SCF Advanced Search


Members
Stats
  • Total Posts: 33102
  • Total Topics: 10009
  • Online Today: 1103
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)











Author Topic: Sony warns millions of PlayStation users after hack-atack  (Read 3495 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7444
  • KARMA: 312
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


Sony is warning its millions of PlayStation Network (PSN) users to watch out for identity-theft scams after hackers breached its security and plundered the user names, passwords, addresses, birth dates, and other information used to register accounts.

The stolen information may also include payment-card data, purchase history, billing addresses, and security answers used to change passwords, Sony said on Tuesday. The company plans to keep the hacked system offline for the time being, and to restore services gradually. The advisory also applies to users of Sony's related Qriocity network.

Sony's stunning admission: http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/ came six days after the PlayStation Network was taken down following what the company described as an “external intrusion”: http://www.theregister.co.uk/2011/04/25/sony_psn_intrusion/

Sony had already come under fire for a copyright lawsuit targeting customers who published instructions for unlocking the game console so it could run games and applications not officially sanctioned by the company. The criticism only grew after Sony lawyers sought detailed records belonging to hacker George Hotz, including the IP addresses of everyone who visited his jailbreaking website over a span of 26 months.

Hackers howled with displeasure saying they should have a right to modify the hardware they legally own. Sony recently settled that case, but Hotz, whose hacker moniker is GeoHot, has remained highly critical of the company. Many have also objected to the removal of the so-called OtherOS, which allowed PlayStation 3 consoles to run Linux.

Sony's advisory on Tuesday means that the company was likely storing passwords, credit card numbers, expiration dates, and other sensitive information unhashed and unencrypted on its servers. Sony didn't say if its website complied with data-security standards: https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml established by the Payment Card Industry: https://www.pcisecuritystandards.org/

Sony reminded users located in the US that they're entitled to receive one credit report per year from each of the three major credit bureaus. The company didn't offer to pay for any sort of credit monitoring service to help ensure the information it lost isn't used in identity-theft ruses against its users.

“When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password,” advises a letter that Sony is sending to its users.

Of course, that suggestion assumes users continue to trust Sony to safeguard their information and stand behind assurances that the PlayStation Network is secure, and at the moment there's little evidence to support that assumption.

(ElReg)

Samker's Computer Forum - SCforum.info

Sponsored Links:




Samker

  • SCF Administrator
  • *****
  • Posts: 7444
  • KARMA: 312
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
PlayStation Network: hackers claim to have 2.2m credit cards
« Reply #1 on: 29. April 2011., 18:18:02 »

PlayStation Network: hackers claim to have 2.2m credit cards

Discussions in hacker forums point to huge numbers of credit card details stolen from Sony's PlayStation Network, while some owners see fraud – but is it just coincidence?


Hackers in underground online forums are claiming to have access to credit card details stolen from Sony's PlayStation Network in mid-April, though security researchers say it is not possible to verify the claims.

The online discussions centre around a haul of 2.2m Sony customer credit card numbers that are claimed to have been copied during the attack, which led Sony to shut down the network for more than a week after it happened between 17 and 19 April.

At the same time some of the 77 million PSN users have begun to report discovering new fraudulent charges on their credit cards, though the timing could be coincidence and not linked directly to the breach. Any sufficiently large number of credit card owners is certain to include some who have recently been defrauded by other methods.

The claims of fraud include the equivalent of $1,500 spent in a German grocery store on an American credit card: https://twitter.com/GarnettLee/statuses/63348797119537152 , and dozens of people reporting charges on items such as German airline tickets and Japanese stores.

Kevin Stevens, a security analyst with Trend Micro, said in a tweet that "the hackers that hacked PSN are selling off the DB [database]: http://twitter.com/killercube/status/63625145977290752
They reportedly have 2.2m credit cards with CVVs" - the latter being the three-figure number required for "card not present" transactions.

But Stevens added that he couldn't be sure the claim was true. The hackers were also claiming to have offered to sell the database back to Sony, but that the company declined it. Sony spokesman Patrick Seybold said that as far as he knew there was no truth in that claim.

Speculation is growing that the hackers who carried out the attack could be European, based on the names being used in forums, though no further details have emerged so far.

One reader of Venturebeat said he had been contacted by Sony and told that his card might have been compromised, and discovered two new charges totalling $400 he hadn't made.

Sony insisted in a blog post that the credit card data it stored was encrypted: "While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility: http://blog.us.playstation.com/2011/04/27/qa-1-for-playstation-network-and-qriocity-services/

"If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained. Keep in mind, however, that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network or Qriocity, and is therefore not stored anywhere in our system."

(Guardian)

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising