LU60 today??
- Thread starter coolman
- Start date
- Status
bob_the_builder
Well-Known Member
My bet is that Sony was aware, well before this outage, that the PlayStation Network had certain innate and terminal vulnerabilities. The network was brought low recently due to attacks by hacktivist group Anonymous. No doubt Sony's network and systems engineers had their plates full poring over router and server logs, identifying holes, applying band-aids, and positing long-term solutions. Those solutions likely involved re-architecting the system to bolster its defenses. In fact I'd wager Sony's info-tech elite already put it in the form of an ultimatum to Sony corporate, something like “Either do this, or we're operating with a target on our backs.” This latest “intrusion” (Anonymous claims it wasn't involved) simply served as an “opportunity” to implement those changes.
http://techland.time.com/2011/04/25...ifth-day-as-sony-‘rebuilds’-from-‘intrusion’/
http://ps3.ign.com/articles/116/1164338p1.html
http://techland.time.com/2011/04/25...ifth-day-as-sony-‘rebuilds’-from-‘intrusion’/
http://ps3.ign.com/articles/116/1164338p1.html
wolfppo
Active Member
Customer Service Notification from http://www.soe.com/securityupdate/
May 2, 2011
Dear Valued Sony Online Entertainment Customer:
Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems. We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password.
Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained - we will be notifying each of those customers promptly.
There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment.
We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1st we concluded that SOE account information may have been stolen and we are notifying you as soon as possible.
We apologize for the inconvenience caused by the attack and as a result, we have:
1) Temporarily turned off all SOE game services;
2) Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
3) Quickly taken steps to enhance security and strengthen our network infrastructure to provide you with greater protection of your personal information.
We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.
For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When SOE's services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your Station or SOE game account name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.
To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it:
U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228.
We have also provided names and contact information for the three major U.S. credit bureaus below. At no charge, U.S. residents can have these credit bureaus place a "fraud alert" on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below.
Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790
You may wish to visit the web site of the U.S. Federal Trade Commission at www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania Avenue, NW, Washington, DC 20580 for further information about how to protect yourself from identity theft. Your state Attorney General may also have advice on preventing identity theft, and you should report instances of known or suspected identity theft to law enforcement, your State Attorney General, and the FTC. For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone (877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202; telephone: (888) 743-0023; or www.oag.state.md.us.
We are committed to helping our customers protect their personal data and we will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs. The implementation will be at a local level and further details will be made available shortly in regions in which such programs are commonly utilized.
We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at 1 (866) 436-6698 should you have any additional questions.
Sincerely,
Sony Online Entertainment LLC
May 2, 2011
Dear Valued Sony Online Entertainment Customer:
Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems. We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password.
Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained - we will be notifying each of those customers promptly.
There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment.
We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1st we concluded that SOE account information may have been stolen and we are notifying you as soon as possible.
We apologize for the inconvenience caused by the attack and as a result, we have:
1) Temporarily turned off all SOE game services;
2) Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
3) Quickly taken steps to enhance security and strengthen our network infrastructure to provide you with greater protection of your personal information.
We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.
For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When SOE's services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your Station or SOE game account name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.
To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it:
U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228.
We have also provided names and contact information for the three major U.S. credit bureaus below. At no charge, U.S. residents can have these credit bureaus place a "fraud alert" on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below.
Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790
You may wish to visit the web site of the U.S. Federal Trade Commission at www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania Avenue, NW, Washington, DC 20580 for further information about how to protect yourself from identity theft. Your state Attorney General may also have advice on preventing identity theft, and you should report instances of known or suspected identity theft to law enforcement, your State Attorney General, and the FTC. For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone (877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202; telephone: (888) 743-0023; or www.oag.state.md.us.
We are committed to helping our customers protect their personal data and we will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs. The implementation will be at a local level and further details will be made available shortly in regions in which such programs are commonly utilized.
We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at 1 (866) 436-6698 should you have any additional questions.
Sincerely,
Sony Online Entertainment LLC
They're giving us 30 days+ however many days the networks down in free subscriptions.
Kannkor
Ogre
Guessing you read this some where..? Could you link it or provide more details where that came from.
raistlin8989
Member
http://l.gamespot.com/krly1y
seems to be the most common link referenced if you want to sift through loads of crap at eq2flames
seems to be the most common link referenced if you want to sift through loads of crap at eq2flames
From reporting of the email they sent out warning about a possible compromised account , it's on the gamestop site linked just above this.
Here is a quote.
Last edited:
Sunomi
Senior Member
From the official press release:
SOE will grant customers 30 days of additional time on their subscriptions, in addition to compensating them one day for each day the system is down. It is also in the process of outlining a "make good" plan for its PlayStation®3 MMOs (DC Universe Online and Free Realms). More information will be released this week.
http://www.soe.com/securityupdate/pressrelease.vm
SOE will grant customers 30 days of additional time on their subscriptions, in addition to compensating them one day for each day the system is down. It is also in the process of outlining a "make good" plan for its PlayStation®3 MMOs (DC Universe Online and Free Realms). More information will be released this week.
http://www.soe.com/securityupdate/pressrelease.vm
insanitywiz
Senior Member
Good luck with that lawsuit, think of all us little people when you are rolling around in your piles of money you get off it. Try not to get any paper cuts in sensitive spots.
Complacency is a better choice? Look at what just happened here:
#1 SOE requires all kinds of information from you, which has been collected over the past several years.
#2 They don't encrypt any data on their system.
#3 They leave public facing web servers unpatched
#4 People come in and get all of your personal data.
Think about the kind of info that they have collected? Have you ever tried to call their CS to get a password reset..? Most of it cannot be changed once it is given to them. Many folks started accounts 8+ years ago, before they (and I for one) made it a standard practice to give fabricated personal information to companies that collect that kind of shit.
Translation: SOE had real data from me, that I could not change, and they gave it away. That is fucked up.
A cynical, sarcastic "oh well" is exactly what they're hoping for. Obviously, no one should expect to get rich from a suit, but if you let them get away with this kind of gross negligence for a month's subscription (and a little evaporative negative press), then they (and other companies) are going to continue to give a fuck less going forward.
Shrug if you want, but this is actually a big deal.
SS
#1 SOE requires all kinds of information from you, which has been collected over the past several years.
#2 They don't encrypt any data on their system.
#3 They leave public facing web servers unpatched
#4 People come in and get all of your personal data.
Think about the kind of info that they have collected? Have you ever tried to call their CS to get a password reset..? Most of it cannot be changed once it is given to them. Many folks started accounts 8+ years ago, before they (and I for one) made it a standard practice to give fabricated personal information to companies that collect that kind of shit.
Translation: SOE had real data from me, that I could not change, and they gave it away. That is fucked up.
A cynical, sarcastic "oh well" is exactly what they're hoping for. Obviously, no one should expect to get rich from a suit, but if you let them get away with this kind of gross negligence for a month's subscription (and a little evaporative negative press), then they (and other companies) are going to continue to give a fuck less going forward.
Shrug if you want, but this is actually a big deal.
SS
bjcasey
ISX Specialist
It is a big deal, but you are acting like SOE did something special. What happened to them was a cyber CRIME and isn't much different from a robbery at a bank or restaurant.
I agree that SOE is liable for all of this, and that they need to pay the price for their negligence. This is important so that the industry as a whole knows what happens when entertainment companies don't properly utilize companies that specialize in secure data handling.
But, that being said, this thread has nothing to do with ISXEQ2, so I'm ending it. If you want to have an ongoing discussion about this, feel free to come to IRC.
But, that being said, this thread has nothing to do with ISXEQ2, so I'm ending it. If you want to have an ongoing discussion about this, feel free to come to IRC.
- Status