Sony shut down its website for online PC games on Monday, almost two weeks after it closed the PlayStation Network following a criminal intrusion that stole personally identifiable information from 77 million account holders. The move by Sony Online Entertainment affects online playing of games such as Everquest, Dungeon …
...Sounds like a bonus double XP weekend coming up.... You would think due to the internet exposure of Station, there would be a little more attention and security paid to it. Ah well.
Made the switch to purchasing game cards rather than letting SOE bill me a while back because of funny things occurring amongst my EverQuest accounts - this justifies the effort nicely.
title not required
It already is a double XP weekend. Was looking forward to a day of Star Wars Galaxies....
Might have to copy your idea of the game cards though.....
Sony needs to track down the bastards that did this....
and hire them.
I hope they track them down! How to secure your password(s)...
Very troubling news. Make sure you you've also changed your passwords and use strong passwords that are unique to each system and service. How is the difficult part... I use LastPass and the techniques found here -> http://hitechbrew.com/password-recreational-browsing/
Bad Luck Moment
I've been doing that with all new website logins, and those that I remember about. Unfortunately, my PSN account and the Twitter one weren't on my "sensitive" list. They shared the same password. That would explain the mystery twits sent under my account sending spam about "make more money!" about 2 weeks ago.
Now I still can't get to reset my password on the PSN. Damn!
Who's crime is it, anyway?
"...following a criminal intrusion" - who has committed the crime here? The charlatans storing customer details in cleartext, or the crims who swiped them? Perhaps both?
Sony must really be wondering...
Sony must really be wondering if it was worth it.
I'm sure any other megacorp is having second thoughts about on the iron fist.
The general plan is to keep people wanting to give you money.
Sony failed, and now meta-failed by making big enemies - who, by not being commercial enemies, weren't "on their radar" in a business sense but should have been.
From my PlanetSide days, I remember Station.com being a bloody nightmare. If something feels that ropey to use, probably set up just as shambolically.
Same thing I feel when using Codemasters' website. Sigh.
I COULD care less, but
That would take more effort than it's worth.
You liars, Sony...
Sony have changed their statement yet again...!
>But I want to be very clear that the passwords were not stored in our database in cleartext form
Even though they openly said that they weren't encrypted a week ago.
Maybe they should move out of the entertainment industry and become politicians. I'm sure they'd be good at it.
Haven't changed their statement
Yes, not encrypted.
Yes, not stored as plain text.
Yes, stored as hash (like many sites).
Yes, because of hash, weak passwords with known hashes are vulnerable (not sure if they salted the passwords before hash. If so a little better until someone works out the salt).
Not Sony's year
They're just having all sorts of bad press these days.
..if Sony have checked for any rootkits on their systems?
This made me snort.
And all those poor trusting souls have been denied their games. Not to mention the root kit specialists letting the data get out for a second time.
Boy ah surely am glad this good ol' boy dumped all things Sony a while back. Made money doin' it too.
Paris because we all know a sucker when we see one.
A week ago they were saying the PSN passwords were not encrypted, the SOE system is entirely separate as a division. PSN != SOE, or for the less technical of you PSN <> SOE, or for the even less technical "they're bloody different systems you morons!"
Paypal is owned by eBay. Does this mean that what applies to one always has to apply to the other? Yes there is a fair chance they share code and procedures but there is equally good chance they differ in significant ways. They also own Skype, does this mean that Skype's servers and those of Paypal run with the same kind of security measures? Heck no.
If they're different systems...
then that just makes the problem worse. That means that two separate systems were broken into
Why would anyone trust a company...
...that puts rootkits on customers' machines?
Hmm let me see. Nintendo (Twee). M$ The evil empire. Or Sony DRM everything, even if its not theirs.
For a company that tries to push DRM down your throats, this fail must really hurt.
Got Email Today
I got an email from Sony this morning ...
"We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password. Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) – we will be notifying each of those customers promptly."
Oh shit ...
So how can they possibly ever open the system up again?
As soon as they open it up the hackers will probably be trying to us the login details to hijack the accounts.
The only thing they could possibly do would be to send you an email to the listed email address to allow you to change passwords before making the game servers live again, but you can bet the hackers will also be sending out very similar emails in the next few weeks.
So they may have to resort to old style snail-mail to contact all the account holders as this is the only possible way they can guarantee that the right person gets the contact.
I knew SOE/Sony were a shit company after the way they treated us during the SWG NGE mess, but I never knew they would be this bad.
In an email from them this morning:
"Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) – we will be notifying each of those customers promptly."