1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Sony admits personal data was not encrypted

Discussion in 'Article Discussion' started by CardJoe, 28 Apr 2011.

  1. CardJoe

    CardJoe Freelance Journalist

    Joined:
    3 Apr 2007
    Posts:
    11,346
    Likes Received:
    316
  2. Turbotab

    Turbotab I don't touch type, I tard type

    Joined:
    4 Feb 2009
    Posts:
    1,217
    Likes Received:
    59
    How the hell can a company the size and stature of Sony act like such doughnuts!

    I can't believe they aren't PCI-DSS compliant. Maybe Sony got confused about the meaning of PSN, thinking it meant Please Steal Numbers.
     
  3. Kiytan

    Kiytan Shiny

    Joined:
    2 Jul 2009
    Posts:
    971
    Likes Received:
    23
    Why the hell would they not encrypt everything? I literally cannot think of a single reason not to.
     
  4. Jamie

    Jamie ex-Bit-Tech code junkie

    Joined:
    12 Mar 2001
    Posts:
    8,180
    Likes Received:
    54
    Don't worry Sony, I'll just cancel my date of birth and get a new one.
     
  5. Von Lazuli

    Von Lazuli I get by fine with a jig-saw.

    Joined:
    23 Oct 2008
    Posts:
    283
    Likes Received:
    7
  6. nmunky

    nmunky What's a Dremel?

    Joined:
    28 Apr 2010
    Posts:
    11
    Likes Received:
    0
    Why on earth won't Sony say definitively what data was encrypted and what wasn't? Specifically: were the passwords encrypted? This policy of being as vague as possible is only making the situation much worse.

    I'm incredibly unimpressed with the secretive, deceptive nature of their response to this situation.

    My hope is that the highly litigious nature of the USA works in everyone's favour for once and as many people as possible sue the living hell out of Sony so that they will finally take this stuff seriously.
     
  7. lp1988

    lp1988 Minimodder

    Joined:
    24 Jun 2008
    Posts:
    1,288
    Likes Received:
    64
    The most interesting thing here is that this shows just how much the consoles looks like PC today. on top of that if you can hack one machine you can hack them all as they are all the same.
     
  8. kempez

    kempez modding again!

    Joined:
    4 Aug 2005
    Posts:
    1,212
    Likes Received:
    3
    Several things. Firstly, Sony have stated what is and what isn't encrypted in their statement, read it. It's pretty clear.

    I'm unimpressed with it too, I think everyone is!

    However, suing Sony won't do anyone any good imo. The negative publicity will do good. Sony are obviously taking a lot of steps (including physically relocating their data centre, if you read it), so they are taking it seriously. The fact that they have lost money and will continue to lose revenue and good-will from customers will mean that they take it deadly seriously. I can't imagine what a rollicking their shareholders will give them!

    They don't mention PCI DSS compliance, but I thought that if you store personal data and credit card information that can be connected, you have to be? Either way, they obviously weren't doing it right.
     
  9. Uxon

    Uxon Minimodder

    Joined:
    14 Dec 2010
    Posts:
    446
    Likes Received:
    11
    Ads by Google

    ID Theft
    Detect and protect against identity theft. Receive alerts, react fast!
    www.equifax.co.uk

    :D
     
  10. DXR_13KE

    DXR_13KE BananaModder

    Joined:
    14 Sep 2005
    Posts:
    9,139
    Likes Received:
    382
    Seriously?
     
  11. DwarfKiller

    DwarfKiller What's a Dremel?

    Joined:
    25 Nov 2010
    Posts:
    116
    Likes Received:
    1
    I was hearing rumours about this and refused to believe it.
    If the delayed announcement wasn't enough, this just takes the cake.
     
  12. John_T

    John_T Minimodder

    Joined:
    3 Aug 2009
    Posts:
    533
    Likes Received:
    23
    That made me laugh! :)
     
  13. DMU_Matt

    DMU_Matt mmmm cheesy

    Joined:
    23 Oct 2009
    Posts:
    680
    Likes Received:
    16
    That quote is signature worthy, bravo Jamie. Bravo :thumb: :lol:
     
  14. Paradigm Shifter

    Paradigm Shifter de nihilo nihil fit

    Joined:
    10 May 2006
    Posts:
    2,306
    Likes Received:
    86
    I don't understand why Sony needed all of that personal information in the first place: I've not linked a credit card to XBox Live (nor did I to PSN) but the only info that XBox Live wanted was a Username, Password and E-mail address. Why does Sony need Name, Address and DOB by default? I very nearly didn't sign up at all with all the info they wanted... I should have stuck with my gut instinct.

    And with the effort I take to stop the potential of Identity Fraud happening to me, I'd just like to thank Sony for failing to encrypt my personal data and therefore essentially handing it to bad people on a silver platter. Along with the personal information of 70+ million others.

    As I was typing this, I just received an e-mail from Sony telling me about the situation. Nice to see they're so on the ball with telling people, as I don't keep tabs on the PSN Blog. Although it would have been impossible to miss this if you were online at all over the last week.

    ...

    As for litigation not doing any good... the bad publicity will hurt Sony, but they'll recover as people have short memories and Sony have a lot of money to spend on advertising. To get Sony to learn not to do it again the penalty for this is going to have to hit them where it hurts: the pocketbook. I think Identity Theft Protection/Insurance for every single PSN user would be a good start. They obviously have our names and addresses and DOBs (hell, so does the whole of the 'dark side' of the internet by now, most likely) and that's all they should need to open these Identity Theft Protection schemes if they're footing the bill.

    ...

    Disclaimer: Paragraphs 2 and 3 of this post contain high levels of sarcasm.
     
  15. Eggy

    Eggy Minimodder

    Joined:
    8 Oct 2009
    Posts:
    184
    Likes Received:
    6
    Encrypting personal info e.g. profile information is not very common though.
     
  16. Coldon

    Coldon What's a Dremel?

    Joined:
    14 Oct 2006
    Posts:
    208
    Likes Received:
    10
    you do realize that most sites/service dont encrypt personal data. The reason being that the constant need for unencryption each time the data is needed imposes a massive processing cost on the server. The bit-tech forums store all personal data in plain text too, so does every other IBB / vBulletin / SMF forum.

    Usually only the account password is hashed, which is why most forums dont email you a new pasowrd but rather a password reset code. Yes, you can reverse engineer the hash to get a text string that creates the same hash but the chances of it being the user's actual password are slim (assuming a good hashing alg is used. Futhermore that "reverse engineered" string is useless for any sites/networks usign a different hash.

    This "news" post is ridiculously alarmist and just pulled a FOX news stunt, overreacting to something thats perfectly normal.

    My real name, birthday and email address are already available online in a million places, so why would some hacker gaining that info be of any concern to me. Now if the credit card table wasnt encyrpted then you can be really really worried.
     
    Sloth and Toploaded like this.
  17. Woodspoon

    Woodspoon What's a Dremel?

    Joined:
    10 May 2008
    Posts:
    502
    Likes Received:
    1
    Lol it just keeps getting worse.
    I'm just waiting for the next announcement that says "No credit card details were taken off the system, they were all left unencrypted on a USB key on a train, it's ok though because it might have been found by a cleaner"
     
  18. themax

    themax What's a Dremel?

    Joined:
    2 Dec 2005
    Posts:
    1,060
    Likes Received:
    3
    This. :thumb:
     
  19. kornedbeefy

    kornedbeefy What's a Dremel?

    Joined:
    1 Sep 2009
    Posts:
    168
    Likes Received:
    0
    I recieved a lenghthy email directly from Sony stating all my information may have been compromised including my credit card. They then go on to state I need to keep an eye on my accounts and keep vigil over my credit report. Also providing links to the credit score agencies.

    So ya I guess you can call me a little bit alarmed but more so very irritated.
     
  20. Waynio

    Waynio Relaxing

    Joined:
    20 Aug 2009
    Posts:
    5,714
    Likes Received:
    228
    Anonymous said they were gonna give sony the biggest attack ever, so I'm gonna risk assuming this is it & if like they are saying they don't mean any harm towards consumers & only towards sony then maybe they did this to cause a big chunk of mistrust with people who buy sony stuff & any personal data they took they deleted, this is what I like to think anyway, either that or another bad hacker group has capatilised on the situation & gone for it for real for mass id fraud, sure as heck not good either way.

    It's been a while since I fired up the ps3 so I'm unsure about ways to pay for adding money to the wallet, is it possible to put money in the account through paypal, I can't remember as it was ages ago, if so I'd have done it through paypal, if not then my old debit card would have been on there which runs out of date this month.
     
Tags: Add Tags

Share This Page