10 replies to this topic

[AplusWebMaster]

FYI...

PSN intrusion/downtime...
- http://news.softpedi...on-196730.shtml
April 23, 2011 - "The PlayStation Network is used by 70 million gamers, many of whom are currently infuriated after being locked out of the service for over three days. "An external intrusion on our system has affected our PlayStation Network and Qriocity services," Patrick Seybold, Sony's senior director of corporate communications & social media, announced*..."
* http://blog.us.plays...ocity-services/
April 22, 2011 - "An external intrusion on our system has affected our PlayStation Network and Qriocity services. In order to conduct a thorough investigation and to verify the smooth and secure operation of our network services going forward, we turned off PlayStation Network & Qriocity services on the evening of Wednesday, April 20th. Providing quality entertainment services to our customers and partners is our utmost priority. We are doing all we can to resolve this situation quickly, and we once again thank you for your patience. We will continue to update you promptly as we have additional information to share."

- http://blog.us.plays...ocity-services/
Apr. 23, 2011

Edited by AplusWebMaster, 24 April 2011 - 05:53 AM.

[AplusWebMaster]

FYI...

PSN hack: Personal data of millions of customers stolen
- http://www.h-online....en-1233209.html
27 April 2011 - "... Sony says that 77 million customers in 59 countries, including about 32 million in Europe, use the PlayStation Network... Even if no credit card information has been stolen, effects on customers could be very unpleasant. Experts think that fraudulent activities where criminals attempt to make clever use of the harvested personal data will be particularly likely. Sony has also recommended that users change their passwords when the PSN and Qriocity come back online – however, no concrete date and time have been mentioned. Customers who use their PSN or Qriocity user name or password for other services or accounts should also change their passwords for these accounts as soon as possible."
___

- http://www.theregist...ecurity_breach/
26 April 2011 21:53 GMT
___

Sony PSN user info compromised...
- http://blog.us.plays...k-and-qriocity/
Apr 26, 2011 - "... We are currently working to send a similar message to the one below via email to -all- of our registered account holders regarding a compromise of personal information as a result of an illegal intrusion on our systems...

'... certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network... we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
> For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.
> To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports...' ..."
(More detail at the URL above.)

- http://us.playstatio...ralerts/#non-us
> News > Consumer Alerts

- http://blog.us.plays...few-psn-points/

Edited by AplusWebMaster, 27 April 2011 - 08:03 AM.

[AplusWebMaster]

FYI...

Sony PSN user credit card info protected by encryption
User passwords? Not so much
- http://www.theregist...k_credit_cards/
28 April 2011 - "All credit card information stored on Sony's PlayStation Network was encrypted, the company said one day after warning users their user names, passwords, birth dates and home addresses were stolen in a security breach.
“The entire credit card table was encrypted and we have no evidence that credit card data was taken,” Sony representatives wrote in the update*, which was posted late on Wednesday. “The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack”... They said they expect some online PlayStation services to resume this Tuesday..."
* http://blog.us.plays...ocity-services/
___

Sony sued over PSN hack
- http://www.informati...endly=this-page
27 April 2011

Edited by AplusWebMaster, 28 April 2011 - 02:45 AM.

[AplusWebMaster]

FYI...

Sony hack "worse than previously thought"...
- https://www.computer...vice_after_hack
May 2, 2011 - "The widely publicized hack of Sony's computer networks is worse than previously thought, also affecting 24.6 million Sony Online Entertainment network accounts... a second gaming network offline on Monday, saying it too appears to have been hacked. It said banking and credit card information belonging to more than 23,000 customers outside the U.S. may have been compromised. The Sony Online Entertainment network, used for massively multiplayer online games like EverQuest, Star Wars Galaxies and Matrix Online, has been suspended temporarily, Sony said Monday. Add this to the 77 million accounts that may have been compromised last week, and Sony is responsible for one of the largest recorded data breaches... In both cases, the stolen data includes customer names, e-mail addresses and hashed versions of their account passwords. That data could be used to spam customers or trick them with phishing e-mails..."
- http://www.databreaches.net/?p=18086
May 2, 2011

Edited by AplusWebMaster, 03 May 2011 - 05:30 AM.

[mikey]

Too bad Sony isn't as good with user sec as they are with DRM.

[AplusWebMaster]

You may have missed this:

> http://www.spywarein...post__p__746655

... so, that's alot of horsepower to defend against. IMHO, the only part that still isn't right is "security the Cloud". Until -reliable- cloud security standards are established (maybe I should say "if"), we will be having more of this, methinks.

:-(

Edited by AplusWebMaster, 18 May 2011 - 10:24 AM.

[AplusWebMaster]

FYI...

NEW PSN hack hijacks user accounts
- http://www.theregist...ount_hijacking/
18 May 2011 - "Four days after the PlayStation Network reopened, Sony has taken down login and password recovery pages for the service following reports they contained a serious flaw that was actively exploited to hijack user accounts..."
___

Sony BMG Greece hacked (23 May 2011)
Hack on Sony-owned ISP steals $1,220 in virtual cash (21 May 2011)
Sony's Thai website pwned by phisher scoundrels (20 May 2011)

Edited by AplusWebMaster, 24 May 2011 - 11:23 AM.

[mikey]

You may have missed this:

Yea, been on vacation...you know how it is when you blink.

Thx for the heads up. What a mess. I still can't help but wonder what DC admin failures(the ones we wont hear about) were involved in either camp.

[AplusWebMaster]

FYI...

Sony - yet another attack...
> http://www.theinquir...rds-compromised
Jun 03 2011 - "... The latest attack, from Lulzsec, a group of hackers with perhaps some loose links to Anonymous, apparently has been designed to embarrass the firm to its fullest, and coincidentally or not it released the information it had gathered on the same day that Sony restored its online services globally... What Lulzsec did release were the details of over one million Sony customers, including their unencrypted account IDs, government and military passwords, all saved in plain text. In addition to making these available to download through Bittorrent files, Lulzsec has packed all the documents it has stolen from Sony together as a zip file, for more completist collectors."

[AplusWebMaster]

FYI...

Sony PSN breach/attack infographic
- http://threatpost.co...ork-hack-062911
June 29, 2011 - "... infographic from Veracode*..."
* http://www.veracode....psn-infographic
(Scroll down for cost factors.)

[AplusWebMaster]

FYI...

Sony whacked - again...
* http://www.sony.net/...012E/index.html
October 12, 2011

- http://h-online.com/-1359709
12 October 2011 - "Sony's online services have been the target of another large-scale attack. In a press release*, the Japanese electronics corporation said that attackers made multiple attempts to intrude into users' Sony online service accounts. Apparently, the attacks targeted the Playstation Network (PSN), the Sony Entertainment Network (SEN) and Sony Online Entertainment (SOE) between 7 and 10 October. Sony said that around 93,000 accounts were compromised and have temporarily been locked. 60,000 accounts at PSN/SEN, and 33,000 at SOE, are affected. Sony added that email notifications will be sent to the affected account holders, and that secure password resets will be required to reactivate the accounts. However, Sony confirmed that credit card details are not at risk, and that only a small fraction of the compromised accounts showed additional activity prior to being locked. First investigation results indicate that the attacks involved password information that was obtained from other compromised lists, said Sony. During the attacks, criminals apparently attempted to access legitimate accounts by trying out long lists of log-in IDs and passwords..."

- https://threatpost.c...accounts-101211
October 12, 2011 - "... the username-password data-set tested against the networks must have come from some outside site, source, or company, as the vast majority of these attempts failed. Presumably, those attempts that did succeed occurred in cases where users recycled their username-password combos with some other compromised source..."

Edited by AplusWebMaster, 12 October 2011 - 10:14 AM.