Re: User data stolen in Sony PlayStation hack

[mark seiden <mis () seiden com>]

On Apr 26, 2011, at 5:30 PM, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote:

> http://www.theregister.co.uk/2011/04/26/sony_playstation_network_security_brea
> ch/
>
> This couldn't have happened to a nicer company.  Really.  It just couldn't.

the interesting blurb  from http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/
is


"Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained 
the following information that you provided: name, address (city, state, zip), country, email address, birthdate, 
PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, 
including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password 
security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with 
respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was 
taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or 
Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and 
expiration date may have been obtained."


so unfortunately, due to password reuse by >20% of users, and the fact that they lost 
email addresses, everybody else is screwed too, even companies that are not evil.

> "Sony's advisory on Tuesday means that the company was likely storing 
> passwords, credit card numbers, expiration dates, and other sensitive information 
> unhashed and unencrypted on its servers."
>
> ======================  (quote inserted randomly by Pegasus Mailer)
> rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org
> If your protocol is successful, it will eventually be used for
> purposes for which it was never intended, and its users will
> criticize you for being shortsighted.              - Charlie Kaufman
> victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
> http://blogs.securiteam.com/index.php/archives/author/p1/
> http://twitter.com/rslade
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.