PlayStation Network hacked, User Info stolen!
By
Arnabas,
Posted on: 2011-04-26 13:19 in Comic and Hero-Villain Culture
Delightfully fun.
Well, I'm glad I'm not Sony right now.
Omnes relinquite spes, o vos intrantes
My Characters
CoX Chatlog Parser
Last.fm Feed
Great... time to make some calls to the bank and another round of password changes.
Paragon Unleashed Forums
Twitter: @Alpha_Ryvius
it's not that big of a deal...
Use one password for everything you do and link it to an email...
Then that email have it a different password
Any problems that occur in any other thing you are in will email back to that account and you'll be safe cuz of the dif password.
Cred card, you just have to look at your bill ^.^
*happily keeps playing on Xbox Live*
Quote:
Name, address, contact details, billing history, passwords, security questions, possibly credit card details - even under idea circumstances, that's bad.
|
Originally Posted by Durakken
it's not that big of a deal...
Use one password for everything you do and link it to an email... Then that email have it a different password Any problems that occur in any other thing you are in will email back to that account and you'll be safe cuz of the dif password. Cred card, you just have to look at your bill ^.^ |
Omnes relinquite spes, o vos intrantes
My Characters
CoX Chatlog Parser
Last.fm Feed
Quote:
It's bad... and I'm pretty sure it's the first major hack that the general populous has had to deal with, but all things considered most of that info is useless for what a hacker that would hack into PSN would want with it and the rest is easily dealt with. |
Originally Posted by The_Spad_EU
Name, address, contact details, billing history, passwords, security questions, possibly credit card details - even under idea circumstances, that's bad.
|
There is a very low chance of anything major happening to any given person for the type of people that have that data you stand a what? maybe 1 in a million shot of actually being effected by having that data stolen?
They likely either stole the data for cred card information or passwords. If you handle your passwords right its not a problem and cred card stuff will get them caught quite quickly if people actually pay attention to their bills.
It's more of a nuisance than anything else
Quote:
There is a risk of identity theft in this, though. Name, address, credit card, email address. If someone has been using the same password for the email and their PSN account, and they don't change the email one, that could become a much bigger problem.|
Originally Posted by Durakken
It's bad... and I'm pretty sure it's the first major hack that the general populous has had to deal with, but all things considered most of that info is useless for what a hacker that would hack into PSN would want with it and the rest is easily dealt with.
There is a very low chance of anything major happening to any given person for the type of people that have that data you stand a what? maybe 1 in a million shot of actually being effected by having that data stolen? They likely either stole the data for cred card information or passwords. If you handle your passwords right its not a problem and cred card stuff will get them caught quite quickly if people actually pay attention to their bills. It's more of a nuisance than anything else |
But it's as they say: "Paranoia" and "sufficient IT security" are one and the same. Attacks like this PSN hack just goes to show why. Sony apparently trusted that the data coming from a PS3 was always clean. Big mistake and not nearly paranoid enough.
But to us users, it's probably not a big deal in the long run. Swap out passwords, (and credit card if you're paranoid enough), and you're pretty much golden again. Sony on the other hand faces the wrath of politicians, lawyers, and financial institutions over this. It's much, much worse to be Sony right now.
Aegis Rose, Forcefield/Energy Defender - Freedom
"Bubble up for safety!"
And aren't I glad that I used a unique PS3 only password for that login. 
But it's MY sadistic mechanical monster and I'm here to make sure it knows it. - Girl Genius
List of Invention Guides
Unless Sony is a complete bunch of morons, it is unlikely that they actually got passwords. Nobody who sets up security systems with a lick of sense actually stores passwords. Instead you store the passwords in your database as a hash.
A hash in this instance is effectively a one way translator. You password is converted to so much gibberish by a one way algorithm which is consistently reproducible. Thus the hash generated when you enter your password can be compared to your stored hash, and if they agree, you are validated. To crack the hash back to the actual password is essentially as hard as cracking the password itself.
Now I've never tried to contact Sony to have my password changed. If they are willing to send your password to you, then yes, they are likely dunderheads and not using a hash. If, however, they are only willing to change your password, then they have a clue.
Any environment in which you are able to have your password sent to you as you typed it in (without generating a new one which is sent) should scare the hell out of you. Those people are actually keeping your password in a retrievable fashion which is abysmal security practice. Never use a password you use elsewhere for such an instance.
Too many alts to list.
Except your password is one of the things that Sony believes might have been compromised.
So they perhaps ARE a complete bunch of morons.
-k
I see myself as witty, urbane, highly talented, hugely successful with a keen sense of style. Plus of course my own special brand of modesty.
Virtue: Automatic Lenin | The Pink Guy | Superpowered | Guardia | Guardia Prime | Ultrapowered
Quote:
It certainly is possible. I'd say it was unlikely, but possible. If could be that the hash table in the database was purloined along with the rest of the data, and hence you could say the password data got out, but effectively, not really. |
Originally Posted by NinjaPirate
Except your password is one of the things that Sony believes might have been compromised.
So they perhaps ARE a complete bunch of morons. -k |
Nonetheless, it would be prudent for people who re-use their PS-3 password elsewhere to change it.
Too many alts to list.
Quote:
I heard a former-hacker-turned-net-security-guy talking about this on NPR and he said he was surprised that Sony hadn't bothered to encrypt the information, so... perhaps they ARE a complete bunch of morons.
|
Originally Posted by NinjaPirate
Except your password is one of the things that Sony believes might have been compromised.
So they perhaps ARE a complete bunch of morons. |
Why encrypt? It's only info on gamers. Lazy dregs of society. Serves them right. 
Father Xmas - Level 50 Ice/Ice Tanker - Victory
$725 and $1350 parts lists --- My guide to computer components
Tempus unum hominem manet
Quote:
We are talking about the same company that left the master encryption keys to both PS3 and PSP software inside the consumer PS3s. Not just the DEcryption keys, the ENcryption keys as well. Whoops. I wouldn't be surprised at anything now.
|
Originally Posted by Clave_Dark_5
I heard a former-hacker-turned-net-security-guy talking about this on NPR and he said he was surprised that Sony hadn't bothered to encrypt the information, so... perhaps they ARE a complete bunch of morons.
|
Aegis Rose, Forcefield/Energy Defender - Freedom
"Bubble up for safety!"
Fortunately, I set up all my game accounts to not remember my password to avoid this very scenario. That way I can change it on the fly as necessary. Plus, I hate being signed into anything automatically.
S.
Part of Sister Flame's Clickey-Clack Posse
That won't matter. The problem is that parts of their database were apparently stolen. Whether your individual client "remembers" your password is irrelevant. The system you're logging into has your account information stored, and your password is in there somewhere. When you type a password on your end, the system needs to check it against something to verify that it's actually correct. And it was that stored information that may have been compromised.
Quote:
Rainbow Tables|
Originally Posted by docbuzzard
Unless Sony is a complete bunch of morons, it is unlikely that they actually got passwords. Nobody who sets up security systems with a lick of sense actually stores passwords. Instead you store the passwords in your database as a hash.
|
From the article:
Quote:
| ...most hashes are designed to be computed quickly. This allows someone who gains access to the stored hash values to rapidly check long lists of possible passwords for validity. One defense against such attacks is to use longer passwords, increasing greatly the number of possible passwords an attacker must check to find the correct one. For simple hash schemes...an attacker can precompute the hash values for all common or short passwords and save them in a large table. Once a hash value is obtained it can then be quickly looked up in the table to find the matching password. However as the size of passwords grows, such tables can become too big to store. An alternative is to store the starting points for long chains of hashed passwords. This requires more computation to look up a purloined password hash, but saves greatly on space. |
Apt: http://www.vgcats.com/comics/?strip_id=305
Omnes relinquite spes, o vos intrantes
My Characters
CoX Chatlog Parser
Last.fm Feed
*sigh*... I have no idea what password I have on PSN (haven't used it in over a year) so I have no idea if I need to change any other passwords. And changing them all is a nightmare...
Icelock - Ice/Storm Controller
Command Bot 1 - Bot/Traps MM
Quote:
so we are in the same boat it seems ugh this is just plain annoying
|
Originally Posted by Icelock
*sigh*... I have no idea what password I have on PSN (haven't used it in over a year) so I have no idea if I need to change any other passwords. And changing them all is a nightmare...
|
"I think I'm cute. I've got gold medals.
I've got the moves that make them all tap out.
The Angle Slam, the Ankle Lock.
Marty Jannetty...still can't walk.
I'm just the sexy Kurt.
I'll make your ankle hurt.
I'm just the sexy Kurt.
I'll make your ankle hurt."
Kurt Angle
Surprise, surprise. Looks like someone is slapping Sony with a class-action lawsuit over the network hack.
Paragon Unleashed Forums
Twitter: @Alpha_Ryvius
Quote:
and more!|
Originally Posted by Unknown_User
Surprise, surprise. Looks like someone is slapping Sony with a class-action lawsuit over the network hack.
|
Sony may be hit with £500K fine over PSN data loss
I know there's a ban on other video games, but this is an account security matter. I hope that's an allowable exception.
Read this: Update on PlayStation Network and Qriocity
Read this in particular:
If you're using that password anywhere else, change it. Now! And if you have a registered credit card at them, keep a very close eye on it. Or get a new one. This is a massive security leak, we're talking 77 million stolen email address/password combinations with both purchase history and location of the PS3 you bought it with, plus a possible leak of credit card data. I may sound paranoid, but this should be taken VERY seriously.
Now if you'll excuse me, I have some passwords to change...
Aegis Rose, Forcefield/Energy Defender - Freedom
"Bubble up for safety!"