Canadian TV, Computing and Home Theatre Forums banner

April 21 PSN and Qriocity outage

24K views 167 replies 36 participants last post by  audacity 
#1 ·
#84 ·
One could say the BP disaster was simply incompetence too.

Over the years, large settlement over "incompetence" in many industries have magically led to much improved standards and much fewer problems.

Is any system perfect? Probably not but as long as companies pay lip service to security incompetence will be commonplace.
 
#85 ·
The BP disaster was incompetence, but I don't think the $20B settlement money that is being given out is adding a "punitive value" to each settlement. Instead each settlement is being awarded fairly based on the loss of income or some other demonstrable loss. My source of data for this is from listening to CBC radio in a morning last week where they had the guy who was responsible for assessing and awarding damage claims.

I completely agree that Sony should pay for the costs that users must incur due to identity theft resulting from this, or the expense of getting credit checks, etc. I just don't think everyone should get an additional $5000 "just because Sony leaked their info".
 
#86 ·
In this day and age, for an electronics company with the cultivated reputation for producing highly technical and sophisticated electronics and software products, and a company with a history of embedding files into clients computers for tracking and other purposes, it could be safely assumed by customers that SOny would have state of the art hardware and software solutions for protecting client data. If it is found that they promoted online sales of any kind without such protections, they will get spanked, and not just a little. This could run into the billions of dollars, and potentially destroy the companys' reputation.

I just checked Sony's Canadian website. I just heard about this today after checking in here. Sony appears to be taking action to mitigate potential damage for their US customers, but I see nothing for us Canadians.

I think I funded my son's Sony account with $30 about four years ago. Am I at risk? I have no idea what password I used or anything. One time and I incorrectly assumed it would be wiped after the fact.

This is not incompetence. It will be viewed by the courts as criminal negligence.

Disclaimer: I am not a lawyer, nor did I stay at a Holiday Inn Express last night>

Oh, edit to add: You KNOW the credit card companies are gonna be all over this as well.
 
#90 ·
Does anyone else think these two comments by Sony are a bit odd?

All of the data was protected, and access was restricted both physically and through the perimeter and security of the network.
and

Moving forward, we are initiating several measures that will significantly enhance all aspects of PlayStation Network’s security and your personal data, including moving our network infrastructure and data center to a new, more secure location, which is already underway.
Those two quotes make it sound as though someone physically gained access to a network, doesn't it?
 
#91 ·
I found it a little strange as well, but it could be seen that Sony simply wanted the Q&A to cover all their bases in terms of describing the security of their data center (or lack thereof).

To be honest, I'm not sure which I find more worrying: a network or a physical breach. They're both disturbing, but a physical breach would be easier to address and secure, IMO.
 
#93 ·
Thats what gets me.. . Everybody is flipping out about their personal information leaking but they don't realize that its information that gets published in PHONE BOOKS and is easily accesible online... Only your social security number is capable of being used to steal your identity... People are far too paranoid and let the fearmongoring get them in a tizzzy over nothing really...
 
#99 ·
Only your social security number is capable of being used to steal your identity... People are far too paranoid and let the fearmongoring get them in a tizzzy over nothing really...
http://www.priv.gc.ca/fs-fi/02_05_d_10_e.cfm

Your SIN is only necessary for federal government issues. Anyone who gives their SIN when applying for credit is a fool. Your identity can easily be stolen with much less than these thieves got.

Sony is going to get hammered over this, and rightfully so.
 
#96 ·
Everyone who has a credit card is completely safe from unauthorized purchases. If there is a charge you didn't authorize you just dispute it with your CC company and you'll get the charge reversed.

The real victims of credit card fraud are the companies and businesses that unkowingly accept your credit card for a fraudulent purchase. They end up being the ones out-of-pocket, not you or your CC company.
 
#98 ·
Just got back from an extra-long weekend to find this mess in my e-mail inbox.

I'll be cancelling my credit card tomorrow.

In case anyone wasn't around back then, it might be good to remember that when the PS3 launched in Canada we HAD to sign up with credit cards to access the store. PSN retail cards were very late in coming to Canada.

I had my card info hacked from A&B Sound years back but have never had a problem since. Looking at the breadth of the info Sony demands of us -- and is now out in the open -- this is a much bigger concern.

I wonder if the pathetic response by Sony will be spun and blamed on the company being negatively affected by the tragedy in Japan.

I won't be burning my PS3 in protest, but I think that in the future I'll be registering with fake names, addresses, and pre-paid credit cards.
 
#100 ·
Only your social security number is capable of being used to steal your identity..
FYI, in Canada we have a Social Insurance Number. Social Security is an American term.

Personally, I don't think Canadians should worry about unauthorized transactions on their CC as the banks protect you on that.

IMO, The bigger concern is identity theft and illegal activities. If a thief knows your CC number, name, address, DOB and billing address, and other personal information they could use it to start building a profile of you which could be used for other illegal activities.
 
#101 ·
This happens a lot more than people realize, I'm afraid. I got an email from Hilton Hotels just a few weeks ago that the same thing happened to their database. Honestly, thats probably a lot more worrisome since that would include geolocation data, and could also reveal financial status through membership levels.

I've also had to replace my CC twice in the past year due to it being compromised by restaurant waiters, etc. Should I sue the café in Prague? Not likely. The banks protect consumers from this.

I take pretty aggressive steps to protect my privacy, including having launched a successful challenge through the Privacy Commissioner of Canada to force the major credit bureaus to strip my SIN from their records. I also never give my actual birthday to websites.

This Sony issue doesnt really scare me, since it doesnt expose me beyond whats already been exposed or whats already publically available. It certainly annoys me, but it doesnt scare me.
 
#104 ·
This is very troubling, to say the least.
My only saving grace is that the CC I originally signed onto the PSN has long since expired and was never actually used for any transactions.
But, all of the other information Sony mandated that we provide is now 'out there'.
I can't recall if I answered truthfully to the DOB question, but odds are, because I assumed Sony security was bulletproof, I probably did.
Maybe it's naiveté, but this is the first time I've really ever had concerns about the possibility of my online identity being stolen.
 
#105 ·
Several posts removed and an infraction issued.

Digital Home has a zero tolerance for insulting members. And to the members that responded to the inflammatory post, be reminded that, in the future, you may receive an infraction for responding. Two wrongs don't make a right as Mom used to say.

Remember, If you have a problem with a members post, report the bad post and let the mods deal with it. Don't feed the troll.
 
#107 ·
A couple of days ago I called Sony Reader Store customer service and requested that my account and personal information be deleted (I figured if I can't delete my PSN account yet I can at least get started on ditching all my other Sony products). The rep complied and told me that my account and info had been completely removed.

Since then I've received two emails from them -- yesterday morning I got one asking how my customer service experience was, and a second email today asking how I enjoyed the last book I bought from them (naming the book, of course). I guess my idea of account deletion is different from theirs. Clearly they're still hanging on to my personal info and account history. I'm going to follow up with them tonight.
 
#110 ·
If I held stock in Sony, I would really pray that forum post is bogus. If it is legitimate, it means Sony recorded and stored the cvv2 info for your credit card - the three digit security code that is meant to prevent online fraud!

From the Wikipedia entry on cvv2:

Merchants who require the CVV2 for "card not present" transactions are forbidden in the USA by Visa from storing the CVV2 once the individual transaction is authorized and completed.[3] This way, if a database of transactions is compromised, the CVV2 is not included, and the stolen card numbers are less useful. The Payment Card Industry Data Security Standard (PCI DSS) also prohibits the storage of CSC (and other sensitive authorisation data) post transaction authorisation. This applies globally to anyone who stores, processes or transmits card holder data.[4]

Supplying the CSC code in a transaction is intended to verify that the customer has the card in their possession. Knowledge of the code proves that the customer has seen the card, or has seen a record made by somebody who saw the card.
 
#112 ·
Well, Sony didn't ask people for the CVV info, so maybe the hackers have been running the numbers and trying out various CVV combos? 2.2 million sounds like a subset of the actual number of cards that would be stored.

eimaj, I may do that, but I have so many things that are billed to that card each month. Might as well start the process...
 
#114 ·
Some highlights from the press conf:

In closing, Hirai bowed again and apologized again. Responding to press questions, Hirai said that he had received questions about the matter from members of Congress in the U.S. and would answer the questions. In about a week’s time, the service is expected to restart. Hirai said he had not received reports that actual damages had been incurred related to the credit card exposure.
Many sophisticated with Asian business culture will recognize this as a deeply humiliating gesture.

The company will roll out a program with a selection of premium services for consumers. This “welcome back” content will have free downloads, and 30 days of free PlayStation Plus network service. Normally, Sony charges extra for the Plus service, while membership in the PlayStation Network is free. Current members of PlayStation Plus will get 30 days of free service. Music Unlimited, powered by Qriocity, subscribers will get 30 days of free service in countries where it is available
No doubt this will be panned as not nearly enough of a conciliatory gesture.

Hirai said the company is moving servers from San Diego, Calif., to a more advanced data center with better security. It is also installing more security systems with automated software management and enhanced levels of data encryption and better ability to detect data intrusions. The company is adding more firewalls too and it is adding a new chief information security officer, reporting to Hasejima. PS 3 will have a new system software update requiring users to change their user names and passwords. The password can only be changed on the same PS 3 on which the account was created or via validated email.
Maybe i'm just naive, but I would have expected that level of integrity already...
 
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top