PSN Hack: Hacker Accesses Personal Information, Credit Card Details Possibly Stolen

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • admin
    Administrator
    • Nov 2001
    • 8951

    PSN Hack: Hacker Accesses Personal Information, Credit Card Details Possibly Stolen

    Sony has finally come clean on the extent of the PlayStation Network hacking and the reasons for the subsequent (almost) week long downtime.

    In a statement issued on the official PlayStation blog, Sony finally provided detailed information, after critics attacked the company for lack of transparency during this whole ordeal.

    Sony has now discovered unauthorized access to PSN user information from the 17th to 19th of April. After the discovery of the security breach several days later, Sony then took the action of shutting down the network, while engaging the services of an outside security agencies to investigate the matter, while "re-building" the PSN system for better security.

    From the statement, Sony refers to "an unauthorized person", suggesting that the company believes this may have been the work of just one person. Unfortunately, all information stored on PSN may have been accessed or even downloaded by this one person during the three days that the entire system was compromised, information including user's passwords, email and physical address and birthdays. While Sony acknowledges that "there is no evidence at this time that credit card data was taken", they also warn users to be weary, as the possibility still exists that the hacker has indeed managed to get credit card information as well.

    Users are encouraged to change their PSN and Qriocity password once the service resumes in a day or two, and to be on the lookout for related phishing scams, perpetrated by scammers who may now have some of your personal information, and using that to obtain more information.

    With over 75 million PlayStation Network and Qriocity accounts in existence, this may in fact be one of the largest online security breaches in history, especially if credit card information was also accessed or downloaded. Serious questions will be raised about the secureness of the PlayStation network infrastructure, and whether Sony withheld information regarding the information theft following their initial discovery of the breach almost a week ago.
    Visit Digital Digest and dvdloc8.com, My Blog
  • admin
    Administrator
    • Nov 2001
    • 8951

    #2
    There's a couple of things from the Sony statement that's worrying. First of all, it seems they aren't aware whether credit card numbers were stolen or not, and this is after 6 days of investigations. A secure system should not allow anyone access to credit card details, not even legitimate users of the system, as everything should be hashed and encrypted, but that would still allow authentication. It should be the same with PSN logins, so even in the event of a massive database dump, reverse engineering the actual password should still be a difficult process.

    And then, it appears that the hacker (or hackers) had access to the system for 3 days, from 17 April to 19 April. Why this wasn't detected sooner, with some kind of active intrusion detection system, I don't know. It may be hard to prevent people from getting in, but once they do get in, at the very least, Sony should have known about it sooner, or have a detailed log of just exactly what the user did, which information was accessed or downloaded.

    It makes you question just how secure the PSN and Qriocity system actually was, and if it wasn't that secure, then this may explain the delay in bringing the PSN back, as Sony has to re-design everything probably.

    Microsoft and Nintendo are the winners here, not just because this disaster could cause many to jump ship, especially to the Xbox 360 and its superior Live service, but also it gives both companies a timely reminder to ensure their online security is up to scratch.
    Last edited by admin; 27 Apr 2011, 11:49 AM.
    Visit Digital Digest and dvdloc8.com, My Blog

    Comment

    Working...