Just when it seemed the reputation of Japanese industry for leaking things could get no worse, Sony’s loss of as many as 75 million PSN accounts has seen a new and most unwelcome record set, one for which irate consumers and even a US senator are demanding answers for.
US Senator Richard Blumenthal has already written a letter to Sony demanding an explanation as to why Sony tarried in announcing the full scale of the compromise:
I am writing regarding a recent data breach of Sony’s PlayStation Network service. I am troubled by the failure of Sony to immediately notify affected customers of the breach and to extend adequate financial data security protections.
[…]
A breach of such a widely used service immediately raises concerns of data privacy, identity theft, and other misuse of sensitive personal and financial data, such as names, email addresses, and credit and debit card information.
[…]
I am concerned that PlayStation Network users’ personal and financial information may have been inappropriately accessed by a third party.
Compounding this concern is the troubling lack of notification from Sony about the nature of the data breach.
Although the breach occurred nearly a week ago, Sony has not notified customers of the intrusion, or provided information that is vital to allowing individuals to protect themselves from identity theft, such as informing users whether their personal or financial information may have been compromised. Nor has Sony specified how it intends to protect these consumers.
Sony’s handling of the breach may well have violated data protection laws in any number of countries, to say nothing of the lawsuits Sony can now expect, so this may be the tip of the iceberg – little wonder Sony stocks took a modest tumble after the announcement.
No self-respecting Japanese politician would ever be so useful as to publicly demand answers from a misbehaving company, but the Japanese themselves are clearly just as exasperated as everyone else is:
“What have they done!”
“They waited that long to announce it? They just wanted to hold it up till after they announced their tablet. What total scum.”
“Sony is finished!”
“I just had to cancel my card. Fuck you, Sony.”
“The PSN wasn’t just for consoles, it was the basis of their whole corporate strategy… the damage is really huge.”
“They wanted to merge all their products into the PSN… after this they’ll never manage it.”
“Waiting a week to reveal this is just inexcusable.”
“What kind of idiot would give them their card details in the first place?”
“Everyone does that!”
“And they were recording the security number too as I recall… we’re all screwed.”
“Thank god I used a point card instead!”
“Even if you didn’t lose your CC details, the fact that they leaked your whole purchase history is bad enough.”
“They can’t reissue your date of birth…”
“I cancelled my card. I’ll never register it with anyone again. You don’t know when this sort of thing could happen to them. Well, I hope the PS3 survives all the same.”
“Why are these companies so obsessively secretive?”
“After the quake, reactor leak and now the world’s worst data leak, just what is happening to Japan?”
“This is the online equivalent of the great quake.”
“Sony are complete imbeciles if they really let something like this happen.”
“Didn’t they at least encrypt the card details properly?”
“Frankly I thought it was getting stupid – compulsory net access and registering your credit card just for some game? Can’t we return to the SNES era?”
“So now I have to change all my passwords because I have been reusing them everywhere…”
“Any lawsuits are going to be punitive – they are done for.”
“The year’s two great leaks – radiation and personal data.”
“Don’t compare them to Tepco – they are just cute compared to them.”
“To think Sony would end like this…”
“The history of leaks:
2004 – Softbank – 4,500,000
2005 – Visa, Mastercard – 40,000,000
2006 – KDDI – 4,000,000 – AOL – 660,000
2009 – ALICO Japan – 130,000
2010 – AT&T 110,000 –
2011 – SONY – 77,000,000 – Messe Sanoh – 1405”“So who’s planning the class action suit? I want in.”
| 
Dead or Alive Ero-SFM Doubly Dirty
Flying Witch “Cute But Boring…”
Phantasy Star Online 2 Phantastic: “What About the West!?”
Shounen Maid “A Fujoshi Delight”
Terra Formars Live Action Web Drama Announced
Dragon Quest Heroes II Quite Monstrous
KumaMiko Lovingly Innocent
Aqua Onahole Parody Hopefully Moist
A-Size Classmate Profusely Petite
One Day With Maria Raunchy & Romantic
The Reject Demon: Toko Chapter 0 Raises Its Voice
Hai-Furi in Troubled Waters
Star Fox Zero “Pandering To Kids!”
Kiznaiver Shares Its Pain
Love Live’s Koi ni Naritai Aquarium PV “Will Sell Thousands!”
Skimpy Kataigou Figure
Ellen Baker’s Illustrator: “Keep It Clean!”
Bullet Girls 2 Goes At It From All Angles
Sword Art Online: Hollow Realization A Real Grind
Koutetsujou no Kabaneri Immensely Gruesome
Goddess of 2ch “Another Bathing Beauty!”
Tantalizing Hestia Cosplay Busts Out
Kashiwazaki Sena Cosplay Pure & Innocent
Minami Kotori Casino Girl Cosplay Takes No Chances
Shimakaze Cosplay by Ema Sakura
Harley Quinn Cosplay by Miyuko Colorfully Crazy
Sonico Ero-Cosplay by Yuka Hoshikage Super Sexy
Kasugano Sora Bunny Girl Cosplay Absolutely Admirable
Goddess of 2ch: “Barely Legal Beauty!”
Highly Yuri Tenryuu & Tatsuta Cosplay by Garo & Usagi
2004 – Softbank – 4,500,000
2005 – Visa, Mastercard – 40,000,000
2006 – KDDI – 4,000,000 – AOL – 660,000
2009 – ALICO Japan – 130,000
2010 – AT&T 110,000 -
2011 – SONY – 77,000,000 – Messe Sanoh – 1405″
forgot BP, dude.
Information leak =/= oil spill(leak)
Notice how all the listed names are information leaks.
Just saying.
sorry, I was being facetious.
Meh, I just woke up :P
@214
What, did you think I was angry?
Bet geohot did it
Eleriel was just trying to make a puny joke, Take It Easy!!!
Rule of Sankaku: Never really take anyone seriously.
I thought it was "Everything is either the fault of Sony or Aya Hirano"?
Adding 2 more.
2010 to 2011 - Texas exposes addresses & SSNs of 3.5 million residents. "According to Texas State Comptroller, the data wasn't exposed by a hacker or a group of vigilante scriptkiddies—it ended up on a state-controlled public server after having been passed around between various state agencies. The data came from the Teacher Retirement System of Texas, the Texas Workforce Commission, and the Employees Retirement System of Texas, all of whom transferred the data unencrypted (against state policy) between January and May of 2010. The information was only discovered on the public server on March 31, 2011, meaning it has been available for almost a year."
2011 - Epsilon email services breach (used by big names like, J.P. Morgan Chase, Capital One, US Bank, TiVo, Best Buy, McKinsey, Marriott, Kroger, Walgreen's, Disney Destinations, the US College Board, and roughly 2,500 others). Epsilon refused to comment on the number of affected individuals.
Well... shit.
“Frankly I thought it was getting stupid – compulsory net access and registering your credit card just for some game? Can’t we return to the SNES era?”
couldn't agree more!
damn right, gaming companies today are like the soviet union
they will devise absurd rules (some of which they dont tell you straight or at all) and hammer you in line
but sooner or later the idiocy always surfaces
these dedicated company networks used to tie all games and their fans together are tools of coercion and hacker bait
bon appetit to you sony
"damn right, gaming companies today are like the soviet union
they will devise absurd rules (some of which they dont tell you straight or at all) and hammer you in line"
Like the soviet union? Every country, no matter what their economical/political direction is, do that.
Lucky me since I am too cheap to buy a PS3 I won't have any of this troubles ñ_ñ
The Soviet Union might want to have some words with you
@torappu
of course
what matters is what the rules are and how they are applied, duh
game giants treat people the soviet way - like livestock
I think Soviet Union's data security was much better than this.
it probably goes without saying that the senator is only speaking up because his kids bugged him about it, or his card was on there too.
@Anonymous 04:45
The sad truth is they treat people the capitalist way - like consumers.
Yer we want to bring back the old school gaming, you know where you go out and buy a game, and then you play it.
I agree even more! lol
Stop with the "trophies", crappy demos, "freebies", "Home", "Upgrades and patches".... Do we really need all this crap?
SNES era is the REAL social network.
sometimes,things of the past are better
You guys...I think he meant the free downloads. The internet add-on Satellaview. You could watch the WOWOW tv station on it and it allowed weekly downloads of games in episodes or as full games depending on whether the title was new exclusive release, a update of a previous SNES release, a port of a NES game or a SNES remake of a NES game.
Meh, the online multiplayer feature for certain games is always the best part of it though.. Uncharted online, MGO, Killzone3, GTA Online, they never get boring, cuz you play with different people every time, unlike offline bots and NPCs.
Anyway this totally sucks. Just totally totally sucks.
All I can say is this ...........
RIIIIIIIIGDDDDDDDDEEEEEEEEEEE RAAAAAAAAACCCCCCEEEEEEEER
"SNES era is the REAL social network."
Yup, because gamers were still better off going to arcades to play the latest and best games.
Actually going out to arcades and meeting people is the social network.
I hope this spells the end for the other gaming networks with the trophies and all that. Let the secret be easter eggs and not something you have to find so you can get points.
"Yup, because gamers were still better off going to arcades to play the latest and best games."
lolno.
Arcades don't have anything near the SNES's Godly library. Try harder next time. Or get better tastes in games. :/
I disagree in general. People reacting in fear to this isn't a worthwhile thing from which to make choices. I personally like the idea that my trophies can be permanently saved in a network, and there has to be some way to get access to DLC that makes it simple.
The point is these networks existed as options to the players. And since we're all such blatant pirates, they had to do security to get the money they rightfully deserved for sales of the games that sometimes hundreds of people spent years to make for your enjoyment. Not everything they did is right, of course, and we let them know when it became unacceptable, as we always should. But the problem here is such that they are revealing their business practices to the world. Waiting to tell people, trying to be secretive, all sorts of other things.
Some of the comments here were more intelligent ideas, like pre-paid cards. But never signing up a card anywhere ever again is nothing but plain fear-based stupidity. Just reset your passwords to something different and keep them written on a sheet of paper in your files in case you forget. Remember paper? The original notepad? ^^
All this talk about how awesome the SNES was, what about the Sega Superstar?
But yeah, Sony are screwed now. Thank Haruhi for the 360 ^^
OMG, I just hope they are still hard at work fixing the shitty mess on their end that this has caused cause I want my DLC at some point in some way...
Meh, let's just see where this goes...
Well, this is a hot mess. At this point I'd just like information on how this all happened. For one thing, they'd verrified that the personal data (birth dates, usernames, passwords, emails) was stolen, but do we actually know they got CC information as well?
That's the big question, isn't it? I hope this doesn't destroy Sony.
Is the info up to password codes etc.
If that's so then the hackers must be scrambling to Amazon
@BlaqCat
We don't know because all Sony is saying is maybe, so we'll just have to wait for a definitive answer from them. But even without our CC info, just having our passwords is enough. Many, many people use the same password on many different accounts, some of which have saved CC info on them, such as amazon. Even so, I'm sure everyone who does just that have already changed their passwords.
I so much agree to this one too. TO HELL WITH DLC!
In Soviet Russia, CONSOLE BUYS YOU!
i should have gotten a x box and save myself from this shit fucking japanese cant do shit right and than cover up their screw up what pricks
Speaking of that; whoever the attacker may be, they now have money like crap. Rumor has it that one full credit card information including address, date of birth and CCV costs $5 to $10. Assume that ten to 20 million of these accounts come with valid credit card information and do the math.
The fact that Sony seems to store passwords in plain text (or at least using bilateral encoding) is a crime by itself. People are also lazy enough to use the same email address and password for PayPal, eBay and other services. Their policy concerning what personal data they store is worse than the latest iPhone scandal and may even rival Facebook in scope.
Personally, I doubt that revenge was the motive. May just as well have been money (see above).
money leaves a trail, get a clue. The more they spend the easier it will be to find them. Are you braindead enough to believe on this scale they won't get caught?
Are you braindead enough to think that people able to hack the PSN won't also know what to do with the information gathered?
do you think PSN's legal team and EVERY SINGLE MAJOR FINANCIAL INSTITUTION will not notice?
First of all, I never said the hackers would get away with it, merely that the information is worth quite a bit. Second, the world isn't as just as you may want it to be. Even if they got busted, the damage done will persist.
No @Final the information isn't going to be worth shit because they blew their cover instead of being covert and getting info without anyone knowing. This incident has caused too many morons to cancel their CC's for no reason.
When it comes to money, the world is just as it always has been. Money runs the show, and no one fucks with money and makes it out intact. The only persisting damage will be the loss of a handful of stupid ass users from PSN over to other providers that are just as vulnerable.
The people who did the hacking sell off the information in pieces to different people, who then sell that information off the even small people, and possibly once more, until the information is split so far apart and between so many people that it becomes impossible to track down all the data. That is...if the network was hacked to begin with, which to me, there is something way too fishy going on here for this to be a simple hacking.
Final's right. Not all money dealings could leave a clear trail.
"the information isn't going to be worth shit because they blew their cover instead of being covert and getting info without anyone knowing."
Until yesterday, they had a full week to sell without any card owners or banks knowing anything about it.
its not that people will use their cc's that most troubling, its that they have a crap load of personal info. Which they can sign up for a new credit card ect with it.
@Final You're a fucking idiot plain and simple.
Food for thought:
75,000,000 users data, conservatively each user has 1kb of data, that comes out to 75GB of data. Liberally, I would say each user has 1mb of data, making that 75 terra bytes... So this/these hacker(s) had to download between 75gb and 75tb of data.
Lets suppose that they have download speeds of 500 mb/s which is slightly above the average in the US (obv the attacker may not have and most likely did not originate in the US, but for the sake of argument...) works out to be between 150 seconds (2.5 minutes) and 150000 seconds (2500 minutes). Again, I would lean away from 1kb per user and more toward 1mb per user, so 2500 minutes, or 41 hours, for the download (assuming the PSN and whatever proxy server the hackers were using are capable of those speeds, and they encountered no issues).
For all we know, the hacker may have done it just for his 'PSN trophy'.
Well I'll tell you what have most probably happened - it was an inside job. Like, one of the dumbass employees responsible for security (or having access to the security configuration) had some score with the company and decided "ah fuck, if you're gonna fuck me, I'm gonna fuck you" and basically invited hackers to go through. Or just for fun, I don't know, but I seriously doubt it would be possible without someone on the inside compromising all the security measures.
Why do you think so? We have no idea of what security measures, if any, Sony deployed to protect its customers' data.
Corporate espionage. Any number of Sony competitors could hire someone to do it. See their stocks and working capital crumble, out of court settlements.
Actually, it WASN'T an inside job that caused this leak. Sony decided to take out a few features that they believed made the ps3 more capable of being hacked to play pirated games. After that happened, people that frequent the /b/ board on 4chan ( AKA " Anonymous " ) got all pissy about it and started calling for attacks on a grand scale. Basically, a large number of them downloaded and ran a program named Low Orbit Ion Cannon and DDoS'd the Sony PSN servers to get back at Sony ( Though really they were just hurting the customers ) and then some stepped it up by actually taking advantage of the security exceptions caused when something like that happens to a server and hacked it to gain access to the data.
For all your people out there who want to blame someone, or that are mad: That's fine. But don't blame Sony for being the victim of an attack that opened up security risks. Blame the cunts at 4chan for starting all of it.
Uh, hello, Anonymous has already denied responsibility for this. Given that they THRIVE on doing this shit, I'd tend to believe they aren't responsible.
Yeah, a previous outage on the servers was caused by the 4chan lunatics. This is something else. Check your info before you start ranting.
Notice Anonymous said the group isn't responsible, however its individual members may be responsible.
Thus, if one is from Anonymous that hacked it on their private discretion, Anonymous as a whole is still at the end of the spear.
Oh yeah, just because /b/ claims they didn't do it, they didn't? Please... Also, check my info? So you take the word of a bunch of jackasses that as you say " THRIVE ON DOING THIS SHIT " just because they said " Oh no, we didn't do it "
Bullshit. I bet it was a group involved in the DDoSing that wanted to take it a step further because HURRDURR NEVARFORGAVENEVARFORGAT.
fucking japs
i agree the japanese cant do shit right all they can do right is take pictures under girls skirt
Why are so many anons such hypocritical douchebags? you guys are giving us good-natured anons a bad name..... Insulting "japs" yet here you are on a sight that reports on nothing but. Take a hike.
Hey....at the end of the day....It still does everything.
It only does everything Sony wants it to do? What happened to backwards compatibility? OS? Not having to install everything? I can deal with longer loading times and still have the majority of my hard drive.
Installing stuff? Go complain to the developers and publishers of these games.
That decision is not Sony's to make, they simply give the opportunity to do it to improve performance.