PSN servers not hacked?

[Pillorian]

http://www.computerandvideogames.com/299243/news/playstation-network-taken-down-to-halt-piracy/

 

The past five days of PlayStation Network down time was sparked by a new PS3 hack that let users download PSN content for free spurring Sony to pull the plug.

 

That's according to new a speculative report that suggests the release of a hacked custom firmware which enables the downloading of PSN content for free is at the root of the ongoing issue.

 

 

The report highlights that a custom firmware, known as 'Rebug', was released on March 31 which, in brief, gives retail PS3s most of the options and functionality of a debug (or developer) PS3 unit.

 

A week later, tutorials appeared detailing a way in which users could use this firmware to download PSN content for free using fake (NOT stolen) credit card numbers.

 

Apparently, hackers "found out that you could provide fake CC# info and the authenticity of the information was never checked as you were on Sony's private developer PSN network (essentially a network that Sony trusted)."

 

Piracy ensued, which is what triggered Sony's decision to shut down PSN, speculates the report, going against common suspicion that the severs had simply failed due to a direct attack from disgruntled hackers.

 

The report also says "no one's personal information was accessible via this hack. Not to say they couldn't get it, but no one is admitting to it being available," backing up other reports today that the risk of credit card theft via PSN is 'not substantial'.

 

Not sure what to believe anymore... this would make sense though given the recent firmware hacks.

[shane]

Interesting Find...

[Nemesis]

Just posted this on the blog.

[Pillorian]

I was thinking, if it was a server attack wouldn't people have reported more issues logging in or staying logged in?

 

The night the servers went out on me, I recall my friends reporting that they couldn't connect to PSN. Then about an hour later I get a message on Socom that I have been "disconnected from the game universe" then the PSN message pops up saying "you have been signed out of PSN". It was almost like they just pulled the plug.

[BLACKCLOUD--]

I don't believe this claim. If it were tru they would have simply shut down the store not the PSN. I for one know that when my credit card data updated without me re issuing it to my PS3 my purchases would not work. IE I got a new card with a new expiration date.

 

Sounds like smoke and mirrors to me.

[CpDude05]

This is a very interesting find, but i have to agree with Blackcloud. If it all has to do with the store, why wouldn't you just shut that down ? Instead they piss off everyone who owns a ps3!! lol

[Pillorian]

Yes, but remember that you shouldn't be able to have custom firmware on your PS3. As far as I understand, custom firmware of any kind should brick your PS3...

[Bandit99]

If I read the report correctly, it does not state it is just the store that is affected. It states that they were able to install their own firmware. While at the moment they were just using it to pilfer the PSN Store, Sony must of felt that there were other things at risk as well. Think about what some of you have already posted. If it was just the store and only the store and nothing else affected, you can bet your ass that is all they would of shut down. This is a public relations nightmare for Sony. If they could do damage control by just shutting down the store they would have. They evidently realized more was at stake to shut the whole network down.

[iDnTyX]

Internet gamers were frustrated last week when Sony shut down its PlayStation Network. Now, they might have reason to be worried.

On Monday, the Japanese electronics giant said it is keeping its PlayStation Network videogame service offline indefinitely following a hacking attack it now says may have compromised user’s information.

To ensure the network’s integrity, Sony said it is currently rebuilding the service, which connects more than 75 million PlayStation customers over the Internet, letting them play videogames and chat together. “This is a time intensive process and we’re working to get them back online quickly,†Sony spokesman Patrick Seybold said in a blog post.

 

http://blogs.wsj.com/speakeasy/2011/04/26/sony-shuts-down-playstation-network-indefinitely/

Edited April 26, 2011 by iDnTyX

[Nemesis]

<font color="yellow"><b>Internet gamers were frustrated last week when Sony shut down its PlayStation Network. Now, they might have reason to be worried.</b></font><br />

<font color="yellow"><b>On Monday, the Japanese electronics giant said it is keeping its PlayStation Network videogame service offline </b></font><font color="yellow"><b><font color="red">indefinitely</font> </b></font><font color="yellow"><b>following a hacking attack it now says may have compromised users information.</b></font><br />

<font color="yellow"><b>To ensure the networks integrity, Sony said it is currently rebuilding the service, which connects more than 75 million PlayStation customers over the Internet, letting them play videogames and chat together. This is a time intensive process and were working to get them back online quickly, Sony spokesman Patrick Seybold said in a blog post.</b></font><br />

<br />

http://blogs.wsj.com/speakeasy/2011/04/26/sony-shuts-down-playstation-network-indefinitely/

 

Thats just the WSJ putting a word in there story to try and make it sound worse than it is.

 

The definition of indefinitely is:

 

For an unlimited or unspecified period of time.

 

We already knew this. Sony hasn't given us a timeline on when it will be fixed, and never did they say it wouldn't be fixed so don't freakout just yet.

 

Blowing Shit Up on my DROIDX using Tapatalk

[GeneralSarcasm]

I posted this in the other thread here yesterday.

 

http://www.urgentfury.com/showthread.php/78445-They-hit-the-nail-on-the-head-about-the-hacked-PSN?p=832970#post832970

Edited April 26, 2011 by GeneralSarcasm

[Pillorian]

Be sure to click "indefinitely" on that article, it just takes you to one of PSN's press statements that does not in any way indicate that it is out forever. Just another writer misreporting.

[Nemesis]

Be sure to click "indefinitely" on that article, it just takes you to one of PSN's press statements that does not in any way indicate that it is out forever. Just another writer misreporting.

 

 

Blowing Shit Up on my DROIDX using Tapatalk

[BLACKCLOUD--]

what about that letter sent by that senator? has that been posted yet?

[BLACKCLOUD--]

here it is.

 

 

(Hartford, CT) – Senator Richard Blumenthal (D-CT) wrote the President and CEO of Sony Computer Entertainment America today demanding answers over the company’s failure to notify millions of customers of a data breach in the PlayStation Network on April 20, 2011. Blumenthal noted that a breach of such a widely used service – estimated by news reports as having 50 to 75 million customers – immediately “raises concerns of data privacy, identity theft, and other misuse of sensitive personal and financial data, such as names, email addresses, and credit and debit card information.â€

“When a data breach occurs, it is essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised… I am concerned that PlayStation Network users’ personal and financial information may have been inappropriately accessed by a third party,†Blumenthal wrote in the letter. “Compounding this concern is the troubling lack of notification from Sony about the nature of the data breach. Although the breach occurred nearly a week ago, Sony has not notified customers of the intrusion, or provided information that is vital to allowing individuals to protect themselves from identity theft, such as informing users whether their personal or financial information may have been compromised.â€

Blumenthal called for Sony to provide PlayStation Network users with financial data security services, including free access to credit reporting services for two years, the costs of which should be borne by the company. Additionally, he argued that affected individuals should be provided with sufficient insurance to protect them from the possible financial consequences of identity theft.

The text of the letter follows:

April 26, 2011

Mr. Jack Tretton

President and CEO

Sony Computer Entertainment America

919 East Hillsdale Boulevard

Foster City, CA USA 94404

Dear Mr. Tretton:

I am writing regarding a recent data breach of Sony’s PlayStation Network service. I am troubled by the failure of Sony to immediately notify affected customers of the breach and to extend adequate financial data security protections.

It has been reported that on April 20, 2011, Sony’s PlayStation Network suffered an “external intrusion†and was subsequently disabled. News reports estimate that 50 million to 75 million consumers – many of them children – access the PlayStation Network for video and entertainment. I understand that the PlayStation Network allows users to store credit card information online to facilitate the purchasing of content such as games and movies through the PlayStation Network. A breach of such a widely used service immediately raises concerns of data privacy, identity theft, and other misuse of sensitive personal and financial data, such as names, email addresses, and credit and debit card information.

When a data breach occurs, it is essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised. Additionally, PlayStation Network users should be provided with financial data security services, including free access to credit reporting services, for two years, the costs of which should be borne by Sony. Affected individuals should also be provided with sufficient insurance to protect them from the possible financial consequences of identity theft.

I am concerned that PlayStation Network users’ personal and financial information may have been inappropriately accessed by a third party. Compounding this concern is the troubling lack of notification from Sony about the nature of the data breach. Although the breach occurred nearly a week ago, Sony has not notified customers of the intrusion, or provided information that is vital to allowing individuals to protect themselves from identity theft, such as informing users whether their personal or financial information may have been compromised. Nor has Sony specified how it intends to protect these consumers.

PlayStation Network users deserve more complete information on the data breach, as well as the assurance that their personal and financial information will be securely maintained. I appreciate your prompt response on this important issue.

Sincerely,

 

Richard Blumenthal

United States Senate

[IRISH BULL]

The answered everyone about the delay:

 

Clarifying a Few PSN Points

 

+ Posted by Patrick Seybold // Sr. Director, Corporate Communications & Social Media

 

 

I wanted to take this opportunity to clarify a point and answer one of the most frequently asked questions today.

 

There’s a difference in timing between when we identified there was an intrusion and when we learned of consumers’ data being compromised. We learned there was an intrusion April 19th and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon.

 

For those who were looking there’s also an FAQ with some more frequently asked questions

Thank you for your continued patience and support.

 

 

I still think they could have warned people that this could be a possibility, whether they knew for a fact or not. Then they could have responded later it was just confirmed.