Things Get Worse And Worse For Sony As Another Massive Data Breach Detected
from the this-is-why-you-don't-trust-rootkitters dept
For the few of you left who still trusted Sony, now comes news of yet another massive data breach, this time for Sony Online Entertainment (SOE) users. SOE is their online multiplayer games offering. It sounds like a similar issue to the PSN hack, again with lots of data being taken. Making matters worse, apparently for players outside the US, Sony kept credit card numbers and/or bank details in an “outdated database” (read, one not properly secured or encrypted, apparently). And… Sony is now admitting that the breach occurred a few weeks ago, so this info has probably already been put to use. So, we’ve got the rootkit, the PSN and now the SOE issue. Who actually willingly pays Sony for anything any more?
Filed Under: breach, sony online entertainment
Companies: sony
Comments on “Things Get Worse And Worse For Sony As Another Massive Data Breach Detected”
This could bankrupt Sony Entertainment, and speed the decline of Big Content. In the UK alone, such a breach can be charged with a maximum fine of ?3 quadrillion, if puniuched to the fullest extent of the law.
As it is, if this is correct, then Sony are in massive breach of the PCI compliance laws in the EU. No wonder they announced freebies for all PSN customers over the weekend – they wanted to bury the bad news.
Re: Re:
Yeah, as a PS3 owner I got that email as well. All I could do was shake my head at how pitiful it was.
BTW, I was gifted the PS3. I did not buy it on my own. Frankly, I’d have been perfectly happy playing a bunch of classic PC games from no later than, say, 2005, but oh well….
Re: Re: Re:
dear god, when did games from 2005 become “classic”?
Re: Re: Re: Re:
dear god, when did games from 2005 become “classic”?
The moment a classic controller was no longer required to play them.
Re: Re: Re:2 Re:
You mean Quake III is not longer what all the kids are playing?
Re: Re: Re:3 Re:
Those graphical games will never take on. I trust my entertainment to nethack and it has never let me down.
Re: Re: Re: Re:
Look at lists of the highest rated games ever made, and you’ll notice a trend. Here’s an example:
http://top100.ign.com/2005/001-010.html
There isn’t even a single game on that list later than the 90’S! And when I think of the two glaring omissions in that top 10, they’re both 2000 and before as well (Final Fantasy 7 & Deus Ex)….
Re: Re: Re:2 Re:
#21 Deus Ex
#88 Final Fantasy VII
Re: Re: Re:2 Re:
Yeah, before 2000 I can see calling “classic” – it was the 2005 I balked at. That’s the year WoW and COD2 came out… if that’s “classic” then most of my favourite games are “antique”
Re: Re: Re:2 Re:
Starcraft 2
Re: Re: Re:
Or you could just go back to when games were still good (not including FPS) and had more than 8hrs of play and get a NES and SNES then buy used games.
Re: Re:
We can only hope that the EU takes this into the courts, as here in Amurica, us consumers can do nothing, now that the douchebags on the Supreme Court have quashed all the class-action lawsuits…
Re: Re:
As it should. They could replace everyone in the company and I still won’t buy. They have crossed ethic lines to many times. If you work for Sony, Start looking for work.
Re: Re:
Sony will get off with a slap on the wrist. You’re delusional if you think this will bankrupt them.
Re: Re: Re:
But it should bankrupt them. Personally identifying data is a shitton more valuable than your capacity to consume. Moreover, I’d like to see you come up with an argument as to why this shouldn’t cost Sony their ability to trade; the fact that this was discovered over a month ago opens them up to vicarious liability on failure to prevent fraud.
Had Sony even deigned to notify its consumers of the breach when it occurred, we would have been having a different discussion. As it is, the amount of stupid involved on Sony’s part is insane.
Non-hashed PSN info? Check!
Holding CC details (including CVV)? Check!
Refusing to notify people after discovering the breach in a timely manner? Check!
Claiming everything’s okay when it’s clearly not? Check!
They don’t deserve any money from anyone ever again.
Re: Re: Re: Re:
I never said that it shouldn’t bankrupt them. I have a PS3 and I’m outraged by this news. They will more than likely get a slap on the wrist and get told to be better at protecting data and that is all the punishment they will receive.
I’m sure they will end up spending more money on PR to try and improve their image than they will on improving security. It’s disgusting but that’s just how it usually seems to go.
Re: Re: Re: Re:
The security breach happened a month ago. They found out about it on Sunday. They shut things down Monday. I’m not claiming they’re innocent and should be exonerated, but I don’t think they can be accused to sitting on this for any period of time.
Re: Re: Re: Re:
I thought they didn’t have the CVV… (Far be it from me to defend Sony, but I thought I read that.)
Re: Re: Re:2 Re:
Not for the PSN hack, but for the SOE hack, the CVVs were stored.
Re:
> This could bankrupt Sony Entertainment
You say that like it’s a bad thing?
So let me get this straight…
Sony wants to limit music with Amazon…
They want to spy on you with rootkits…
You have no privacy through their network…
If you research these hacks, they’ll sue you…
If you try to help them in any way, shape, or form, they won’t work with you…
Well, I guess you don’t have much to say except sayonara Sony.
Re: Re:
They have dishonored their ancestors and shamed themselves by failing to apologize for it in the traditional manner.
Re: Re: Re:
“They have dishonored their ancestors and shamed themselves by failing to apologize for it in the traditional manner.”
Well, yeah, but they can catch flies with chopsticks, so they’ve got that going for them….
Re: Re: Re:
So if the boss of Sony committed ritual suicide then this would be forgiven?
It would probably be cheaper for them in the long run.
Re: Re: Re: Re:
“So if the boss of Sony committed ritual suicide then this would be forgiven?”
I won’t be happy until the entire company falls on it’s sword.
…Or at least the legal dept.
Re: Re: Re: Re:
The boss? That would merely be a good start. All CxO level executives would be a good finish.
The data of tens of millions — if not over a hundred million people — was exposed due to their profound negligence. The cost of that in monetary terms is well into the trillions. The cost in human terms is difficult to calculate: how do you give an identity theft victim their life back, their years of suffering and worry?
“Enormous” doesn’t even begin to describe the impact of this. As a society, we’re willling to lock up someone who merely steals a 4-year-old car. What should we do with Sony’s personnel, who have done something that makes that microscopically inconsequential by comparison?
(And yes, 95% of the blame for this rests with Sony. Well-known, test, best-practice security techniques would have left the attackers with a massive encryption problem.)
Re: Re: Re:
In some civilized countries, men who have failed as completely as you have, would thrust themselves on their swords…
Well, shit.
I’ve got a PS3 and my choices are:
– Get an 360 that suffers from head alignment problems
– Step back a generation and get a Wii, along with none of the games I actually want to play
– Shell out a couple of grand on a higher-end computer
This doesn’t include the cost of re-purchasing all the games I still like playing. Unfortunately, I’ve got a lot of money already riding on this hacked-up horse, so I kind of feel like I’m going to stick it out until the next gen arrives.
God help me, I love that locked-in feeling.
On the bright side, my Netflix still streams and I’ve got a really large Blu-ray player.
Re: Well, shit.
Couple of grand?! You’re definitely doing it wrong.
Re: Re: Well, shit.
Probably. I just don’t want to be adding RAM to video cards or swapping them out just to keep up.
I’m resistant to PC gaming anyway. I’ve only got a limited amount of time to play and I don’t want to spend part of it tweaking settings and downloading patches. I know that’s short-sighted, but it is what it is. I would also like to take advantage of various mods, but I also like that when I boot up the game on a console, I know it will work.
Re: Well, shit.
Do this:
1- Sell playstation.
2- Buy new generation xbox (to avoid RRoD) used on ebay.
3-Get gamefly, that way you don’t have to purchase every single game you owned.
Re: Re: Well, shit.
new gen, old gen, you get < 1 year either way.
Re: Re: Well, shit.
New gen seems to have issues with head/tray alignment if Youtube’s hundreds of videos on how to solve it is any indication.
Re: Well, shit.
The new slim Xbox 360’s don’t seem to have any problems like the old ones. I use mine nearly every day to watch Netflix and play games and I have never had any problems with it.
Re: Well, shit.
or, stop wasting time playing video games? You locked yourself and the key is right there in your hand.
Re: Re: Well, shit.
Who has locked themselves and who is free to play video games?
Re: Re: Re: Well, shit.
There’s always free games to play for time wasters… Kongregate
Armor Games
Newgrounds
But playing some of the games on a PS3 or 360 can make it quite worth it. Ex. I love Scott Pilgrim, but Ubisoft won’t release it for any system other than the consoles. Stupid of them, but it makes them money…
Re: Re: Re:2 Well, shit.
Hell theres always work for time wasting. I’m talking about things I actually want to spend my time doing! 🙂
Re: Re: Well, shit.
Whatever, Mom.
Re: Re: Re: Well, shit.
I heard that you were very disrespectful to you mother, so I am going to send you to your room for the rest of night to think about it. I don’t wanna hear another peep out of you for the rest of the night.
Re: Re: Re:2 Well, shit.
Wherever it is that captain obvious lives, it must always be a beautiful day outside that I’m wasting away inside on the couch. I’m guessing southern California.
The breech would have been discovered earlier...
…but malicious parties hid their activities using a rootkit found on CDs about 6 years ago.
Re: The breech would have been discovered earlier...
I would of went with this: The data breech was enabled by a Sony employee inserting a Sony “CD” into their work computer.
SOE is dying anyway, with the long slow death of their flagship product EQ and no new games to really take its place (DCuo and Freerealms are flops) lets hope that Smedley is finally given his long overdue walking papers
Typo
“Who actually willingly pays Sony for anything any more?”
Should read: Who actually willingly uses Sony’s free services any more, let alone give them money.
An interesting solution to this and other services, go to a retailer that is a bit more trustworthy and get the PSN giftcards. Same goes for XBox live, iTunes, anyone else that wants your credit card number and might store it wrong.
Re: Typo
The solution is not to use gift cards the solution is to not buy sony products and to legislate a minimum level of protection on stored consumer data. The minimum should not require a specific tech but have requirements that must be met using any means.
If you are really concerned about your CC# then use a CC# generating service provided by several Credit Card companies so the number will be expired by the time anyone could use it.
Just got my email for SOE
Opened my inbox this morning and low and behold there was an email from Sony about my SOE account. Now I find this kinda funny about the attacks that have been discovered as of yet. But it sucks that my kids do use some SOE games and when i had to tell my son this morning that he won’t be able to play his Clone Wars games he was pissed.
Where to Go?
This will be a tough question for everyone. I don’t think giving up on the PS3 is the best thing to do. Both systems have their flaws- XBOX 360 and PS3. Sony will learn from this, we can all hope. I’m going to guess that their back-end systems are now much more secure. This is the sort of thing that removes the magical cloud-cover from people’s eyes about a company though. There is no reason to be a die-hard fanboy at this point. Personally, I’ll keep my PS3, and keep buying content, and playing games. Same for my 360, and whatever new consoles come out from either company in the future.
To comment on a few of the comments above, I do not think this will bankrupt Sony. I would hate to see all of those people without jobs in this economy. I do think, however, that there will be a huge whole ripped into the company by the pending lawsuits. People will get fired, trust me. Now, will the right people get axed, or just some scapegoats…time will tell. I also hope that this is an eye-opener to all companies that they can be breached, no matter how secure they think they are. It’s always that one catastrophic FAIL that gets people in motion.
Re: Where to Go?
“Sony will learn from this, we can all hope.”
Why should they? They didn’t learn anything from the rootkit debacle and it cost them less than a slap on the wrist.
As long as the sheeple keep buying their goods and services, there is NO REASON for them to learn. Or to even try to learn.
Sony cares about profit. Always profit, only profit. If they could prostitute children and make money from it, they’d do it without a second thought. They have no conscience, no morals, no ethics, no scruples of any kind.
So to expect them to learn, or to even WANT to learn, is insane. They’ve already repeatedly proven, beyond all possible argument, that they’re not going to. And because the sheeple keep coming back, they don’t need to.
THIS is why I am angry at Sony. Yes, being hacked can be considered a cost of doing business in this day and age. Yes, I am annoyed by someone who understands technology what they let leak and how. What really gets me angry, what makes me want to swear off Sony and sue them into oblivion is their delays.
It took seven days from them discovering the PSN server holding personal information was hacked into before they said ANYTHING that sounded like “Oh, and by the way, you should keep an eye open.” Hell the first two days they claimed it was routine maintenance, they outright LIED to us.
And now this WEEKS after it happened? That is what I cannot excuse. The lies and coverups. Hell they probably would still be hiding the SOE breech, but I would wager something forced their hand.
Being hacked? Forgiven. It is the criminal’s fault.
Having POS security? It annoys my tech side, but I can understand how they can cling to lumbering beasts or try to skimp with the money. Forgiven, grudgingly.
Hiding all these data breeches and outright lying as to their actions? No way.
Re: Re:
If being hacked = forgiven, then POS security should be a given.
My answer.
“Who actually willingly pays Sony for anything any more?”
Unfortunately, many although I will not be one of them.
This is a shame, too, because I once respected this company, often putting its products first on a list when shopping. However, the rootkit fiasco hit the news and I put my guard up.
The final straw was when Sony purposely proved to the world who really owns its console and this was pretty much it for the company. In fact, I just rid myself of every component of this maker from my house, save an old transistor radio (which is just too damn nice to give up).
It certainly doesn’t help to turn and read personal attacks against users and data loss occurred after the “final straw” and I can honestly say I’m glad I left this company.
If anyone from Sony reads this post, I welcome you to the true definition of a “lost sale”, and it will take you at least a decade to restore my faith into the company.
Isn’t it about time Sony gets started?
Well, Sony still create some reasonable-quality camera’s…
Then again, I wonder when Sony will start failing in their photography department also… 🙂
This piling on is ridiculous
Seriously. We get it. You’ll never buy Sony again. You feel as if they broke into your house and killed your dog. You have spent the last 3 days rocking in a corner because you can’t believe people still buy Sony stuff. Some hacker might know your name, so you’re having problems sleeping at night and need anti-depressants. Oh, and by the way, games just haven’t been the same since Dr. Mario.
Don’t forget to keep those posts, so you can just change the company name when someone else gets hacked or screws up. I’m looking forward to your exasperated rage again.
Re: This piling on is ridiculous
That must be some wedgie you’re sporting there, boy! Probably have your waistband at eye level, at least. Your ludicrous attempt to marginalize people with legitimate complaint is an EPIC FAIL, and your attempt brings into question where your loyalties lie. I think we all know the answer. You think all consumers with legitimate and serious complaints against businesses run by stupid and unethical idiots should be disregarded and held in as much contempt as you were just obviously able to muster. Sod off, you corporate apologist!
Sony………blows ponies
Re: Re: This piling on is ridiculous
Thanks for clarifying. So most of my points above were right, but I forgot that Sony is run by retarded serial killers and, as a collective whole down to the last janitor, engages in bestiality.
Re: This piling on is ridiculous
No, it’s gone beyond incompetence and into maliciousness. I’d say throw the book at Sony, but seeing as they wrote it for Hell…
Umm..
Yeah, it would be nice if X-Box would give us games for the Sony games or at least a discount.
Article
I don’t own a PS3 yet, nor a PSN account, but when I received an email this morning notifying my details may be compromised, I surmised something else may be up, I only have a newsletter subscription from years ago!