PS3 News: SOE Confirms Security Breach, Non-US Card Data Stolen - PS3 News

Members Login: Register | Why sign up? | Forgot Password?

SOE Confirms Security Breach, Non-US Card Data Stolen

Earlier today, Sony was forced to bring down the Sony Online Entertainment services and unfortunately, they had good reason to do so.

It has been confirmed that SOE suffered a similar security breach to the one that hit the PlayStation Network last week: around 24.6 million accounts, including 12,700 non-U.S. credit or debit card numbers and expiration dates, have been stolen. The theft occurred between April 16 and 17 and Sony's statement is as follows:

"This information, which was discovered by engineers and security consultants reviewing SOE systems, showed that personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007. The information from the outdated database that may have been stolen includes approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands, and Spain."

So the good news is that the information comes from 2007 and secondly, there's no evidence of stolen American credit or debit card numbers. However, hackers obtained plenty of info from those 24.6 million compromised accounts, such as names, addresses, e-mail addresses, birth dates, genders, phone numbers, login names, and passwords. SOE did mention that the password data is stored in hashed form and not plain text.

SOE has said they will add 30 days of free game use to current customers, and they will also offer a one-for-one match of free game time for each day that servers are offline. Hopefully, they won't be down for as long as the PSN...that would be bad.

Tags: soe, sony online entertainment, psn, psn outage

5/2/2011 7:07:24 PM Ben Dutka

Put this on your webpage or blog:
Email this to a friend
Follow PSX Extreme on Twitter

Share on Twitter Share on Facebook Share on Google Share on MySpace Share on Delicious Share on Digg Share on Google Buzz Share via E-Mail Share via Tumblr Share via Posterous

Comments (70 posts)

Jawknee
Monday, May 02, 2011 @ 7:19:07 PM
Reply

I would like to if Geohot's exploit make this possible.

Agree with this comment 1 up, 0 down Disagree with this comment

tayizfire
Monday, May 02, 2011 @ 9:53:50 PM

wasn't SoE just boasting the other day about how there servers were seperate ...and there audience had nothing to worry about lmaoooo talk about a foot in the mouth

Agree with this comment 1 up, 7 down Disagree with this comment

Jawknee
Monday, May 02, 2011 @ 11:17:53 PM

Not sure, but they are separate servers so who ever did this was determined to hurt the company as many ways as possible.

Agree with this comment 3 up, 0 down Disagree with this comment

JMO_INDY
Monday, May 02, 2011 @ 7:25:02 PM
Reply

Son Of A Bitch...

Agree with this comment 6 up, 1 down Disagree with this comment

Dreno
Monday, May 02, 2011 @ 7:45:57 PM
Reply

Damn....

So are psn and soe are seperate?

Cause id hate to have to worry about my personal info again...

Agree with this comment 1 up, 0 down Disagree with this comment

friction
Monday, May 02, 2011 @ 7:48:54 PM

Hahaha, yea they are, SOE (Sony Online Entertainment) is for their online pc games and dc universe, I believe. I think Everquest is their biggest game, not sure though.

Agree with this comment 1 up, 0 down Disagree with this comment

friction
Monday, May 02, 2011 @ 7:46:30 PM
Reply

Damn someone isn't a fan of sony lmao.

Agree with this comment 5 up, 0 down Disagree with this comment

Jed
Monday, May 02, 2011 @ 7:49:07 PM
Reply

Damn man, kick em while they're down. These hackers are cowards. Hope Sony can catch the bastards.

Agree with this comment 11 up, 1 down Disagree with this comment

Robochic
Monday, May 02, 2011 @ 7:57:06 PM
Reply

Man that sucks, thank goodness I don't use a cc online :) but I wonder about my 100 bucks PSN amount ? hmmm I bet it's all gone :(
DAMN U HACKERS, I hope they find you....

Agree with this comment 1 up, 0 down Disagree with this comment

WorldEndsWithMe
Monday, May 02, 2011 @ 8:07:37 PM

your money is safe.

Agree with this comment 4 up, 0 down Disagree with this comment

WorldEndsWithMe
Monday, May 02, 2011 @ 8:05:53 PM
Reply

Oh, the humanity.

Agree with this comment 5 up, 0 down Disagree with this comment

Dreno
Monday, May 02, 2011 @ 8:05:57 PM
Reply

Ok, sweet dea.

But damn, sony can't seem to catch a break.

Just call mcclain from die hard, we seen what he did to timothy olyphants hacker character in live free or die hard.

Can I get a yippy-ki-a mother f**ker.

Agree with this comment 5 up, 0 down Disagree with this comment

The Doom
Monday, May 02, 2011 @ 8:10:18 PM
Reply

This is more than just stealing money. Someone is REALLY out to get Sony.

Agree with this comment 4 up, 0 down Disagree with this comment

jimmyhandsome
Monday, May 02, 2011 @ 8:15:36 PM
Reply

This is starting to make my blood boil.

Hopefully no non-US SOE members took Highlander's word for it that their servers being down was just preventative "patching" as he said earlier today. He'd have you thinking your CC info was safe.

Agree with this comment 2 up, 7 down Disagree with this comment

Ben Dutka PSXE [Administrator]
Monday, May 02, 2011 @ 8:19:08 PM

See, that right there might be a reason why you get some flak. What's the point of calling out other members?

If you want to be pissed off and voice your opinion, fine. That's what comments are for. But really...name-dropping to purposely cause personal disputes? You're better than that.

Agree with this comment 11 up, 3 down Disagree with this comment

Lord carlos
Monday, May 02, 2011 @ 8:29:01 PM

Good!
Let the anger flow.
With each passing moment you become more my servant.
Oh i'm afraid the deflector shield will be quite operational when your friends arrive!
HA HA HA.

Agree with this comment 10 up, 0 down Disagree with this comment

sha4dowknight05
Monday, May 02, 2011 @ 9:11:48 PM

So can you take over all of our minds when we are angry?

Agree with this comment 2 up, 0 down Disagree with this comment

bearbobby
Monday, May 02, 2011 @ 9:18:29 PM

Heh, join the Darkside. We have cookies. :)

Agree with this comment 7 up, 0 down Disagree with this comment

FatherSun
Monday, May 02, 2011 @ 9:41:15 PM

@Lord, Stop it Pal...patine.

Imagine VII, VIII and IV! Or do you consider it over?

Agree with this comment 2 up, 0 down Disagree with this comment

jimmyhandsome
Monday, May 02, 2011 @ 9:51:03 PM

@ Ben, you're probably right, I am better than that. Unfortunately I'm also pretty stubborn, which is usually my downfall. And lets be honest, I'm going to catch flak either way. I know how some members operate. It's tough for me to be called out and belittled in the last thread without saying something. My apologies to you either way, I know you like to run a tight ship with no nonsense.

@ Lord Carlos, you take your avatar and PSX ID to a whole new level. And I like cookies. Preferably no-bake oatmeal raisin.

Agree with this comment 3 up, 0 down Disagree with this comment

Clamedeus
Monday, May 02, 2011 @ 9:54:32 PM

Waiiit... What kind of cookies are we talking about here?

Agree with this comment 3 up, 0 down Disagree with this comment

Underdog15
Monday, May 02, 2011 @ 10:12:55 PM

To give him credit, this is one of those instances he said "probably". He also mentioned there's no way of being certain...

It's not really fair to only quote someone on what you want to quote. I also don't think it's fair to never assess the whole of a post. It's not fair.

Last edited by Underdog15 on 5/2/2011 10:13:37 PM

Agree with this comment 1 up, 2 down Disagree with this comment

Highlander
Monday, May 02, 2011 @ 11:17:30 PM

See, that's the difference between you and I Jimmy, I don't need someone else to point out any errors or mistakes, I stand up and say if I've made one.

As it happens, my post was perfectly correct.

I said this: "Well, I'm thinking this is either a case of them finding a big known vulnerability in their systems ,that is known to have been exploited, so they have to take things down immediately and fix it...Or someone planted a back door in their system...Or someone was still in their system...Or someone planted a virus/trojan of some kind during the main intrusion."

In other words whatever the reason for the outage it was undoubtedly related to the PSN hack.

Sony's engineers and the third party consultants were conducting a review of SOE's systems as part of the security check on Sony's networks after the PSN hack, and they discovered the problem. Rather than it being a simple case of the same or similar vulnerability requiring patching (although I'm certain that is required also, because the same vulnerability was almost certainly exploited in both cases), it seems as though the SOE hack actually pre-dates the PSN hack. In fact they may have been part of the same attack, and SOE was used as a stepping stone to access PSN. The attackers will have gained knowledge of the system configuration of Sony's servers and perhaps even used that to attack PSN.

You know, now I'm sure about you. thanks for making it easy to be sure.

Agree with this comment 3 up, 3 down Disagree with this comment

Highlander
Monday, May 02, 2011 @ 11:34:57 PM

Too many thoughts, too few sentences....

Apparently, Sony's engineers and the third party consultants were conducting a review of SOE's systems as part of the security check on Sony's networks after the PSN hack. During that system audit they discovered the problem. Rather than it being a simple case of the same or similar vulnerability requiring patching (although I'm certain that is required also) they found that SOE had also been hacked. Significantly SOE was hacked the day before PSN was. In fact this may have been part of the same attack, with the successful attack on SOE used as a stepping stone to access PSN. The attackers may have gained knowledge of the system configuration of Sony's servers and perhaps even used that to attack PSN.

I'd also add, that it's interesting that SOE didn't know of the attack, but PSN detected an attack on it while it was in progress. It's interesting because SOE has been in the online game for a logn time now and has good experience with building robust and secure systems. Yet it was the attack on PSN that was detected and foiled, where the attack on SOE was not detected until later.

Unfortunately the attack on SOE more closely matches the norm because most organizations that have been hacked don't know about it, and many never find out. Those that do seldom report the matter long after the fact.

Agree with this comment 4 up, 1 down Disagree with this comment

Danny007
Monday, May 02, 2011 @ 8:22:11 PM
Reply

You guys should just give me your credit card info. I'll keep it safe. ;)

Last edited by Danny007 on 5/2/2011 8:23:42 PM

Agree with this comment 5 up, 1 down Disagree with this comment

Excelsior1
Monday, May 02, 2011 @ 8:52:46 PM
Reply

1 step forward 3 steps back for sony. the past couiple of weeks will huant sony for years to come. my god just brutal.

Agree with this comment 3 up, 1 down Disagree with this comment

Phoelix
Monday, May 02, 2011 @ 8:53:42 PM
Reply

Wow.

I wonder if they will publish specifically how the hacker(s) got in (if they ever find out).

Agree with this comment 0 up, 0 down Disagree with this comment

Highlander
Monday, May 02, 2011 @ 11:37:31 PM

Sony more or less already has done just that. It's been reported that the hackers used known vulnerabilities in the Apache and/or Linux versions that Sony was using. They haven't revealed the specific vulnerabilities, or how they were exploited, but to be honest, I would be surprised if they had.

Agree with this comment 1 up, 1 down Disagree with this comment

Phoelix
Tuesday, May 03, 2011 @ 1:41:42 AM

Where is this report you've read?

Agree with this comment 1 up, 0 down Disagree with this comment

Highlander
Tuesday, May 03, 2011 @ 1:51:52 AM

Sony (actually Kaz Hirai) stated during their big PSN press conference that the attackers used a known vulnerability in the web-application platform Sony uses.

A quick bit of online research will show you via various sources that Sony uses Linux and Apache for the web-application server element of the PSN and SOE networks. I won't name the web sites as many of them are frequented by the kind of person that hacks a network for fun, and I see no point in promoting them.

A huge number of successful attacks each year are committed against software with one or more known vulnerabilities. More often than not, the vulnerability has been patched by the developers, but the admin of the system hasn't kept their patching up to date, leaving them open to attack.

Agree with this comment 2 up, 1 down Disagree with this comment

Highlander
Tuesday, May 03, 2011 @ 1:51:52 AM

Sony (actually Kaz Hirai) stated during their big PSN press conference that the attackers used a known vulnerability in the web-application platform Sony uses.

A quick bit of online research will show you via various sources that Sony uses Linux and Apache for the web-application server element of the PSN and SOE networks. I won't name the web sites as many of them are frequented by the kind of person that hacks a network for fun, and I see no point in promoting them.

A huge number of successful attacks each year are committed against software with one or more known vulnerabilities. More often than not, the vulnerability has been patched by the developers, but the admin of the system hasn't kept their patching up to date, leaving them open to attack.

Agree with this comment 0 up, 1 down Disagree with this comment

Beamboom
Tuesday, May 03, 2011 @ 3:54:06 AM

The strange thing is that as far as I can recall there has not been an Apache patch for many months now. I run Apache servers myself, on Ubuntu. I always review the patches before updating the servers, just for my own knowledges sake. And I may very well be wrong here cause there's hundreds of patches each month, but I can't recall any security patches for Apache.

Other than that, in all friendlyness and respect, I think you should go a bit easier on Jimmy. It's not fun to get the entire site against you. I've experienced the same, and it got me furious too. It can be utterly unfair at times.


Last edited by Beamboom on 5/3/2011 3:55:13 AM

Agree with this comment 0 up, 0 down Disagree with this comment

Phoelix
Tuesday, May 03, 2011 @ 3:55:53 AM

Depending on which vulnerability the hackers found I'll either be really unhappy with Sony or not really that unhappy.
I _do_ think it's somewhat odd that they're making a position for chief of security now instead of from the get-go.

Agree with this comment 2 up, 0 down Disagree with this comment

Beamboom
Tuesday, May 03, 2011 @ 4:14:49 AM

Now that is an extremely good point you are making Phoelix. I had forgotten about that now, but when I read about it I found it strange that such a large company did not have such a position already.

There *is* something wrong in this picture, indeed. Just don't say that out too loud around here, or you *will* get slayed. ;)


Last edited by Beamboom on 5/3/2011 4:15:37 AM

Agree with this comment 0 up, 0 down Disagree with this comment

Highlander
Tuesday, May 03, 2011 @ 10:09:41 AM

Beamboom,

Re: Jimmy, I'm not one to bear a grudge at all. Long term I have no problem with anyone here. I've had very strong differences with Jawknee before, and even though we both know we disagree extremely strongly on some things, we know we agree on so many others, so why worry about the disagreements? Besides, if we cannot argue with our friends, who can we argue with. So long as we're all capable of saying sorry or admitting wrong where we are, it's all good. I('m by no means at all perfect, but I do try to admit my errors and where possible I will point out my error and correct myself long before anyone else. But if I am in the wrong and someone shows me I'm in the wrong, I will always try to put my hand up and accept fault where it exists.

Heck the fact that I can still reply and discuss constructively with Mr Underline/ Anonymous Cowherd/whatever his name is, shows that whatever argument there is today, tomorrow is another day. (Bonus points for anyone that names the movie reference...)

Agree with this comment 1 up, 0 down Disagree with this comment

Highlander
Tuesday, May 03, 2011 @ 10:43:53 AM

Beamboom

Your point about Apache patching. How frequently is Apache patched these days? I had a look at their web site, and in their list of patched vulnerabilities for 2.2, it's rather distressing to see 9-12 months elapsing between a vulnerability being identified and it being patched. It suggests to me that You could be running Apache with unpatched vulnerabilities, and yet still be running the most up to date, fully patched version.

I don't follow Apache much, so perhaps you can clarify for me? My impression is that going back and back-porting fixes and patches to older versions isn't exactly their top priority, and in fact it seems that patching vulnerability seems to take rather a long time. I hope I'm wrong and that there is better information than what I could find.

Agree with this comment 0 up, 0 down Disagree with this comment

jimmyhandsome
Tuesday, May 03, 2011 @ 2:25:50 PM

Highlander, its all good. I hold no grudges either, especially about the topic at hand. As I mentioned yesterday I expect people to disagree because this is a public forum, and it seems to attract a diversified bunch. I took offense with not what people said but HOW they said it. Its fine, I'm over it. Apologies for being stubborn on the matter, I see your side of it.

As far as that quote I believe its from Gone with the Wind. Never actually saw the movie, the only reason why I know that is because I did a book report on it back in the day.

Last edited by jimmyhandsome on 5/3/2011 2:29:58 PM

Agree with this comment 0 up, 0 down Disagree with this comment

Highlander
Tuesday, May 03, 2011 @ 2:43:02 PM

Jimmy, you get the bonus points and Kudos, Gone With The Wind it is.

I agree, it's all good, people disagree all the time. As far as I am concerned if people don't disagree about something, they're probably not being honest about things. I mean, we're all human and have differences of opinion and understanding, it's only natural that there will be areas of disagreement. to me, it's more important to be able to disagree, and in fact even disagree passionately with others, while still being able to look and go past that disagreement.

My apologies also, I can be stubborn as well, as I'm sure you noticed.

Agree with this comment 0 up, 0 down Disagree with this comment

Dancemachine55
Monday, May 02, 2011 @ 8:55:55 PM
Reply

Apparently, I have heard from various sources that this is definitely the work of Hotz and his supporters, several who are extremists from the group Anonymous.

When Sony first sued GeoHotz over the spreading of the PS3's source code, many other hackers threatened Sony, saying they will attack the network if they don't stop the lawsuit. Sony didn't drop the lawsuit, but Hotz got out of paying large sums or doing time in jail. Apparently, that wasn't good enough for the hackers.

So here we are. Sony stands up for itself after a hacker spreads a program designed to hack the PS3 and it suffers for trying to do the right thing. I really do hope these hackers burn in hell alongside Bin Laden.

All this over Sony removing Other OS. Ridiculous!!

It was either submit to the demands of hackers (also known as cyber-terrorists) and keep Other OS, stop suing Hotz and continue allowing the PS3 to be hacked and pirated easily, OR risk PSN network hacking and fight the hackers head on.

I'm glad to see that (like the President of the USA) Sony does not negotiate with terrorists.

Fortunately, I did not play any SOE games, so I have no info to steal. PSN however...

Agree with this comment 4 up, 1 down Disagree with this comment

Jawknee
Monday, May 02, 2011 @ 8:59:50 PM

Do you have links? Sounds interesting.

Agree with this comment 2 up, 0 down Disagree with this comment

Dancemachine55
Monday, May 02, 2011 @ 11:36:54 PM

Here are some sites I found related to who may or may not be responsible.

http://venturebeat.com/2011/04/28/geohot-psn-attack/

http://loot-ninja.com/2011/04/26/why-has-no-one-hacked-xbox-live-yet/

and this one provides the best details about what exactly happened behind the attacks, along with what was protected and what wasn't.

http://news.cnet.com/8301-27080_3-20058962-245.html

Agree with this comment 2 up, 0 down Disagree with this comment

sha4dowknight05
Monday, May 02, 2011 @ 9:10:23 PM
Reply

Guess sony is just getting hacked all over. Sucks for those enjoying SOE.

Even this occured around same time as PSN, still proves 24.5 million users completely compromised with all info lost while PSN ia maybe.

Things aren't looking good for SONY right now.

Agree with this comment 1 up, 0 down Disagree with this comment

Dancemachine55
Monday, May 02, 2011 @ 11:39:43 PM

Note to self...

Do NOT piss off hackers!!!

Agree with this comment 1 up, 1 down Disagree with this comment

Naztycuts
Monday, May 02, 2011 @ 9:14:36 PM
Reply

"The theft occurred between April 16 and 17"

Ouch! So when is someone going to put a bounty on these people's heads? Now that Osama's dead we (the US) can start focusing more on policing the internet!!! /sarcasm

Seriously though if they could make laws that apply to malicious hackers and the like without infringing too much on normal people's rights then I'd be all for it.I don't think safety should come at the cost of our privacy. It makes everyone seem so reliant, yet uneducated about the computer scene, that a huge corporation like Sony can be hacked and damaged this badly, I feel for anyone who got their info stolen.

Agree with this comment 4 up, 0 down Disagree with this comment

LittleBigMidget
Monday, May 02, 2011 @ 9:19:13 PM
Reply

Damn this is getting old. All this hacking buzz is going to make Sony's E3 pretty awkward.

Agree with this comment 1 up, 0 down Disagree with this comment

FatherSun
Monday, May 02, 2011 @ 9:36:14 PM
Reply

A series of unfortunate events. It is a clear indication that those hacking Sony are true to their word when they stated that they will attack in a major way. One thing has me puzzled. Is it that they CAN NOT hack the Credit Card information or, WILL NOT? One would think that there is someone out there smart enough to swim through the internet undetected.

It seems that we are at a time where the internet has become a battleground. Corporate Society versus... well, those who play by their own rules. We are caught in the middle. It is now Law Enforcements move. DHS, FBI, CIA or INTERPOL. Whichever entity has jurisdiction. How they handle this will demonstrate who actually owns the Internet. This will not end with Sony. At this rate 2012 may just be the end of the world as we know it.

Or not.

Agree with this comment 4 up, 0 down Disagree with this comment

Lairfan
Monday, May 02, 2011 @ 9:53:05 PM
Reply

Well, criminals will be criminals. Let's hope the FBI catches these pieces of crap.

Agree with this comment 3 up, 0 down Disagree with this comment

BikerSaint
Monday, May 02, 2011 @ 9:57:10 PM
Reply

Yeah, keep on hacking, you f*cking cowardly a$$wipes hiding behind your computers.

We got bin laden, and WE WILL get you too!!!!!!

Agree with this comment 2 up, 1 down Disagree with this comment

kraygen
Monday, May 02, 2011 @ 10:08:24 PM
Reply

Hackers who are caught should be put to death. It's grand theft, burglary, slander, and terrorism. Let's make their deaths public, heck the government could make back some money if they made it ppv.

It'd also detour future hacking.

Agree with this comment 3 up, 3 down Disagree with this comment

RadioHeader
Tuesday, May 03, 2011 @ 4:22:50 AM

They should be kidnapped and put in traps (like those in Saw, but computer-based) which they have to hack their way out of. If they win they're given a Cheeto, then immediately moved on to the next trap.

I don't watch much TV but I'd watch that, if it didn't overlap the Footy.

Agree with this comment 2 up, 0 down Disagree with this comment

Oyashiro
Monday, May 02, 2011 @ 10:35:48 PM
Reply

Update: All current CC data is safe. they accessed a data back CC numbers from 2007, Most of which should have already expired by 2010.

Agree with this comment 1 up, 0 down Disagree with this comment

Bloodysilence19
Monday, May 02, 2011 @ 11:14:00 PM

where you hear that at?

Agree with this comment 0 up, 0 down Disagree with this comment

shadowscorpio
Monday, May 02, 2011 @ 11:16:19 PM

You have any links for that info?

Agree with this comment 0 up, 0 down Disagree with this comment

Highlander
Monday, May 02, 2011 @ 11:25:42 PM
Reply

I'll bet just about anything that the version numbers of the Linux and Apache software being used by Sony are not the intense focus of IT departments the world over so that the can ensure that their systems are patched up ASAP.

Agree with this comment 0 up, 1 down Disagree with this comment

Beamboom
Tuesday, May 03, 2011 @ 4:11:32 AM

... are *NOW* the intense...<etc>, I think you mean. ;)

Agree with this comment 0 up, 0 down Disagree with this comment

Highlander
Tuesday, May 03, 2011 @ 10:10:18 AM

You are *very* correct. Thank you for that correction.

Agree with this comment 0 up, 0 down Disagree with this comment

CoolBLKguy
Tuesday, May 03, 2011 @ 1:16:40 AM
Reply

Muhuhahaha. We won't stop until we take down the evil Sony corporation. How dare you guys attack the human race by trying to stop us from putting operating systems on our PS3's and pirate games, that's pure evil. We only attack you evil corporations, that's why we don't mess with these gas and oil companies because they do good by the people.

Last edited by CoolBLKguy on 5/3/2011 1:16:54 AM

Agree with this comment 1 up, 0 down Disagree with this comment

Qubex
Tuesday, May 03, 2011 @ 2:43:39 AM
Reply

An interesting theory stumbled across - while i was researching this breach - is the possibility of an inside job. Sony is not admitting anything but the theory states that if you look at the chronology of what happened before PSN was taken down, and now SOE a 1/3rd of all Sony's online staff was let go - given the pink slip if you will.

In fact PSN went down on the last day of the reported 2 week cooling off period. It seems there are many angry employees are Sony who have recently been let go... and as I stated to Highlander in a post about a week or so ago, PSN may have been compromised, or a back door left open, by its own staff. Disgruntled employee syndrome if you will.

I don't know Ben if you have picked up on this, but a few sites are siting evidence of a big round of redundancies at Sony's online division that could have contributed to the back door being left open.

To be honest, thinking about this; I actually believe this to have credibility simply because of the way human beings react to news like this, especially if you have employees who feel they are being unfairly dismissed. Desperation and vindication can lead to people doing some nasty things, and these network hacks could be part of something far deeper than we know on the surface of what is really going on.

The PSN hack may not have been caused by Rebug or Anonymous after all. It may have been caused by an internal backlash!

We may never know for sure; but with Sony taking so long to come clean with information, there may have been some major issues going down internally that could prove very embarrassing to the corporation if it were ever to be known fully in public.

Already Sony's PR has been obliterated... it will take them a long time to recover...

Q!

"play.experience.enjoy"

Agree with this comment 2 up, 1 down Disagree with this comment

Highlander
Tuesday, May 03, 2011 @ 3:02:50 AM

An inside job is certainly possible. Moving everything to a new data center certainly addresses issues of physical access and backdoors laid in the infrastructure. Of course any time there is a hack, an inside job is definitely a possibility

Agree with this comment 2 up, 1 down Disagree with this comment

Beamboom
Tuesday, May 03, 2011 @ 4:05:11 AM

I agree, it could very well be an inside job. From the inside you get to know the network you want to hack a lot better than from the outside, making the job a lot easier.

The only thing that does not rhyme here is if it was internals being mad at Sony, why would they have stolen the credit card backup? That smells, unfortunately, like professionals. Like I mentioned in another thread, typical russians. They are *maniacs* on this field, they even got educational institutes that has "hacking classes" (it's true...!).

I mean, how many of you has gotten a new cc since 2007? None of mine are that new... And the expire date is usually ten years or so, isn't it? I believe so.

On the servers I monitor there are attacks on my Linux boxes *every single day* trying to exploit known security holes, and trace routing their origins usually lead back to east block/russian computers, usually located at schools.


Last edited by Beamboom on 5/3/2011 4:10:39 AM

Agree with this comment 1 up, 0 down Disagree with this comment

Highlander
Tuesday, May 03, 2011 @ 10:28:28 AM

Most of my cards expire after three years, heck the plastic doesn't even last that long, so a fair number will have expired by now. Actually, Sony should be able to tell that because they have the expiry dates on the card data...

The curious thing about these hacks to me is the data stolen - or accessed. The attackers apparently stole personal data, 90% of which is freely available via public database searches. The password hashes are important, but depending on how well salted they are, they may not be of much use without a well resources rainbow table attack. The attackers didn't get current CC data in either case, and in the case of SOE got a 4 year old backup.

I don't know, there's something odd about that. If someone's going to target a major transactional network, and spend several days on the attack, they're not there to get names, dates of birth and email addresses, they're there for financial information. To me that suggests that either the attack was not designed to steal financial data, but instead destroy confidence in PSN/SOE online security. Either that or Sony's internal network security was better than people are suggesting because even after a sustained attack the worst that can be said is that a table with a few 10's of thousands of credit card details from 2007 might have been stolen.

It's not adding up for me. If a criminal group of hackers goes to this much trouble, are they really only after personal data most of which can be found through legal means?

I really hope that these events are ultimately written up in a book, it will be fascinating to read the details.

Agree with this comment 2 up, 0 down Disagree with this comment

faraga
Tuesday, May 03, 2011 @ 3:03:09 AM
Reply

Good to live in the Netherlands. Wait, FUCK, oh well, good that I didn't have a PS3 back in 2007.

Agree with this comment 0 up, 0 down Disagree with this comment

Beamboom
Tuesday, May 03, 2011 @ 4:09:03 AM

At least your country is great :) I loved Amsterdam when I visited it. A genuine, rare city.

Agree with this comment 2 up, 0 down Disagree with this comment

___________
Tuesday, May 03, 2011 @ 4:55:24 AM
Reply

ahhhhhhhhhhh, did they not just put up a article saying there servers are separate and there safe?
sigh.
yet again more proof showing why you cant believe a single thing sony says!
one day 1 + 1 = 2 the next day its 73, the next day its 57 and the next day its 94.

Agree with this comment 1 up, 5 down Disagree with this comment

Underdog15
Tuesday, May 03, 2011 @ 7:10:13 AM

??
They are still separate. You should read some of the comments prior to yours.

Agree with this comment 2 up, 1 down Disagree with this comment

___________
Tuesday, May 03, 2011 @ 10:14:10 AM

where did i say there not separate?
point is there waving the flag saying nothing to see here folks its all ok, when theres a flaming wreckage!

Agree with this comment 0 up, 4 down Disagree with this comment

Highlander
Tuesday, May 03, 2011 @ 10:31:47 AM

The systems are separate. There seem to have been two attacks, that may well have been related. The SOE attack preceded the PSN attack buy about a day. The attackers may have used information gathered during the SOE attack to refine their attack to gain access to PSN. I don't know of course, but it does rather make sense, especially if the attackers were able to determine that some or all of the PSN servers shared the same vulnerability they exploited at SOE.

Agree with this comment 1 up, 0 down Disagree with this comment

Underdog15
Tuesday, May 03, 2011 @ 8:17:37 PM

Oh, I see, ___. You meant they said they are separate and "THEY'RE" safe. As in they are.

When you said there safe, I assumed you meant they are separate and therefore safe as if that was your criticism.

See? Grammar isn't just for Prissies! It can be confusing when misused! lol

Agree with this comment 0 up, 0 down Disagree with this comment

D1g1tal5torm
Tuesday, May 03, 2011 @ 6:58:35 AM
Reply

The PR gets worse and worse by the day.

They should've checked this more thoroughly before giving the 'all clear'.

I' ve already recieved 2 phone calls from 'my bank' asking to check details.



Agree with this comment 1 up, 0 down Disagree with this comment

Ultimate_Balla
Tuesday, May 03, 2011 @ 6:55:24 PM
Reply

This influences people like me, with slow ass internet speed, none. Damn. Playstation Plus would of been a good idea. Ah, buying 'em vouchers don't seem so bad anymore do they? ;)

Agree with this comment 0 up, 0 down Disagree with this comment

Leave a Comment

Please login or register to leave a comment.

Our Poll

What do you think about The Last Of Us: Remastered?
Fantastic! Can't wait to get it!
Good, not sure if I'll buy immediately.
Eh, not bad, but I don't care.
It's just a stupid money grab.

Previous Poll Results