Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Fuzzy Avatars Solved! Please re-upload your avatar if it was fuzzy!

SOE hacked

YamotaYamota LondonPosts: 6,620Member

On CNN: http://edition.cnn.com/2011/TECH/gaming.gadgets/05/02/sony.hack/index.html?eref=mrss_igoogle_cnn

Seems like the intrusion was more extensive than they thought...

«1

Comments

  • HrothaHrotha -Posts: 821Member

    Yeah... gets even worse.

    Just checked if I was registered there. And ofc I was due to the Final Fantasy 2 Beta... Thx god I left no bank-info.

    image

  • YamotaYamota LondonPosts: 6,620Member

    Apparently accounts for way back of 2007 was compromised... not sure but I do thing I tried EQ 2 during that time and Vanguard.

    My CC info is no longer valid though so thats good atleast...

  • DarkPonyDarkPony RotterdamPosts: 5,566Member

    "The information hackers took from Sony Online Entertainment's system included users' names, home addresses, e-mail addresses, phone numbers, login names, encrypted passwords, birth dates and genders. Unlike the last breach, hackers didn't get the answers to security questions or have access to most people's financial information.

    Oh dear ...

    Good thing I managed to never play a SOE game somehow.

    But I feel for all the players who will be affected by all this and I really wonder how on earth they are going to mend this. Even if the security questions offer a way to account verification it will mean a massive, massive sub reduction.

    This could be the end of SOE.

  • nomssnomss albany, NYPosts: 1,468Member

    I was registered for DCUO. What should I be doing?

  • jessianjessian glasgowPosts: 277Member

    This is sounding more and more like an inside job than a external intrusion, the indepth and lengthy process of this hack is more worrying now. Just shows, CAN YOU REALLY TRUST SONY NOW?

    I know i will never sub to another sony published game. Players that ARE playing these games, get your bank to stop any payments, Freeze the account and get them to investigate this.

    Then if any Fraud has been seen SUE them, not the bank ofc, but SONY

    SONY are 100% at fault.

     

  • JeroKaneJeroKane OsloPosts: 5,353Member Uncommon

    Originally posted by DarkPony

    "The information hackers took from Sony Online Entertainment's system included users' names, home addresses, e-mail addresses, phone numbers, login names, encrypted passwords, birth dates and genders. Unlike the last breach, hackers didn't get the answers to security questions or have access to most people's financial information.

    Oh dear ...

    Good thing I managed to never play a SOE game somehow.

    But I feel for all the players who will be affected by all this and I really wonder how on earth they are going to mend this. Even if the security questions offers a way to account verification it will mean a massive, massive sub reduction.

    This could be the end of SOE.

     The credit card info isn't the worst, as you can just block your card and issue a new one.

    The fact that our login names and "hashed" (not fully encrypted!) passwords have been stolen is what worries me a lot more!

    Passwords can be resetted and changed. Login names cannot!  And lots of people use the same login name in other online services.

    Nice huh! That that kind of info was not encrypted and now out in the open!

  • jessianjessian glasgowPosts: 277Member

    To any player that is currently subbed.

    Heres a few things to do.

    1) PHONE YOUR CC/BANK ASAP, Let them know about this and GET THEIR ADVICE... dont bother asking on forums, SPEAK TO YOUR BANK!

    2) Change all passwords and security questions and Cancel SUB to game (SONY published ones)

    3) IF you have been compramised (ie money taken from you) SEEK LEGAL ADVICE (dont use 100 no win no fee crap ones)

    4) Do NOT Panic. your bank gives 100% Guarantee against fraud ( again check with your bank)

    5) if you have other sites / games you use same password for, CHANGE Them ASAP

     

  • DarkPonyDarkPony RotterdamPosts: 5,566Member

    Originally posted by JeroKane

    Originally posted by DarkPony

    "The information hackers took from Sony Online Entertainment's system included users' names, home addresses, e-mail addresses, phone numbers, login names, encrypted passwords, birth dates and genders. Unlike the last breach, hackers didn't get the answers to security questions or have access to most people's financial information.

    Oh dear ...

    Good thing I managed to never play a SOE game somehow.

    But I feel for all the players who will be affected by all this and I really wonder how on earth they are going to mend this. Even if the security questions offers a way to account verification it will mean a massive, massive sub reduction.

    This could be the end of SOE.

     The credit card info isn't the worst, as you can just block your card and issue a new one.

    The fact that our login names and "hashed" (not fully encrypted!) passwords have been stolen is what worries me a lot more!

    Passwords can be resetted and changed. Login names cannot!  And lots of people use the same login name in other online services.

    Nice huh! That that kind of info was not encrypted and now out in the open!

    Wow, yeah. The pw's not being completely encrypted makes it even worse.

    Saying "SOE = dead" sounds like a very dramatic conclusion but unless we are missing a way for them to mend this I can't see how it won't become the sad reality.

    Disastrous this and a stark reminder of the importance of security. Seems the ante is upped by hackers and we need bank-like security and account verification systems for mmo's.

  • YamotaYamota LondonPosts: 6,620Member

    If the password are hashed, and done in a good way, it is hard or impossible to reverse hash it as hashing are not made to be reverse hashed. Unlike encryption which are made to be decrypted.

    So I wouldnt worry about that atleast.

    As to this being the fall of SOE. Doubt it but I would not be too unhappy if it did. They haven't produced a quality MMORPG in years.

  • ReizlaReizla AlkmaarPosts: 3,301Member Uncommon

    What bothers me most in this case is that I (and I assume others as well) have asked SOE if the PSN breach would affect SOE as well, since both Free Realms and DCUo are played on both networks. Oddly enough no answer came from SOE/SONY, and almost a week later they admit that both SOE and PSN have been breached on April 16th.

    Is it really THAT HARD for the IT guys at SONY to think 'out of the box' that when one network is breached, the other is most likely breached as well?

    AsRock 990FX Extreme3
    AMD Phenom II 1090T ~3.2Ghz
    GEiL 16Gb DDR3 1600Mhz
    ASUS GTX970 3x HD monitor 1920x1080

  • jpnzjpnz SydneyPosts: 3,529Member

    Originally posted by Yamota

    If the password are hashed, and done in a good way, it is hard or impossible to reverse hash it as hashing are not made to be reverse hashed. Unlike encryption which are made to be decrypted.

    So I wouldnt worry about that atleast.

    As to this being the fall of SOE. Doubt it but I would not be too unhappy if it did. They haven't produced a quality MMORPG in years.

    Purely from a security point of view; no matter what was used on the data (encryption, hashed), when unauthroized copies of data is confirmed the data itself is considered to be plain text.

     

    To the poster above, the IT guys probably knew about the severity (or at least had a good idea. If not why bring in 'external consultants'?

    But in this day and age where corporate communication is carefully managed (PR Speak ^_^) only when certain execs signs off a document will a company release a statement.

    Gdemami -
    Informing people about your thoughts and impressions is not a review, it's a blog.

  • HrothaHrotha -Posts: 821Member

    Originally posted by nomss

    I was registered for DCUO. What should I be doing?

    when you once send your bank details to sony in any form, now its "public" to the hackers. you can't do anything except:

    constantly check your bank account for withdraws (or unknown deposites LOL jk..)

    image

  • YamotaYamota LondonPosts: 6,620Member

    Originally posted by jpnz

    Originally posted by Yamota

    If the password are hashed, and done in a good way, it is hard or impossible to reverse hash it as hashing are not made to be reverse hashed. Unlike encryption which are made to be decrypted.

    So I wouldnt worry about that atleast.

    As to this being the fall of SOE. Doubt it but I would not be too unhappy if it did. They haven't produced a quality MMORPG in years.

    Purely from a security point of view; no matter what was used on the data (encryption, hashed), when unauthroized copies of data is confirmed the data itself is considered to be plain text.

     

    Not sure what you mean but a properly hashed password is useless as it is just garbage that cannot be used for anything. That is why passwords are stored as hashed text so in the unlikely event of them being compromised, they will be useless.

  • YamotaYamota LondonPosts: 6,620Member

    Originally posted by crunk001

    Originally posted by nomss

    I was registered for DCUO. What should I be doing?

    when you once send your bank details to sony in any form, now its "public" to the hackers. you can't do anything except:

    constantly check your bank account for withdraws (or unknown deposites LOL jk..)

    I would say you should cancel the card immediately and get a new card with new number.

  • jpnzjpnz SydneyPosts: 3,529Member

    Originally posted by Yamota

    Originally posted by jpnz


    Originally posted by Yamota

    If the password are hashed, and done in a good way, it is hard or impossible to reverse hash it as hashing are not made to be reverse hashed. Unlike encryption which are made to be decrypted.

    So I wouldnt worry about that atleast.

    As to this being the fall of SOE. Doubt it but I would not be too unhappy if it did. They haven't produced a quality MMORPG in years.

    Purely from a security point of view; no matter what was used on the data (encryption, hashed), when unauthroized copies of data is confirmed the data itself is considered to be plain text.

     

    Not sure what you mean but a properly hashed password is useless as it is just garbage that cannot be used for anything. That is why passwords are stored as hashed text so in the unlikely event of them being compromised, they will be useless.

    I'm no security expert but based upon my limited knowledge, certain hash functions aren't as secure but the weakness is discovered years after of that function being used. MD5 was one case of this. 

    You can say 'properly hashed password' but as far as I know, MD5 was considered a 'proper hash' until the weakness was discovered.

     

    Like I said before, from a security point of view, unauthorized copy of data that is in the 'wild' is considered 'plain text' because sooner or later it'll be broken, no matter what was done to it.

    Gdemami -
    Informing people about your thoughts and impressions is not a review, it's a blog.

  • ReizlaReizla AlkmaarPosts: 3,301Member Uncommon

    Originally posted by jpnz

    Originally posted by Yamota


    Originally posted by jpnz


    Originally posted by Yamota

    If the password are hashed, and done in a good way, it is hard or impossible to reverse hash it as hashing are not made to be reverse hashed. Unlike encryption which are made to be decrypted.

    So I wouldnt worry about that atleast.

    As to this being the fall of SOE. Doubt it but I would not be too unhappy if it did. They haven't produced a quality MMORPG in years.

    Purely from a security point of view; no matter what was used on the data (encryption, hashed), when unauthroized copies of data is confirmed the data itself is considered to be plain text.

     

    Not sure what you mean but a properly hashed password is useless as it is just garbage that cannot be used for anything. That is why passwords are stored as hashed text so in the unlikely event of them being compromised, they will be useless.

    I'm no security expert but based upon my limited knowledge, certain hash functions aren't as secure but the weakness is discovered years after of that function being used. MD5 was one case of this. 

    You can say 'properly hashed password' but as far as I know, MD5 was considered a 'proper hash' until the weakness was discovered.

     

    Like I said before, from a security point of view, unauthorized copy of data that is in the 'wild' is considered 'plain text' because sooner or later it'll be broken, no matter what was done to it.

    I don't think the hackers will de-crypt the passwords, or at least try to. I think they were after the personal and financial data to sell to cyber criminals or ask SONY a ransom  to buy the data back. Either way, I think our game data are quite save, but a password change is adviceble after all this...

    AsRock 990FX Extreme3
    AMD Phenom II 1090T ~3.2Ghz
    GEiL 16Gb DDR3 1600Mhz
    ASUS GTX970 3x HD monitor 1920x1080

  • BullseyeArc1BullseyeArc1 anchorage, AKPosts: 410Member

    Originally posted by Reizla

    Originally posted by jpnz

    Originally posted by Yamota

    Originally posted by jpnz

    Originally posted by Yamota

    If the password are hashed, and done in a good way, it is hard or impossible to reverse hash it as hashing are not made to be reverse hashed. Unlike encryption which are made to be decrypted.

    So I wouldnt worry about that atleast.

    As to this being the fall of SOE. Doubt it but I would not be too unhappy if it did. They haven't produced a quality MMORPG in years.

    Purely from a security point of view; no matter what was used on the data (encryption, hashed), when unauthroized copies of data is confirmed the data itself is considered to be plain text.

     

    Not sure what you mean but a properly hashed password is useless as it is just garbage that cannot be used for anything. That is why passwords are stored as hashed text so in the unlikely event of them being compromised, they will be useless.

    I'm no security expert but based upon my limited knowledge, certain hash functions aren't as secure but the weakness is discovered years after of that function being used. MD5 was one case of this. 

    You can say 'properly hashed password' but as far as I know, MD5 was considered a 'proper hash' until the weakness was discovered.

     

    Like I said before, from a security point of view, unauthorized copy of data that is in the 'wild' is considered 'plain text' because sooner or later it'll be broken, no matter what was done to it.

    I don't think the hackers will de-crypt the passwords, or at least try to. I think they were after the personal and financial data to sell to cyber criminals or ask SONY a ransom  to buy the data back. Either way, I think our game data are quite save, but a password change is adviceble after all this...

     You think its a hacker?  Bet you a million bucks it was one of the guys they just fired.     Your data is either going to be bought back by SOE or sold to some mafia.    Your SOL,

  • jpnzjpnz SydneyPosts: 3,529Member

    Originally posted by Reizla

    Originally posted by jpnz


     

    I'm no security expert but based upon my limited knowledge, certain hash functions aren't as secure but the weakness is discovered years after of that function being used. MD5 was one case of this. 

    You can say 'properly hashed password' but as far as I know, MD5 was considered a 'proper hash' until the weakness was discovered.

     

    Like I said before, from a security point of view, unauthorized copy of data that is in the 'wild' is considered 'plain text' because sooner or later it'll be broken, no matter what was done to it.

    I don't think the hackers will de-crypt the passwords, or at least try to. I think they were after the personal and financial data to sell to cyber criminals or ask SONY a ransom  to buy the data back. Either way, I think our game data are quite save, but a password change is adviceble after all this...

    I can't see any publicly trading company doing such a dumb move like 'buying it back'. What's stopping the hackers on copying it somewhere?

    There are some 'businesses' in certain countries that has a stack of the latest Raedon's dedicated to crack/decrypt information.

    Gdemami -
    Informing people about your thoughts and impressions is not a review, it's a blog.

  • SkrankenSkranken BergenPosts: 98Member

    I do believe this is the start of the end for SOE.

    Taking legal action against the guy who discovered a security fault in their PSN system, instead of hiring him to help increase current security (as he suggested) seems to be one of many giant mistakes made.

    I got 5 SOE accounts, none that are active.. After this, I dont think they ever will be again. 

    Goodbye SOE!

  • AkaroniaAkaronia Nampa, IDPosts: 138Member

    Originally posted by nomss

    I was registered for DCUO. What should I be doing?

       Not to get off topic here but order a new card and then make sure your card is from and institution that supports secure code which is a newer, new security measure that debit and credit card companies have available.  Also in about 6 months you are going to want to get your credit report and get a hold of the proper authorities to ask what comes next.

         Well I can honestly say that any company who actually still has enough respect to compensate their consumers for something that went wrong is not bad in my eyes.  Sony does way more to make up to their consumers when something like this happens than say Blizzard.  And I have heard oh no of course not no one ever got personal information that Blizzard has.  Well if that were true then how were hackers literally turning on inactive account last year?  only way to do that is if you have personal information guys.  :D  And what did they do to make up for it?  Gave the stuff back that got stolen from a fake toon and said there you go now go secure your computer better than you have it secured now.........  And that was literally their response.  GM's and all.    They didn't even tell people how to secure them or what to do because your personal information is at risk just go make your computer less at risk so this doesn't happen again.  Hmmmm wonder how the people got into the people's computers in the first place if they were not able to hack WoW and keylog in?  Yeah maybe their could have been better measures taken, but honestly if this was an inside job incryption or no they would have managed to get through it anyway.

         I never have understood why people wait until something like this to come out of the closets and pounce on a company because of hate issues.  And honestly if their were that many Sony haters they would not have lasted this long.

  • EverketEverket MiddenheimPosts: 240Member Uncommon

    Such a good post Akaronia, I was thinking something similar, but didn't have the knowledge about the English language to type something like that.

  • FaelanFaelan CopenhagenPosts: 826Member Uncommon

    Originally posted by Akaronia

         I never have understood why people wait until something like this to come out of the closets and pounce on a company because of hate issues.  And honestly if their were that many Sony haters they would not have lasted this long.



    My experience with SOE goes back to EQ in 1999. Frankly, during most of the time I've been a SOE customer, I've tried hard to ignore the feeling of constantly being treated like dirt. I've survived a barrage of revamps and what not. Tried to look at the positive side for most parts. Except the NGE which I could in no way stomach, but I moved on after the initial rage of having my beloved game ruined by a bunch of jerks with a brain hemorrhage. For a while, things looked a bit brighter with SOE taking over the Vanguard mess and trying to fix it, but then they completely abandoned it and decided to mess with EQ2 instead (which I haven't really been playing anyway, so meh). Now my personal info, credit card number, login, hashed password and maybe more has been leaked to people with questionable motives due to their incompetence.

    Call me a hater if you must. I have no problem with that at this stage. They have screwed me over so many times that I've lost count. I can't say that about any other MMO company that I've done business with, except perhaps when GOA ran DAOC in the EU. Oh, and in case you haven't noticed... SOE isn't doing very well and hasn't for quite some time.

    Anyway, I think I've given them more chances than they deserve and each time I've ended up feeling like the fool. No more I say.

    Goodbye SOE.

    I'm a big ol' fluffy carewolf. Be afraid. Be very afraid.

  • kado2kado2 Philadelphia, PAPosts: 80Member

    I can honestly say I'm not surprised in anyway. I mean after PSN was hacked I was just waiting for SOE to get hacked. With the amount of people out here that are tech savvy that they've upset over the years It really was just a matter of time before it happened. With this though, and the fact I've still yet to recieve information about my account possibly being hacked (which it was before) I have decided to end all future play of SOE games and concentrate on those of other developers.

    Retired: EVE, SWG, STO, EQ2, Ryzom, AO, LotRO, FFXI
    Currently Awaiting: SWTOR, TSW, ArcheAge

  • JeroKaneJeroKane OsloPosts: 5,353Member Uncommon

    Originally posted by Faelan

    Originally posted by Akaronia

         I never have understood why people wait until something like this to come out of the closets and pounce on a company because of hate issues.  And honestly if their were that many Sony haters they would not have lasted this long.



    My experience with SOE goes back to EQ in 1999. Frankly, during most of the time I've been a SOE customer, I've tried hard to ignore the feeling of constantly being treated like dirt. I've survived a barrage of revamps and what not. Tried to look at the positive side for most parts. Except the NGE which I could in no way stomach, but I moved on after the initial rage of having my beloved game ruined by a bunch of jerks with a brain hemorrhage. For a while, things looked a bit brighter with SOE taking over the Vanguard mess and trying to fix it, but then they completely abandoned it and decided to mess with EQ2 instead (which I haven't really been playing anyway, so meh). Now my personal info, credit card number, login, hashed password and maybe more has been leaked to people with questionable motives due to their incompetence.

    Call me a hater if you must. I have no problem with that at this stage. They have screwed me over so many times that I've lost count. I can't say that about any other MMO company that I've done business with, except perhaps when GOA ran DAOC in the EU. Oh, and in case you haven't noticed... SOE isn't doing very well and hasn't for quite some time.

    Anyway, I think I've given them more chances than they deserve and each time I've ended up feeling like the fool. No more I say.

    Goodbye SOE.

     Well said!

    Fact is, that John Smedly has practically run SOE halfway into the ground already with two major lay offs the past 2 years that support that feeling!

    Instead of him being fired as a totally incompetent CEO, the real hardworking and competent people had to suffer and been laid off and him continue to sit where still sits.

    I hope this latest debacle will be the final straw and him having to step down and go away. 

    People can all say what they want. Fact is, that this was just a dissaster waiting to happen.  And now it did and all our personal (and financial) information is out on the street !

  • jpnzjpnz SydneyPosts: 3,529Member

    Originally posted by JeroKane

    Originally posted by Faelan


    Originally posted by Akaronia



         I never have understood why people wait until something like this to come out of the closets and pounce on a company because of hate issues.  And honestly if their were that many Sony haters they would not have lasted this long.



    My experience with SOE goes back to EQ in 1999. Frankly, during most of the time I've been a SOE customer, I've tried hard to ignore the feeling of constantly being treated like dirt. I've survived a barrage of revamps and what not. Tried to look at the positive side for most parts. Except the NGE which I could in no way stomach, but I moved on after the initial rage of having my beloved game ruined by a bunch of jerks with a brain hemorrhage. For a while, things looked a bit brighter with SOE taking over the Vanguard mess and trying to fix it, but then they completely abandoned it and decided to mess with EQ2 instead (which I haven't really been playing anyway, so meh). Now my personal info, credit card number, login, hashed password and maybe more has been leaked to people with questionable motives due to their incompetence.

    Call me a hater if you must. I have no problem with that at this stage. They have screwed me over so many times that I've lost count. I can't say that about any other MMO company that I've done business with, except perhaps when GOA ran DAOC in the EU. Oh, and in case you haven't noticed... SOE isn't doing very well and hasn't for quite some time.

    Anyway, I think I've given them more chances than they deserve and each time I've ended up feeling like the fool. No more I say.

    Goodbye SOE.

     Well said!

    Fact is, that John Smedly has practically run SOE halfway into the ground already with two major lay offs the past 2 years that support that feeling!

    Instead of him being fired as a totally incompetent CEO, the real hardworking and competent people had to suffer and been laid off and him continue to sit where still sits.

    I hope this latest debacle will be the final straw and him having to step down and go away. 

    People can all say what they want. Fact is, that this was just a dissaster waiting to happen.  And now it did and all our personal (and financial) information is out on the street !

    Contrary to popular belief that an incident like this can 'destroy' a company, it won't.

    Remember TJX? Yeah, look at their stock prices. It climbed 100% since their 'data leak' incident.

    The general public has a very short memory.

    Gdemami -
    Informing people about your thoughts and impressions is not a review, it's a blog.

«1
This discussion has been closed.