Sony's PSN down "for a day or two"

[Azazel]

Wow. I'm so glad I never bought any DLC from them.

edit - just changed my XBL password, since it's possible that my PSN password was the same. Not that I remember for sure, since I just auto-logged-in each time since getting it..

[Rasix]

I really haven't used PSN for much.  I think I bought DeathSpank and a few PSP titles off it.  Then again, it's not quite as IN YOUR FACE, BLARRRG MARKETING BLITZ as xbl is.  Chances are I wouldn't have noticed the downtime even if I was using my PS3.

edit: But yah.. I should really check on my cc.

[fuser]

And I'm off to call Visa. Thanks Sony for sitting on this for a week while my credit card info was most certainly taken.

Whelp that's the death knell for my PS3 I wonder the public impact on consoles heading towards download only media.

Edit: On hold for 5mins to cancel. No joke the rep said I'm not the first or last person today and some notice must of went out about the PSN as they are getting quite a few calls about it.

[Trippy]

My PSN account has expired CC info cause the last time I tried to update my info and buy something a couple of months ago their system wasn't working

[MisterNoisy]

I reported my CC as potentially stolen earlier in the week due to this - I had a feeling that their extended silence on the extent of the data breach was an indicator that this was going to be ugly.

As an aside, AmEx has amazing customer service still - they next-day shipped a new card to me.

[fuser]

As an aside, AmEx has amazing customer service still - they next-day shipped a new card to me.

5-7 business days here huzza! 

[Fabricated]

Awesome. The last time I bought something was like 2-3 months ago at the behest of a friend and I can't recall if I still have the same card. I think I did. I also use my debit card for literally everything instead of cash so getting a new one fucks up all my automated billing.

[Strazos]

You don't use EFTs for that?

[Mazakiel]

I figured better safe than sorry, so I went ahead and made the call to get a new card.  I'm just glad my last card used wasn't my debit card. 

To have gotten all that info taken is pretty crazy.  I'm pretty unamused.  

[Fabricated]

You don't use EFTs for that?

My student loans yeah, but about everything else uses my debit card.

[Nonentity]

Supposedly the custom Rebug firmware isn't responsible for the data leak, according to psx-scene, but there still were tons of people spoofing their way into owning lots of free PSN software.

[fuser]

PSN+ customers getting a free month? 

[Ozzu]

Well, that sucks. It makes me wish I had gotten a 360 at this point.

Oh well. 

[Soln]

bought some DLC maybe 9-12 months ago once?  sigh

never use them again.  Sad to think about all the kids and their Little Big Planet stuff (assuming there was DLC with that).

[koro]

It should be noted that when PS3 custom firmware began to come out a few months ago it was discovered that Sony's PSN transactions occurred via unencrypted plaintext, which if it still holds true now, then it's almost a certainty that whoever got this data now has these peoples' CC numbers and their CVNs.

[Margalis]

This is so terrible.

There are some games that require a PSN connection to be played, even in single-player mode. Then there is the whole CC info stuff, not being able to play online games online, etc.

I've always hated this required connection bullshit, just one more point validating that.

[Soln]

It should be noted that when PS3 custom firmware began to come out a few months ago it was discovered that Sony's PSN transactions occurred via unencrypted plaintext, which if it still holds true now, then it's almost a certainty that whoever got this data now has these peoples' CC numbers and their CVNs.

if that's true about the plaintext then Sony will hopefully be in trouble for PCIDSS with the CC consortium.  cf. http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard

edit: threat I always heard that if you fail these criteria, your ability as a merchant to process CC will be taken away.  Let's hope at least Sony gets a review.

[koro]

 

[Paelos]

Wow. Makes you hope Steam is doing some double checks now, eh?

[Hawkbit]

As someone directly affected, I'm not entirely happy.  We've got too much going on this week for me to kill my card until Sunday, so I'm just going to have to chance it.  I think going forward that I'll be using the prepaid cards from the stores. 

[Minvaren]

 

(snort, chortle, wheeze)

...reminds me, I need to watch that again...

[trias_e]

Does anyone remember the password requirements for PSN?  I.E. 8 letter min, numbers/caps required, etc?  This would help me determine which password I used for it and what I need to change.

[Hawkbit]

Can't even sign in yet to change anything.  Bleh. 

[Azazel]

There are some games that require a PSN connection to be played, even in single-player mode.

Which ones? So I can avoid them.

[Morfiend]

I put a fraud alert on my credit and ordered a new debit card.

Hey Sony. Fuck you.

[bhodi]

I think that the usename/password combo along with the registration emails are more of a big deal than the CCs.

A substantial percentage of PSN users is going to reuse the fuck out of that username/password, including as the password to get into that registered email account. With that email springboard, now you've got someone's effective online identity for anything registered to that email address - twitter, facebook, even "welcome to XXX!" bank emails with their username. Paypal account. Amazon "one click buy" account. Netflix login.

Get clever and you can start searching for emailed invoices and back track from there, testing random websites to see if credit card info is saved. Tech savvy people use throw away email addresses, different passwords; random schmoes don't. Neither do teenage kids. PSN has both of those in abundance.

We're not talking everyone, but this is a sample size of millions. Robo test those, scrape at least a thousand. Probably more like ten thousand. That's big potential.

[Tale]

I have a PS3 but I've never used it to buy anything, even downloadable content. Only thing I've ever downloaded was game demos - I even resisted buying the Dragon Age downloadable areas.

However, I did register an account and I wandered around PlayStation Home when I first got the PS3. Would it have made me enter credit card details at the time?

[Hawkbit]

It might be wise on Sony's part of force PSN users to create a new, stronger password when things go live. 

[Azazel]

I've never bought anything on PSN, but I'm wondering if it might be worth changing my CC just in case it shared a password with anything important that might have my CC on file..

Luckily the Haxors have my name, address and DOB in case they want to contact my bank to change my details for me or anything of that nature!

[KallDrexx]

On another note, yay for not remembering when I last bought something on PSN.  I think I bought something a year ago, which means I may or may not have my current card on file. 

I wonder if they properly hashed and salted passwords in their database.

[koro]

I'm actually somewhat proud of some of my friends who surprisingly pulled their heads out of their asses and canceled their current credit cards over this, and are furious at Sony for sitting on this for over a week.

I'm sure they'll find some other way to make me weep for humanity at a later date, but I'll take what I can get.

[koro]

Derp, hit quote instead of Edit.

[Chimpy]

I wonder if they properly hashed and salted passwords in their database.

Seeing as they specifically mentioned that passwords may have been part of the information gained, I am leaning towards them storing them in plain text. Really sounds like the people at Sony thought they could follow security by obscurity because the PS3 is not a "computer".

[Hayduke]

With as little gaming as I do nowadays, this is the kind of thing that would push me out of it altogether.  Ugh what a pain in the ass this is going to be.  I've defended Sony in the past for some of their boneheaded stuff, but this just makes me livid.

[Amaron]

I've been kinda surprised over the anger on this.   This sort of thing has been happening on a large scale for a while now and people haven't even been paying attention really.   This probably isn't even close to the largest breach of it's kind.    Most companies just aren't very worried about protecting such data.    It would be nice if this snowballs into a big deal that would wake people up a bit at least.