PlayStation Network hacked, User Info stolen!
Delightfully fun.
Well, I'm glad I'm not Sony right now.
Omnes relinquite spes, o vos intrantes
My Characters
CoX Chatlog Parser
Last.fm Feed
Great... time to make some calls to the bank and another round of password changes.
Paragon Unleashed Forums
Twitter: @Alpha_Ryvius
it's not that big of a deal...
Use one password for everything you do and link it to an email...
Then that email have it a different password
Any problems that occur in any other thing you are in will email back to that account and you'll be safe cuz of the dif password.
Cred card, you just have to look at your bill ^.^
*happily keeps playing on Xbox Live*
it's not that big of a deal...
Use one password for everything you do and link it to an email... Then that email have it a different password Any problems that occur in any other thing you are in will email back to that account and you'll be safe cuz of the dif password. Cred card, you just have to look at your bill ^.^ |
Omnes relinquite spes, o vos intrantes
My Characters
CoX Chatlog Parser
Last.fm Feed
Name, address, contact details, billing history, passwords, security questions, possibly credit card details - even under idea circumstances, that's bad.
|
There is a very low chance of anything major happening to any given person for the type of people that have that data you stand a what? maybe 1 in a million shot of actually being effected by having that data stolen?
They likely either stole the data for cred card information or passwords. If you handle your passwords right its not a problem and cred card stuff will get them caught quite quickly if people actually pay attention to their bills.
It's more of a nuisance than anything else
It's bad... and I'm pretty sure it's the first major hack that the general populous has had to deal with, but all things considered most of that info is useless for what a hacker that would hack into PSN would want with it and the rest is easily dealt with.
There is a very low chance of anything major happening to any given person for the type of people that have that data you stand a what? maybe 1 in a million shot of actually being effected by having that data stolen? They likely either stole the data for cred card information or passwords. If you handle your passwords right its not a problem and cred card stuff will get them caught quite quickly if people actually pay attention to their bills. It's more of a nuisance than anything else |
But it's as they say: "Paranoia" and "sufficient IT security" are one and the same. Attacks like this PSN hack just goes to show why. Sony apparently trusted that the data coming from a PS3 was always clean. Big mistake and not nearly paranoid enough.
But to us users, it's probably not a big deal in the long run. Swap out passwords, (and credit card if you're paranoid enough), and you're pretty much golden again. Sony on the other hand faces the wrath of politicians, lawyers, and financial institutions over this. It's much, much worse to be Sony right now.
Aegis Rose, Forcefield/Energy Defender - Freedom
"Bubble up for safety!"
And aren't I glad that I used a unique PS3 only password for that login.
But it's MY sadistic mechanical monster and I'm here to make sure it knows it. - Girl Genius
List of Invention Guides
Unless Sony is a complete bunch of morons, it is unlikely that they actually got passwords. Nobody who sets up security systems with a lick of sense actually stores passwords. Instead you store the passwords in your database as a hash.
A hash in this instance is effectively a one way translator. You password is converted to so much gibberish by a one way algorithm which is consistently reproducible. Thus the hash generated when you enter your password can be compared to your stored hash, and if they agree, you are validated. To crack the hash back to the actual password is essentially as hard as cracking the password itself.
Now I've never tried to contact Sony to have my password changed. If they are willing to send your password to you, then yes, they are likely dunderheads and not using a hash. If, however, they are only willing to change your password, then they have a clue.
Any environment in which you are able to have your password sent to you as you typed it in (without generating a new one which is sent) should scare the hell out of you. Those people are actually keeping your password in a retrievable fashion which is abysmal security practice. Never use a password you use elsewhere for such an instance.
Too many alts to list.
Except your password is one of the things that Sony believes might have been compromised.
So they perhaps ARE a complete bunch of morons.
-k
I see myself as witty, urbane, highly talented, hugely successful with a keen sense of style. Plus of course my own special brand of modesty.
Virtue: Automatic Lenin | The Pink Guy | Superpowered | Guardia | Guardia Prime | Ultrapowered
Except your password is one of the things that Sony believes might have been compromised.
So they perhaps ARE a complete bunch of morons. -k |
Nonetheless, it would be prudent for people who re-use their PS-3 password elsewhere to change it.
Too many alts to list.
Why encrypt? It's only info on gamers. Lazy dregs of society. Serves them right.
Father Xmas - Level 50 Ice/Ice Tanker - Victory
$725 and $1350 parts lists --- My guide to computer components
Tempus unum hominem manet
Aegis Rose, Forcefield/Energy Defender - Freedom
"Bubble up for safety!"
Fortunately, I set up all my game accounts to not remember my password to avoid this very scenario. That way I can change it on the fly as necessary. Plus, I hate being signed into anything automatically.
S.
Part of Sister Flame's Clickey-Clack Posse
That won't matter. The problem is that parts of their database were apparently stolen. Whether your individual client "remembers" your password is irrelevant. The system you're logging into has your account information stored, and your password is in there somewhere. When you type a password on your end, the system needs to check it against something to verify that it's actually correct. And it was that stored information that may have been compromised.
Unless Sony is a complete bunch of morons, it is unlikely that they actually got passwords. Nobody who sets up security systems with a lick of sense actually stores passwords. Instead you store the passwords in your database as a hash.
|
From the article:
...most hashes are designed to be computed quickly. This allows someone who gains access to the stored hash values to rapidly check long lists of possible passwords for validity. One defense against such attacks is to use longer passwords, increasing greatly the number of possible passwords an attacker must check to find the correct one. For simple hash schemes...an attacker can precompute the hash values for all common or short passwords and save them in a large table. Once a hash value is obtained it can then be quickly looked up in the table to find the matching password. However as the size of passwords grows, such tables can become too big to store. An alternative is to store the starting points for long chains of hashed passwords. This requires more computation to look up a purloined password hash, but saves greatly on space. |
Apt: http://www.vgcats.com/comics/?strip_id=305
Omnes relinquite spes, o vos intrantes
My Characters
CoX Chatlog Parser
Last.fm Feed
*sigh*... I have no idea what password I have on PSN (haven't used it in over a year) so I have no idea if I need to change any other passwords. And changing them all is a nightmare...
Icelock - Ice/Storm Controller
Command Bot 1 - Bot/Traps MM
"I think I'm cute. I've got gold medals.
I've got the moves that make them all tap out.
The Angle Slam, the Ankle Lock.
Marty Jannetty...still can't walk.
I'm just the sexy Kurt.
I'll make your ankle hurt.
I'm just the sexy Kurt.
I'll make your ankle hurt."
Kurt Angle
Surprise, surprise. Looks like someone is slapping Sony with a class-action lawsuit over the network hack.
Paragon Unleashed Forums
Twitter: @Alpha_Ryvius
Surprise, surprise. Looks like someone is slapping Sony with a class-action lawsuit over the network hack.
|
Sony may be hit with £500K fine over PSN data loss
I know there's a ban on other video games, but this is an account security matter. I hope that's an allowable exception.
Read this: Update on PlayStation Network and Qriocity
Read this in particular:
If you're using that password anywhere else, change it. Now! And if you have a registered credit card at them, keep a very close eye on it. Or get a new one. This is a massive security leak, we're talking 77 million stolen email address/password combinations with both purchase history and location of the PS3 you bought it with, plus a possible leak of credit card data. I may sound paranoid, but this should be taken VERY seriously.
Now if you'll excuse me, I have some passwords to change...
Aegis Rose, Forcefield/Energy Defender - Freedom
"Bubble up for safety!"