Thursday, April 28, 2011

Access denied

As many of you have already heard, Sony has been compromised by what they have called "an external intrusion" on its Playstation Network some time around April 20th. This has lead to millions of users without the ability to connect to the PSN and may have exposed the personal information of members.



Playstation's blog has release some information as to what's going on. Senior director of corporate communications Patrick Seybold stated that Sony will be "taking steps to make our services safer and more secure than ever before." and will release "a new system software update that will require all users to change their password once PlayStation Network is restored." The release will be for both PS3 and PSP owners within a week.

This attack has become such a center of attention in security that even U.S. Senator Richard Blumenthal has been demanding answers from Sony. I don't know what his ulterior motive is here. It wasn't so long ago that he was criticizing the video game industry and the ESRB rating system. But maybe he'll use this as leverage for his anti-video game laws.

Now what about all of your credit card information that Sony has recorded for PSN members? Here's some tidbits that Sony has released pertaining to any personal information that may have been exposed.


On the safety of your personal and financial information...

The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.

On the credit card details that PlayStation Network and Qriocity do and do not store...

While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained. Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network or Qriocity, and is therefore not stored anywhere in our system.
So what exactly happened? Sometime between April 17th and 19th, a group of individuals were able to gain access to millions of members personal PSN information on Sony's network. There has not been any official word as to how or who but GeoHot and his crew were of course top suspects. They have denied taking part in the attack as that is out of their forte. I'm sure Sony is still keeping their eyes on them.

So if you think you may be a victim, have any questions about your potential data loss, or are just plain paranoid, what can you do? Well Kotaku has released some very important steps that you should follow. You can find all that information here.

Let's hope Sony can bounce back from this quickly. I'm sure there are plenty of whiny people out there that can't live this long without getting online.

1 comment: