Homeland Security, FBI looking into PSN breach

@doubtingthomas
Also, when I read the article, I could of sworn it said Special Agent Fox Mulder

@doubtingthomas
I guess i wont be hearing the end of this at the office Monday...God Special Agent Fox you take my promotion first now you your tracking down a group of hackers what's next your going to be saving baby's from trees.

@Special Agent Bob

The True is Out There.....


Trust No One....


I Want To Believe....

@Stevetrop Man of Mystery

I upvoted you, just for the first, incorrect line.

@thisredengine

Lol damn I just noticed I totally screwed up

I blame the cancer man

@Prboi

What do you mean, "went that far"?

70 million accounts were hacked. 70,000,000 accounts. I'd be pissed if the FBI DIDN'T get involved. Whoever perpetrated this needs to be prosecuted. This was a malicious attack on a major corporation resulting in a major amount of fraud, loss of money (both immediate and residual), and the tarnishing of a company.

Yes, Sony did drop the ball on keeping us informed from the get go. That pisses us off. But they sure as hell deserve the support of the FBI in finding the pricks who caused all this grief in the first place.

@PreGHz +1 I agree

@Prboi

it went that far?! the FBI investigates anytime theres any kind of breach in a large corporation... cyber or physical. This shows just how little all of us know about this kind of stuff but yet speak as if we knew how everything went down.

@PreGHz

That's what I meant. Sony lied & told everyone it was just down for a harmless maintenance. Now they have the FBI involved & they still continue to act like nothing is wrong:

http://www.joystiq.com/2011/04/29/sony-evaluating-possible-goodwill-gesture-for-psn-outage-and-bre/

Sony is to blame for not forewarning everyone that their personal info have been stolen & now reports of unusual credit card activity. 7 damn days people were left clueless. Sony's Lack of precaution on the matter & the lateness of their "warnings" & the fact that they're still trying act like it was nothing major makes Sony just as at fault as the hacker. You trusted them & they let you down.

@PreGHz to be fair, a lot of those accounts were just people who signed up for PSN just because you have to. They made not have even bought anything, so it was just a username/password for a virtual login of no real value.

Now, if this were something like a financial institute, I'd think it would be of a higher priority.

@Prboi

Oh yes, let's play "Blame the Victim." I bet her skirt was too short too, right?

I'm not debating that Sony dropped the ball with security AND informing us. That's fact. But what is also fact is Sony is the victim here (and by proxy, us). In a big way.

So how about we not play that game, and instead concentrate on helping so that it never happens again. To them or us.

The lack of sympathy here disgusts me.

@jynxycat

You're probably looking _at best_ at 3 accounts per person. Most likely much less than that. With 50 million PS3s around and even more PSPs it'd be naive to not think that at least 25% of that had gone online at one point, which would be upwards of 12.5million w/ the PS3 population alone. EIther way it's a catastrophic amount of info that got leaked, and I doubt Sony's going to say "well, it's actually only xx million people" -- it can be just as harmful from a PR standpoint to admit that a huge number of those PSN IDs are backups that get no use. So a breach is a breach, and unless they start getting charged some nominal fee for the number of accounts compromised, they have a leak of 77 million customers.

@PreGHz

What the hell? PSN users were the victims here; Sony definitely deserves some blame. That said, they do get hurt because this hurts their image, but try to remember all the PSN users that Sony didn't inform as their personal info was possibly being leaked.

@Prboi

Okay, slow down there, tiger. Take a deep breath.

The Playstation blog has been keeping customers constantly updated of what's going on. They found out someone was in, the took the entire network offline for maintenance. I don't see how that's a lie, as I'm sure they started trying to fix shit right away. As far as the notification time, I've got some experience in IT and security, and you don't know right away what was compromised and to what degree. So, Sony hires someone to find out. They realize user data has been stolen, the put it on the blog and email all of their customers. They STILL don't have any evidence that CC data was stolen, but they warn their customers anyway.

I, for one, haven't bothered to cancel my card. I monitor it every day anyway, and my bank is pretty quick to credit back fraudulent charges. I haven't seen anything out of the ordinary yet, and it's been over a week. But, I do use a yahoo email address, and I've seen a drastic increase in the amount of spam I get to my yahoo messenger. And, even that could be coincidence.

Anyway, I keep abreast of what's on the Playstation blog, and I feel like Sony kept us informed of what they know. I sure don't see how they lied about anything. And, how do you figure they're acting like nothing is wrong?

If it turns out that on day 1 they knew the extent of the attack, then I'll be just as pissed as you seem to be. If it turns out that their security measures weren't up to snuff, I'll be livid. But, if it turns out that hackers broke into their system and stole a bunch of shit...I'm kinda gonna have to be mad at the hackers.

Like I said in another post, if someone breaks into a bank and steals everything out of your safety deposit box, you don't blame the bank.

@PreGHz

I'm not saying Sony is completely at fault but they are at fault. People are acting like Sony had no idea this was going to happen. Really? So all the reports saying PSN was running in the red didn't give you a clue? How about all the security patches Sony put out in the past few months? Yeah, Sony knew & they didn't take enough precaution & had to shut PSN down before they were sunk.

The hacker is to blame for causing this whole situation & deserves everything that's coming to him but don't over look what Sony did people.

@PreGHz

Agree on that, its disgusting, and i'm getting sick of it.

@Prboi

Dude...what reports? And you're using the fact that Sony frequently made updates to the security of their console and network as a sign that they DIDN'T have enough security?!!?

Okay. That's a sign that I clearly should not be participating in this discussion with you.

@jynxycat

Most of the subscribers are locked in as well. You can't delete your psn account. I have tried multiple times!

@Prboi

Sorry. I don't see it that way. I intend to place the blame on the people deserving of it. In this case, I blame the lowlife hacker a**holes.

@Troy Powers There is more than one victim here. Being hacked is forgivable, but not informing your customer in a timely manor is not. I work in the field also and delt with Fortune 500 companies and major corporations. You don't pull the plug on you entire network on a whim, especially a corporation as large as Sony. You should know this if you are in the field. This has to be approved by upper management and a valid reason has to be given before you take it down. A hunch is not a valid reason. Also hiring a 3rd party to come in to assess is not cheap and is not budgeted, also has to be approved by upper management and to get the FBI involved you need to have some info to substantiate your claim. All this was done prior to customers being notified of at the least "a potential breech" . Users were notified a week later. There are other inconsistencies with timing that raise red flags to me but too long to type now.

I think everyone assumes that the guys in the server room has more power than they actually do.

Sony is also a victim, and I hope that they catch the people responsible and they go to a Turkish prison, but so are we. I hope they learn from this and realize that the sooner you inform your customers the better your business is for it. I honestly blame Sony Management for the mishandling of customer notification because they are the ones that approve all of this. But I also hope that the people that did this act get what they deserve.

@Troy Powers

Well, if the bank left all your money sitting on the counter unsecured, then yeah, you do kind of blame the bank.

@OnToGloryReturns

you're implying that sony had a giant button on their website that said "click here for 70 million FREE accounts!"

whoever hacked in went through a lot of security. sony didn't leave it out in the open.

I'm not saying don't be upset but, hell it's not like this is the second or third time this has happened. Are we just a zero tolerance society now? you can't screw up even once? is that how it is now? online gaming is a relatively new frontier, this shit is going to happen, it's called growing pains. every company will be stronger for it. you can't just expect it to be perfect from the start.

@Prboi
i haven't posted a comment in months, but i suddenly feel compelled to.

Prboi, you're an idiot and i wish you wouldn't post on joystiq because you hurt my brain.

@eat it

See my other reply to you for more - but yes, when it comes to my identity security when I have trusted a company with it I have a zero tolerance policy (I have no CC info on PSN by the way - I'm talking about principle).

I never implied that Sony had a button for 70 million free accounts (way to go to an extreme there) but it clearly wasn't protected effectively. The PSN didn't just start by the way - it's been around since the PSN launch and they've had every opportunity to secure their data effectively which they did not.

Allowing a company to operate like that and give them a 'free pass' does nothing for the consumer. A corporation will get away with whatever they can until they are litigated into compliance. Review a couple of hundred years of American business to see the veracity of that argument.

@Prboi Im going to be honest here.

Normally I think you would be trolling, but after all this? I actually think you BELEIVE the amount of crap you are spewing.

First its that "thanks sony" for all this. I dont even want to start there.

Then its "oh but sony had no protection so its there fault." Yeah, they had zero protection, I bet. Thats why anon gave up in the first place.

Then its "well there was warning signs because they kept beefing up security over last few months." Well which is it, they had zero protection or they were beefing it up?

I really dislike your posting style and your total lack of concern for the real victims here. Yeah yeah fight the evil corporations. Whatever. Sony has done frig all to warrent the absolute amount of crap thats been poured on sonys customers. Us.

You watch the movie hackers and think its a great plot. Its not a motto to live by, its just a friggan movie.

I buy sonys product because I like them. I understand that when people adjust THIER product to make MINE less enjoyable that sony is doing the right thing to try to stop them. Now its gotten to the point the friggan FBI needs to step in. Think about that. Who is going to win that war?

Not a single one of these "hackers" is doing the one thing they are bitching about. Not a single one is saying "hey I got linux on my ps3! I am happy with this, Ill stop here."

They, and you, need to grow up.

@OnToGloryReturns

Honestly man, if you are "in the field', then you'd know that if someone really wants in on a complex front end of offered services, then they WILL find a way. A service such as the PSN has so many variables and available services and devices, that any determined individual or group can eventually find a loophole, given enough time.

As far as security patching goes, they release patches when their engineers discover security holes or other code that is potentially viable for exploit. But the issue there is the same as you'll find in various other places. The more eyes looking into a problem, the more perspectives. They can only employ so many people to be proactive, but it's much more difficult to be proactive as opposed to reactive.

And regarding the "Sony didn't tell us" portion, everyone must realize that a large company like Sony must be 110% positive that a breech happened and data was stolen BEFORE saying a word. A big part of it is public image. If nothing was compromised or stolen, then they'd look like assholes for sending a message that they may have been hacked AND could possibly face legal action depending on the outcome of "crying wolf".

The internet if full of people who really think they know the world because they read wikipedia and some forums, but that does not make you "informed". And yes, we have become a zero tolerance society. We're also insatiable. Come out with an amazing device that will cure cancer people will bitch that it doesn't play mp3's or some shit like that. Come out with an amazing new product that has a few minor flaws, and everyone's on it that the company should have done better. Think you can do better? Become an engineer or inventor and think something up, but don't get up on your soapbox and profess your uninformed and erroneous opinion, it just makes you part of the problem.....and a jackass.

/end rant

@PreGHz

Fun fact: rape analogies are the new Godwin's Law.

A better analogy might be that Sony wasn't wearing its seatbelt. Yes, the guy who caused the accident is at fault and should be prosecuted to the full extent of the law. But that was incredibly stupid of Sony, and illegal to boot.

Understanding, not sympathy. Sony's working hard to fix the problem, and to prevent it from happening again, but they did mess up. I understand your frustration at peoples' apparent downplaying of the hackers' role in all this, but please don't whitewash Sony's complicity. It obscures an important aspect of the issue, and I'd rather we were aware of its entirety, rather than going on a witch hunt.

@Frozen Radiator

http://en.wikipedia.org/wiki/Spy_Kids_4

@brightbonewhite

Teach him a lesson for trying to be cool? That's your take on this?

@Jenks Lol, oh, I'm sorry. Not philosophical enough for you? Did I not appease your desire to read something intellectual on the interwebs? I think you might be on the wrong website, douchebag troll.

U mad?

@brightbonewhite

U mad? You're on a roll, but I often forget the average reader age here is under 14.

@Jenks

A barrel roll?

@copa +1 LOL

@copa

The guy reportedly trying to sell 2.2 million credit cards is full of it. According to him, he also has the cvv codes, which Sony didn't maintain.

As far as the 3 or 4 people saying their accounts have been compromised...okay. 4 people out of 77 million hardly makes a convincing trend. If 4 of the 77 million PSN users had their homes broken into, could we blame that on Sony? I mean, we know FOR SURE that address data was stolen.

@copa

Well, if somebody says it on the internet, then it's most certainly true. It's not like anyone would lie, because the internet is 100% populated with upstanding individuals of the highest morals and integrity.

I'm not sure which is worse, the people who sensationalize and make up stories, or those who completely eat up any claim a person makes and believe it to be the gospel truth before a shred of evidence is obtained.

@Ezio Auditore da Firenze

What?!!? You mean you wouldn't trust the word of someone posting on a forum for credit card thieves? What has this world come to?

@copa

Copa you're such a effing moron. Since this whole thing went down you have had nothing but negative things to say about any of this, in fact you are one of those who put 110% blame on Sony while giving those who stole your info a free pass...

IN FACT, it looks like you are giving Sony the blame for that "user" who said he has 2.2million accounts to sell, and giving that "user" a free pass as well.

I wish you could use your brain for one minute.

@Ezio Auditore da Firenze
While damn....no wonder those 'make it bigger' pills haven't worked. Where were you $300 ago Ezio?

@Ezio Auditore da Firenze

So let me guess, you're the kind of guy who only listens to what the news has to say? I pray to god you don't watch Fox news

@Troy Powers

If anyone is using same credit card for other purchases, they could have been stolen different way. If you buy PIZZA they sometimes copy your whole CREDIT CARD info, or even if you hand it over to a clerk in a store. Trust me if credit card is encrypted you need a key to decrypt them. And usually there are 2 keys that are required one that sony has other that processing company has.

This just pure crap, and everyone is causing panic. Sure be careful, but don't forget that there are 100 of ways to get your info or your credit card. FF and IE have security holes, each time you enter your CC you may be giving it away to some hacker.

@pickupdoctor

But hey we have a new scape goat, and it's SONY. This goes in par with new software updates that sony rolls out and randomly people say my console just got bricked by new update. But in truth it was time for it to go because of dust and lack of correct maintenance.

@Troy Powers

Exactly, and considering how often identity theft occurs, 4 out of 77 million isn't very surprising. Now if 100k people suddenly had weird things going on right now then yes, it would be a problem, but that's not happening right now.

The selling of credit cards also sounds ridiculous. How would they get paid? Doing it over the internet would be ridiculous and traceable, and even if they found a way to hide their location on the internet, the banks would take note of massive amounts of money being moved to an account.

@chimpsmith

"The selling of credit cards also sounds ridiculous. How would they get paid? "

no its not, it happens. I read an article on the Times which highlighted just how the hackers sell your info and to who. Usually its not within the same country it stole it from, they sell it to people in OTHER countries where it will be hard to trace and even harder to find and prosecute the person.

This is why COPA is full of sh!t with all those links he posted. NO EXPERT HACKER WILL EVER SELL 2.2 MILLION STOLEN CARD INFO ON ANY FORUM where you have to sign up with an email and leaving some sort of digital fingerprint that can be traced back to you.