Trouble Thinking

April 27, 2011

Are You on PSN? Might Want to Cancel Some Credit Cards…

Filed under: Game News — Tags: , , , , — Durandal @ 11:08 am

So, it’s been about a week of PSN being down.

This is an "Online Webcomic" called "Pennies Arcade" discussing the topic!

The story seems to be that at some point in mid-April, someone hacked the Playstation Network. In response, Sony just straight shut down PSN to deal with it. They didn’t tell anyone for a week why it was down, which is super nice of them. They’ve just recently announced that they hope to have it back up in about a week. Oh! Also, if you’ve ever bought anything on PSN, your credit card info, birthdate, and (presumably) secure password might have been stolen. But they don’t really know that’s true so they figure eeeeh they’ll let you deal with that as you will. And maybe not really tell you in any way, shape, or form! People are reporting that they’ve not received any sort of email notice even now of PSN being down, much less that they might have to get a new card number. They did put an update on their blog, though.

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it:

U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228.

Of course, Sony only recently released the PSP Go, a device that entirely depends on PSN for all of it’s content. Hope you didn’t buy one in the past week, because it’s a brick. And I mean, frankly, I guess I’d recommend not ever buying one because get this: PSN apparently isn’t that stable or secure a service!

I think this would rile a bit less if they hadn’t simply been mute for a week about it. They probably hoped it was something they could resolve in a weekend and then pretend was some sort of routine downtime.

Edit: I just saw a great write-up about this on Eurogamer.

The pull quote?

The whole notion that password details have been taken defies belief. There’s a reason that most internet sites can’t tell you what your own password is and can only reset it – it’s because the server itself doesn’t actually store it at all. Your chosen password is hashed when it’s first transmitted, and only this checksum is stored. When you enter your login, the password is hashed again and compared to what is on the system – if we have a match, you are granted access.

In short, there is no actual need whatsoever for your password to be stored server-side at all. Sony’s statement suggests that it was actually storing sensitive information in plain text format, which defies belief. The only other explanation is that hackers only got access to the hashes and may have compromised a small minority of passwords by running this data through something like a dictionary look-up. However, from the tone of Sony’s apology this does not appear to be the case.

Seriously, get your shit in order and avoid suspicious requests, people who use PSN. Name and address are enough for a clever fraud, much less the extra shit Sony may have unnecessarily made vulnerable.

4 Comments »

  1. I am always searching online for articles that can benefit me.
    Thank you!

    Comment by brotbackautomat test — June 8, 2013 @ 2:18 am

  2. I have been browsing online more than three hours today, yet I never found
    any interesting article like yours. It’s pretty worth enough
    for me. In my opinion, if all website owners and bloggers made good content
    as you did, the web will be a lot more useful than
    ever before.

    Comment by baumpflege — June 12, 2013 @ 6:43 am

  3. Sweet blog! I found it while browsing on Yahoo News. Do you have any suggestions on how to
    get listed in Yahoo News? I’ve been trying for a while but I never seem to get there! Thank you

    Comment by Chadwick — June 17, 2013 @ 12:23 pm

  4. great points altogether, you simply gained a
    brand new reader. What would you suggest in
    regards to your post that you made some days ago? Any
    positive?

    Comment by Holley — June 19, 2013 @ 8:19 am


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: