Hay PS3 Owners.

[Belisle]

Change your password. Lulz

[Scott Meaney]

Yeah really. Understatement of the century.

[Shoultz101]

As of yesterday PSN is down indefinitely. To ensure the network’s integrity, Sony said it is currently rebuilding the service, which connects more than 75 million PlayStation customers over the Internet, letting them play video games and chat together.

Sony is still investigating the “external intrusion” that forced the electronics giant to shut down its network last Wednesday. In an email, the company also said it is also trying to figure out if any personal information, such as credit card numbers, may have been compromised in the attack.

Yikes!

[NamelessTed]

Yeah, Sony's security was totally fucked. The fact that they waited an entire week before they told anybody that personal information had been compromised is going to hurt Sony as much as the actual attack. Credit card info, passwords, and email addresses were definitely completely vulnerable but I don't know if Sony knows how much information was actually stolen/aqcuired.

So what does Sony learn from all of this? Don't store credit card info in fucking plain text.

[MrPharisee]

Oh, and apparently there's officially a lawsuit against Sony. Whee!

[HelloDrJoe]

Here is an email sony sent me. (copy and past it into notepad to read the whole thing)
They basically say- "Oh shit sorry- now you gotta cancel all your stuff the hard way with all 3 credit agencies."
!
==================================

PlayStation(R)Network

===================================

Valued PlayStation Network/Qriocity Customer:

We have discovered that between April 17 and April 19, 2011,
certain PlayStation Network and Qriocity service user account
information was compromised. As a result of what we have found
to date, we have:

1) Temporarily turned off PlayStation Network and Qriocity services;

2) Engaged an outside, recognized security firm to conduct a full and
complete investigation into what happened; and

3) Quickly taken steps to enhance security and strengthen our network
infrastructure by rebuilding our system to provide you with greater
protection of your personal information.

We greatly appreciate your patience, understanding and goodwill as
we do whatever it takes to resolve these issues as quickly and efficiently
as practicable.

Although we are still investigating the details of this incident, we
believe that an unauthorized person has obtained the following information
that you provided: name, address (city, state, zip), country, email address,
birthdate, PlayStation Network/Qriocity password and login, and handle/PSN
online ID. It is also possible that your profile data, including purchase
history and billing address (city, state, zip), and your PlayStation
Network/Qriocity password security answers may have been obtained.
If you have authorized a sub-account for your dependent, the same
data with respect to your dependent may have been obtained.
While there is no evidence at this time that credit card data was
taken, we cannot rule out the possibility. If you have provided your
credit card data through PlayStation Network or Qriocity, out of an
abundance of caution we are advising you that your credit card number
(excluding security code) and expiration date may have been obtained.

For your security, we encourage you to be especially aware of email,
telephone and postal mail scams that ask for personal or sensitive
information. Sony will not contact you in any way, including by email,
asking for your credit card number, social security number or other
personally identifiable information. If you are asked for this information,
you can be confident Sony is not the entity asking. When the PlayStation Network
and Qriocity services are fully restored, we strongly recommend that you
log on and change your password. Additionally, if you use your PlayStation
Network or Qriocity user name or password for other unrelated services or
accounts, we strongly recommend that you change them, as well.

Under Massachusetts law, you have the right to obtain any police report
filed in regard to this incident. If you are the victim of identity theft,
you also have the right to file a police report and obtain a copy of it.

Massachusetts law also allows consumers to place a security freeze on their
credit reports. A security freeze prohibits a credit reporting agency from
releasing any information from a consumer's credit report without written
authorization. However, please be aware that placing a security freeze on
your credit report may delay, interfere with, or prevent the timely approval
of any requests you make for new loans, credit mortgages, employment, housing
or other services.

If you have been a victim of identity theft, and you provide the credit
reporting agency with a valid police report, it cannot charge you to place,
lift or remove a security freeze. In all other cases, a credit reporting
agency may charge you up to $5.00 each to place, temporarily lift, or
permanently remove a security freeze.

To place a security freeze on your credit report, you must send a written
request to each of the three major consumer reporting agencies:
Equifax (www.equifax.com); Experian (www.experian.com); and
TransUnion (www.transunion.com) by regular, certified or overnight
mail at the addresses below:

Equifax Security Freeze
P.O. Box 105788
Atlanta, GA 30348

Experian Security Freeze
P.O. Box 9554
Allen, TX 75013

Trans Union Security Freeze
Fraud Victim Assistance Department
P.O. Box 6790
Fullerton, CA 92834

In order to request a security freeze, you will need to provide the following information:

1. Your full name (including middle initial as well as Jr., Sr., II, III, etc.);
2. Social Security Number;
3. Date of birth;
4. If you have moved in the past five (5) years, provide the addresses
where you have lived over the prior five (5) years;
5. Proof of current address such as a current utility bill or telephone bill;
6. A legible photocopy of a government-issued identification card
(state driver's license or ID card, military identification, etc.)
7. If you are a victim of identity theft, include a copy of either the
police report, investigative report, or complaint to a law enforcement agency
concerning identity theft;
8. If you are not a victim of identity theft, include payment by check,
money order, or credit card (Visa, MasterCard, American Express or
Discover only). Do not send cash through the mail.

The credit reporting agencies have three (3) business days after receiving
your request to place a security freeze on your credit report. The credit
bureaus must also send written confirmation to you within five (5) business
days and provide you with a unique personal identification number (PIN)
or password, or both, that can be used by you to authorize the removal
or lifting of the security freeze.

To lift the security freeze in order to allow a specific entity or individual
access to your credit report, you must call or send a written request to the
credit reporting agencies by mail and include proper identification (name, address,
and social security number) and the PIN number or password provided to
you when you placed the security freeze as well as the identities of those
entities or individuals you would like to receive your credit report or the
specific period of time you want the credit report available. The
credit reporting agencies have three (3) business days after receiving
your request to lift the security freeze for those identified entities or
for the specified period of time.

To remove the security freeze, you must send a written request to each
of the three credit bureaus by mail and include proper identification
(name, address, and social security number) and the PIN number or
password provided to you when you placed the security freeze.
The credit bureaus have three (3) business days after receiving your
request to remove the security freeze.

We thank you for your patience as we complete our investigation of
this incident, and we regret any inconvenience. Our teams are working
around the clock on this, and services will be restored as soon as possible.
Sony takes information protection very seriously and will continue to work
to ensure that additional measures are taken to protect personally
identifiable information. Providing quality and secure entertainment
services to our customers is our utmost priority. Please contact us at
1-800-345-7669 should you have any additional questions.

Sincerely,

Sony Computer Entertainment and Sony Network Entertainment

I am a busy motherfucker and have not gotten around to doing any of this yet. Here's to hoping we don't get bonned

And if so I'ma jump in on that class action lawsuit, or I'm gonna eat Kevin Butler's children.

[Shoultz101]

Wow!

[Shoultz101]

Tasty article I stumbled across today. 

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


FBI Cybercrimes Joins 22 States In Sweeping PlayStation Network Investigation

FBI Cybercrimes Joins 22 States In Sweeping PlayStation Network Investigation. The Federal Bureau of Investigations today confirmed that it is looking into the security breach that brought the Playstation Network down and exposed millions of users' personal data to cybercriminals.

The FBI is joined by nearly two dozen state attorneys general and possibly the Federal Trade Commission who are looking into this month's Playstation Network hack attack which forced Sony to take their PS3 online service offline for more than a week.

Sony reported that they reported the security breach to the FBI's cybercrimes unit in San Diego. Contacted Thursday, an FBI spokesman confirmed that they were looking into the reports.

"The FBI is aware of the reports concerning the alleged intrusion into the Sony on line game server and we have been in contact with Sony concerning this matter," said FBI special agent Darrell Foxworth. "We are presently reviewing the available information in an effort to determine the facts and circumstances concerning this alleged criminal activity."

Meanwhile attorneys general from 22 states are demanding answers from Sony over the breach, asking why it took the company so long to alert customers to the attack.

That group of state attorneys general are sharing information with one another about their individual inquiries, Susan Kinsman, who is the communications director for the Connecticut Office of the Attorney General.

The collection of attorneys general have also contacted the Federal Trade Commission to see if they have launched their own federal investigation, she said.

The Federal Trade Commission could have jurisdiction in a case involving loss of customer data through a security breach, FTC spokeswoman Claudia Bourne Farrell told Kotaku. But the FTC does not discuss or confirm ongoing investigations.

Kinsman also declined to say whether the FTC has launched their own investigation.

"A call has been made to the FTC and there will be discussions, but I can't comment on whether the FTC is investigating," she said.

While Kinsman was able to confirm that attorneys general from at least 22 states were looking into the Sony breach and how it might affect consumers in their states, she declined to say which states that included.

Connecticut's own attorney general sent a letter to Sony Computer Entertainment of America President and CEO Jack Tretton on Wednesday. The letter demanded answers to a number of questions including what data was stolen, who was responsible, how long the company knew and what was being done to make sure it doesn't happen again.

"The fact that sensitive information was apparently accessed without authorization makes me especially concerned about the possibility of financial fraud and targeted phishing scams," Connecticut Attorney General George Jepsen wrote. "What is more troubling is Sony's apparent failure to promptly and adequately notify affected individuals of this large-scale breach."

The letter goes on to outline a baker's dozen questions.

Kinsman said the letter was sent out Wednesday and that the office has not yet heard anything back from SCEA.

Sony officials said that it wasn't until Monday, after an outside security group conducted an extensive investigation, that they realized customer data had been stolen. That data included names, passwords and other identifying information. Sony doesn't believe credit card numbers were stolen. If it was, that data is also encrypted when it is stored, they said.

Anyone with information concerning the breach is asked to contact the FBI at 858-565-1255 or 1-877-EZ-2-TELL. Cyber tips may be e-mailed to the Internet Crime Complaint Center.