Sony PlayStation disconnects 77 million user accounts after massive data breach

I got the call from Saison Card Services informing me that someone had been using my card to make unauthorized purchases. I had no idea how my number got out until I started to hear about this PSN issue. Based on what they purchased, I'm pretty sure it was taken as part of this breach.

Thanks for protecting my private info, Sony!

Hehe, I am safe.

I do purchase from the PSN Store, but I use a Pasori and an EDY card(bought and charged at the Combini). In short they got no CC-card, etc details of mine.

Will Sony be held accountable for this? Will there be a class action brought against them and be made to pay compensation? Or, will there be a big, "Stiff sh!t" from them?

Not the best timing on the day that Sony announces new tablets to compete with the iPad. New tablet is now tainted with bad security association. Timing sucks.

Silver Lining..... Shutting down the network Kept my Son off the damn thing for a couple of days

"Purchase history and credit card billing address information may also have been stolen but the intruder did not obtain the 3-digit security code on the back of cards, Sony said."

Many sites that you can buy from using a card do not require the three digit security code on the back. In fact, I'd say less than half do. Good job, Sony!!

I imagine there are a lot of frustrated otaku and hikikomori out there who don't know what to do with their lives...

Microsoft is holding a celebration as we speak. It could happen to them too, but this this time it is Sony that happens to be pwned and Xbox360+network is looking good.

The Ponemon Institute, a data-security research firm,

Ponemon? A combination of Pokemon and pwn?

On another site (BBC actually) it was said that the information was not encrypted, computer guys shocked that it wasn't.

If anyone on here who uses PSN was stupid enough to use the same password for other things, I would suggest changing them right away...

Will Sony be held accountable for this?

I don't think "being hacked" is an accountable offense in any country... It's likely their security wasn't as good as they thought it was, but I am not sure if they actually did anything wrong here and it will probably be almost impossible to prove if they intentionally used inferior protocols...

77mln "get a life" messages? :)

the intruder did not obtain the 3-digit security code on the back of cards, Sony said.

With a very easy program, 3 digit codes are easily broken.

With a very easy program, 3 digit codes are easily broken.

Don't most (all?) credit card companies block access after 3-5 erroneous attempts?

I just want to get back on PSN and play Socom 4. I'll have to deal with my credit card like I would with any other common street criminal.

I don't blame Sony so much for this problem as I blame Geohot for publishing information (he only published information others found and shamefully took credit for it) allowing fools to run the 3.55 firmware hack and shoplift from PSN, and I blame groups like Anonymous for trying to make everyone think that hacking is cool and something that contributes to society.

I hope to see someone in hand cuffs over this matter.

I hope to see someone in hand cuffs over this matter.

A Sony executive? A Sony systems engineer? - Obviously they have not used adequate security to ensure the safety of personal data of the 77 million users. That is 77 MILLION users! 0.7% of Earth's population!

I hope they are sued for millions and millions!

viking68: It's Sony's fault, no one elses, they made the "security" system, if they didn't lock it well enough someone was bound to get in... it is no ones fault except sony for not spending enough money on engineering something good.

I don't think "being hacked" is an accountable offense in any country... It's likely their security wasn't as good as they thought it was, but I am not sure if they actually did anything wrong here and it will probably be almost impossible to prove if they intentionally used inferior protocols...

I keep see Sony haters try to blame everything on them.

Do they really want Sony dead so much?

Maybe Sony should just quit this business. Let MS run the joint like a monopoly - Nintendo as a much smaller company would be so dead once Sony is out of the picture and MS can focus all their resources into burying them using every dirty trick in the book (undercutting their prices until they go out of business, bribing publishers, strongarming retailers, ... etc)

Few years later, when they are here cursing MS for over-priced low quality hardware while they get "nickel and dime" to death. We can just sit back and laugh.**

** I'm getting to old to play video games anyway - don't have as much free time and energy as I use to have.

viking68: It's Sony's fault, no one elses, they made the "security" system, if they didn't lock it well enough someone was bound to get in... it is no ones fault except sony for not spending enough money on engineering something good.

Let us suppose, that I have a bank, and that it has a vault door. Someone comes in, and blows that door down. Is it my fault I didn't have a bigger door installed, or is it the person with the dynamites fault? The simple fact of the matter is, that Sony had security, that security was not good enough. They are improving it, but they are also not to blame for this. Those who cracked their security are, just as those who crack a bank are.

I can't believe I'm saying (typing) this but I completely agree with you. Must be a full moon.

Taka

@ Molenir: You will be held responsible if you have not put the best vault door available (or the best one that would provide the best protection under the circumstances) and did not inform your customers timely.

Sony has already started getting heat for informing the public a week after this breach has happened. They will most probably get dinged for it in some way. If it is found out that they had a lax security in place, it will be worse for them.

viking68: It's Sony's fault, no one elses, they made the "security" system, if they didn't lock it well enough someone was bound to get in... it is no ones fault except sony for not spending enough money on engineering something good.

Someone posted a bank vault analogy, which I liked. Sure, Sony was negligent. If I left my home open in a neighborhood full of theives, then I am being negligent. However, it doesn't change the fact that if someone robbed my home (locked or not), they should go to jail.

If we change the example to something more personal, like murder, rape, or a hit-and-run on a child, then people would feel more sympathetic to the victim of the crime, which in this case includes both the millions of PSN users and SONY.

Amazed that people need this simple concept explained to them, but I see it all through out the internet.

I don't understand the hacker supporters. What is a "good hacker" or a hacktivist? The only person I can think of that may fit that title is someone hired by Sony to test and improve Sony's systems. Hackers trespass and steal on other's property, plain and simple. They have absolutely no redeaming value.

Sony or their execs going to jail? Not likely. Who died? It is more likely that Sony will have to pay for any damages caused by their negligence.

Kronos at 10:04 AM JST - 28th April

@ Molenir: You will be held responsible if you have not put the best vault door available (or the best one that would provide the best protection under the circumstances) and did not inform your customers timely.

Kronos, how would you define responsible in this case? Should the security be the best available at any given moment in time? Should you be responsible if a passenger in your taxi is injured in your car because you do not have airbags or did not purchase a large H3 Hummer and a drunk driver crashed into you?

That said, I have read some IC chat logs from hackers that said Sony was using an outdated version of Apache server that allowed the hackers to gain access. Those chat logs said that the credit card information was not encrypted, which could mean Geohots key unlocked the information, or Sony was truly negligent in not securing the information. I highly doubt the information was not encrypted. Sony has come out and said it was encrypted, but more information may prove the lack of adequate protection or the skills of the hackers in defeating that protection.

More likely case is that Sony was fighting a losing battle with six year old hardware (PS3) against an onslaught of hackers with nothing to do but cause trouble. If the information from the chat logs is correct, there will be some legal (civil but not criminal) reprecussions.

Ultimately, no system is safe from hackers.

Sorry for all the posts. I like Sony and their PS3.

I am reading some pretty convincing stories of people being targeted by someone using information that could only come from PSN. They are mostly using credit cards and sometimes accessing email accounts.

Change your credit cards and passwords!!!! Even do that for credit card data that was deleted long ago from PSN. One person reported activity on a card not used since he deleted it from PSN a year ago.

Lets go over some history: Sony sued and otherwise went after George Hotz for jailbreaking his very own legally owed PS3, which is bull. Then a group called anonymous brought down the PSN a while back. Now someone has hacked PSN and Sony shut off the PSN of its own volition.

There is nothing to tie this to Anon or Hotz.

One thing that Sony is unquestionably at fault for here is its utter indifference to its customers displayed in its delay in telling them what was happening and thus denying them the chance to protect themselves. Sony does this every time the PSN goes down. But this time, they really shafted their customers beyond their tongue biting capacity.

Agree that the delay was wrong. There are reports of credit cards leaking before this break-in. So, I am disappointed with Sony over their security.

For Geohot, I think there is merit in using your ps3 in hacked form as long as it is not used to gain unauthorized access to the PSN or use pirated games. For that, I support Geohot.

Geohot's keys intially allowed shoplifting on PSN, use of pirated games, limited access to credit card information, and full blown data base access. Sony had too much reliance on a network that required a secure client (PS3). Once Geohot cracked the supposed secure client, the hackers jumped the PSN.

I guess I would call Geohot a locksmith. In the US, only locksmiths and police officers can carry lock picks. What Geohot did was the equivalent of sending a lock pick to every person on earth. It didn't contain instructions, but the same act with actual lock picks would send you to jail in the US.

Inherently, it is an act to defeat the function of property ownership for others. Following this less than altruistic lock pick distribution, less scupulous people used the situation and the confusion to their advantage and robbed our information.

Whose to blame civilly and criminally? The lockpick and the thief.

Sony? They will pay money for sure, people were damaged from their not anticipating this event. To blame? Civilly, but not likely criminally unless there are specific criminal laws governing Sony. The UK has already said their laws may not apply unless the data was located in the UK.

Also, look to the US to help crack the case. They are good at sniffing out the hackers throught their fencemen. Wish the US would turn the NSA loose on this case, if they haven't already.