Top
180°

PSN servers used to share leaked info from recent Sony hack (and why gamers should care)

Sony Pictures, a subsidiary of technology and PlayStation gaming conglomerate – Sony, was the victim of a recent, devastating hacking attack (which led to the taking of over 100 TBs of data) that crippled the studio’s network - leading to current/upcoming films being leaked, as well as confidential company documents, employee salaries, and various pieces of sensitive information such as Social Security numbers and health information.

However, what is truly intriguing (and why gamers should be concerned about the entire situation) is that security researchers have discovered that the leaked files are being shared by servers and computer systems belonging to the PlayStation Network.

This discovery is particularly alarming due to the fact that it opens up discussion regarding the possibility of either hackers or private torrents operating on the same server infrastructure utilized by Sony and the PlayStation Network. This would be especially concerning when taking 2011’s month-long PlayStation Network hack and this year’s DDoS attacks into account.

Gamers utilizing PSN should be concerned that sensitive data such as financial/personal information could potentially be hacked and subsequently shared in a manner similar to the Sony Pictures attack.

Read Full Story >>
gamerheadlines.com
The story is too old to be commented.
JoGam1021d ago

SMH! Let it go already.

DesertFoxJr1021d ago

Just wondering, but why should it be let go? If hackers can hack into Sony Pictures studio and release nearly 50,000 SSNs, alongside other pieces of sensitive info, would it be so ridiculous for something similar to occur to PSN?

Especially since PSN's 2011 month-long outage.

JoGam1021d ago

First of all, your title is misleading. No info was leaked from PSN. Just seems like you are fishing for something to write about. PSN possibly hack, XBL possibly hack. No one cares unless it was hack and info released.

Christopher1021d ago (Edited 1021d ago )

***If hackers can hack into Sony Pictures studio and release nearly 50,000 SSNs, alongside other pieces of sensitive info, would it be so ridiculous for something similar to occur to PSN? ***

Actually, it is fairly ridiculous. What they accessed was an Intranet that stored documents on everything. Was Sony stupid for not encrypting them in some way? Yes. Were they stupid that there some some form of flaw that allowed someone to access it, likely through the use of programs that collected data from the people who accessed the sources internally? Absolutely.

The difference is that PSN user data is stored in a database and is encrypted as it relates to user logins, CC info, and the like. It is not stored as flat files such as word documents or media files. Encryption of this sort of data is also required by law. And, after the Sony hack, Sony's infrastructure was investigated and not fined for lack of security as it relates to encrypting user information.

Furthermore, storing files on a server is not the same as having access to the server that holds the database info as well as being able to access the virtual environment that holds said data.

KionicWarlord2221021d ago

"The difference is that PSN user data is stored in a database and is encrypted as it relates to user logins, CC info, and the like." -cgoodno

Yeah...sony encrypts psn accounts....

But not for 47,000 social security numbers for employees and celebrities , no encryption for passwords for there own accounts apparently.

http://www.theverge.com/201...

Lol you cant make this up.

Christopher1021d ago (Edited 1021d ago )

@KionicWarlod222: Actually, that is true.

What they stole were personnel files, not login information.

When you apply for a job, one of the things you have to have is a SSN that they can use for paying you as well as handling any taxable elements. You do this by filling out various tax forms. Included on that is your SSN.

What the 'hackers' took were those files in electronic format. They did not access a database.

So, as I said, very bad form on Sony for not encrypting the data in some way (rather than just storing as easily accessible flat files). My wife's work uses a database managed digital content system that does just that. So, the only way for someone to access data is through the application's interface or by cracking the encryption (which would take a years to do).

And PSN information is encrypted. Not because of Sony's great security protocols, but because that's how the data is handled by the database and is required by law when storing user information.

KionicWarlord2221021d ago

"What they stole were personnel files, not login information. " -cgoodno

Well they did take login information though...

"Included in the newest data dump is a file directory titled “Password,” which includes 139 Word documents, Excel spreadsheets, zip files, and PDFs containing thousands of passwords to Sony Pictures’ internal computers, social media accounts, and web services accounts. Most of the files are plainly labeled with titles like “password list.xls” or “YouTube login passwords.xlsx.”

"One file BuzzFeed News found included hundreds of clearly labeled Facebook, MySpace, YouTube, and Twitter usernames and passwords for major motion picture social accounts."

http://www.buzzfeed.com/cha...

Lol kept all that there with no encryption which is ridiculous.

Christopher1021d ago

***Well they did take login information though... ***

Not for PSN...

We're obviously talking about PSN and user credentials as it relates to the article here, right? Not how to login and hack the facebook page for one of Sony's movies.

nucky641021d ago

desert, I'm wondering why you've limited this story to sony/psn?? the news all over the world is covering this story as something EVERYONE should be concerned with - not just gamers. it sounds like you have issues with sony/playstation.
grow up - this is a serious story and if you can't cover it in that manner then leave it for those who can.

+ Show (4) more repliesLast reply 1021d ago
DesertFoxJr1021d ago

I never said info was leaked FROM PSN, just by their servers - that's fact.

Also, I'm not fishing for something to write about - it's a valid concern. If a major Hollywood studio can be hacked, then it's possible PSN can be hacked (and it already has previously).

Christopher1021d ago (Edited 1021d ago )

If it's possible for one person to get into a car accident, it's possible for anyone to get into a car accident.

That's essentially what you are saying. You are ignoring the vast differences between any two situations of what happened to get into a car accident.

I await your article telling us about how MS is vulnerable to attacks, because based on your logic it's just as likely since you don't need to understand the vast differences between copying flat files from an Intranet server location and hacking into, accessing, and decrypting the data in a database.

Heck, I'm not saying Sony effed up huge on this. But, what I'm saying is that you are associating one thing with another without realizing the differences between them. Then you are writing a FUD piece about it.

IGiveHugs2NakedWomen1021d ago (Edited 1021d ago )

Sony Entertainment Network, Sony Online Entertainment, and PlayStation Network are all on separate networks but are run by the same company. It's like saying Microsoft servers and Xbox Live servers are one in the same, they aren't. This article is nonsense.

@Yarbie

PSN servers have never been down during this incident, which makes your argument as well as this statement from the article;

"This led him to the conclusion the attackers likely had control over some PlayStation Network infrastructure too. “Basically the attackers have hit Sony so hard that their main front-end web servers for the PlayStation Network are the machines serving up the compromised data,” he told me over email. *The servers have now been taken offline*, adding more weight to the suggestion this wasn’t a law enforcement effort using Sony’s systems."

completely irrelevant. Sony Pictures Network/Sony Entertainment Network servers were the only servers taken offline.

http://www.cnet.com/news/so...

"The security breach suffered by Sony Pictures Entertainment last month appears to have leaked far more personal information than previously believed, revealing the US Social Security numbers of more than 47,000 celebrities, freelancers, and current and former Sony employees."

The only people affected by this breach were people who actually worked for Sony Pictures in one form or another. This breach had absolutely NOTHING to do with Sony Online Entertainment or PlayStation Network. I REPEAT! THIS ARTICLE IS NONSENSE.

yarbie10001021d ago

Except security experts say what you said isn't true http://www.forbes.com/sites...

Christopher1021d ago (Edited 1021d ago )

@yarbie1000

"PlayStation Network web servers" are not "PlayStation Network gaming servers"

Essentially, they have access to the servers that the Web sites are hosted on, not the servers that manage credentialing, game hosting, and the like. This is just a server that posts content to the Web like most Web servers out there. Not PSN itself.

Having access to put files on those Web servers does not give them access to the databases that are used to propagate Web content or access PSN user details or the like.

Vengeance11381021d ago

This is just creating panic from nothing, let it go and move on. EVERYTHING can and will be hacked at some point, no matter the securtiy meseaures. The FBI was hacked before... the entire Government was hacked before etc etc nothing new, they hack, the infrastructure recovers and betters itself, the process repeats etc nothing new and definitely not news worthy.

DesertFoxJr1021d ago

Well it's an opinion piece. Stemming from recent news - not necessarily gaming related - but something as I as a gamer am worried about its possibility.

Granted, I am no computer engineer who understands all the systems behind it as @cgoodno's enlightening comment does.

But it's my opinion, and while the technical aspects behind the Sony Pictures' hack may not occur in a a similar manner (were something to happen to PSN), I feel that Sony does need to beef things up on all cyber/technical fronts.

yarbie10001021d ago

Yah- I agree- hacking 50K SSN's - releasing private emails from the top brass - - pay salaries

WSJ saying the breach is bigger than prev known

Movies being released online before they hit theaters

CNN saying its the worst hack possibly ever: Sony has lost millions just in the last week - will lose millions more http://money.cnn.com/2014/1...

Sony isn't commenting on the situation even after a week and a half...but thats no reason for alarm

Absolutely NO Story here...nothing to see...move along

Silly gameAr1021d ago (Edited 1021d ago )

Stop trying to turn this into a game related matter. If that was the case, PSN would be shut down and things would really be more serious then they already are.

Leaking files using the PSN? Yeah, I guess they were really using severs to hack and leak info from Thailand, Germany, France, and all of those other places as well. Don't go trying to get the gaming side into this without any real proof or concrete evidence.

yarbie10001021d ago (Edited 1021d ago )

Surprised if this gets approved - N4G mods were out in record time last night removing stories like this http://www.forbes.com/sites...

"How would the GOP hackers have compromised those servers, when Sony’s divisions are supposed to be separate silos? Tentler thinks their IT isn’t so segregated after all. “A random guess? Sony is in the habit of releasing video games that are parallel to movies – like the Transformers franchise, for example. Perhaps the EC2 instances are actually shared in small part between the PlayStation Network and Sony Pictures for the promotion of the games, or transferring of image/creative assets, and someone at Sony Pictures had SSH [secure shell] keys for one or more of the instances, or perhaps login credentials,” Tentler added.

“Think of it this way – if anyone in the organisation had email correspondence with someone at the PlayStation Network and talked about keys or credentials or whatever, then the attackers would have access to that data.”

Sony is still keeping schtum, despite repeated requests for comment.

Silly gameAr1021d ago

Yeah, and of course you submitted that one on N4G, and I believe you submitted another one before that one. You guys are really trying to get this to pour into the gaming side pretty hardcore when this is a Sony Pictures problem. I think it's pathetic.

IGiveHugs2NakedWomen1021d ago (Edited 1021d ago )

@yarbie1000

This hack had nothing to do with gaming. Although you and others would like it to be related to all things PlayStation, it never will no matter how hard you try.

http://www.cnet.com/news/so...

"Documents leaked online include the personal information, salaries and home addresses for employees and freelancers who worked at the studio, a data security analyst finds."

"Other data identified as leaked to file-sharing networks after the breach include contracts, termination dates, termination reason, and other sensitive information, nearly all of which was stored in Microsoft Excel files without password protection, said Identity Finder CEO Todd Feinman."

"The revelation amplifies the damage caused by the hack, which forced the film and TV arm of Japanese tech and media conglomerate Sony to shut down its network for more than a week. A hacking group calling itself Guardians of Peace claimed last week to have obtained Sony Pictures' internal data, including its "secrets," and said it would release the data to the public if its demands were not met, according to reports. It is unclear what the hacker group demanded."

In another thread posted on this site that had links to Playstation 4 system updates posted within an article, I said people shouldn't use those links to download system updates, they should log into their consoles and allow the update to occur on it's own. This and downloading MODDING software, which is often filled with spyware and malware, are the primary ways that hackers gain access to Sony's gaming networks. Don't click links in your emails, don't click links that claim to be linked to PS4 system updates, and do not use modding software on your PS4.