Received an e-mail from sony and they said that their servers had been hacked. People's account information and credid card info MAY have been stolen even though nothing was for certain...I get nervous pretty easily when stuff like that happens and I talked to my bank about this...so any more nervous types around? :D People will be refunded if something like that happens but that could take forever before you see that money I guess...oh well...probably nothing to worry about but you never know :)
You are kind of late with this. This happened like last week or so. Sony had been a bit late letting their customers know. I guess it can get pretty creepy when you have your credit card info on there. I hope they figure there stuff out soon so nobody is in the dark anymore.
Yeah earlier today a friend told me this happened a little while ago but I didn't know anything about it until today actually. Yeah hopefully nothing happens but I think I will get a new credit card just to be sure
Make sure the e-mail is actually from Sony, especially before you click any links in it (on better yet, don't click any links but type in the address of the sony site and search there for the particular info).
I got an e-mail from "them" too, but I don't even have a playstation or a PSN account, so it was obviously scam.
And as far as I know (don't know where I read it, on a news site or on a IT security site), Sony said they won't ever send e-mail to their customers and thus all e-mail claiming to be from Sony should be disregarded.
Edit: Okay, just read on the PS blog (http://blog.us.playstation.com/2011/04/27/qa-1-for-playstation-network-and-qriocity-services/) that they're indeed sending e-mail; so maybe the statement I remember was something like "we never send out e-mail asking for your personal data or account data".
Edit²: There, on an entry referenced some days earlier (http://us.playstation.com/support/answer/index.htm?a_id=2356) is the statement that was probably (mis)quoted in the media:
Quote from: SonyQ: I got an email from you asking for my PSN/Qriocity sign-in ID and password. Is it really you asking for this information?
A: Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking.
Well appearantly the info is excluding the security code, so techinically you should be safe anyway.
I think it is more the fact they have your other info like name, address etc. And the fact that they now can scam people with this info to get other info they want to steal your money.
I am honestly not so worried.. It is not like I have any money for them to steal anyway :P.
haha true that! I'm not rich myself :D
Sony spends millions of dollars to double-triple-quadruple encrypt their DRM, yet millions of people's private data is stored in a text file called "PRIVATE-USER-DATA-FOR-HACKERS.txt" that is publicly available.
Shame on you Sony.
People sign up for the PSN with their email address and then use the SAME PASSWORD for both?
Shame on you consumers.
Not trying to be a dick or anything but it's 2011 ... come on people, stop using the same password for everything!
I know that I didn't put in credit card data and I didn't use the same password so I should be okay. I used my old hotmail address and I haven't received anything 'scammish' but I have been getting FLOODED with spam (much more than usual) so I'm guessing the two are related. I rarely use that email anymore anyway so, meh.
Holier-than-thou attitude aside; I hope none of you get nailed by this!
Meh, I've once had some hacker charge over $10k on my Visa card. Visa phoned my cell and put a lock on the card. I couldn't use it again until they sent me a new card. The charges were canceled and insured (even though I never had an insurance package for theft).
I wouldn't worry at all unless your credit card doesn't have the theft insurance. I don't know if it's still standard or not.
Fraud cover is pretty much required for card companies I think since you *need* to authorise a transaction for it to be valid. If *you* dont authorise it then it doesnt count.
Also, how can the hackers possibly have passwords? I'm almost certain that sony are not saving their passwords in plain text.
I really hope it wasn't plain text, but they did say this:
QuoteAlthough we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity passwords and login, and handle/PSN online ID.
So there's that.
Luckily I have no money in my account, so I have nothing to be stolen! PHEW.
I'm glad I used Maximus cards and not an actual credit card. On the other hand, I can't remember if the password I used on PSN is the same one I use here.
*GASP* Hackers can (maybe) abuse my AGS account! :o
Quote from: Calin Leafshade on Fri 29/04/2011 19:56:25
Also, how can the hackers possibly have passwords? I'm almost certain that sony are not saving their passwords in plain text.
Maybe sony hashes passwords with popular algorithms, so the weak passwords are easily found from rainbow tables.
Some time ago a certain web shop was hacked and their passwords publishes, I happened to have a pretty weak password for that shop and used the same password for some other non important stuff on web. Well lesson learned and now I have different 32 character alphanumeric password for all accounts and keep them safe on my computer. No credit card information was stolen, because it is customary that web shops don't keep that information on their systems.
Crippled VCRs, root kits, Geo Holtz, etc, Sony are scumm; deal with them at your own risk. Sorry but no sympathy here.
[edit]
In addition to the above they also failed to take basic security precautions on their server and used obsolete and un-patched Apache web server software.
http://www.eweek.com/c/a/Security/Sony-Networks-Lacked-Firewall-Ran-Obsolete-Software-Testimony-103450/