Top
940°

An Important Message From Sony’s Chief Information Security Officer

Via the PlayStation Blog: "We want to let you know that we have detected attempts on Sony Entertainment Network, PlayStation Network and Sony Online Entertainment (“Networks”) services to test a massive set of sign-in IDs and passwords against our network database. These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources. In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks. We have taken steps to mitigate the activity."

Read Full Story >>
blog.us.playstation.com
The story is too old to be commented.
Dart892539d ago

Well you know what's coming next especially on N4G.
*Holds on to a pole*.

Misterhbk2539d ago

Oh boy this is gonna get hot lol. Well Sony is doing the right thing by bringing the situation to consumers attention but I don't think this is as big as before. Seeks like they're just trying to hack people's accounts rather than actually attack the network.

In other words, if you didnt change your password yet do so immediately just to be safe.

Washington-Capitals2539d ago (Edited 2539d ago )

I really dislike when people do the whole "grabbing flame suit, going to get hot" etc.

Why the [email protected]$ did you comment in the first place, once you read the article you should have just closed the tab if you think people are going to troll/flame

ON TOPIC, this is something to keep an eye on, but i dont think we consumers should have to worry. Not until Sony actually tells us to do something.

SilentNegotiator2539d ago (Edited 2539d ago )

"These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources. In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks. We have taken steps to mitigate the activity"
-
So PSN has NOT been hacked, nor really even "attacked". Sony detected people trying to use incorrect data in a way that suggested that they were trying to access other people's accounts.

"where the attempts succeeded in verifying those accounts’ valid sign-in IDs and passwords, and we have temporarily locked these accounts. Only a small fraction of these 93,000 accounts showed additional activity prior to being locked"
-
So they stopped the intruders before they could hardly do anything at all.

These frauds aren't hackers.

Sony caught suspicious activity, locked the accounts that the frauds accessed before they did hardly anything, and it affected less than 1%.

Sony did good.

-Alpha2539d ago (Edited 2539d ago )

Doesn't even sound like Sony's responsibility if what this guy on IGN said is correct:

"Someone stole a list of usernames/passwords from some other source (forum, website, service, ect.) they then used those usernames/passwords to try to get into PSN accounts that have those same usernames/passwords."

I don't even know why Sony bothered to do this, it will only bring up negative attention and cause further confusion

zeeshan2539d ago (Edited 2539d ago )

I highly disagree Alpha. I think SONY did the right thing by telling what's happening so if anybody is stupid enough (and believe me, there are more than enough of these idiots out there) who have the same password for multiple accounts on different services using the same password then they should immediately change their passwords.

Knowing is ALWAYS better than not knowing. You can at least start taking precautionary steps instead of being in dark only to find out about some sort of financial/privacy disaster. So stop trying to make it look like Sony's fault for letting everyone know the truth Alpha.

Jonah_Reese2539d ago

It's nice that Sony did this, keeping it's consumers in the loop however, they need to realize one thing, a lot of their consumers aren't that smart and they'll take a statement like "eh, we're good, some folks used their passwords wrong and could access anything" and interpret it as "Oh shit, It's another attack; RUN!". Basically what I'm saying is they need to break things down so it isn't misunderstood.

andibandit2539d ago

I dont know, after their last withholding of info, im kinda reading a paranoid
"That was the good news"
sentence in my head.

iamnsuperman2539d ago

@Alpha
"I don't even know why Sony bothered to do this, it will only bring up negative attention and cause further confusion"

True but if they didn't and some how this "event" got out it probably would be ten times worst. I know this is no hack but there are a lot of dumb people out their that see things in a much more paranoid light.

morganfell2539d ago (Edited 2539d ago )

It is no more complicated than assuming some gamers will use the same usernames and passwords for a gaming website owned by a third party that they would use for their Sony accounts.

Since this wasn't even a hacking attempt and seems a bit amateurish, I wonder how careful these persons making the attempt were to cover their tracks, hide their IP and prevent a back trace. After all, what they were doing is, under US law, a felony.

stevenhiggster2539d ago (Edited 2539d ago )

It could even have been from this site, my user name here is the same as my PSN ID, but my password most certainly is not.

EDIT: Just thought about it, your PSN ID is not your log in ID though, doh.

DragonKnight2539d ago

@Alpha: Sony did this because of all the fanboys who made mountains out of molehills when Sony didn't "talk soon enough" when PSN got hacked. All the FUD and misinformation spread by hate mongers and pseudo-journalists is why Sony did this. Guaranteed that if they hadn't said anything, and some site like Kotaku found out, the headlines would read something like "PSN Hacked again, Sony silent again" and we'd have an entire month of B.S. from people incapable of using common sense and critical thinking.

Karum2539d ago

Sony will have done this because they lost a lot of consumer confidence over the hack on PSN.

This announcement is to try and regain trust by saying "Hey, we've detected people trying to get illegal access to PSN accounts (though they didn't get people's details from us) but our improved security has caught this and we've stopped it, if you're effected we've let you know and if you reset your details you can get back in, oh and wise yourself up and stop using the same login information for every online service in your life".

Personally I think it was a good move from Sony as it shows they are on top of security.

taylork372539d ago (Edited 2539d ago )

@DragonKnight

Lets get one thing straight... Sony getting hacked was not the problem last time (although after being down for that long it kinda was), it was the fact that they didn't notify anyone even thought they were not sure 100% of the user data was safe.

You can be a fanboy and make a molehill out of a mountain, so to speak, but that is a pretty big deal.

Keep burying your head in the sand, but as a PS3 owner I was not happy.

DragonKnight2539d ago

@taylor: Let's get a real thing straight. Coming out and giving inaccurate and incomplete information would have been suicide for Sony. They did notify everyone that they took PSN down, it just wasn't good enough for people who always want to crucify for the smallest thing. It is the obligation of anyone providing a service to have accurate, detailed information when they have to halt that service to give to the consumer. It protects the service provider from frivolous lawsuits and protects the consumer from taking rash, unneeded actions.

They sent out the emails as a PRECAUTION in case they were wrong about their security protecting CC# and passwords. But had they come out and said, WITHOUT CONFIRMATION, that everyone's accounts were at risk from the hackers, it would spread mass panic and made CC companies backed up for days with phone calls from people cancelling cards, etc..

Sony did the CORRECT thing by waiting until they had actual confirmed information to give people, and they took the right precautions to cover any contingency.

Passwords and CC#s were encrypted, there is NO fault on Sony's end. I am a PS3 owner as well, i was fine when PSN went down because, thankfully, I'm not a multiplayer zombie from this gen and have been gaming on single player games for longer than online gaming has been around. Yeah it sucked that PSN was down, but it could have been MUCH worse if Sony had come out with unverified information just for the sake of saying something and giving the witch hunting fanboys a reason to burn them at the stake.

Kleptic2539d ago (Edited 2539d ago )

stevenhiggster:

That may not matter though...Most forums, websites, etc. that require a log in use an email account to authenticate it...which is generally used as a primary key for the database of users...but they also force users to have different 'names' as to not confuse the community with multiple handles...

but as far as DB management goes from some lesser sites...all that is usually in one table...and if somebody gets ahold of that table, they have the email account, account name, and password all in one place connected tree...sometimes even names and address's (although most websites stopped requiring stuff like that)

the password at least should be encrypted, but its not always (i.e what happened months ago with someone forgetting to encrypt credit card info...derp)...if you get that table, you can easily link those 3 parameters and try to bomb the PSN with it seeing if you can get in on any number of accounts...as if they stole 'kleptic' from some other source, in which i used the same email address to authenticate it as I did for the PSN...they have all the information they would need if i in fact had the same password...anyone with experience in DB management could build a macro to plug and play those things all day...

doing it is the easy part...getting away with it is much more difficult...apparently anyway, as at least this attempt raised flags...

Gothdom2539d ago

I don't see the problem since Sony prevented the problem and those who are affected should read this part:

"As a preventative measure, we are requiring secure password resets for those PSN/SEN accounts that had both a sign-in ID and password match through this attempt. If you are in the small group of PSN/SEN users who may have been affected, you will receive an email from us at the address associated with your account that will prompt you to reset your password. "

+ Show (13) more repliesLast reply 2539d ago
M-Easy2539d ago

Don't forget the flamesuit and popcorn. Its gon get in here.

kaveti66162539d ago

Don't forget the suit that guards against the usage of really bad jokes over and over again...

TheComedian2539d ago

And how are you going to eat the popcorn through the suit?Huh come on tell me.How are you going to do that?TELL ME ARE YOU GOING TO DO THAT!!!!!!!!!!!!!!!!!!!!!!

Persistantthug2539d ago

Does anyone remember where he came from?

Lavitz20122539d ago (Edited 2539d ago )

Yes and he is the U.S Homeland security Boss.
http://youtu.be/X8bHZQbdCrg

MrBeatdown2539d ago

@youngkingdoran

*reads PS Blog*

I never asked for this...

BrianC62342539d ago

I hope people are smart enough to see Sony hasn't been hacked. This is just an idiot or idiots trying to use names and passwords they got from another site to log into accounts. I was listening to a radio station a little while ago and on the news they reported it as Sony said they've been hacked again. Get the facts right. Any site can be hit like this now. These guys probably try logging into a lot of sites like this. Sony just knows what to watch for now.

DragonKnight2539d ago

Thanks for posting this. You've proven my earlier point about pseudo-journalists trying to say Sony got hacked again.

BabyCarlos2539d ago

Especially here in Germany where we only have four or five agencys who write the articles for every darned news station I hate to hear everywhere people complaining about Sony got hacked, when in fact, there hasn't been a hack!

MrBeatdown2538d ago

Yup, I noticed the same thing watching the news last night.

"Hacked," "hacked," "hacked," but absolutely no mention of the fact that emails and passwords were obtained from another source.

CryofSilence2539d ago

To hackers,

We get it. It's sad that you can only get your rocks off by hacking (likely because you are so socially inadequate that you can't be with even the homeliest of women). This isn't proving any romantic ideals or damaging the company; it's only potentially harming those who will feed you to the wolves the moment you try to ally yourselves with them.

Find a new pass-time that won't lead to your incarceration. Legos are a good alternative. You can even stage your own robbery heist scenarios (and blow up the building for good measure)!

jerethdagryphon2539d ago

this isnt a psn secuirity thing this is a brute force attempt sonys security is intact .

best of luck to anyone affected

2538d ago
+ Show (4) more repliesLast reply 2538d ago
SilentNegotiator2539d ago (Edited 2539d ago )

There are no hackers. Please read the article before spreading this crap.

Suspicious use of passwords (of which didn't work for all accounts) on a large scale prompted Sony to lock said accounts temporarily and temporarily shut off PSN whilst they investigate. And as they said, signs point to it NOT being information from Sony's servers.

They aren't hackers, they aren't DDoS attackers...they're fraudulently-gained info-packers.

PSN is even up and running RIGHT NOW. At least here in the central-US it is.
I'm even downloading my free (PS+) copy of Costume Quest ('Double Fine' game).

yesmynameissumo2539d ago

Glad their security enhancements appear to actually to be working.

BrianC62342539d ago

I think any site should be able to see this kind of attack. A simple server in an office would report someone entering the wrong password too many times. If you get a report saying it happened hundreds or thousands of times you'd know something is going on.

WhiteLightning2539d ago (Edited 2539d ago )

Are they still at it....I mean really, what are hackers going to get out of this. They've lost, they're being hunted one by one and over time, slowly, they'll get arrested like the rest of their so called "family"

But really....near the holidays, the biggest time for games and gamers.

Honestly Sony have done nothing but give and give this year towards gamers and yet there the ones who always seem to get treat like crap.

Inception2539d ago

"I mean really, what are hackers going to get out of this"

well, for some cheap adrenaline maybe?
and i don't believe they did this if someone not give them money

or like Alfred said in TDK "Some men aren't looking for anything logical like money. They can't be bought, bullied, reasoned or negotiated with. Some men just want to watch the world burn." *lol, i watched TDK too much*

WhiteLightning2539d ago

lol

User name Inception, watches the TDK alot........Nolan fan by any chance :)

But yeah good points, very well made

Silly gameAr2539d ago

It looks like the security upgrades are paying off.