back to article Sony network ransacked in huge brute-force attack

Sony has warned users against a massive bruteforce attack against PlayStation and Sony network accounts. The attack – which used password and user ID combinations from an unidentified third-party source – succeeded in compromising 60,000 PlayStation Network and 33,000 Sony Online Entertainment network accounts. These accounts …

COMMENTS

This topic is closed for new posts.

Page:

Meh

The motive?

It's to steal information, use accounts for spamming and phishing, and possibly there's a small smidgeon of 'we can f--k you up whenever we want, Sony' attitude mixed in.

But thievery is the primary motive. It always is, no matter what flowery bullsh*t is used to declare some sort of 'l33t' status.

4
1
FAIL

Nice try...

But you fail to grasp what it's saying...

In short, someone is trying to access accounts on PSN with lists stolen from elsewhere, in the hope that users have used the same email/password combo.

So tell me, why is that Sonys problem????

4
8
Anonymous Coward

So tell me, why is that Sonys problem????

Because they live in the real world.

This real world is a magical place where dreams are made and crushed by the popularity of your products. If your product is popular you will succeed despite a handful of "people that aren't sheep" telling you why you, your product and your millions of customers are wrong.

Having tens of thousands of your customers come under attack can be a marketing nightmare or a marketing bonus depending on how it is handled. In the nightmare situation you do nothing, say "not our problem" and that's the end of it, you've save a million in lost hours and goodwill gestures...but you've also lost 100million in future sales due to your piss poor handling of the situation. The best solution is to put in that small investment into your customer base, make them happy and you can reap the rewards when the next version of your product is released.

Many companies fail to grow because they follow your mantra of "not our problem" it works great while you have new customers, but once you have gone through the market your business will fall flat on its face because no one else will want to buy from you.

2
1
FAIL

So by your logic...

The bad guys are:

Microsoft

Nintendo

Netflix

+ every other company with lots of users accounts, that say nothing when they get mass attacks based on some other sites passwords and logons....

As clearly there has been no hack at Sony, there has been a hack elsewhere, and those details are being used in an attempt to get PSN details.

So again, what have Sony done wrong here? If they say nothing, that's wrong, if they inform the press that there are hack attempts, that's wrong too....

1
2
Silver badge

For as much as I dislike Sony, I gotta agree with Barry on this one.

If I'm dumb enough to use the same username and password on two websites, there's not a damn thing the second site can do to protect my account if the first one gets hacked.

And it seems that Sony have learned from their previous mistake: the accounts were immediately locked, owners notified, mediation of damages were offered, and the incident was publicized.

1
0
Anonymous Coward

Sony says the lists are from elsewhere.

What kind of fool believes anything Sony says. Their incompetence has been repeatedly proven.

My personal boycott of Sony is now at 3 years minimum.

0
1
Silver badge

It isn't Sony's problem

They detected the attack and stopped it. Evidence that their security is improving. Who knows where the original list came from, but there are enough gaming forums and other sites where people often use their XBL / PSN id to talk and may well use the same password too.

2
0
WTF?

Here we go again

This reads like the AnitSec are back for the Lulz. Or somebody is really bored, Sony knew this was going to happen and yet accounts got hacked...Sad indeed.

1
1
Silver badge

It's not really their fault this time

It was a brute force attack. All brute force attackers need to overcome any single factor security (such as username and password) is time. There's really no way to defend against brute force except by adding biometrics or something to your signon.

2
4
Silver badge

All brute force attackers need is time...

not quite so. why not have 3 attempts at logging in and a five minute lockout in the event of a fail. wont stop brute force attacks, but make them take an impossibly long time to run even modest lists.

seem to remember pr0n sites doing such back when i was a lad with john the ripper and a list :-)

0
0
Anonymous Coward

"no way to defend against brute force"

Bullshiat!, it is possible to defend against brute force attacks. It's as simple as locking out the account after 3 or so attempts.

0
0
Silver badge
Boffin

Not a brute force attack

More likely someone nicked either a hashed pwd list, or applying the infamous Gizmodo list on the PSN. It is bound to end up scoring with people who use the same password for everything. That's the reason why I now use random passwords on most sites and keep said passwords on a Password Safe.

1
0
Anonymous Coward

Non news?

"We want to let you know that we have detected attempts on Sony Entertainment Network, PlayStation Network and Sony Online Entertainment (“Networks”) services to test a massive set of sign-in IDs and passwords against our network database. These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources."

Someone stole some user details from elsewhere and are trying to use them to break into PSN. END OF STORY....

1
0
Gold badge

Re: End of story

Not quite. If your account was attacked, it probably means that an account you have with some unrelated organisation has been compromised.

If those who had been attacked compared notes regarding who they have accounts with, it would probably be obvious where the breach had occured. Pooling information in this way might itself constitute poor security, though.

0
0
Unhappy

Not Sony's Fault

So, the accounts were compromised because people re-used compromised login details, or had easy to guess passwords?

The fault this time lies entirely with the end user.

The sad thing is, given the choice between learning to increase their on-line security or blaming someone else (Sony), I know where the majority of 'victims' will fall.

4
0
WTF?

Ransacked?

That's rather harsh use of language isn't it?

The hackers tried huge numbers of usernames and passwords, probably taken from a hack on another site. 93,000 of those matched usernames and passwords used on PSN and/or SOE. In the great majority of cases that is all that happened before Sony shut them out. In a few cases there was further activity and Sony knows which cases they were and will reimburse lost funds.

Hardly "ransacked". In fact more like "Sony proves they've learned their lesson in huge brute-force attack".

0
0
Pint

And sheeple didn't learn to use different passwords on different sites, despite previous hacks, and warnings to change them..

Yes, people are are told to not use a password book, but lets face it, with 20-30 different accounts, over multiple servers, the only real option is a physical book, or encrypted password file...

I use a book.. I'll know it's compromised when I come home to find the house ransacked.. then I can change them..

2
0
jai
Silver badge

that's why i changed my PSN password to a long random string that isn't used anywhere else, because it was obvious this was going to happen again some time

0
1
Silver badge

Sort of expected

Sony pwnd once again.

It was only a matter of time.

1
4
Silver badge

I bet this isn't really a brute force but someone trying the list of usernames & passwords from the earlier attack again and these 93,000 idiots, sorry... users, had changed their passwords back.

0
0
FAIL

You bet wrong.

Every PSN user was forced to change their password. So no accounts would have therefore been hacked.

I know it's really fashionable to blame Sony, but they are not even in the slightest to blame here.

I'm guessing those same 60k accounts were also tried to use to log onto Xbox Live, but Microsoft aren't warning people.....

The EPIC FAIL here are the posters that somehow think Sony are responsible for users duplicating passwords and logins across domains...

1
0
Silver badge

I think the original post implied lusers had changed their PW's _BACK_ to the old version after sony insisted everyone change.

At least that's what i read it to be.

which makes Sony's offers or compo particulary generous.

if i told you you couldnt use 'dave' as your pw and you changed it to 'chas' for a week and then went back to 'dave' when you got burned i'd take the view it was all down to you.

then again i didnt bolluxup 93 million accounts a few months ago.....

0
0
Silver badge

If Sony let them get away with that

they'd still be due some blame. Most password systems let you force that a password cannot be re-used for x number of times. But I concur MOST of the blame still belongs with the wetware at the far end (from Sony) of internet connection.

0
0

Phew

Thank god they installed that chief information security officer after that last attack, otherwise they'd have no-one to fire over this one.

3
0
Silver badge
Coat

I am not going to say it.

I am not going to say it.

I am not going to say it.

Oh, what the heck... "I told you so..."

1
2
Holmes

Could the source be Sony?

"The attack – which used password and user ID combinations from an unidentified third-party source" What like the hack attack which stole user IDs and passwords back over Easter?

0
0

Given that every PSN user was forced to change their password that would not make sense.

0
0
Anonymous Coward

They made unauthroised payment using the accounts yet the motive remains unclear? WTF???

0
0
Gold badge
WTF?

Bruteforce?

"...used password and user ID combinations from an unidentified third-party source..."

That doesn't sound like a bruteforce attack to me. That's a "wander right in using the same user/pwd combo that muppet-brain used on other site xyz" attack.

Maybe we need a snappy, single word name for that so Sony can use it in press releases come the next "Sony caught with knickers round ankles again" story?

1
2
Anonymous Coward

When will it ever stop?

This just isn't funny any more.

0
0
Anonymous Coward

oh yes it is

see title

2
1
Silver badge
Facepalm

Deja Vu???

li'l bit

0
0
Silver badge

what I'd be interested in

Is which hosting provider's network was this data-slurp executed from?

0
0
Trollface

Motive remains unclear...

... just have to find someone with a grudge against Sony. That should narrow it down..

2
0
Silver badge
Joke

Don't panic!

We've all signed away our right to take part in a class action against Sony so the harm has been minimised :D

0
0
Anonymous Coward

Joke or not I have not signed away any rights with Sony. I refuse to accept the new terms PERIOD.

Sheep will sign anything I suppose, without even reading it first.

0
0
Anonymous Coward

Except of course in the UK you cannot sign away your rights.

0
0

What is the point of such a network?

Sony seems to have more problems these days with their '2 bit' freebie gaming network than is worthwhile and they don't seem to know whether they're coming or going securitywise.

I'll stick with the XBL until somebody manages to spread it's security legs wider than the dirty Whore that is PSN.

0
4
FAIL

Errm Idiot alert..

Someone want to tell him that those same 60k account login details would have been tried against XBox Live too (and no doubt hundreds of other sites online).

The difference is, Microsoft haven't informed him....

1
1
Facepalm

Fanboys are usually quick to jump.

Can you actually provide evidence that they did?

You have no basis to prove such an accusation, but seem certain regarding the fact.

Do you have some insight that the rest of the world doesn't.

By your reckoning and logic here almost anything and everything could have been hit by the said attack, but the truth is it's unlikely.

How many warnings have you received from other parties regarding this attack?

I'm guessing no-one.

All I ask for is a trouble free and secure gaming network and I've had that for more than 5 years, none of my info seems to have been spilt all over the net, if so, M$ have made a mighty fine job of cleaning it or keeping it from the public eye, which is exactly as I want info treated.

0
1
Facepalm

Can you actually provide evidence that they did?

You have no basis to prove such an accusation, but seem certain regarding the fact.

Do you have some insight that the rest of the world doesn't.

By your reckoning and logic here almost anything and everything could have been hit by the said attack, but the truth is it's unlikely.

How many warnings have you received from other parties regarding this attack?

I'm guessing no-one.

0
1
Trollface

Unleash the x-box fanboys!

My guess is the 93,000 compromised accounts are the ones of people who vowed never to log onto playstation network again after the last attack, and therefore left there passwords unchanged.

0
1
Anonymous Coward

Change your password!

I wonder how many of the accounts compromised in the first attack on the PSN 'changed' their passwords by adding 1 to the number at the end? Worth a brute-force check...

0
0

People are just people.

You cant complain when people don't take proper care of their own security saying they should know better.

Looking at the number of accounts that get highjacked it's clear they don't know.

I don't know who's responsabilty it should be to get these people to take better care though.

If Sony put something up for people to read before joining people would just ignore it anyway. So how do you fix these people?

I really don't like Sony though so I find it hard to sypothize with them. It's just their customers I feel sorry for.

1
0
Flame

ergh

For the love of [insert deity here]. Given the profile of Sony's last hack is it not reasonable to assume they have become a target of what, the majority of you seem to keep forgetting, is a criminal activity? Yeah sure it's all Sony's fault for somehow not being able to secure it's network, point in case is they shouldn't have too. I see not one post on here condemning hackers targetting PSN, a service used by millions, yet i see a damned lot of slating of Sony's security.

I'll tell you what i'll get a victim of violent crime and bring them out here and we can all tell them how pathetic they were for not taking self defense lessons of some kind. Yes, that is exactly how rediculous the majority of people are being regarding Sony's repeated attack.

For every attack you hear about that works, i bet they fend of tens if not hundreds of other attacks which don't work, especially given the profile of their "rubbish" security. You all need some perspective.

Also the data was from a third party site [supposedly], if that's not a sony controlled one then it's not even remotely their issue and clearly they have reacted appropriately.

</rant>

1
0
Silver badge

Your first paragraph is rubbish.

and your second debatable. I know Europeans don't get American gun culture, but the fact is, it actually works except where idiots here think Europeans have a better idea and we should emulate it.

Your third statement while probably true has no proof and is therefore moot.

But I'll let you off because your final paragraph correctly sums up the article. Next time skip the dreck at the front and you'll get a thumbs up.

0
0
Alert

DaeDaLuS_015:

This was, in fact, an unsuccessful attack. It's because of Sony's heightened security that it didn't get through to cause any damage, and this was clearly not Sony's fault in this case. It's those users who utilized the same username/password combination elsewhere as they did on the PSN.

The accounts were locked out to prevent the user's own mistake from causing too much damage.

0
0
Anonymous Coward

@tom 13

" know Europeans don't get American gun culture, but the fact is, it actually works"...

Yes, yet another successful gun related massacre in the USA recently.

0
0
Coat

Why Sony , again ?

Simple .. it's the most hatefull and hated company ever.

They treat their resellers like crap , their customers like shit and the whole enchilada is past due for the garbage bin. They are still in business because people dont care as long as they got the immediate benifits of a toy. I say it's time to change customer attitude and make them think before they buy that the corporation dont give a shit about them and that they count for nothing. All they want is the money for nothing in return and that's just the top of Sony's iceberg.

I know .. we're a Sony Professional retailer and service center.

A post covering detailed Sony's behavior would be several hundred pages long.

Most unfortunate. But fortunately it's time for a pint.

2
5

If you dislike Sony that much, perhaps you should reconsider working for or running a Sony Professional retailer / Service Centre?

Or is it that you don't care as long as you keep getting your share of the cash?

1
0

Page:

This topic is closed for new posts.

Forums