Anyone on PSN: Your details HAVE been stolen

[NoCalMike]

I believe that is the same one.....

 

[vivisectvi]

No. SOE is completely different and separate from PSN.

 

[2GOLD]

Sony got hacked again. Sony Online Entertainment this time. 12,700 CC numbers lost.

Wow, this is not been the best week ever for SONY.

 

[DrVenkman PhD]

What is SOE?

 

[909]

DC Universe Online and stuff like that.

Dear Valued Sony Online Entertainment Customer:
Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems. We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password.

Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained - we will be notifying each of those customers promptly.

There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment.

We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1st we concluded that SOE account information may have been stolen and we are notifying you as soon as possible.

We apologize for the inconvenience caused by the attack and as a result, we have:

1) Temporarily turned off all SOE game services;

2) Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and

3) Quickly taken steps to enhance security and strengthen our network infrastructure to provide you with greater protection of your personal information.

 

[AntiLeaf33]

Goddammit Sony. What the hell are you doing? Part of me is considering getting rid of my PS3 and getting a 360, but then I would have to either buy a Blu Ray player, or get rid of all my Blu Rays. Plus, most of the 360's exclusives are games I don't care for, so I'll probably just rant and go back on the PSN once they get their shit together.

 

[NoCalMike]

Yeah I will freely admit that Sony has pissed me off enough to actually consider Microsoft for the NEXT gen, but for the current gen, I am too invested in the PS3 exclusives.

Here's hoping the developers get mad enough over this that games such as Uncharted and Resistance stop being Sony exclusives by the next gen.

 

[vivisectvi]

Abandoning your console over this is just stupid, IMO. ANYONE CAN BE HACKED. Microsoft is not safer. Fuck, it just happened to Amazon, as well.

 

[vivisectvi]

Yeah I will freely admit that Sony has pissed me off enough to actually consider Microsoft for the NEXT gen, but for the current gen, I am too invested in the PS3 exclusives.

Here's hoping the developers get mad enough over this that games such as Uncharted and Resistance stop being Sony exclusives by the next gen.

Resistance, maybe. Uncharted, never. Naughty Dog is a subsidiary of Sony.

 

[NoCalMike]

Well in that case, Sony has my soul, between Uncharted & God of War.....who am I kidding? Aint going nowhere.

 

[BUTT]

Insomniac is going multiplatform but I'm sure Sony still owns the Resistance IP.

I just bought a refurbished 60GB PS3 off of eBay for $200. Great timing! No controller or HDMI cable, but I hear Best Buy has LittleBigPlanet/Dual Shock bundles on sale for $35.

 

[FLAM]

Brutal. It's going to be really hard for Sony to come back from this. They look like a huge joke right now.

 

[Master Thrasher]

I'm happy I never gave them my credit card info and I just played that stupid bowling game online. I'll be mad when it happens to Xbox Live.

 

[vivisectvi]

SOE had my CC for DC Online. My CC rep still says not to cancel and to just keep an eye on my statement. They're really good about this kind of shit, thankfully. That being said, I will be cancelling my DCUO subscription whenever I can get back on PSN. Not because of the hacks.. but just because this extended period away from the game has made me realize how little interest I have in playing it (or any other MMO, really) again.

 

[Thoth]

So this shit could be down until the THIRTY FIRST OF MAY!??!? My compensation better be like, free pizza, which comes out of the drive.

 

[vivisectvi]

"Full" service by end of May, I believe. They've said that online gaming should come back sooner, though.

I just wanted to grab some DLC.. but I can wait. It's really it's given me a nice break from "online gaming" to focus on other games that I wanted to get more out of. New Vegas to be specific.

 

[AntiLeaf33]

Yeah, I picked up Enslaved to give me a nice single player campaign to power through. Plus, I might go through the single player portion of KillZone 3 again. It still sucks, as I wanted to get my ass kicked in Mortal Kombat online, but I'll manage.

 

[ViciousFish]

I've been jonesing to play some FFVII lately and was going to pick it up on PSN...

 

[vivisectvi]

An odd thing happened last night – I popped in New Vegas and it prompted me to download an update (which added Trophies for the new DLC that's coming soon). I guess the patching servers are separate?

 

[Master Thrasher]

An odd thing happened last night – I popped in New Vegas and it prompted me to download an update (which added Trophies for the new DLC that's coming soon). I guess the patching servers are separate?

I heard that is true.

 

[Smues]

When I tried to use the mlb.tv app this weekend it downloaded an update for the program, which was of course just a tease as I couldn't actually use it.

 

[vivisectvi]

Letter Sony sent to devs/publishers re: outage.

http://www.examiner.com/video-game-in-national/psn-update-sony-details-full-psn-crash-to-publishing-partners-full-details

Dear Partner:

As you know, certain PlayStation Network, Qriocity and Sony Online Entertainment service user account information was compromised in criminal attacks against our networks. I want to assure you, as a PlayStation partner, that it is Sony’s top priority to restore our network operations and see that business is returned to usual as soon as possible. We are working around the clock to restore service, but will do so only when we can ensure that the network can operate safely and securely. In the meantime, we greatly appreciate your patience, understanding and goodwill.

What Happened?

• On Tuesday, April 19, 2011, Sony discovered that several PlayStation Network servers unexpectedly rebooted themselves and that unplanned and unusual activity was taking place on the network. This activity triggered an immediate response.

• Sony mobilized a larger internal team to assist the investigation of the four suspect servers. That team discovered the first credible indications that an intruder had been in the PlayStation Network system, and six more servers were identified as possibly being compromised. Sony immediately decided to shut down all of the PlayStation Network services in order to prevent any additional damage.

• The scope and complexity of the investigation grew substantially as additional evidence about the attack developed.

• The forensic teams were able to confirm that intruders had used very sophisticated and aggressive techniques to obtain unauthorized access, hide their presence from system administrators and escalate privileges inside the servers. Among other things, the intruders deleted log files in order to hide the extent of their work and activity within the network.

• On Sunday May 1, using information uncovered by the forensic teams, engineers at Sony Online Entertainment (SOE) discovered that data had also been taken from their servers. They, too, shut down operations and on Monday, May 2, announced the discovery.

What Data Are Affected?

As you may know, personal data was stolen from approximately 77 million PlayStation network and Qriocity service accounts.

As of this writing, there remains no evidence that the credit card information was stolen and the major credit card companies are still reporting that they have not seen an increase in fraudulent transactions due to this event.

What Steps Are Being Taken?

We have taken aggressive action to give consumers peace of mind, protect them against the abuse of their data, and enhance our security systems moving forward.

We have already advised our consumers in the U.S. that we will offer complimentary identity theft protection services through a leading provider, including an insurance program of up to $1 million. Similar programs are being developed in other markets around the world.

In addition, Sony is taking a series of steps to enhance security of our network infrastructure. They include but are not limited to:

• adding additional automated software monitoring and configuration management to help defend against new attacks;

• enhanced levels of data protection and encryption, as well as additional penetration and vulnerability testing;

• enhanced capabilities to detect software intrusions within the network, unauthorized access and unusual activity patterns;

• implementation of additional firewalls;

• expediting a planned move of the system to a new data center in a different location with enhanced security; and

• appointment of a new Chief Information Security Officer.

Finally, to thank our customers for their patience and loyalty, we are offering them “welcome back” packages as soon as the networks are restored, including free downloads of selected PlayStation entertainment, 30 days of free service as well as service extensions for the number of days PSN and Qriocity services were unavailable, with similar benefits for Music Unlimited subscribers.

Looking Ahead

We of course deeply regret that this incident has occurred. We are working closely with the FBI to identify and apprehend the culprits who committed this crime against our consumers, our partners and our company. I know you can appreciate how widespread the problem of cybercrime is in society today. Although no company is immune, we are confident our consumer data will be protected by some of the best security measures available today.

As a valued partner we aim to keep the lines of communication open so that you are aware of our progress. Our focus has been to confirm the security of the networks, protect customer data and get the services back on line as quickly as possible. We will do our best to respond to all of your inquiries and we will do everything we possibly can to support you.

We are doing everything we can to bring these services back online as soon as possible. We will update you with more information as soon as we can, but please call your account executive if you have further questions. We thank you for your patience and look forward to moving ahead together in the months and years to come.

Very truly yours,

Rob Dyer

SVP, Publisher Relations

I'm seeing some hysterically hyperbolic overreactions to this. I have one guy on my Facebook who thinks that this is the final nail in Sony's coffin based solely on the fact that it doesn't mention anything about compensation to devs or publishers. I mean, really. One letter. Where the context isn't even about devs. Classic.

I would imagine that if there were to be some sort of dev compensation package, that it would be on a case-by-case basis since not every dev is equal in terms of what content they had on PSN, what content they were planning on releasing during the outage, and so-on.

 

[vivisectvi]

New firmware is live. Connect to download and change your password. Service will apparently start to roll out state by state this weekend.

 

[the max]

Still waiting on the email to change my password. Can't do it on Sony's site since there's apparently a server error.

 

[DrVenkman PhD]

I did the system update last night but received no option to log in or change my password.

 

[the max]

Got the email and got everything done. MLB.tv is not working well, every game is skipping/stopping every 5 seconds. Guess I'll wait another couple days.

 

[DrVenkman PhD]

I've received no e-mail. Does Sony hate me?

 

[the max]

It took almost 5 hours for me to get the email. But then I got 3.

 

[DrVenkman PhD]

I did the install almost 24 hours ago.

 

[treble]

I never got an e-mail. It just made me change my password when I tried to log on.