×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Sony Breach Gets Worse: 24.6 Million Compromised Accounts At SOE

Soulskill posted more than 2 years ago | from the over-100-million-served dept.

Sony 242

An anonymous reader writes with an update to yesterday morning's news that Sony Online Entertainment's game service was taken offline to investigate a potential data breach related to the PSN intrusion. SOE has now said that they too suffered a major theft of user data. "... personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007. The information from the outdated database that may have been stolen includes approximately 12,700 non-US credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

242 comments

Just wondering (1)

foma84 (2079302) | more than 2 years ago | (#36009140)

Is it that they are so unprepared that they didn't know it until today, or were so diabolic that they didn't tell anyone yet? Just feeling great for not having ANY money on the net.

Re:Just wondering (1)

Dunbal (464142) | more than 2 years ago | (#36009160)

The only money I have on the 'net is the money I have given to my stock broker. So in theory I am "safe", having given my money to the biggest thief of all!

Re:Just wondering (4, Insightful)

houstonbofh (602064) | more than 2 years ago | (#36009182)

All of those folks who decided to boycott Sony over any one of the rootkit fiascoes should be feeling a bit superior right now.

Re:Just wondering (1)

Anrego (830717) | more than 2 years ago | (#36009202)

I've actually seen a surprisingly lack of "I told you so". I figured it would be every second comment at this point...

Re:Just wondering (0)

Anonymous Coward | more than 2 years ago | (#36009224)

Yeah, I think its because a lot of people boycott sony music but still buy a ps3 because 'theyre not the same company'.

They treat their customers the same.

Re:Just wondering (2)

Tsingi (870990) | more than 2 years ago | (#36009262)

I've actually seen a surprisingly lack of "I told you so". I figured it would be every second comment at this point...

LOL! I'm with you there. I have a PS3, I plugged it into the net. Halfway through reading the Sony online licence agreement I unplugged it vowing never to plug it in again. I don't recall what it was that set me off exactly, it was years ago, but I haven't changed my mind.

A journalist friend of mine has suggested the possibility that Sony is staging this "hacker" attack as a fortuitous propaganda stunt to make hackers look bad and possibly cover up a real infrastructure problem caused by Sony itself.

Can't say it doesn't sound reasonable, after all, they are capable of writing and distributing viruses.

Re:Just wondering (2)

kannibal_klown (531544) | more than 2 years ago | (#36009756)

A journalist friend of mine has suggested the possibility that Sony is staging this "hacker" attack as a fortuitous propaganda stunt to make hackers look bad and possibly cover up a real infrastructure problem caused by Sony itself.

While it makes *some* sense, I don't buy it.

My feeling is that this whole fiasco is hurting Sony's bottom line more than the whole hacker-awareness / scapegoat thing could even provide in the long-term.

They're losing a lot of customer trust and customer loyalty, and I have to assume this is hurting their stock price. Once is a shame, twice (so close together) is a disaster.

While it's true that companies probably want to shine a large spot-light on hackers, identity theft, etc there has to be some risk management. If this were true, then Sony is performing a kamikaze with way too many aspects to be worth it even in the long term.

Re:Just wondering (2)

torgis (840592) | more than 2 years ago | (#36009930)

A journalist friend of mine has suggested the possibility that Sony is staging this "hacker" attack as a fortuitous propaganda stunt to make hackers look bad and possibly cover up a real infrastructure problem caused by Sony itself.

While it makes *some* sense, I don't buy it.

Agreed. It just does not sound plausible. Sometimes it's fun to attribute stuff like this to some scheming corporate overlord, sometimes what appears to be poorly handled public relations nightmare is, in fact, a poorly handled public relations nightmare.

Re:Just wondering (1)

Tsingi (870990) | more than 2 years ago | (#36010256)

Agreed. It just does not sound plausible. Sometimes it's fun to attribute stuff like this to some scheming corporate overlord, sometimes what appears to be poorly handled public relations nightmare is, in fact, a poorly handled public relations nightmare.

I was suggesting that Sony might be using this story to cover up another problem, and so cash out on the propaganda, not that they specifically creating this problem to attack hackers. I agree that that would be overboard and unrealistic.

Re:Just wondering (5, Interesting)

delinear (991444) | more than 2 years ago | (#36009690)

I'm one of those who have been boycotting Sony since the rootkit fiasco but I'm not going to get preachy about it. For me, it's not some kind of crusade to get them to mend their ways or die, it's actually rather pure self-interest - I just know that they can't screw me over. I do wish a few more people would take note and Sony would mend their ways as a reaction. They used to be a decent company, their hardware was always top notch and I loved the PS1, it's just a bit sad to see them go down this route of profit above all.

Re:Just wondering (1)

Jawnn (445279) | more than 2 years ago | (#36009762)

I've actually seen a surprisingly lack of "I told you so". I figured it would be every second comment at this point...

Complete waste of time. We said it. Everyone knows it. Why bother to observe the obvious.
Oh, wait... You mean the network and security engineers at Sony who had been telling their bosses the needed a realistic budget for security. Yeah, I'd have expected those poor saps to have gone public by now.

Re:Just wondering (1)

ilsaloving (1534307) | more than 2 years ago | (#36010258)

That's because there's no point. People continue to buy Sony despite their antics. Those of us who know better avoid sony like a plague, and then watch, wait, and roll our eyes as another batch of people get screwed over.

Re:Just wondering (1)

Inda (580031) | more than 2 years ago | (#36009274)

Thanks! I do feel superior because of my purchasing habits!

I am slightly concerned about my Xbox Live account - it's only a matter of time, ay?

Re:Just wondering (1)

HAKdragon (193605) | more than 2 years ago | (#36009586)

As an owner of both the PS3 and 360, I called my bank and canceled my card last week, just in case. What really irratates me is that, at least through the web interface, you can not remove your credit card information from Microsoft's billing services - at least with an active Live Gold membership (depsite the fact the Live Gold account is already paid for)

Re:Just wondering (1)

torgis (840592) | more than 2 years ago | (#36009950)

As an owner of both the PS3 and 360, I called my bank and canceled my card last week, just in case. What really irratates me is that, at least through the web interface, you can not remove your credit card information from Microsoft's billing services - at least with an active Live Gold membership (depsite the fact the Live Gold account is already paid for)

I noticed that too and it really irritates me. You have to call their customer service number and jump through a ton of hoops to unsubscribe, while they try to talk you into paying for additional time. It was actually easier for me to just cancel my credit card - I try to cycle through a few per year anyway for reasons such as this.

Re:Just wondering (1)

BLKMGK (34057) | more than 2 years ago | (#36010182)

Yup, and they will autorenew you too - even if the expiration on the card has passed. Yes, they did it to me! The card is now long gone and so is my "gold" membership and I doubt I'll ever buy another after the experience I had trying to cancel this one. Thankfully Sony doesn't have any such details from me...

Re:Just wondering (2)

samjam (256347) | more than 2 years ago | (#36010222)

Cancelling your card is NOT the same as cancelling the service that you way paying for with the card.

They may just send the debt collectors around instead.

if you want to cancel a service, make sure you do just that. Cancelling the card is good too, in case they don't manage to stop taking payments, but it's not a substitute.

Re:Just wondering (1)

torgis (840592) | more than 2 years ago | (#36010338)

Cancelling your card is NOT the same as cancelling the service that you way paying for with the card.

They may just send the debt collectors around instead.

if you want to cancel a service, make sure you do just that. Cancelling the card is good too, in case they don't manage to stop taking payments, but it's not a substitute.

Depending on the service, this is true. But I haven't heard from them in about 9 years so canceling the card must have done the trick.

Re:Just wondering (2)

jhoegl (638955) | more than 2 years ago | (#36009674)

So is death, what is your point?
Be Aware, Protect, Defend. This has not changed since Man has become self aware.

Re:Just wondering (1)

marcello_dl (667940) | more than 2 years ago | (#36009398)

Last sony product I owned is a second hand trinitron, but there's nothing to feel superior about.
With sony rootkit, the consumers were screwed. With this fiasco the consumers were screwed, and most of them don't know what a rootkit or an otheros is.

Re:Just wondering (5, Interesting)

gclef (96311) | more than 2 years ago | (#36009404)

I haven't done business with Sony Online Entertainment at all for over a decade, and I'm apparently effected. I subscribed to Everquest way back in the day, but dropped somewhere around 2001. I just yesterday got an email from them that my personal information had been lost. So, don't feel so superior...even if you started boycotting them over the rootkits, they kept your information from before then, and then lost it to hackers.

Re:Just wondering (0)

Anonymous Coward | more than 2 years ago | (#36009712)

I got the same email, though I thought it was a scam at first. Til i read through and saw it affected everquest. I never considered they kept my info after I stopped everquest back in 2001 as well. Its been over 10 years, and that info was still easily accessible is strange. Considering most other offline stuff from back then is nigh lost to time. The internet really does never forget. God forbid you screw up or get pegged with a bad rap these days. You can't even move and start again.

Re:Just wondering (1)

torgis (840592) | more than 2 years ago | (#36009984)

Hah! I have an ancient email account I still check once in a while and I got the same notice. I haven't played Everquest since late 2000 or early 2001. Fortunately the only thing they have that's still the same is my name and that old email address. Everything else (credit cards, address, etc...) has changed multiple times since then.

Re:Just wondering (2)

HAKdragon (193605) | more than 2 years ago | (#36009604)

Of course they are! The only thing that out numbers Slashdot community member's tin foil hats is their feeling of superiority and smugness! (I'm only half joking)

I Don't give a flying.... (0)

Anonymous Coward | more than 2 years ago | (#36010264)

I haven't bought anything from Sony since 1981 when I bought one of their XR-25 car stereos and it turned out to be a piece of crap.

And even after this latest fiasco, my give-a-fuck meter is still pegged on zero.

Re:Just wondering (-1, Flamebait)

Anonymous Coward | more than 2 years ago | (#36009382)

Like you have any clue what goes on inside a huge business like Sony, or their reasons for slowly releasing the information. Don'tcha think maybe they are double/triple checking the information before releasing to the public? Remove head from ass.

I'm one of the PSN account holders, I'm not mad, shit happens. Seems to mainly be just the anti-Sony dumbfucks that are raising hell about it.

Re:Just wondering (0)

Anonymous Coward | more than 2 years ago | (#36009430)

Do you have any money in a bank account? Most, if not all, the local banks here have web accounts.

Tin cans buried in gardens for maximum security!

Re:Just wondering (0)

Anonymous Coward | more than 2 years ago | (#36009452)

Just that they were inept. http://toolbar.netcraft.com/site_report?url=http://station.sony.com shows the main SOE hacked site.

Apache 2.2.3 is uhhhhh vulnerable enough that a schoolkid could hack it.

Re:Just wondering (1)

Anonymous Coward | more than 2 years ago | (#36009800)

Apache 2.2.3 is also the version provided with Red Hat Enterprise Linux 5 and would be fully patched if the admins installed all the updates.

Re:Just wondering (4, Insightful)

erroneus (253617) | more than 2 years ago | (#36010008)

I would lay my bet on "Sony doesn't want to tell anyone how bad it is" until they are required to do so. This is very much the same pattern of behavior we see with the Fukushima nuclear plant. Please believe me when I say that this behavior is quite typical of Japanese companies. It is not "diabolical" as you may think but is instead considered "wise" not to share information that is not required and may be potentially damaging to the company.

But to Sony I say "FEAR YOUR CUSTOMERS." You are not in control as much as you seem to think you are. They control the dollars in their pockets (though not necessarily those in their bank or credit accounts as you well know) and they choose what they buy from you. And when you make them angry, and you never know exactly who are are making angry, these anonymous customers, you just might make some who are dangerous to you very angry in the process.

I am guessing that this is a very focused attack on Sony. Was it because of their shoddy products? Their involvement in the recording industry? Their abuse of customers in general? It could be any or all of these things or more. So yeah, Sony... you forgot "the customer is always right" and that happy customers are your best customers.

And if other companies haven't figured out by now, "you are next" if you don't start taking care of your customers and keep abusing them as you do. I am speaking to AT&T, Verizon and any other company that is known for being abusive to customers. Just wait and see.

I'm just glad I pulled away from Sony so long ago. I didn't have much if any data at risk this time around, so I'm good to go for now. It's all good entertainment for me at the moment.

Re:Just wondering (0)

Anonymous Coward | more than 2 years ago | (#36010484)

But to Sony I say "FEAR YOUR CUSTOMERS."

wow man that's harsh. you're saying that if a company doesn't give you good customer service, then somebody will hack the company, steal millions of account records, and cause millions if not more in damages and lost business? Walmart gave me the shaft once. Perhaps I should get together with my friends, smash the plate glass, and torch the place.

And don't tell me it's not the same thing. The only difference is the sony attack is orders of magnitude more expensive.

Cue the FBI in 3, 2, 1...

See (1)

Dunbal (464142) | more than 2 years ago | (#36009152)

This is what happens when someone manages to jump the fence of your "walled garden".

Re:See (0)

Anonymous Coward | more than 2 years ago | (#36009186)

This is what happens when someone manages to jump the fence of your "walled garden".

Hilarity ensues? ;)

I'm likely among those whose accounts got leaked by SOE but I still find the whole affair pretty entertaining.

They are upset... (5, Insightful)

houstonbofh (602064) | more than 2 years ago | (#36009170)

They are just pissed that somebody stole a lot of personal data, and took over a bunch of computer systems, and it wasn't them.

Re:They are upset... (-1)

Anonymous Coward | more than 2 years ago | (#36009246)

Who cares? Show us bin Douchebag's exploded cabeza!!!

Re:They are upset... (1)

torgis (840592) | more than 2 years ago | (#36010026)

They are just pissed that somebody stole a lot of personal data, and took over a bunch of computer systems, and it wasn't them.

To quote a great man:

"They wanted to dominate the world. Bullshit! That's our fuckin' job!"

Best Practices (5, Insightful)

Anonymous Coward | more than 2 years ago | (#36009184)

Hey guys, let's keep around credit/debit card billing data from 2007 all online. Deleting it after 6 months of inactivity could hurt sales!11! There's no cost to keeping it around, nothing that would pass an accountant anyway. Let's pay ourselves a bonus for our forward thinking.

Re:Best Practices (2, Interesting)

mwvdlee (775178) | more than 2 years ago | (#36009392)

It's probably tax laws requiring them to hang on to all financial transaction details for a number of years.

Re:Best Practices (4, Insightful)

capnkr (1153623) | more than 2 years ago | (#36009484)

They could *easily* do that in a manner which did not allow for the data to be 'net accessible, and therefore exploitable or fairly easily stolen if their network system became compromised. They could have kept it on non-networked (or non-running) machines, external/removable digital storage, dead-tree hardcopies in a file drawer or stack of boxes... There's no need to have that sort of data instantly - or even very easily - available.

Re:Best Practices (1)

Jawnn (445279) | more than 2 years ago | (#36009794)

It's probably tax laws requiring them to hang on to all financial transaction details for a number of years.

No, it isn't. Think harder...

Re:Best Practices (0)

Anonymous Coward | more than 2 years ago | (#36009824)

bs

Re:Best Practices (1)

atisss (1661313) | more than 2 years ago | (#36009476)

well, it wouldn't bother me if they had my credit card number from 2007. Most credit cards have validity of couple years, so I would have changed them already.

Re:Best Practices (1)

Dunbal (464142) | more than 2 years ago | (#36009664)

Er, the credit card number does not change when your card is renewed. Only the expiration date and the security number do. The expiry date can probably be worked out, and that just means they have to guess a 3 (or 4 depending on the company) digit security number.

Re:Best Practices (0)

Anonymous Coward | more than 2 years ago | (#36009870)

Mine have always changed each time although just the last 4 digits.

Re:Best Practices (1)

Bengie (1121981) | more than 2 years ago | (#36009872)

mine changed(bank card anyway).. boo-yaa. I use a credit union and they keep up to date with lots of security stuff.

Heck, they even have their own numbering system for IDs as not to ask for your SSN/last-4, except in private rooms with an employee.

Re:Best Practices (1)

ProppaT (557551) | more than 2 years ago | (#36010310)

There's a number of websites, including Amazon.com, that have a crapload of old expired credit cards of mine on file. I don't care, they're expired and I'm too lazy to delete them. On the plus side, they also have all of my addresses from the past 10 years stored...which has actually been a life saver in the past when I couldn't remember an old address :p

How far back does it go? This far... 8 years (5, Interesting)

Anonymous Coward | more than 2 years ago | (#36009220)

I haven't played everquest since 2002 and I got a notice. Luckily for me all that credit card information is outdated and wrong. Event the mailing address is wrong. How someone was able to access this data is beyond me. I cannot, for any reason, think of any justification Sony could have to store something in a manner that a developer could access at this level.

Sony is going to have one hell of a class action lawsuit in it's hands.

Re:How far back does it go? This far... 8 years (1)

nedlohs (1335013) | more than 2 years ago | (#36009768)

Nothing except my name (and date of birth if they have that) is the same as in 2002. Heck I've moved countries and changed citizenship since then...

But a lawsuit is interesting from the perspective of required arbitration being ruled valid recently. If the EULA in question is that old, and you are no longer a subscriber would something like this now be covered by it?

Re:How far back does it go? This far... 8 years (1)

Tei (520358) | more than 2 years ago | (#36010188)

Developers? no, that database was probably a backup somewhere inside some computer on the network, so the attacked managed to get shell inside PSN, and from there open other systems, included this database one.

Password (4, Insightful)

ifrag (984323) | more than 2 years ago | (#36009236)

At this point, I'm almost surprised the password wasn't stored in plain text. Then again, given the magnitude of the breach, I'm betting on it not being very hard to break the hashed password.

Re:Password (1)

mwvdlee (775178) | more than 2 years ago | (#36009400)

I'm assuming Sony just invalidated all passwords after the breach and disallowed passwords with the same hash as the previous one?

Re:Password (-1)

Anonymous Coward | more than 2 years ago | (#36009528)

See, that would be all fine and well, but retards who sign up to things tend to use the same password because they tend to have the vocabulary of a 10 year old.
Actually, scratch that, 10 year olds have a better vocabulary than most of those people.

So, while the passwords will be nulled, the passwords for other services outside the control of Sony will still be the same.
And usually, if the e-mail address is their main one they signed up to, and the one they use for everything, they will most likely be completely fucked as they will certainly have links to accounts on other sites through that.
Quick search for financial related records, bham, done. Then if the abusers feel like spreading more damage, social networking sites, activate spam bot, more idiots clicking links because "oh, my friend is trustworthy and not an idiot, right?" cleeeeek, welcome to the botnet.

Idiots should be banned from computers, from anything, in fact. Of course, it won't happen anyway. There is too much money in idiots being idiots.

Re:Password (0)

Anonymous Coward | more than 2 years ago | (#36009948)

Whether Sony invalidated the passwords is not the issue.

The problem is that a significant number of people use the same password for everything ...

Re:Password (1)

torgis (840592) | more than 2 years ago | (#36010082)

I'm assuming Sony just did nothing after the breach and allowed passwords with the same hash as the previous one?

Fixed that for ya.

Re:Password (0)

Anonymous Coward | more than 2 years ago | (#36010204)

No. That would be professional.

Re:Password (1)

torgis (840592) | more than 2 years ago | (#36010056)

At this point, I'm almost surprised the password wasn't stored in plain text. Then again, given the magnitude of the breach, I'm betting on it not being very hard to break the hashed password.

I would be very surprised if it were actually even hashed properly. Probably using a tried and true password protection scheme called ROT-13.

Dear Sony Infiltrator... (5, Funny)

daitengu (172781) | more than 2 years ago | (#36009244)

If the person who stole the SOE accounts could get in contact with me, I've been trying to reset my SOE password for 2 months now, and it hasn't worked. Could you tell me what my password is?

Re:Dear Sony Infiltrator... (0)

Anonymous Coward | more than 2 years ago | (#36009408)

Here you go: *******

- Cthon98

Re:Dear Sony Infiltrator... (1)

equex (747231) | more than 2 years ago | (#36009552)

The password is hunter2.

Re:Dear Sony Infiltrator... (0)

Anonymous Coward | more than 2 years ago | (#36009704)

The password is *******.

that's not helpful at all. I only see a bunch of *

Re:Dear Sony Infiltrator... (0)

Anonymous Coward | more than 2 years ago | (#36010092)

That must be your Slashdot password. All I see is *******

I think it's a Slashdot security feature. It's the same when I type my password: **********

Re:Dear Sony Infiltrator... (0)

Anonymous Coward | more than 2 years ago | (#36010466)

That's funny, I use that password on my luggage!

Re:Dear Sony Infiltrator... (0)

Anonymous Coward | more than 2 years ago | (#36010512)

All I can see at this end is *******

Something about Windows AV stripping passwords out of outbound packets.

See I'll just type my password plaintext and all you see is stars.

***********

anyone else want to try?

Re:Dear Sony Infiltrator... (0)

Anonymous Coward | more than 2 years ago | (#36010240)

JOSHUA

A lesson for companies (1, Redundant)

modzer0 (1366073) | more than 2 years ago | (#36009258)

Moral of the story is to not piss of a very capable hacker community buy going after their heroes.

Re:A lesson for companies (0)

Anonymous Coward | more than 2 years ago | (#36009290)

If Geohot is anyones hero I feel sorry for them

Re:A lesson for companies (3, Interesting)

foma84 (2079302) | more than 2 years ago | (#36009364)

This is very wrong. As far as anyone can know there is no correlation between the GeoHot affair and this one. Also if that personal data is exposed it'd harm large parts of that same comunity. Unless this id theft was organized only to prove a point (which is very very unlikely imo), this is no more that a plain theft. As in made by criminals. Only upside is that it exposed security issues, maybe as a lesson for the future. Or maybe not.

Re:A lesson for companies (1)

Aladrin (926209) | more than 2 years ago | (#36009810)

Sony attacked a hacker. Very soon afterwards, a bunch of hackers attacked Sony.

It's hard -not- to see causation there. It's perfectly possible this was just someone who wanted the account info and didn't have a grudge, but it's easier to assume they are related.

Re:A lesson for companies (0)

Anonymous Coward | more than 2 years ago | (#36009386)

Breaking into Apache that hasn't been patched since 2008 is real hard. 1337 work for sure to the shota/hentai watching 4channers who make up anonymous.

Re:A lesson for companies (1)

marcello_dl (667940) | more than 2 years ago | (#36009512)

I guess law enforcement will be very happy to share the knowledge that make you JMP to this conclusion.

This seems the work of crackers, the average hacker is more likely to get a handful of credit card details and publish the breach telling how his skillz went through mighty sony defense.

Re:A lesson for companies (0)

Anonymous Coward | more than 2 years ago | (#36009520)

And the moral of this comment is that buy means to purchase something (you were looking for 'by') and of means 'by' or 'belong too' or 'removed' (you were looking for 'off')

So hows that cloud thingie working for you? (1)

Anonymous Coward | more than 2 years ago | (#36009268)

It the way of the future!

Re:So hows that cloud thingie working for you? (1)

capnkr (1153623) | more than 2 years ago | (#36009608)

So, all your cloud base are belong to...?


Actually, to thermal interaction with the planetary surface below them.

No, it's not really meme material, but I was inspired by your broken Engrish.

SOE? Give names please. (0, Funny)

Anonymous Coward | more than 2 years ago | (#36009278)

It is getting harder and harder to read Slashdot. It seems like all the posts have to use their favorite abbreviations. Maybe I am biased, but please only use stocker tickers as corporate abbreviations or something that is immediately clear. From the context, I still had to go look up what SOE was.

Too many people on /. (-- an appropriate use or abbreviation) are beginning to think TTROO (That They aRe the Only Ones -- a bad use or abbreviation).

I've been on this site for a very long time, and it sucks I have to google shit like this, even though I work in high-frequency trading and can even understand abbreviations in my spaghetti-o's. I can usually guess it, but I still have to Google crap list this to be sure.

Terrible writing style. Will the couple extra character really kill you, editors?

Sorry "editor" implies some sort of caring for your work. I know you know click Accepr/Reject like a blind monkey.

Re:SOE? Give names please. (3, Informative)

scrib (1277042) | more than 2 years ago | (#36009380)

Did you miss the first line of TFA?
"An anonymous reader writes with an update to yesterday morning's news that Sony Online Entertainment's game service..."
I think I'm getting a sense of what might be going wrong with high-frequency trading...

Re:SOE? Give names please. (2)

Spad (470073) | more than 2 years ago | (#36009624)

Please, a true Slashdotter doesn't even finish reading the headline before posting.

Re:SOE? Give names please. (0)

Anonymous Coward | more than 2 years ago | (#36010068)

From the context, I still had to go look up what SOE was.

Maybe you should just RTFS. It got "Sony Online Entertainment" in the first sentence.

Phishing? already? (1)

ItsPaPPy (1182035) | more than 2 years ago | (#36009406)

Subject:Important Customer Notification

Customer Service Notification
May 2, 2011
Dear Valued Sony Online Entertainment Customer:
Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems. We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password. Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained and we will be notifying each of those customers promptly.
There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment.
We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1st we concluded that SOE account information may have been stolen and we are notifying you as soon as possible. We apologize for the inconvenience caused by the attack and as a result, we have:
1. Temporarily turned off all SOE game services;
2. Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
3. Quickly taken steps to enhance security and strengthen our network infrastructure to provide you with greater protection of your personal information.
We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.
For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When SOEâ's services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your Station or SOE game account name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.
To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it:
# U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228.
# We have also provided names and contact information for the three major U.S. credit bureaus below. At no charge, U.S. residents can have these credit bureaus place a "fraud alert" on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below.
Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790
# You may wish to visit the web site of the U.S. Federal Trade Commission at www.consumer.gov/idtheft or reach the FTC at (877) 382-4357 or 600 Pennsylvania Avenue, NW, Washington, DC 20580 for further information about how to protect yourself from identity theft. Your state Attorney General may also have advice on preventing identity theft, and you should report instances of known or suspected identity theft to law enforcement, your State Attorney General, and the FTC. For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone (877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202; telephone: (888) 743-0023; or www.oag.state.md.us.
We are committed to helping our customers protect their personal data and we will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs. The implementation will be at a local level and further details will be made available shortly in regions in which such programs are commonly utilized.
We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at (866) 436-6698 should you have any additional questions. Sincerely,
Sony Online Entertainment LLC


THIS IS A CUSTOMER SERVICE NOTIFICATION.

SOE Privacy Policy | SOE Terms of Service

www.soe.com
Sony Online Entertainment
Sony Online Entertainment LLC
8928 Terman Court - San Diego, CA 92121
-------------

All the links shorntened to are to: http://soe.innovyx.net/r [innovyx.net] ?
Gmail flagged as spam as it was sent from innovyx.net

Re:Phishing? already? (1)

muridae (966931) | more than 2 years ago | (#36010110)

Yup, a friend of mine had played Everquest a while ago, and woke to find that email waiting. Who ever sent it knew what addresses were used for SOE games, and targeted them directly.

Looks like innovyx might have taken it down already, thankfully.

Free Credit Monitoring (0)

Anonymous Coward | more than 2 years ago | (#36009614)

At what point does the government just pass a law that collects a fee if you hold CC data on a server, and give everyone free credit monitoring. This incident alone represents nearly 1/10th of the USA population. Add in TJ Max, and a few others, and I am willing to be damn near everyone has had a card number stolen by now. I would put up my pay check to bet it will be certain in 10 years.

Re:Free Credit Monitoring is SOCIALISM (2)

tekrat (242117) | more than 2 years ago | (#36009934)

First of all, you need to remember who's running this country, and it's not us. It's big corporations like Sony. They can essentially screw of all of us with impunity and if they go to far, the government gives them a slap on the wrist as a show of good faith to the people.

Consider the SEC. When they fine some trading company $20million for some illegal trading activities, do you really think that's a big deal? Of course not because they company made $100 or $200 million doing the illegal trade. To them, the fine is a cost of doing business. It's the kickback to their partner in crime, the government.

You're not going to get much out of Sony. And the government won't force much out of Sony. You have only one way of controlling this issue, and that's to vote with your wallet and stop buying *anything* connected to Sony. That means even carefully picking what movies you see this summer.

Only if Sony was to suffer considerable losses by people abandoning them en masse would they ever get the hint. But as long as they are profitable, they can continue to screw their customers, because their customers keep buying their shit. It's like you WANT to be tortured.

Alternate view of the GeoHot fiasco (1)

Anonymous Coward | more than 2 years ago | (#36009650)

Everyone was too pissed off at Sony to stop and think for a second: MAYBE the reason behind the removal of "Other OS" and the gross over-reaction to GeoHot is because Sony realized that their entire operation had more holes than swiss cheese? It had very little to do with being control freaks or preventing homebrew: perhaps Sony has all this time been living with a faulty-by-design network and even "Other OS" could have exposed it?

Re:Alternate view of the GeoHot fiasco (0)

Anonymous Coward | more than 2 years ago | (#36010186)

I highly doubt they were hacked with a PS3. This is good ole social engineering, an inside job, etc..

Why am I getting contacted? (1)

datavirtue (1104259) | more than 2 years ago | (#36009764)

I received an email from Sony Online Entertainment this morning for some reason. I have never given them my information for anything. Now I'm nervous.

SWG Just got worse (1)

D66 (452265) | more than 2 years ago | (#36009986)

Amazing how you could quit SWG out of post NGE Disgust and still get nailed.

Requesting new credit card numbers annually (1)

whovian (107062) | more than 2 years ago | (#36010048)

should probably become the norm, not only after a fraud attempt is noticed/reported.

BOYCOTT SONY (1, Troll)

tekrat (242117) | more than 2 years ago | (#36010066)

So, when are all you losers going to wake up?

Sony just wanted your money, they don't give a crap about you, your rights to privacy, or even making an attempt at keeping your data secure.

If you purchased a Sony product in such a way that they've got your credit card number, you're at risk, and it doesn't seem to matter since when; since the beginning of Sony on the Internet. Hopefully, those of you using Sony Online since the days of the Playstation (one), only have expired credit cards to worry about, but anyone who has used Sony recently is at more risk.

Throw out your Playstation 3. NEVER AGAIN purchase a Sony Product, do not buy their records, do not watch their movies, do not buy their headphones, MP3 players, e-book readers, or any of their other trash.

YOU MUST SEND A MESSAGE: I suggest even writing to Sony if you're their customer and TELL THEM that you are boycotting their products and you are advising your family and friends to do the same.

You *can* live without their crap. Surprisingly, there's a world out there. With trees, grass, flowers, and girls. Put down the controller, sir, and step away from the TV.

Re:BOYCOTT SONY (2)

kannibal_klown (531544) | more than 2 years ago | (#36010360)

So, when are all you losers going to wake up?

Sony just wanted your money, they don't give a crap about you, your rights to privacy, or even making an attempt at keeping your data secure.

Personally I'm more annoyed at the people that performed the hack than Sony. Granted Sony has lost what little company loyalty I had, I already stopped buying most of their products.

But in this case is the perpetrators that make me angry. It's one thing to screw with a company, it's another to screw with the average Joe that just wanted to play the latest Ratchet and Clank episode.

Name, address, birthdate, credit card number... that's more than enough for identity theft. Meaning not only do I need to take emergency steps on top of my pro-active steps, but I have the extra worry if it will be used.

If this was flat-out theft, then that stinks.

But if this was about "fighting the man," then what's the point of fighting "the man" if you trample all over the little guys to do it.

Great timing! (3, Interesting)

rsilvergun (571051) | more than 2 years ago | (#36010100)

I love the way corporations do this, just wait for a big news story (Osama's dead) and then start releasing the full extent of the disaster. The same principle worked for the cigarette companies. They were set to be torn apart of lying about the dangers of smoking and genetic modification to increase addiction, then along came 9/11 and all was forgetting. All you got to do is stonewall until a bigger problem comes along.

Never said enough (0)

Anonymous Coward | more than 2 years ago | (#36010316)

Fuck you Sony!

How did they get passwords? (0)

Anonymous Coward | more than 2 years ago | (#36010346)

How did the hackers obtain passwords? Were they snooping as people were logging in to PSN? I sure hope PSN doesn't store passwords that can be reversed (or worse, plain text!). I guess the main concern is they can brute-force attack at their leisure the passwords they stole...

Sony Blu-Ray Player (3, Interesting)

Sir_Eptishous (873977) | more than 2 years ago | (#36010524)

So if I bought a Sony Blu-Ray player a while back, and had to create an account on their site to "access" the device, it appears that account I created has been compromised.

Change your passwords ASAP. (2)

elucido (870205) | more than 2 years ago | (#36010606)

This will only get worse unless everyone who has done any business with Sony changes their passwords to all other accounts.

Each account to each website must have a unique password. Password re-use is what hackers depend on to leverage their attacks.
This can and will only get worse until users compartmentalize. One unique password per account always.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...