Top
350°

Sony Online Entertainment Issues Security Press Release

PSBlog: Some of you may have heard today about an announcement from Sony Online Entertainment confirming that they were also victims of a malicious hack. As this could affect those of you with SOE accounts, they have asked us to post their press release on the blog, which should answer some of your questions.

Read Full Story >>
blog.eu.playstation.com
The story is too old to be commented.
GrieverSoul2453d ago (Edited 2453d ago )

I wish I could understand a bit of programming in order to understand how someone can enter a big corporation server and steal information.

Makes me wonder how really secure are our details in public offices storages like government servers.

Still, SONY has BALLS coming out publicly and admit the intrusions. Some companies might be victims of this and they dont even know about it or simply dont expose the situation to their customers.

KingDustero2453d ago

True, very true.

I can't wait until whoever is doing this gets caught. They're looking at a good amount of time in jail.

I'm just hoping the issues with SOE aren't going to have any effect on when PSN gets back online. I'm really hoping it comes back today in the US.

It seems like though someone is pissed at Sony for some reason. However this could just be some thief trying to get info. Other places could be next if they're not caught.

fedexas2453d ago

I hope not either. I hope they prosecute these people to the full extent of the law. This was definitely a sophisticated attack-no amateur work. It's either an inside job or someone knew the security infrastructure inside out.

Pillville2453d ago

I'm not saying the gov stuff is 100% unhackable, but they take that sh1t REALLY seriously.
I know someone who did computer work for US gov and most of their computers had no network connections at all. If they want to transfer something, they had to copy to a usb drive, give it to someone who would put it on another computer and scan the hell out of every bit of info, then allow them to give it to the person they wanted to share with.

Raven_Nomad2453d ago

They don't have a choice but disclose what happened. It's the law.

I like how people make Sony out to be some sort of saints when in actuality they are just following what has to be done by law.

CBaoth2453d ago

Why did it take a class action lawsuit against Time Warner Cable to notify its employee and consumers of an alleged identity theft intrusion?

I was an employee of the company and hadn't worked there for 2 whole years before attorneys notified me. And what did I receive as compensation for such an egregious act on TWC's part (exactly what you're dismissing Sony of and then NOT DISCLOSE IT FOR 2 FREAKING YEARS!)? One month free of expanded basic cable. If you no longer were a custumer, then the payoff was even more abysmal.

So, please, unless you work in IT or are an attorney specializing in corporate law, don't speak on matters you know nothing of.

blackmagic2452d ago (Edited 2452d ago )

@cbaoth
Sounds like they broke the law and were forced to give compensation as a result to me. Your experience confirms Raven's comment.

sorceror1712453d ago

@GrieverSoul - Computers are stupid. They do what you *tell* them to do, not what you want them to do.

You tell your kid to brush their teeth, they understand what you mean (though they may not actually do it).

For a computer, you say, "Go north 3 paces, head up the stairs, turn right, right again. If the door is closed, here's how to open a doorknob. If the door is open, go in. Now, let's find the toothbrush [lots more] Bring the toothbrush to your mouth. Don't forget to open your mouth!" Etc. etc.

It only takes one mistake for the bad guys to get in and start causing trouble.

That's why the data (like credit cards) is generally stored encrypted. Even if the bad guys get a copy, it's useless without the key to decrypt it. Unless there was a mistake in the encryption...

+ Show (1) more replyLast reply 2452d ago
Darkspade2453d ago

they didnt want to say anything. they are only coming out with this because they are already in trouble from the psn hack. i just hope they deleted my DC credit card when i canceled it.

ravinash2453d ago

If you cancelled it, then it wouldn't matter if they deleted it.

Due to the share amount of information taken, I would expect most people will not see anything happen to their card because of the share number of accounts the people who stole them would have to go through.
Plus if someone was doing that, it would only be a matter of time before all these transactions were traced back to them.

It's more like that they would be selling the information on to others for things like spamming and other scams.

I'm moving house soon, so nearly all my information is out of date now.

Venom2152453d ago

they need to turn the network on already.

RIPSKATEDESTROY2453d ago

im all for waiting until its 'safe'

joeorc2453d ago

"While the passwords that were stored were not 'encrypted,' they were transformed using a cryptographic hash function. There is a difference between these two types of security measures which is why we said the passwords had not been encrypted," wrote Sony spokesman Patrick Seybold today. "But I want to be very clear that the passwords were not stored in our database in cleartext form."

http://news.cnet.com/8301-3...

Pillville2453d ago

I feel a bit better knowing that the passwords were "Hashed", but that's still not perfect.

Hackers will just use the same Hash algorithm to hash common passwords.

For example, if they hash '12345' and it becomes 'ab534d23df', just look for other hashed passwords of 'ab534d23df' and you know all those accounts have the password '12345'.

Repeat with a simple brute force program and you'll end up with a couple thousand passwords.

joeorc2453d ago

they still have to go that far through 3 or more firewalls, other security measures, an now passwords an :

Sony:

admitted that customer names, birthdates, addresses, user names, and passwords were not.

even this part of the data was Hashed.

Sony protected the Data; but the Hackers were good enough to bypass the security.

radphil2453d ago (Edited 2453d ago )

"For example, if they hash '12345' and it becomes 'ab534d23df', just look for other hashed passwords of 'ab534d23df' and you know all those accounts have the password '12345'."

It's not as easy as how you'd think it is. There's one example of how they do their hash on the blog from an earlier post.

You're right in that the technique is not perfect, but it is commonly used.

Masterchef20072453d ago (Edited 2453d ago )

What people have to realize is that PSN didnt get hacked because it was a free service. Its because of all the battles that Sony has had with the hackers in the past. So its only normal that the attack the network.

I always enjoy backing up my claims with evidence and i shall prove that even if you pay for a service it is still liable to get hacked.

XBOXlive

http://kotaku.com/#!5504145...

World of Warcraft
http://consumerist.com/2010...

Itunes

http://thenextweb.com/apple...

Nintendo

http://www.computerandvideo...

Any online network can be hacked its a risk the consumer has to take when they use one of these services.

Kishin2453d ago

Whoever disagreed with you is an idiot.

radphil2453d ago

"Any online network can be hacked its a risk the consumer has to take when they use one of these services."

I keep telling that to people, but they don't listen.

Show all comments (21)