Sony Leaks 75,000,000 Accounts – “Worst in History”

sony-psn-leak-1.jpg

sony-psn-leak-2.jpg

Just when it seemed the reputation of Japanese industry for leaking things could get no worse, Sony’s loss of as many as 75 million PSN accounts has seen a new and most unwelcome record set, one for which irate consumers and even a US senator are demanding answers for.

US Senator Richard Blumenthal has already written a letter to Sony demanding an explanation as to why Sony tarried in announcing the full scale of the compromise:

I am writing regarding a recent data breach of Sony’s PlayStation Network service. I am troubled by the failure of Sony to immediately notify affected customers of the breach and to extend adequate financial data security protections.

[…]

A breach of such a widely used service immediately raises concerns of data privacy, identity theft, and other misuse of sensitive personal and financial data, such as names, email addresses, and credit and debit card information.

[…]

I am concerned that PlayStation Network users’ personal and financial information may have been inappropriately accessed by a third party.

Compounding this concern is the troubling lack of notification from Sony about the nature of the data breach.

Although the breach occurred nearly a week ago, Sony has not notified customers of the intrusion, or provided information that is vital to allowing individuals to protect themselves from identity theft, such as informing users whether their personal or financial information may have been compromised. Nor has Sony specified how it intends to protect these consumers.

Sony’s handling of the breach may well have violated data protection laws in any number of countries, to say nothing of the lawsuits Sony can now expect, so this may be the tip of the iceberg – little wonder Sony stocks took a modest tumble after the announcement.

No self-respecting Japanese politician would ever be so useful as to publicly demand answers from a misbehaving company, but the Japanese themselves are clearly just as exasperated as everyone else is:

“What have they done!”

“They waited that long to announce it? They just wanted to hold it up till after they announced their tablet. What total scum.”

“Sony is finished!”

“I just had to cancel my card. Fuck you, Sony.”

“The PSN wasn’t just for consoles, it was the basis of their whole corporate strategy… the damage is really huge.”

“They wanted to merge all their products into the PSN… after this they’ll never manage it.”

“Waiting a week to reveal this is just inexcusable.”

“What kind of idiot would give them their card details in the first place?”

“Everyone does that!”

“And they were recording the security number too as I recall… we’re all screwed.”

“Thank god I used a point card instead!”

“Even if you didn’t lose your CC details, the fact that they leaked your whole purchase history is bad enough.”

“They can’t reissue your date of birth…”

“I cancelled my card. I’ll never register it with anyone again. You don’t know when this sort of thing could happen to them. Well, I hope the PS3 survives all the same.”

“Why are these companies so obsessively secretive?”

“After the quake, reactor leak and now the world’s worst data leak, just what is happening to Japan?”

“This is the online equivalent of the great quake.”

“Sony are complete imbeciles if they really let something like this happen.”

“Didn’t they at least encrypt the card details properly?”

“Frankly I thought it was getting stupid – compulsory net access and registering your credit card just for some game? Can’t we return to the SNES era?”

“So now I have to change all my passwords because I have been reusing them everywhere…”

“Any lawsuits are going to be punitive – they are done for.”

“The year’s two great leaks – radiation and personal data.”

“Don’t compare them to Tepco – they are just cute compared to them.”

“To think Sony would end like this…”

“The history of leaks:

2004 – Softbank – 4,500,000
2005 – Visa, Mastercard – 40,000,000
2006 – KDDI – 4,000,000 – AOL – 660,000
2009 – ALICO Japan – 130,000
2010 – AT&T 110,000 –
2011 – SONY – 77,000,000 – Messe Sanoh – 1405”

“So who’s planning the class action suit? I want in.”


    Post Comment »
    331 Comments
    Sort by: Date | Score
    Avatar of alex251
    Comment by alex251
    23:31 27/04/2011 # ! Quality (+1.0)

    answer from Sony: "Shit happens"

    Comment by Anonymous
    23:42 27/04/2011 # ! Good (+0.6)

    Well, it does, don't it?

    Comment by Wisteria Berlitz
    00:35 28/04/2011 # ! Good (+0.4)

    well...shit just got serious

    Avatar of Elcachetondelpuro
    Comment by Elcachetondelpuro
    07:00 28/04/2011 # ! Neutral (0)

    You removed your CC info last month but, are you sure they don't still keep a record of it? ;)

    Comment by Anonymous
    08:23 28/04/2011 # ! Neutral (0)

    mazbe but the card i used is crap and gone scene i closed my bank the card dont work andthe othre card i use dont work eather

    Avatar of Mahel
    Comment by Mahel
    01:32 28/04/2011 # ! Neutral (0)

    yep but like i said good thing i removed my CC info last month and the adress inf o isnt real it a german address heh heh luck about that

    Avatar of Diemeow23
    Comment by Diemeow23
    10:16 28/04/2011 # ! Neutral (+0.2)

    It's scary nowadays were you actually have to have a credit card to play a game.

    It's for security reasons we know but were talking about a credit card here. I wouldn't be surprised if the vast majority of accounts related got their card solely for the purpose of gaming

    Comment by Anonymous
    11:17 28/04/2011 # ! Neutral (+0.2)

    Looking at more recent information, this whole thing is blown out of proportion. So we might get more spam... who cares? We're never really rid of it ever anyway. Also, passwords should be changed from time to time anyway... this is just a good reminder to change your passwords. Most of the info that was apparently accessed is already readily available anyway. The only exception would be your PSN password, which requires changing once the network is back online anyway; according to recent Sony statements.

    The only harm it's really doing to any of us is preventing us from using the service... unless of course you use the exact same user name and password for everything.

    All the hacker is achieving is pissing off over 77 million people (gotta remember all the people that make money through PSN that probably don't even have a PS3). They're basically stepping onto the stool and putting the noose around their neck... all they need now is for the angry mob to find them.

    Avatar of Ota-Kool
    Comment by Ota-Kool
    09:09 28/04/2011 # ! Neutral (0)

    Don't think that so many. To Sony/Sorry my advise ONLINE GAME - OUT but OFFLINE GAMES - IN!

    Avatar of Darkrockslizer
    Comment by Darkrockslizer
    20:12 28/04/2011 # ! Neutral (0)

    Shit just got real.

    Comment by Anonymous
    11:10 28/04/2011 # ! Neutral (0)

    Looking at more recent information, this whole thing is blown out of proportion. So we might get more spam... who cares? We're never really rid of it ever anyway. Also, passwords should be changed from time to time anyway... this is just a good reminder to change your passwords. Most of the info that was apparently accessed is already readily available anyway. The only exception would be your PSN password, which requires changing once the network is back online; according to recent Sony statements.

    The only harm it's really doing to any of us is preventing us from using the service... unless of course you use the exact same user name and password for everything.

    If anything, it's some pirate somewhere that got pissed off when Sony unhacked their system and is now planning to use the information in an attempt to leverage Sony into letting them hack the PS3 again. Really all they're accomplishing is making 77 million+ people want to kill them as they're messing up more than just Sony's income.

    Comment by Anonymous
    11:18 28/04/2011 # ! Neutral (0)

    and yay lag... damn double post... sorry about that -.-

    Avatar of alidan
    Comment by alidan
    12:39 28/04/2011 # ! Neutral (+0.2)

    lag and dp aside, you have a very good point.

    i have identity theft protection
    i use the same password for everything, but have multiple backups incase password leaks, to get major things back like emails, and such
    and i monitor credit card reports, and if a card is used without me knowing, i get a new one, and make a claim.

    all in all this is a minor inconsistence, however parents are freaking the fuck out because of my little brother used their cards and such.

    Comment by Anonymous
    14:40 28/04/2011 # ! Neutral (+0.2)

    Sensible people on Sankaku? I'm impressed!

    There's a Card security code for a reason, you know... The pirates got your card number? Ok... Your DOB? whatever... Your expiration limit too? Don't care...

    Without the Card security code, all they can do is wipe their ass with a useless list, but go ahead and freak out, I just love seeing people running around like a headless chicken...

    Comment by Anonymous
    17:46 30/04/2011 # ! Neutral (0)

    Wrong, First Anonymous. The fact is that most companies WILL put the charges through even if the CVV/CVV2 code is WRONG!

    I personally got that code wrong when I was buying something online ON PURPOSE to see if it went through.... it did!

    Comment by Anonymous
    15:59 28/04/2011 # ! Neutral (0)

    Well just a heads up if you do think you are compromised, check your email forwards. I caught some chinkychink forwarding all my email to some chinatown email address. Homeboy tried to use my google market acct but google blocked it thank god.

    But yeah check your email forwarding and make sure its not altered.

    Comment by Anonymous
    Comment by Marcus
    23:08 27/04/2011 # ! Quality (+0.9)

    Well... shit.

    Comment by Anonymous
    23:33 27/04/2011 # ! Good (+0.7)

    “Frankly I thought it was getting stupid – compulsory net access and registering your credit card just for some game? Can’t we return to the SNES era?”

    couldn't agree more!

    Comment by Anonymous
    00:33 28/04/2011 # ! Good (+0.8)

    I agree even more! lol

    Stop with the "trophies", crappy demos, "freebies", "Home", "Upgrades and patches".... Do we really need all this crap?

    SNES era is the REAL social network.

    Comment by Wisteria Berlitz
    00:33 28/04/2011 # ! Quality (+1.0)

    sometimes,things of the past are better

    Avatar of HouseLife
    Comment by HouseLife
    05:54 28/04/2011 # ! Good (+0.4)

    I disagree in general. People reacting in fear to this isn't a worthwhile thing from which to make choices. I personally like the idea that my trophies can be permanently saved in a network, and there has to be some way to get access to DLC that makes it simple.

    The point is these networks existed as options to the players. And since we're all such blatant pirates, they had to do security to get the money they rightfully deserved for sales of the games that sometimes hundreds of people spent years to make for your enjoyment. Not everything they did is right, of course, and we let them know when it became unacceptable, as we always should. But the problem here is such that they are revealing their business practices to the world. Waiting to tell people, trying to be secretive, all sorts of other things.

    Some of the comments here were more intelligent ideas, like pre-paid cards. But never signing up a card anywhere ever again is nothing but plain fear-based stupidity. Just reset your passwords to something different and keep them written on a sheet of paper in your files in case you forget. Remember paper? The original notepad? ^^

    Comment by Anonymous
    03:41 28/04/2011 # ! Neutral (+0.2)

    "SNES era is the REAL social network."

    Yup, because gamers were still better off going to arcades to play the latest and best games.

    Comment by flood
    01:30 28/04/2011 # ! Neutral (+0.2)

    Meh, the online multiplayer feature for certain games is always the best part of it though.. Uncharted online, MGO, Killzone3, GTA Online, they never get boring, cuz you play with different people every time, unlike offline bots and NPCs.

    Anyway this totally sucks. Just totally totally sucks.

    Avatar of カンチ
    Comment by カンチ
    00:44 28/04/2011 # ! Neutral (+0.2)

    You guys...I think he meant the free downloads. The internet add-on Satellaview. You could watch the WOWOW tv station on it and it allowed weekly downloads of games in episodes or as full games depending on whether the title was new exclusive release, a update of a previous SNES release, a port of a NES game or a SNES remake of a NES game.

    Comment by Anonymous
    05:30 28/04/2011 # ! Neutral (+0.2)

    "Yup, because gamers were still better off going to arcades to play the latest and best games."

    lolno.

    Arcades don't have anything near the SNES's Godly library. Try harder next time. Or get better tastes in games. :/

    Avatar of Gitami
    Comment by Gitami
    03:53 28/04/2011 # ! Neutral (+0.2)

    Actually going out to arcades and meeting people is the social network.

    I hope this spells the end for the other gaming networks with the trophies and all that. Let the secret be easter eggs and not something you have to find so you can get points.

    Avatar of Kitsunemimi6
    Comment by Kitsunemimi6
    09:03 28/04/2011 # ! Neutral (0)

    OMG, I just hope they are still hard at work fixing the shitty mess on their end that this has caused cause I want my DLC at some point in some way...

    Meh, let's just see where this goes...

    Comment by Anonymous

    All I can say is this ...........

    RIIIIIIIIGDDDDDDDDEEEEEEEEEEE RAAAAAAAAACCCCCCEEEEEEEER

    Comment by Anonymous

    All this talk about how awesome the SNES was, what about the Sega Superstar?

    But yeah, Sony are screwed now. Thank Haruhi for the 360 ^^

    Comment by Anonymous
    00:19 28/04/2011 # ! Good (+0.8)

    damn right, gaming companies today are like the soviet union
    they will devise absurd rules (some of which they dont tell you straight or at all) and hammer you in line
    but sooner or later the idiocy always surfaces
    these dedicated company networks used to tie all games and their fans together are tools of coercion and hacker bait
    bon appetit to you sony

    Comment by Anonymous
    03:07 28/04/2011 # ! Quality (+1.0)

    The Soviet Union might want to have some words with you

    Avatar of torappu
    Comment by torappu
    01:59 28/04/2011 # ! Good (+0.4)

    "damn right, gaming companies today are like the soviet union
    they will devise absurd rules (some of which they dont tell you straight or at all) and hammer you in line"

    Like the soviet union? Every country, no matter what their economical/political direction is, do that.

    Comment by Anonymous
    04:52 28/04/2011 # ! Neutral (+0.4)

    I think Soviet Union's data security was much better than this.

    Comment by Anonymous
    15:54 28/04/2011 # ! Neutral (+0.2)

    it probably goes without saying that the senator is only speaking up because his kids bugged him about it, or his card was on there too.

    Comment by Anonymous
    04:45 28/04/2011 # ! Neutral (0)

    @torappu
    of course
    what matters is what the rules are and how they are applied, duh
    game giants treat people the soviet way - like livestock

    Comment by Anonymous
    17:14 28/04/2011 # ! Neutral (0)

    @Anonymous 04:45

    The sad truth is they treat people the capitalist way - like consumers.

    Avatar of Elcachetondelpuro
    Comment by Elcachetondelpuro
    02:25 28/04/2011 # ! Neutral (0)

    Lucky me since I am too cheap to buy a PS3 I won't have any of this troubles ñ_ñ

    Comment by Anonymous
    06:50 28/04/2011 # ! Neutral (+0.2)

    I so much agree to this one too. TO HELL WITH DLC!

    Avatar of BlaqCat
    Comment by BlaqCat
    03:06 28/04/2011 # ! Neutral (+0.2)

    Well, this is a hot mess. At this point I'd just like information on how this all happened. For one thing, they'd verrified that the personal data (birth dates, usernames, passwords, emails) was stolen, but do we actually know they got CC information as well?

    Avatar of Kuraudo
    Comment by Kuraudo
    05:04 28/04/2011 # ! Neutral (0)

    That's the big question, isn't it? I hope this doesn't destroy Sony.

    Avatar of Erin Bushay
    Comment by Erin Bushay
    20:58 28/04/2011 # ! Neutral (0)

    @BlaqCat

    We don't know because all Sony is saying is maybe, so we'll just have to wait for a definitive answer from them. But even without our CC info, just having our passwords is enough. Many, many people use the same password on many different accounts, some of which have saved CC info on them, such as amazon. Even so, I'm sure everyone who does just that have already changed their passwords.

    Avatar of Diemeow23
    Comment by Diemeow23
    10:47 28/04/2011 # ! Neutral (0)

    Is the info up to password codes etc.

    If that's so then the hackers must be scrambling to Amazon

    Comment by Anonymous
    09:23 28/04/2011 # ! Neutral (+0.2)

    In Soviet Russia, CONSOLE BUYS YOU!

    Comment by Anonymous
    00:29 28/04/2011 # ! Neutral (+0.2)

    Yer we want to bring back the old school gaming, you know where you go out and buy a game, and then you play it.

    Comment by Anonymous

    i should have gotten a x box and save myself from this shit fucking japanese cant do shit right and than cover up their screw up what pricks

    Avatar of Riiku
    Comment by Riiku
    23:53 27/04/2011 # ! Good (+0.4)

    Well I'll tell you what have most probably happened - it was an inside job. Like, one of the dumbass employees responsible for security (or having access to the security configuration) had some score with the company and decided "ah fuck, if you're gonna fuck me, I'm gonna fuck you" and basically invited hackers to go through. Or just for fun, I don't know, but I seriously doubt it would be possible without someone on the inside compromising all the security measures.

    Avatar of Gitami
    Comment by Gitami
    03:56 28/04/2011 # ! Good (+0.4)

    Corporate espionage. Any number of Sony competitors could hire someone to do it. See their stocks and working capital crumble, out of court settlements.

    Comment by Anonymous
    00:50 28/04/2011 # ! Neutral (+0.2)

    Why do you think so? We have no idea of what security measures, if any, Sony deployed to protect its customers' data.

    Comment by Anonymous
    04:53 28/04/2011 # ! Neutral (+0.2)

    Actually, it WASN'T an inside job that caused this leak. Sony decided to take out a few features that they believed made the ps3 more capable of being hacked to play pirated games. After that happened, people that frequent the /b/ board on 4chan ( AKA " Anonymous " ) got all pissy about it and started calling for attacks on a grand scale. Basically, a large number of them downloaded and ran a program named Low Orbit Ion Cannon and DDoS'd the Sony PSN servers to get back at Sony ( Though really they were just hurting the customers ) and then some stepped it up by actually taking advantage of the security exceptions caused when something like that happens to a server and hacked it to gain access to the data.

    For all your people out there who want to blame someone, or that are mad: That's fine. But don't blame Sony for being the victim of an attack that opened up security risks. Blame the cunts at 4chan for starting all of it.

    Comment by Anonymous
    06:27 28/04/2011 # ! Neutral (+0.2)

    Notice Anonymous said the group isn't responsible, however its individual members may be responsible.
    Thus, if one is from Anonymous that hacked it on their private discretion, Anonymous as a whole is still at the end of the spear.

    Comment by Anonymous
    16:02 28/04/2011 # ! Neutral (+0.2)

    Oh yeah, just because /b/ claims they didn't do it, they didn't? Please... Also, check my info? So you take the word of a bunch of jackasses that as you say " THRIVE ON DOING THIS SHIT " just because they said " Oh no, we didn't do it "

    Bullshit. I bet it was a group involved in the DDoSing that wanted to take it a step further because HURRDURR NEVARFORGAVENEVARFORGAT.

    Comment by Anonymous
    22:03 28/04/2011 # ! Neutral (0)

    Why are so many anons such hypocritical douchebags? you guys are giving us good-natured anons a bad name..... Insulting "japs" yet here you are on a sight that reports on nothing but. Take a hike.

    Comment by Anonymous

    Uh, hello, Anonymous has already denied responsibility for this. Given that they THRIVE on doing this shit, I'd tend to believe they aren't responsible.

    Yeah, a previous outage on the servers was caused by the 4chan lunatics. This is something else. Check your info before you start ranting.

    Comment by Anonymous

    i agree the japanese cant do shit right all they can do right is take pictures under girls skirt

    Comment by Anonymous

    fucking japs

    Comment by Anonymous
    00:38 28/04/2011 # ! Neutral (+0.2)

    Hey....at the end of the day....It still does everything.

    Comment by Anonymous
    07:07 28/04/2011 # ! Neutral (0)

    It only does everything Sony wants it to do? What happened to backwards compatibility? OS? Not having to install everything? I can deal with longer loading times and still have the majority of my hard drive.

    Avatar of DarkChaplain
    Comment by DarkChaplain
    00:59 30/04/2011 # ! Neutral (+0.2)

    Installing stuff? Go complain to the developers and publishers of these games.
    That decision is not Sony's to make, they simply give the opportunity to do it to improve performance.

    Avatar of Final
    Comment by Final

    Speaking of that; whoever the attacker may be, they now have money like crap. Rumor has it that one full credit card information including address, date of birth and CCV costs $5 to $10. Assume that ten to 20 million of these accounts come with valid credit card information and do the math.
    The fact that Sony seems to store passwords in plain text (or at least using bilateral encoding) is a crime by itself. People are also lazy enough to use the same email address and password for PayPal, eBay and other services. Their policy concerning what personal data they store is worse than the latest iPhone scandal and may even rival Facebook in scope.
    Personally, I doubt that revenge was the motive. May just as well have been money (see above).

    Avatar of Knets
    Comment by Knets
    02:31 28/04/2011 # ! Neutral (+0.2)

    For all we know, the hacker may have done it just for his 'PSN trophy'.

    Comment by Anonymous
    01:09 28/04/2011 # ! Neutral (0)

    money leaves a trail, get a clue. The more they spend the easier it will be to find them. Are you braindead enough to believe on this scale they won't get caught?

    Avatar of Final
    Comment by Final
    01:14 28/04/2011 # ! Neutral (+0.2)

    Are you braindead enough to think that people able to hack the PSN won't also know what to do with the information gathered?

    Comment by Anonymous
    01:55 28/04/2011 # ! Neutral (+0.2)

    Final's right. Not all money dealings could leave a clear trail.

    Comment by Anonymous
    11:32 28/04/2011 # ! Neutral (0)

    Food for thought:
    75,000,000 users data, conservatively each user has 1kb of data, that comes out to 75GB of data. Liberally, I would say each user has 1mb of data, making that 75 terra bytes... So this/these hacker(s) had to download between 75gb and 75tb of data.

    Lets suppose that they have download speeds of 500 mb/s which is slightly above the average in the US (obv the attacker may not have and most likely did not originate in the US, but for the sake of argument...) works out to be between 150 seconds (2.5 minutes) and 150000 seconds (2500 minutes). Again, I would lean away from 1kb per user and more toward 1mb per user, so 2500 minutes, or 41 hours, for the download (assuming the PSN and whatever proxy server the hackers were using are capable of those speeds, and they encountered no issues).

    Avatar of Final
    Comment by Final
    01:23 28/04/2011 # ! Neutral (0)

    First of all, I never said the hackers would get away with it, merely that the information is worth quite a bit. Second, the world isn't as just as you may want it to be. Even if they got busted, the damage done will persist.

    Comment by Anonymous
    01:33 28/04/2011 # ! Neutral (0)

    The people who did the hacking sell off the information in pieces to different people, who then sell that information off the even small people, and possibly once more, until the information is split so far apart and between so many people that it becomes impossible to track down all the data. That is...if the network was hacked to begin with, which to me, there is something way too fishy going on here for this to be a simple hacking.

    Comment by Anonymous
    04:19 28/04/2011 # ! Neutral (0)

    its not that people will use their cc's that most troubling, its that they have a crap load of personal info. Which they can sign up for a new credit card ect with it.

    Comment by Anonymous
    03:44 28/04/2011 # ! Neutral (0)

    "the information isn't going to be worth shit because they blew their cover instead of being covert and getting info without anyone knowing."

    Until yesterday, they had a full week to sell without any card owners or banks knowing anything about it.

    Comment by Anonymous

    do you think PSN's legal team and EVERY SINGLE MAJOR FINANCIAL INSTITUTION will not notice?

    Comment by Anonymous

    No @Final the information isn't going to be worth shit because they blew their cover instead of being covert and getting info without anyone knowing. This incident has caused too many morons to cancel their CC's for no reason.

    When it comes to money, the world is just as it always has been. Money runs the show, and no one fucks with money and makes it out intact. The only persisting damage will be the loss of a handful of stupid ass users from PSN over to other providers that are just as vulnerable.

    Comment by Anonymous

    @Final You're a fucking idiot plain and simple.










    Post Comment »

Popular

Recent News

Recent Galleries

Recent Comments