back to article New Sony hack exposes more consumer passwords

Hackers who last week broke into the website of television network PBS have turned their attention to Sony's movie division, publishing what appeared to be the email addresses and passwords belonging to at least 50,000 consumers who registered for online promotions. A group called LulzSec claimed responsibility for the attack …

COMMENTS

This topic is closed for new posts.
  1. Mikel
    Thumb Up

    This is not a repeat from last week

    Nor is it a prepeat from next week. This is an article about a single incidence of Sony Pwnage. It differs little from the ones that went before, nor from the ones sure to come after except by the who and how, but it is a unique incident worthy of reportage.

    That Sony's online security was weak and many people's information was compromised is not newsworthy at this point. But the specific ways that they were so compromised and their number is unique and so worthy of reporting.

    Keep them coming!

    1. Elmer Phud
      Happy

      Need to leave the house

      and get more popcorn - this looks like it's gonna run longer than StarWars

  2. Svein Skogen
    Flame

    That'll teach 'em

    I haven't willingly touched a sony product since their rootkit fiasco (I had the fortune of cleaning up someones pc after that one). And I've seen the stuff they've done since. The only reaction you get from me over people being hurt over this barrage against sony is "That'll teach 'em the cost of doing business with the mafia".

    //Svein

  3. Anonymous Coward
    Facepalm

    what playstation users are thinking now...

    http://www.youtube.com/watch?v=0yhQcDgMon8

  4. Asgard
    Happy

    Looks like its open season on Sony

    … in more ways than one. Plain text again?!

    After watching so much arrogance of Sony's Rookkits, their attitude to Linux, and the ensuing legal battles with the PS3 etc... Sony have been building anger against them for a long time, but they won't see it. They have pissed off a lot of people and Sony's continuing arrogance looks like its stirred up a Hornet's nest of public anger against them.

    Its like I said last week. Whilst protesters are often considered criminals, Sony would do well to recognize how they treat the public has a direct causal link with how some more militant elements of the public will end up treating Sony in return. Usually that's against political power, but now we live in a world increasingly ruled by corporate power, its therefore no surprise the public will only take so much unfair behaviour before retaliating and now its becoming open season on Sony.

    What worries me is what the governments are going to try to do. If they try to use this as an excuse to enforce more draconian measures over the Internet the shit is really going to hit the fan in all directions, but you just know the governments would love to try something more Orwellian to speed up and increase their already Orwellian moves. But they would do well to remember the news this year shows ever more people around the world have had enough of the rich and powerful and that isn't just governments, that includes the corporations as well. In a world increasingly influenced (and manipulated) by corporate power the corporations are now finding themselves in the firing line of peoples protests and anger. Sony are the first to feel that anger, but then Sony really have brought this on themselves.

    But I can't see Sony backing down and saying sorry. They are going to try to hit back with more legal action, which will incite even more anger against Sony. The hackers have the technical upper hand by a long way and they are rightfully angry, but the law has authoritarian power, but if they try to use more authoritarian methods that's going to greatly inflame even more anger against Sony and the governments.

    This really is like watching a revolution against corporate power, so Sony badly needs to rethink how they treat the public, as they need to realise their current dictatorial attitude has caused this anger. But like all dictators, they will continue to refuse to see they are wrong.

    1. Daniel 1
      Joke

      Sony Security: living up to the company motto

      "make.believe"

    2. varsas
      FAIL

      A lot of people?

      "They have pissed off a lot of people and Sony's continuing arrogance looks like its stirred up a Hornet's nest of public anger against them."

      It's a minority of people; a lot of people are pissed off at the hackers for attacking Sony and subsequently pissed off at Sony for not having good security.

    3. Tasogare
      Happy

      Re: "This really is like watching a revolution against corporate power...."

      That quote was close to my first thought after reading the article, but it seems someone beat me to saying it.

      Regardless of the legality or even morality of the break-ins, I'm sort of glad to see this. With corporate power effectively owning the government, public opposition to it has been nearly impossible; we can vote out a corrupt politician but we can't vote out the guy who bribed him and will bribe his replacement. Legal methods of opposing corporate power do not work; boycotts, for example, almost have to fail when the company is big enough, the competition small enough, and the population that must be made to work in concert is huge and has little in common. The number of legal methods tends to shrink as corporations buy the laws they need to protect themselves from the public.

      I make no statements on whether the current anti-Sony hacking spree is justified or not. But it seems to me that Sony's problems demonstrate that yes, it *is* still possible to bring effective force to bear on a powerful company, if its behavior becomes too consistently onerous.

      I find this heartening.

    4. elderlybloke
      Linux

      Looks like its open season on Sony → # Posted Friday 3rd June 2011 08:49 GMT

      Greetings Asgard,

      I have been buying Sony TVs for some years , if they have become corporate scum like Americans, I will have to rethink my purchases .

  5. Mondo the Magnificent
    FAIL

    So, it was "that easy" to hack?

    Ironically so is the PS3 and the Playstation Network.. and hacking either of those will land you in a world of shit...

  6. DavidD
    Pint

    The cost of privacy

    "All told, the attacks have exposed personally identifiable information for more than 100 million Sony customers and cost Sony at least $171 million."

    So that's a cost of approx. $171 per person whose account details were stolen. It's no wonder businesses don't give a toss about their customers details, I spent that drinking last weekend.

    Beer, because I spend more on it in a weekend than someones personal information costs Sony.

    1. Michael 47
      FAIL

      Not quite...

      $171,000,000/100,000,000 customers = $1.71 per customer

      So not even enough for a cup of coffee. That's how much of a shit Sony give

      1. Haku

        @Michael 47

        I think all that beer DavidB claims to drink each weekend must have impaired his ability to do basic maths.

    2. asdf
      FAIL

      lulz

      Epic math fail for all to see all weekend. Time for the withdraw button but not sure it allows it after people reply.

  7. jake Silver badge

    And the sillyness continues :-)

    Toy makers have no concept of security ... NEVER expect your toys to be secure beyond "here & now, not connected to anything else".

    The annonytwats, on the otherhand, should be rounded up & gunned down. They are not doing anything useful in the great scheme of things, and probably never will. Killing them all would be no loss to society.

    1. Anonymous Coward
      Anonymous Coward

      And the sillyness continues :-)

      Not if you STFU, it doesn't.

      1. jake Silver badge

        Not shutting the fuck up.

        And still the sillyness continues :-)

        Or were you trying to vaguely threaten me? Sorry, not gonna get results there, kiddo ... And please note that a double negative ... oh, hell, why do I bother ... Windmills & all that ... Looking forward to many more "thumbs down" from the illiterate. Ta in advance :-)

        1. Anonymous Coward
          Anonymous Coward

          Re: Not shutting the fuck up.

          Threaten you???

          That's rich coming from someone advocating mass murder.

          You really are pathetic.

          1. jake Silver badge

            Not mass murder.

            Chlorinating the gene pool.

            When I were a lad, two wrongs didn't make a right, but euthanizing dogs with Parvo was considered "best practice", because it was better for the humans and the dogs over the long haul.

            Don't get me wrong ... I like the idea of an open internet. I was sad when I had to kill the guest accounts on my internet facing servers in 1988. These annonytwats are a symptom of the problem, not the answer ... Don't glorify them. They are just as bad as the corporations they are trying to vilify. Maybe worse, in that they are intentionally causing the casual/ignorant user's data to become accessible to any and all criminals who care to access it.

            Again, I'm anticipating plenty of "thumbs down" from people who aren't thinking this thing thru'. Enjoy, if that makes your weekend. Me, I'm trying to educate :-)

    2. The Fuzzy Wotnot
      Thumb Up

      Right on!

      Death to "hacktivists" is a tad draconian but I too am getting a little tired of the antics by a bunch of snotty dirtbags who think they are some sort of modern revolutionary force. I agree we need to be careful to keep an eye on those that would seek to take our liberty, but this lot go too far.

      Some website writes an article that simply has a pop at a website this lot support and next thing, the internet equivalent of the Viking hordes decends, burns the place to the ground and steals the valuables! These so called activists bang on about freedom of speech and liberty, at the first sign anyone has a pop at them or their mates, they are down on the offending party like a ton of bricks! Yeah, we support freedom of speech, except those that use it against us!

      Catching the buggers and getting them out digging ditches or cleaning up old folks gardens for a bit would at least get to give something more useful to do than making trouble.

  8. Bilgepipe
    FAIL

    Oh...

    ...dear.

    What's more worrying is.... how many more major corporations are storing our personal data on the digital equivalent of the back on an envelope?

  9. The Alpha Klutz
    Pint

    Sony is the new whipping boy

    for any prankster or media outlet with more than two followers and a spare 5 minutes to rub together.

    Personally I approve of this situation.

    Not because I dislike Sony per se, I just like the idea that a big media company can be given such a persistent and ultraviolent beating by transient juvenile flashmobs that any notion of them being in control of public opinion will surely become laughable.

    I could argue that it is your moral duty to laugh.

  10. irish donkey
    Holmes

    When will it end

    stick your face in the hornets nest and look what happens.

    Althought why Sony haven't learned their lesson and encrypted their database's I will never know.

  11. trarch
    Thumb Down

    Publishing Details

    The site was unavailable when I tried to access it, so I'm just going off the article. If they have actually published the user details (email, password etc.) then they have no credibility whatsoever. You don't start complaining about a lack of security and then just show the contents to the world. Karma - 1 for them.

  12. Shane8
    Mushroom

    Dear Sony...

    We want Linux back on our PS3's, ready to comply yet ?

    1. SteveBalmer
      FAIL

      Is that what it's about?

      Some half-arsed gimped OS?

      Some people need to get a life. Sony took it away because hackers tried to break it open. THEY are the ones that opened pandoras box.

      1. asdf
        FAIL

        Cell BE is garbage

        >Some half-arsed gimped OS?

        The OS is fine, the problem is Sony's hardware. The Cell BE was such a general purpose fail architecture its what finally got Apple to move to Intel. Its such a superior architecture that IBM killed off development and sales of any future revision.

  13. Anonymous Coward
    Paris Hilton

    Muppets.

    With all the money Sony have invested in DRM systems to protect their data, they the F**k couldn't they invest in protecting (now-ex) customers data?

  14. Anonymous Coward
    FAIL

    Cleartext passwords?

    WTF is Sony up to? Did they hire cheap 16-year-olds to make all their websites?

    (No pun intended to those 16-year-olds who *do* know how to build a secure webapp.)

    1. CD001

      Worryingly...

      Working as a web dev and seeing some of the code I've seen... I strongly suspect the average 16-year-old hobbiest would do a better job than some of the professionals.

      Hobbiests tend to actually give a shit about their code... and aren't governed by clueless managers demanding a project be complete within an impossible timeframe of course.

  15. Tony Barnes
    Devil

    You've got to laugh

    I'm actually finding this whole situation pretty funny - given how disproportionate big firms can be against 'the little people', its really tickling me to see them fight back and give the big boys a kicking!

    Sony sure must regret some of its decisions these past months...

    NB - hackings bad, don't do it, mkay?

  16. Clint Sharp
    Devil

    Getting boring

    Sigh, store passwords/usernames plaintext, simple flaws, sql injection, have we a 'bot that writes these stories please?

    It's always the same old story, idiot complacent megacorp ignores basic good practice, loses buckets of data about customers, wrings hands, squeezes onion bag and promises to be good and fix the problem, blames nasty hackers for all their stupidity.

    Sony should know better by now given their recent woes.

  17. rob miller
    Holmes

    let's just review...

    Let's just recall briefly what Sony did to piss people off so much. They sold the Playstation 3 with nice compute hardware and encouraged owners to install alternate OS's (Linux) on the device. Lots used this functionality, including for scientific research which Sony was happy to brag about in their publicity. Then they took the feature away in a system upgrade ('optional', the alternative being no more use as a gaming system). Some of their customers tried legal recourse by suing them, but were rebuffed when the judge said Sony never promised to keep the OtherOS functionality ('WTF' indeed...). Amazingly enough, some owners remained dissatisfied and worked out how to circumvent the DRM and restore the ability to run Linux. So Sony brought suit against these customers, but that failed because of jurisdictional issues (and nothing about people being able use hardware they own as they please).

    So every day now bright, motivated coders wake up and look at this hardware, and remember this story. They also remember spousal unit using it as yet another example of money wasted on technology that didn't work out. Probably they don't get that same feeling of enjoyment any more using it for games or Linux (unless maybe it is contributing to another successful attack against Sony). For some this will have been 4-figure ($ or £) investments in hardware plus even more in time spent coding the system.

    None of this condones vigilante (cyber) attacks or the theft of private data from individuals with no input to the situation anyway, but my guess is there's still a lot of people out there who feel Sony's punishment hasn't yet balanced the personal pain they inflicted. Clearly most of the news industry can't seem to include any of this in their reports, but I continue to wonder if this is understood at all in Sony's boardroom.

    1. Matt Bryant Silver badge
      Happy

      RE: let's just review...

      I think you're giving the hackers waaaaaay too much credit. I think a more likely timeline for the typical hack would be as follows:

      NOON: Wake up when Mom comes in and starts screaming about not having got job yet.

      1PM: Surf pr0n.

      2PM: Surf alt news channels and hacker forums.

      3PM: Bored, look at jobsites to keep Mom quiet.

      3:05PM: Chat with fellow losers on 4Chan, bitch about Sony even though don't even own a Sony product.

      5PM: Hatch plan to use 1337 skillz to scan all Sony webistes with fellow losers, objective being to "show them".

      5.05PM: Having exhausted very limited skillz, download hacking tool (and compromise own PC with buit-in and hidden rootkit), start automated scan of Sony websites.

      5.10PM: Get a hit, follow online instructions from the hacking tool, get inside minor Sony website run by a third-party.

      6:00PM: Having satisfied childish desire for vandalism, download some of the user database (can't downlaod all becuase harddrive is full of pr0n and also now full off scammer/spammer sh*t from the rootkit that came with the hacking tool).

      6:05PM and for rest of the night: Brag on IRC, 4chan and wherever I can about how 1337 we are, pretend it was a major Sony site, but not mentioning the hacking tool, enjoy praise from fellow losers.

      1. Anonymous Coward
        Trollface

        "Brag on IRC, 4chan and wherever I can"

        Forgot to change that one to the third person.

        Looks like you just posted a page from your diary Matt.

        1. Matt Bryant Silver badge
          Happy

          RE: "Brag on IRC, 4chan and wherever I can"

          If I was into net crime, I wouldn't be as stupid as to advertise my "victories" on websites and channels known to be frequented by law enforcement agents.

          Also, I never download pr0n. Never. <Cough, looks away>

      2. Dirk Vandenheuvel
        Mushroom

        Hmm

        Looks more like a page from the diary of the Sony server admin.

      3. The Fuzzy Wotnot
        Happy

        Matt Bryant, @10:14

        "Never a truer word spoken in jest."

        Genius, sir!

    2. measmyself
      WTF?

      Personal!! pain!! shocker!!

      Personal pain???? have you lost your marbles??? What personal pain do you have from choosing to keep Linux or remove it??? You either want a) online gaming or b) linux, how could you want both anyway.

      1. Linux was being phased out of the new slim model anyway

      2. Whats the point in having it

      3. What purpose does it serve for gaming

      4. Sony wouldnt earn any money on a linux only sale

      5. What's the point in having it?

      6. You can choose between keeping it or removing it.

      1. Matt Bryant Silver badge
        Boffin

        RE: Personal!! pain!! shocker!!

        As I understand it, Sony did use advertising with the PS2 as Linux-ready and supplied additional bits (OtherOS, Ethernet adapter, harddrive) so you could use it as a "PC" but retain the ability to boot it up as an ordinary PS2 for gaming. They added a feature to the PS3 after launch to allow the same for the PS3, but then decided it introduced a "security risk" and dropped it from development for the PS3 Slim model. They then released a firmware update (3.21) that killed the dual-boot option and made the PS3s that could already dual-boot into game-only PS3s. Many users that want to keep the dual-boot capability simply didn't install the firmware update. Probably a bit simplified, but that's the sequence of events as I can find it. You could argue that Sony removed a paid-for feature from a product, but you could also argue that the security of the service they offered was paramount. Just imagine the screaming if someone had introduced a virus that attacked PS3s via the Sony network. I'm betting the vast majority of PS3 buyers had zero interest in using Linux on the PS3 and therefore the security of the service given to them outweighed the loss to a few hobbiests.

        So, for all those pretending they have some moral right to go trashing Sony's websites, the answer would seem obvious - keep your PS3 at the old firmware prior to 3.21, or buy a PS2 (or just a cheap PC of eBay, it would probably be a better Linux PC than a PS3 anyway), and just STFU. It is ironic that the haxors are moaning about Sony's security when Sony removed the dual-boot because it introduced security issues!

        1. Captain DaFt
          WTF?

          @ Matt Bryant

          "You could argue that Sony removed a paid-for feature from a product, but you could also argue that the security of the service they offered was paramount. "

          And I'll bet you even kept a straight face when you typed that!

          (It looks like a bit like Sony threw a party, and was was keeping a jealous eye on the cookie jar after padlocking it, but left their jewel box and liquor cabinet unlocked and unguarded on the patio, considering how things have worked out!)

    3. Sinical
      Holmes

      2 Sides to every argument

      Let's just recall briefly what Sony did to be victimised by a bunch of criminals who have illegally accessed their customer data. They sold the Playstation 3 with nice computer hardware and gave owners the option to install alternate OS's (Linux) on the device. A tiny minority used this functionality (as evidence - of the 70+ PS3 owners I have contact with, I know of 1 (me) who used this option), including for scientific research (not me if I'm honest) which Sony was happy to brag about in their publicity, as none of their rivals had been so nice. As a result of people using OtherOS to bypass the security within the PS3, and then publishing how to do it, they took the feature away in a system upgrade ('optional', the alternative being no more use as a gaming system which was extremely unlikely to impact anyone using the PS3 for scientific research) in an effort to ensure games continued to be developed. Some of their customers tried legal recourse by suing them, but were rebuffed when the judge said Sony never promised to keep the OtherOS functionality, as stated in their published T&Cs which these same customers had agreed to. So, now on a legal roll, Sony brought suit against the customers who had broken their agreements and tried their best to encourage software piracy (OK - gave people the option :)), but that failed because of jurisdictional issues (which means that the T&Cs are still legally binding).

      So every day now bright, motivated coders drag themselves out of their pits and look at this hardware, and remember this story. They also remember their beloved using it as yet another example of money wasted on technology that didn't work out due to PSN being taken down as a result of hacktivists activities. Probably they don't get that same feeling of enjoyment any more using it for games (because of previously stated hacktivist activity) or Linux (assuming they ever used it). For some this will have been 4-figure ($ or £) investments in hardware and software and yet they still can't shoot their friends in the face online due to previously stated hacktivist activities (although this facility is now, finally, restored).

      None of this condones vigilante (cyber) attacks or the theft of private data from individuals with no input to the situation anyway, but my guess is there's still a lot of people out there who feel the hacktivists's punishment hasn't yet even started to balance the personal inconvenience they have had inflicted on them (not to mention costs to Sony, 3rd party devs etc…). Clearly most of the news industry can't seem to include any of this in their reports, they just dumb the whole thing down to the Sony are bad message, but I think after announcing this has so far cost Sony at least $170 million it is understood all too clearly in Sony's boardroom - don't trust Linux users .. err … I mean do no evil.

      I only take issue with one of your points. Your timeline is out of kilter. IIRC (and that’s a fairly big if) OtherOS was removed as a result of the decoding and then publication of the security keys.

      I am being devils advocate above btw, no need to flame me. IMHO Sony are complete arseholes. But so is every other big tech corporation, particularly in the console market. Microsoft (no explanation needed – the name is enough). Nintendo have achieved levels of control freakery over the years that Sony and MS can only dream of. (Surely Apple have a console coming out - they seem perfect for this sector :)) The whole thing stinks, but there is a legal way of letting any company know if you feel strongly about their practices. Don't give them your money. It's really, really that simple.

      Hacktivism is great at making a point. This has generated publicity that marketing execs would kill for. People know the story (Sony are bad). Stop now. If people agree with the hacktivists they will stop buying Sony. But carrying on the vendetta suggests the people behind it don't want the public to make a free and informed choice, it suggests they want to force them to believe what they believe or make it impossible for the public to choose an option they don't like. That isn't hacktivism, that's fundamentalism.

  18. NickyD

    Stole?

    You can't steal knowledge, poor tabloid sensationalist journalism again.

  19. Anonymous Coward
    Mushroom

    Sony should be fined !

    This is simply outrageous!

    Sony should be fined a hefty fine for not protecting user's private data adequately. Storing any private data in unencrypted form surely constitutes a breach of private data protection laws?

    At least European Commission should fine them - say EUR 1000 per customer times a million customers? That would maybe finally teach Sony a lesson!

    1. SteveBalmer
      FAIL

      Idiot alert

      Errm, except is a US company, US customers, so really nothing to do with us.

      Or are you too stupid to comprehend that?

      Obviously, this all depends if you believe the words of common thieves that claim to have taken this stuff... I don't

      1. Captain DaFt
        Meh

        Uhm...

        Sony Corporation is headquartered in Tokyo. Sony Corporation of America, based in New York City, is the U.S. subsidiary. Sony's website goes to great pains to point out that they are a global company, so yes, it does have to do with you too.

        Why do they have a US subsidiary? To fool Americans that they are an American Company.

        (See also; Sony Corporate motto - "Make Believe".)

    2. defiler

      Fines don't really work

      Corporation (n): An ingenious device for obtaining individual profit without individual responsibility.

      Until you can *personally* fine the board of directors (and ensure that they don't just claim it back as expenses or a bonus), or you can *personally* jail the board of directors, they're basically immune to the law.

      Sure you can fine the company, but that comes from the shareholders. The shareholders can *demand* a change of the board, but that means golden parachutes for all! The directors walk with a fat wallet, and head into another post just as soon as possible. After all, do you think people would be so pissed off if Fred Goodwin was actually jailed, rather than sent scuttling on his merry way with a warm handshake and enough cash to choke a donkey?

  20. DB2k

    press release?

    hackers now do press releases? wow.

  21. Anonymous Coward
    FAIL

    Yeah

    " This is disgraceful and insecure: they were asking for it."

    Except of course, it's the customers who have really been harmed. It's their data that's been posted, not Sony's.

    Yeah Sony should have encrypted, and seems to have a security model representative of swiss cheese, but it's not really them this hurt.

    I know the old theory;

    1. post customer details

    2. Customers complain to Company/Stop using company

    3. Company improves policies

    But the reality is that's not what'll happen. Affected customers will just blame it on the hackers and so the above theory fails.

    Bunch of bored kids on a crusade for lulz, whats new?

    1. Asgard
      FAIL

      @AC "Except of course, it's the customers who have really been harmed"

      You completely forget, if the appalling Sony security hadn't been shown up as still bad, other groups of people with real criminal intent could have got to the data first. At least this way people know the data is leaked and so change their passwords quickly and are very careful about dealing with Sony until Sony finally act professionally and protect people's data, which they should have been doing from day one.

      Too many corporations have a lax attitude to peoples data. Information is leaking all over the place. I've lost count of the number of times corporations have treated peoples data with appallingly bad security.

      Plus you also overlook what Sony has done to incite so much anger against it.

      1. Anonymous Coward
        Anonymous Coward

        True but....

        Whilst it has brought the shoddy security into the limelight (multiple times over!), there's still no need for them to have actually published the username/passwords they recovered.

        Of course, it is the easiest way of verifying that you _have_ breached their system, but given the number of breaches Sony have had recently I'm not sure people would require such a high standard of proof at this point.

        As for overlooking what Sony has done, not at all. _SONY_ have done a lot to incite anger, but that's Sony and not their customers. It's not Sony's board of directors who have had their data leaked (unless they were customers) it's their customers.

        Sony could literally rape and pillage, it wouldn't make it right to disclose their customers details. Target Sony not their customers (he says despite not being affected)

        And yeah, too many corporations are far too lax. Some go so far as being indifferent, but in certain areas I'm begining to wonder regarding storage of passwords etc;

        Company A sells Bricks (first thing came to mind)

        They decide to sell bricks through their website, but users must register first

        Company A contracts SuperWebDev to build said site (or at least the functionality)

        Although ultimately Company A _is_ responsible for the data and any breaches, they've probably not got a clue about password storage (and yes, they should read and learn). Ultimately it's the cowboy firm SuperWebDev (apologies if it's a real company!) that decided to cut corners and store in plaintext.

        Yes companies need to learn just how stupid it is, but perhaps it's time to name and shame those developers who _still_ seem to be churning out systems that store creds in plaintext. Lets face it, generating a salted hash isn't hard whatsoever (anyone ever tried it in BrainFuck? bet that's hard!)

        I hate what Sony do and have done, I make a personal point of trying to avoid their products but it's their customers who are really taking the bullets, not Sony. A large proportion of those customers aren't going to understand the reasoning for their account being compromised and so will stay with Sony. Different tactics are needed!

        1. Anonymous Coward
          Trollface

          AC Friday 3rd June 2011 10:15 GMT

          Your logic is flawed. You CAN blame the customers for Sony's actions, because it is the actions of the customers that ENABLES Sony's actions. Heard of the economic principle of the voting dollar?

          If I ran a bank and left the deposits in piles of money around on the floor and my bank was robbed, it is the customer's cash that is taken, but it is entirely their responsibility and their fault that I had control over their money.

          Saying "blame Sony" and boohooing over their "poor poor customers" is just another example of the tendency of people (Americans especially) to refuse to account for their own actions.

          1. Anonymous Coward
            Anonymous Coward

            Actually....

            In your scenario, although it may be the cash they handed you, it becomes _your_ responsibility to repay them. Whether you go bankrupt and can't do it is another issue.

            Don't get me wrong, I agree with your sentiments regarding the voting dollar (or pound in my case) but are you really so arrogant as to believe those who don't know any better to have their personal details posted online? In this case it was low-level stuff, but it doesn't mean it always will be.

            I try to make sure people understand, and those I talk to often seem to take it pretty seriously, but how much of the rest of the population gives a toss enough to actually do something? To them it's technical stuff and something that happens to other people. Over time I can see it improving a bit, but I'm not sure it'll ever get close to 100%. For example I'm not an aviation techie but I still use planes, to a lot of people it's about the same difference, PCs are a utility that's looked after by someone else.

            I never boohoed over the customers, I just don't agree with people posting private details and then telling those affected it's their fault for using Company A. Especially when Company A are as badly at fault as Sony are here.

  22. Mage Silver badge
    Flame

    I'm baffled.

    I'm no expert but I can set up a web server where the password file has only hashes in it and is not available to web side access.

  23. Rombizio
    FAIL

    Read my opinion below....

    HHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAAAAAAAAAAAHAHAHAHAHAHAHA

    Take that Sony bastards.

  24. King Jack
    Happy

    Happiness is a failing Sony

    I'm looking forward to reading (and laughing) about more hacks in the future.

    1. Matt Bryant Silver badge
      Stop

      RE: Happiness is a failing Sony

      Please stop and think for a moment. You read about the hacks on tech webistes, maybe a brief article on the Beeb, and that's it. Most Sony customers won't even read about it because they don't go to tech webbies and go straight to the Sports section of the BBC website. Then, you have to place yourself in the boots of the average Sony customer, who probably thinks "So what, they got a few email addresses, can't you just get loads of those off Google?" At most, one or two may think twice of signing up for any Sony film promos. It will do SFA to dent sales of other Sony products such as TVs or laptops, and probably very little long-term damage to PlayStation sales either.

      What it will do is harden Sony's attitude to Linux and any form of future collaboration, and mean even the most innocent of looks, either at Sony's websites or hardware, will mean a prompt visit by Sony lawyers and probably the local plod. The PS3 owners I know are annoyed with Sony over the loss of their online gaming service. But they're far angrier with the haxors who they see as a minority ruining everyone else's fun just because they can't play with their "hobby OS".

      1. King Jack
        Facepalm

        The wrong approach.

        'What it will do is harden Sony's attitude to Linux and any form of future collaboration, and mean even the most innocent of looks, either at Sony's websites or hardware, will mean a prompt visit by Sony lawyers and probably the local plod.'

        Exactly. This is why Sony is and will be on many peoples shit list, and why I will never let another Sony product into my house. It's also why they are being hacked to death. . No amount of bullying is going to change public opinion to favour them (Sony). Keep on with the lawyers, it appears to be working great!

        RIP

        1. Matt Bryant Silver badge
          FAIL

          RE: The wrong approach.

          What, there's an "approach" in the hacking? Face it, you're never going to get Sony to put OtherOS back on a PS3, so what do you hope to gain? Childish kicks? You want to embarass Sony, but where is the benefit to the hackers? The reality is the hacking is itself nothing more than a nuisance exercise more likely to land some people with criminal records and bring more discredit to the Linux community. Sony will not die, the PSN will carry on. You don't want to buy another Sony device then that's fine, but for you to try and force others not to buy Sony products is just forcing your views on them. Most PS3 users couldn't give a stuff about OtherOS, they justy see a bunch of spoilt skiddies on a web-based vandalism spree. You talk about Sony's image, but the Joe Public perception of Anonymous and associated groups are that they all need to get out of their Moms' basements, get jobs and leave the PSN the fudge alone.

  25. Mike Richards Silver badge

    Sony customer advice

    If you are a Sony customer and you have not had your confidential information released as yet, could you please give them a call so they can do so immediately. Sorry for any inconvenience.

  26. slack
    Pint

    I need a job

    I know sweet f*ck all about computer security but I'll work for beer. I think I will send my CV to Sony.

  27. Anonymous Coward
    WTF?

    Quick question.....

    How many times have you ever been asked for a password when signing up to an online promotion?

  28. Richard Pennington 1
    Joke

    What's the point?

    After all, all the userIDs and passwords were public domain after the previous hack ...

    1. Dante

      no... it's for completion

      it only just the credit card details which went public at the previous attack :)

  29. Jedit
    WTF?

    Got an e-mail about this the other day

    Was told that the PSN was back online and that users were receiving 45 days free credit as an apology for the outage.

    Funny thing is, I don't own a PlayStation and never have, nor have I ever looked at, requested information on or (God forbid) had an account on PSN.

    The even funnier thing, though, is that in the source code all the links and headers appeared to be legit - none of the usual "www.sony.com that turns out to be www.sony.returns.com" tricks. I didn't click on them anyway, of course, but either scammers are getting incredibly clever or Sony don't know who their own customers are.

  30. phil mcracken
    Trollface

    those that sow the wind...

    shall reap the whirlwind and all that.

    </popcorn>

  31. Mike Flugennock
    Thumb Up

    Boo yah! Sic Semper Sony!

    Between the legal threats against PS jailbreakers, and the rootkits on audio CDs, I'd say this couldn't happen to a nicer bunch of filthy, thieving bullies.

    $171 mil, huh? Sounds like a good start. You go, LulzSec!

  32. Anonymous Coward
    Facepalm

    Oh the irony

    If this hack was done from a PS3 running Linux.

    Personally I am still mad at the rootkit I got trying to put some music on my iPod (thanks Sony). I dont advocate activism (since its illegal and doing so would be conspiracy to break the law), but the irony is not lost.

  33. Anonymous Coward
    Anonymous Coward

    Hmm...

    Attacking the customers of the company you don't like is very much in the MO of some of the more extreme animal rights groups.

    Add this to blocking of freedom of speech of those who disagree with you and general vigilantism, anonymous are really starting to behave very much like the thing that they were protesting about in the first place: Scientology

  34. Timfy67
    Happy

    Hack Proof...

    So far no 1337 hax0rs have managed to crack my Sony MSX... although I must admit to keeping the cassette tapes hidden under my bed!

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2022