PlayStation’s official Twitter (and Facebook) was recently hijacked by a hacking group, though despite the expectations of most, it was performed by one possessing “ethical standards” – with the situation seemingly being nowhere near in scope to the catastrophic hacking back in 2011 that saw to the loss of over 25 million accounts.
The official website for the hacking group claims that their purpose is to showcase the vulnerabilities of networks while helpfully providing their victims with tips on how to improve their security; the group additionally states that it has no bad intentions (not that that would make victims trust them), if such a reassurance is worth much.
The hacking group posted several messages on PlayStation’s Twitter that have since been deleted:
PlayStation Network Databases leaked #OurMine
Subscribe to #DramaAlert
No, we aren’t going to share it, we are a security group, if you works at Playstation then please go to our website ourmine.org – > Contact
Naturally many are skeptical (as well as unimpressed) about their claim of having access to the PSN databases as it seems unlikely that such access could be acquired from a mere social media account (although getting social media access via a database might be slightly more plausible):
“that why ps on youtube have been posting video on how to secure your ID all day hahahah”
“For fuck’s sake. Get your shit together Sony”
“If dudes like this were truly “ethical”, they’d become actual cyber threat assessors instead of hiding behind TOR or whatever the hell they do to stay secret.”
“All these hackers do is just piss of the gaming population”
“Bunch of pathetic morons had nothing better to do today, I guess”
“So…what this all amounts to is “Sony’s security sucks”. In other news, water is wet.”
“Less morally wrong than the eBay scalpers selling Xbox One Xs for 2x+ msrp already IMO.”
“Oh no, a Twitter account got hacked. Big whoop. If they hacked the database, they wouldn’t be telling us they hacked the database.”
“I can’t believe people are flipping out over this, hacking a twitter account is significantly easier than hacking xboxlive or psn, there is no need to start talking sh*t about sony for the hack that happened half a decade ago.”
The group is already notorious for hacking several individuals, including Pokemon Go creator John Hanke, Twitter co-founder Jack Dorsey and Google CEO Sundar Pichai, though their tendency to merely hijack social media accounts (a matter of gullible staff and pathetic password security in many cases) may leave many nonplussed.
Hacking Dorsey didn’t reveal anything of his evil plans to destroy the world?
I don’t get it. Say my password is password123. Are you saying you can brute force a password in this day and age?
I don’t see how a connection that tries to log in 21 billion times a second can be allowed to continue to make requests. If they didn’t hack it by brute force, why claim poor passwords are relevant?
The hackers do not take one account and try to brute force its password, what they do instead is to use one password and try to match every account. If your password is “password123”, then your account will be hacked very early in the process.
The average hacker only wants a large number of hacked accounts, he would not care whether they can hack any particular account.
Yes you can brute force passwords in this day and age. Alaktorn shows the usual way of doing this.
I believe you need atleast a password with 22+ characters (with special characters) these days to be relatively save from bruteforce hacks.
Na I don’t think that’s possible, if you try too many passwords everything should stop you nowadays. The way bruteforcing passwords works as far as I know requires you to have the database of hashes for the passwords. So you know user x’s password creates the hash y, then you bruteforce pwds on your own system until you find one that matches the hash, then you have the password. This video shows this being done IIRC: https://www.youtube.com/watch?v=7U-RbOKanYs
Though there are multiple ways of storing passwords, hashing is like the weakest type of protection (well not really but anything less should get the dude who implemented it killed)… I’m nowhere near an expert on the subject but that’s what I think I know.
You can Bruteforce without a database of hashes.
You can just use a dictionary and try it. Sure it is slow but it does work.
The last one I saw was 900 million most common passwords. And it does work friends still use RATs to mass test logins and they find 10s of thousands still easily.
It is clear people don’t understand the strength of passwords and alot seem to use 1 password for everything. Some even store their passwords on their email in a Draft. People are stupid.
Weakest link in security is ALWAYS the user.
Thank you for the explanation. ?
Easily done if they have the database as they claim.