Well I'm very much of the opinion that you learn best from your mistakes....so i hope your right, on the "Only good can come of this" part......and the "Xchat" thing........although easy as to the Xchat.
PSN down thread
- Thread starter Jax
- Start date
Well I'm very much of the opinion that you learn best from your mistakes....so i hope your right, on the "Only good can come of this" part......and the "Xchat" thing........although easy as to the Xchat.
I'm in the same boat as far as remembering. Anyone know if there's any way to check without getting on PSN? The not being able to check part has been really annoying.
I just "killed" my CC out of caution even though I've not yet seen any evidence of fraudulent activity. That was pretty painless, but yeah the autobill thing is kind of pain. One of my co-workers is ROYALLY hacked off at Sony this morning, and I'm like OK, it's annoying but JFC it's not the end of the world IF you step up and take care of business right away.
He sent me some article about how supposedly Sony was advising people to change all their passwords on ALL of their credit cards, yada, yada. And I'm like, I've NEVER given Sony that information, how could this breach have gotten that information? Especially for cards I don't use on PSN. They don't even have my CC password for the CC that I do use on the PSN.
Now that I think about it, I hope I killed the right card.
Its getting really complicated over on the official PS3 forums, so many people stating so many different things, CC info was not compromised, only CC info from those with CFW was compromised, CC info has always been encrypted, CC info was sent in plain text.......I cant seem to find anything that nails down just what CC wise is happening.
I'm kind of shooting from the hip here, and I may be wrong, but this advice is free, so take it FWIW. But I think you can go into account management and see that information. Not sure if you have to be online or not for that. I'm not where I can check it right at the moment, but I'm suddenly curious too as I may have killed the wrong cc.
If Sony was storing full credit card numbers or transmitting them in plaintext then they were flat-out breaking the law.
Well yeah it is confusing. I probably overreacted, but I figure better safe than sorry.
Would that have anything to do with the "Data Protection Act?" My co-worker sent me this e-mail, with no source, that said Sony could face "heavy fines for breaching the Date Protection Act."
Yeah. A few years ago it became illegal to store actual credit card numbers due to the risk of data theft. What most companies have done instead is have "merchant authorization codes." Basically, you enter your CC# once, and that generates a merchant auth code, which can then be used to charge your card in the future without actually using your card number. If you ever wonder how sites like Amazon and Google remember your CC#, that's how. They only show the last 4 digits because that's all they're allowed to retain. They can't actually give you the whole number because they don't have it!
Now, it is possible that these authorization codes are what got stolen, in which case it's still a significant breach but Sony was not necessarily in violation of the law. However, if such data was being transmitted unencrypted they might still be on the hook. I just find it hard to believe a company as big as Sony would do something as boneheaded as store actual CC numbers in plain text in a database connected to the PSN itself. That is so many levels of reckless and stupid as to defy belief.
Well as Haggis wrote, it's not clear cut exactly what they did get. Here's an excerpt from an e-mail that I received from Sony today:
So does that mean they stored cc numbers in plain text, or is it possible somebody broke the encryption as well as hacking into the PSN?
So does that mean they stored cc numbers in plain text, or is it possible somebody broke the encryption as well as hacking into the PSN?
Yeah, it's hard to know how they were storing it, but given that we're talking about internal systems that were never meant to be accessed from outside, it's quite possible security was very lax.
OK, I need to correct the record. Just got home and fired up the PS3 and I'm not finding an "Account Management" option, so it must require that you be logged into the PSN. Which I guess upon reflection, makes sense. So DUH, ignore what the dummy wrote earlier.
Meanwhile there are scattered reports of actual cc fraud going on. But I don't think it can be conclusively proved to be because of this.
http://arstechnica.com/gaming/news/2011/04/ars-readers-report-credit-card-fraud-blame-sony.ars
Meanwhile, lawyers and politicians are lining up to take their shots at Sony.
http://www.pcworld.com/article/226501/legal_troubles_heat_up_for_sony_after_psn_breach.html#tk.hp_fv
http://arstechnica.com/gaming/news/2011/04/ars-readers-report-credit-card-fraud-blame-sony.ars
Meanwhile, lawyers and politicians are lining up to take their shots at Sony.
http://www.pcworld.com/article/226501/legal_troubles_heat_up_for_sony_after_psn_breach.html#tk.hp_fv
Last edited:
Seeing as the CC info was indeed encrypted and the 3 digit security number has never been stored or recorded at all, i think its no doubt coincide, especially considering the amount of CC fraud that's attempted on a daily basis round the world.
I don't know what to think of the law suits because i have no in depth idea of just how much security Sony had in place on the PSN, apart from the said mentioned CC and 3 digit security bits.
I just hope the law is as quick to deal with the idiot hackers who caused all this.
I don't know what to think of the law suits because i have no in depth idea of just how much security Sony had in place on the PSN, apart from the said mentioned CC and 3 digit security bits.
I just hope the law is as quick to deal with the idiot hackers who caused all this.
Bye bye Sony! Their consumer electronics suck, their Blu Ray format sucks and now this. Good riddance...
Similar threads
