

[helvetica]

http://pastie.org/private/4cg3okya5bfpeb8laldmq
this just in sony is retarded etc

Yeah we've known all of this since the initial dongle hacks came out.  Sony was absolutely retarded.

Yes, they fucked up.  BUT.  In the interesting of getting away from people repeating the same rants over and over.

Let's just suppose, for a moment, that Sony is to up and flounder as a result.

What happens to everyone who had investments in PSN?  This doesn't just include users who can no longer access games - especially the people who bought a PSP Go, who has no legitimate, standard way to access any new content except to download it?  It also includes developpers who've been pumping hundreds of thousands - or hundreds of millions! - into games for the PS3, PSP, and PSN.  Ultimately, given the choice, would it be right to also force all those consumers who bought products to be left stranded?

They should get compensation.  The collapse of PSN isn't their fault, and their livelihoods are just as much affected as the gamers who's credit cards are being ripped off or purchases lost.  Sony is WHOLLY liable for this entire mess, and I think they should burn.  They were intentionally negligent and downright malevolent over the state of PSN, months after very serious issues cropped up.  The devs paid for a stable and secure system to develop their products on and Sony just as much failed them in that regard as they did the consumer in protecting their purchasing and personal data.

It's a curious thing, because we've bought so into digital distribution as a medium of gaming that there are portable devices that are only able to recieve new content through that.  And yet this is the first serious, massive case of it where we have to ask - is this just the risk we buy into when we opt to purchase things digitally?  How do we deal with it if we do?  Do we simply accept that our money and the purchases made are now gone and there is nothing that can be done with it?

In a situation like this, I think a killswitch should be mandated.  The system is being taken apart because of willful ignorance of good security practices and major industry regulations, not because they're going out of business.  And part of their compensation they should be forced to provide a method to unlock all content purchased and allow it to be playable outside of their system.  Not mandating such a punishment would force the consumer base to have to accept the lesser of two evils, keeping a company with a long history of consumer hostile practices afloat and intentionally limiting damages/liability so they don't lose what they got.

To be honest though, I would be willing to give up my purchases to punish a corporation who made this mess.  Stuff can be rebought and compensation can be given in final judgements in cases.  Consumer trust and faith in the system should NEVER EVER EVER be a game of risk/reward though and we need to send a VERY CLEAR message with this case.  While similar in scope to amount of data lost, the TJX breakin was the case of a massive criminal enterprise breaking in and as such really isn't the fault of TXJ.  This is looking more and more like a simple script kiddie got in through flaws found MONTHS ago by the homebrew scene but completely ignored and directly told to shut up with lawsuits.  Sony knew about it but intentionally ignored their flaws.

And just so people maybe get off of the hate train for a moment - assume my question applies to any digital distribution and/or massive online service system (XBLA, Virtual Console, Steam, etc etc).  Would your answer change if it were any of those?

No, but unfortunately it's a question that hasn't been addressed by any court.  Digital distribution is really a new field that has never been entered before, and there's a lot of consumer rights issues that have not been answered yet.  If Sony is to bellyflop (or at least the SCE side of things) over this, then those questions are going to need to be answered fast.

[NamelessFool]

Watching this unfold makes me glad I used store-bought PSN cards instead of using credit/debit cards to buy stuff. So the only potential issue I have is someone else using my PSN account to browse the Internet/PSN store with like, a buck to my name at best or sign on a game with my name. Still pissed, but I don't have much to lose.

[HakureiSM]

On a tangent note, on a conversation with a friend we came to the conclusion that if Sony or at least SCE were to all(which would be the correct thing to happen), this could be really good for the industry overall, as it could create a market gap and allow for other corporations(Apple, Sega, etc.) to jump in the home console market, breaking the Sony Nintendo Microsoft axis.

[DX7.EP]

On a tangent note, on a conversation with a friend we came to the conclusion that if Sony or at least SCE were to all(which would be the correct thing to happen), this could be really good for the industry overall, as it could create a market gap and allow for other corporations(Apple, Sega, etc.) to jump in the home console market, breaking the Sony Nintendo Microsoft axis.

Sega? Unlikely given that its pockets are not much deeper than they were before the Dreamcast days, and that their arcade hardware has been running on Windows Embedded for a few years now.

Apple is more likely, but given the Apple TV's copying of specs directly from the iPod Touch (seriously, they have the same chip and everything) and the lack of a controller (which could be easily remedied by an app that makes iPod Touches act like them, or with a Magic Controller device) this won't be likely until the Apple TV gets some serious extra power (whether it be by more ARM cores or joint architectures) before it can go to consoles.

Google, well, is too busy with spreading Android among multiple devices and configurations and Google TV was a flop when it launched last year. So I doubt it will make major strides in consoles yet.

[Garlyle]

Sega? Unlikely given that its pockets are not much deeper than they were before the Dreamcast days, and that their arcade hardware has been running on Windows Embedded for a few years now.

SEGA has also said in the past that they were more interested in becoming a publisher and game studio instead of trying to run their own consoles.  Although, failure against Nintendo and Sony was ultimately what brought it down, and if Sony were to vanish, that might cause them to reconsider.

And I somehow doubt Apple or Google would be particularly successful in the console market.  They might host games, but they've got some serious quality control issues when it comes to that, among other things.  I don't think they'd work out if they took a shot at it - or maybe I hope they wouldn't, given the way that the iOS and Android markets currently are.

So the only potential issue I have is someone else using my PSN account to browse the Internet/PSN store with like, a buck to my name at best or sign on a game with my name. Still pissed, but I don't have much to lose.

If you ever put your address and stuff in - a real address anyway - when signing up, that might also be an issue used against you; alternatively, if you shared a password and e-mail for things, that could be out there too now.

Digital rights questions

I'm surprised at the two very different answers!  They're... both pretty accurate, too, sadly.

And legal tendencies right now are "Oh hey you agreed to this terms of service when you signed up and they say you get nothing so say goodbye to your shit".

[helvetica]

Which is why it's probably going to have to take a SCOTUS case to shake out all the dealings with digital distribution.  Everything from fair use questions like being able to backup games or circumvent copy protections to things like can a consumer return/resell digital purchases.  With how fast the market is going towards it, it's going to have to be shaken out soon.

http://www.thekoalition.com/2011/05/sony-psn-press-conference-wrap-up-audio-included/
What a fucking joke.

– Sony will give 30 days of PSN+ and Qriocity for free to all users
– Each territory will be offering selected PlayStation entertainment content for free download. Specific details of this content will be announced in each region soon.

Fuck you Sony.  That's how you're going to shuffle this under the rug?  You think buttering us up with your shitty inhouse music network and an autopatch service is going to win us over?  This is absolutely jawdropping.  This line caught my eye too.

– When asked about credit card and password encryption, they revealed that password information is not encrypted but credit card information was stored in a different location on the network.

Umm... this is security 101.  ENCRYPT YOUR SHIT.

[Mocking Morning]

-Sony are conducting a federal investigation in the US to catch the attackers.

Since when did Sony get the power to conduct federal investigations? I wasn't aware that Sony employed ICE and FBI special agents.

Jokes aside, if Sony had any decency, (HA!) the least they could've done is foot the bill for credit monitoring services for everyone effected by their resonance cascade of failures.

? Sony will give 30 days of PSN+ and Qriocity for free to all users

What kind of Bamma bullshit is this? That's the best you can do after compromising millions of peoples CC info? To me that sounds like "Eh let's give 'em this, maybe that will shut them up for a minute."

[Garlyle]

Oh, good, according to translations from http://cdn.jp.playstation.com/msg/state.html ; PSN's online play functionality will be back up within the week.  Good, I can finally go online with Dissidia 012.

Also it seriously makes me :I when you guys pick one specific thing like it's the only thing they're doing.  But it does bring up the question - what would they actually have to do, at this point, for you to even consider forgiving them (Or have you made up your mind and can never be convinced otherwise?)

[Dead Princess Sakana]

As far as I am concerned, there's two groups that have to take responsibility here: The guys directly working the network/servers that let that attack happen and knew about the flaws beforehand, and the executives that also knew about it and didn't do shit. Sony needs to get rid of those and fill up the positions with people who bring with them a policy that won't let shit like this happen again. Letting the same people continue and claim improvement for the future is a slap in the face of the people that were affected.
Asking Sony to burn as a whole though... I don't recall people wanting Microsoft to burn for all the shit their software has caused. And I would bet the damage from Microsoft security failures adds up to about the scale of this here, or even surpasses it. BUt it didn't happen all at once, so it's not causing as much outrage.

I want the guys that were responsible to take the responsibility and step down, the rest of the whole construct is fine as far as I care.

[Letty Whiterock]

This is the best response I've seen to this:

So just by ordering a new CC and not being able to access PSN for a while I get free PSN+ and other free stuff for my PS3? Awesome.

Also,

What kind of Bamma bullshit is this? That's the best you can do after compromising millions of peoples CC info? To me that sounds like "Eh let's give 'em this, maybe that will shut them up for a minute."

Thanks for doing research before speaking out of your anus!

While Sony again confirmed that they have no confirmed instances of stolen credit cards from the data, and that the three-digit CVV number was definitely not compromised, the company has asked the FBI for a criminal investigation, and will update "when we have something to share."

So what's next for the company in recovering? Firstly, Sony is moving the data center from San Diego to a new undisclosed location, and is also increasing security "to help defend against new attacks."

In addition, the PlayStation 3 console will have an imminent system software update which will require users to change their PlayStation Network passwords. This can only be changed on the same PS3 that the account was created on, or via a validated email.

Although no credit cards have been proven as misused after the intrusion, Sony says that "we will consider covering the cost of reissues of new credit cards to affected customers if they wish to do so."

In addition, the company will help users to enroll in theft prevention schemes, and the company will also roll out free 'welcome back' packages with selected free content on PlayStation Network. This will include a 30 day membership in PlayStation Plus for all PSN users, and existing PS+ subscribers will get 30 days extra onto their membership.

They're fixing what they screwed up by improving their security (both physically and electronically), are willing to offer compensation for credit card reissues, will assist in theft prevention enrollments, are giving everyone PSN+ free for a month, and will be giving out free games, depending on region. Clearly those are just sweep-under-the-rug actions from a company that is under the watchful eye of the FBI and is also receiving international lawsuits for this fiasco.

Shit happens, and like I said, Sony's not the only company with security that bad; they just happened to get caught. I think they're actually doing quite a bit in the form of making-it-up-to-us.

[DX7.EP]

Which is why it's probably going to have to take a SCOTUS case to shake out all the dealings with digital distribution.  Everything from fair use questions like being able to backup games or circumvent copy protections to things like can a consumer return/resell digital purchases.  With how fast the market is going towards it, it's going to have to be shaken out soon.

As much as I'd like to believe this, given the track record of the current justices (Citizens United, recent class-action suit reduction for individuals) I think this would give even more power to the corporate end rather than the citizen one.

http://www.thekoalition.com/2011/05/sony-psn-press-conference-wrap-up-audio-included/
What a fucking joke.

? Sony will give 30 days of PSN+ and Qriocity for free to all users
? Each territory will be offering selected PlayStation entertainment content for free download. Specific details of this content will be announced in each region soon.

Fuck you Sony.  That's how you're going to shuffle this under the rug?  You think buttering us up with your shitty inhouse music network and an autopatch service is going to win us over?  This is absolutely jawdropping.  This line caught my eye too.

? When asked about credit card and password encryption, they revealed that password information is not encrypted but credit card information was stored in a different location on the network.

Umm... this is security 101.  ENCRYPT YOUR SHIT.

Ridiculous. As if this will solace their consumer base...and they're still not encrypting? Idiotic!

[Barrakketh]

Thanks for doing research before speaking out of your anus!

Serious question for you; how do you believe that Sony would be able to conclusively link credit card fraud to the breach?  They can claim that they have "no confirmed instances" all they want, but unless you catch the person using a stolen CC# and they admit that they acquired the information from the PSN breach how the fuck are you supposed to prove that?  It's just PR speak to make things sound better than they are.

I mean, I know people on another large forum that have had unauthorized charges to their cards that were used on the PSN after the breach occurred.  Some are just $1 charges on iTunes (which happens to be a popular way to test whether stolen card information is valid), one guy had a $1850 charge, some people had their bank block suspicious charges to their cards, and several people had their banks automatically cancel their cards and re-issue a new one.  IIRC at least one of the people who had a card cancelled claimed that the bank rep said they were contacted by Sony.  Correlation, or causation?

[Mocking Morning]

Thanks for doing research before speaking out of your anus!

Time for you to do your own research on how government agencies handle data breaches.

When the Transportation Security Administration potentially lost secure data that contained the personal financial info of 100,000 current and former employees, they fixed their issues and paid for credit monitoring services. Even if things like SSN and banking numbers were blocked and secured, people to this day are still having issues with credit because of this.

[helvetica]

Oh, good, according to translations from http://cdn.jp.playstation.com/msg/state.html ; PSN's online play functionality will be back up within the week.  Good, I can finally go online with Dissidia 012.

Also it seriously makes me :I when you guys pick one specific thing like it's the only thing they're doing.  But it does bring up the question - what would they actually have to do, at this point, for you to even consider forgiving them (Or have you made up your mind and can never be convinced otherwise?)

Free credit monitoring, ability for us to get full refunds of our purchases and get the hell out of PSN?  I dunno about you, but just offering us a month of autopatching and your crappy music and maybe a free game is a slap in the face to the potential damage they did with their negligence.

You know how much of a pain in the ass it was just to get my card reissued?  I have to wait 2 weeks for a new card now.  You can only pull your credit report once a year then they charge you, and monitoring services are NOT cheap.  And they think just giving us a free month on their crappy service and a game from their shitty network will some how butter us over and make everything right again?

e: ok after reading the Gamasutra article it looks like they're offering to those who "ask" but I'll believe it when the sign up pages come up.  I'll be hammering those pages.

[Letty Whiterock]

Serious question for you; how do you believe that Sony would be able to conclusively link credit card fraud to the breach?  They can claim that they have "no confirmed instances" all they want, but unless you catch the person using a stolen CC# and they admit that they acquired the information from the PSN breach how the fuck are you supposed to prove that?  It's just PR speak to make things sound better than they are.

I mean, I know people on another large forum that have had unauthorized charges to their cards that were used on the PSN after the breach occurred.  Some are just $1 charges on iTunes (which happens to be a popular way to test whether stolen card information is valid), one guy had a $1850 charge, some people had their bank block suspicious charges to their cards, and several people had their banks automatically cancel their cards and re-issue a new one.  IIRC at least one of the people who had a card cancelled claimed that the bank rep said they were contacted by Sony.  Correlation, or causation?

It's not Sony that's claiming it. It's the credit card companies themselves that are saying it. And I'm not saying that it hasn't happened. In fact, I directly stated it happened in this thread.

And I definitely understand that this screw up can and will probably result in negative consequences for a lot of people, but it's like Sony said, "Yes, we fucked up, but you're on your own, faggots!" They're actually doing a lot more than people expected, and it seems like a decent gesture of good will all around. It's not 100% compensation, because realistically, you can't expect that, and hoping this company folds as a result is insane, because it puts hundreds of uninvolved people out of jobs.