Sony closes PC games site over security 'concern' Sony shut down its website for online PC games on Monday, almost two weeks after it closed the PlayStation Network following a criminal intrusion that stole personally identifiable information from 77 million account holders. The move by Sony Online Entertainment affects online playing of games such as Everquest, Dungeon …
...Sounds like a bonus double XP weekend coming up.... You would think due to the internet exposure of Station, there would be a little more attention and security paid to it. Ah well.
Made the switch to purchasing game cards rather than letting SOE bill me a while back because of funny things occurring amongst my EverQuest accounts - this justifies the effort nicely.
Very troubling news. Make sure you you've also changed your passwords and use strong passwords that are unique to each system and service. How is the difficult part... I use LastPass and the techniques found here -> http://hitechbrew.com/password-recreational-browsing/
I've been doing that with all new website logins, and those that I remember about. Unfortunately, my PSN account and the Twitter one weren't on my "sensitive" list. They shared the same password. That would explain the mystery twits sent under my account sending spam about "make more money!" about 2 weeks ago.
Now I still can't get to reset my password on the PSN. Damn!
Sony must really be wondering if it was worth it.
I'm sure any other megacorp is having second thoughts about on the iron fist.
The general plan is to keep people wanting to give you money.
Sony failed, and now meta-failed by making big enemies - who, by not being commercial enemies, weren't "on their radar" in a business sense but should have been.
Sony have changed their statement yet again...!
http://blog.us.playstation.com/2011/05/02/playstation-network-security-update/
>But I want to be very clear that the passwords were not stored in our database in cleartext form
Even though they openly said that they weren't encrypted a week ago.
Maybe they should move out of the entertainment industry and become politicians. I'm sure they'd be good at it.
Yes, not encrypted.
Yes, not stored as plain text.
Yes, stored as hash (like many sites).
Yes, because of hash, weak passwords with known hashes are vulnerable (not sure if they salted the passwords before hash. If so a little better until someone works out the salt).
And all those poor trusting souls have been denied their games. Not to mention the root kit specialists letting the data get out for a second time.
Boy ah surely am glad this good ol' boy dumped all things Sony a while back. Made money doin' it too.
Paris because we all know a sucker when we see one.
A week ago they were saying the PSN passwords were not encrypted, the SOE system is entirely separate as a division. PSN != SOE, or for the less technical of you PSN <> SOE, or for the even less technical "they're bloody different systems you morons!"
Paypal is owned by eBay. Does this mean that what applies to one always has to apply to the other? Yes there is a fair chance they share code and procedures but there is equally good chance they differ in significant ways. They also own Skype, does this mean that Skype's servers and those of Paypal run with the same kind of security measures? Heck no.
I got an email from Sony this morning ...
"We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password. Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) – we will be notifying each of those customers promptly."
Oh shit ...
So how can they possibly ever open the system up again?
As soon as they open it up the hackers will probably be trying to us the login details to hijack the accounts.
The only thing they could possibly do would be to send you an email to the listed email address to allow you to change passwords before making the game servers live again, but you can bet the hackers will also be sending out very similar emails in the next few weeks.
So they may have to resort to old style snail-mail to contact all the account holders as this is the only possible way they can guarantee that the right person gets the contact.
I knew SOE/Sony were a shit company after the way they treated us during the SWG NGE mess, but I never knew they would be this bad.
"Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) – we will be notifying each of those customers promptly."
Fun times!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
