funsec mailing list archives
Re: User data stolen in Sony PlayStation hack
From: mark seiden <mis () seiden com>
Date: Tue, 26 Apr 2011 17:32:59 -0700
On Apr 26, 2011, at 5:30 PM, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote:
http://www.theregister.co.uk/2011/04/26/sony_playstation_network_security_brea ch/ This couldn't have happened to a nicer company. Really. It just couldn't.
the interesting blurb from http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/ is "Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained." so unfortunately, due to password reuse by >20% of users, and the fact that they lost email addresses, everybody else is screwed too, even companies that are not evil.
"Sony's advisory on Tuesday means that the company was likely storing passwords, credit card numbers, expiration dates, and other sensitive information unhashed and unencrypted on its servers." ====================== (quote inserted randomly by Pegasus Mailer) rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org If your protocol is successful, it will eventually be used for purposes for which it was never intended, and its users will criticize you for being shortsighted. - Charlie Kaufman victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- User data stolen in Sony PlayStation hack Rob, grandpa of Ryan, Trevor, Devon & Hannah (Apr 26)
- Re: User data stolen in Sony PlayStation hack mark seiden (Apr 26)
- Re: User data stolen in Sony PlayStation hack Rich Kulawiec (May 03)
- Re: User data stolen in Sony PlayStation hack mark seiden (Apr 26)