Sections

PSN reboot will require password change, credit card data was encrypted

Thursday, 28th April 2011 01:59 GMT By Brenna Hillier

The latest update on Sony’s attempts to shore up the PlayStation Network makes mention of a mandatory password change when service resumes.

“We are working on a new system software update that will require all users to change their password once PlayStation Network is restored. We will provide more details about the new update shortly,” SCE America’s Patrick Seybold wrote in a new Q&A on the US PS Blog.

Sony is now working in co-operation with law enforcement in addition to the security firm brought in during the early days of the breach.

“This malicious attack against our system and against our customers is a criminal act and we are proceeding aggressively to find those responsible,” Seybold wrote.

The executive played his cards close to the chest as to whether any perpetrators had been identified yet.

Sony has come under serious criticism after hacker logs apparently outed insufficient security measures protecting user details, but Seybold is adamant data was well defended.

“All of the data was protected, and access was restricted both physically and through the perimeter and security of the network,” he wrote.

“The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.”

However, Sony “cannot rule out the possibility” that credit card data was indeed taken.

As for future security plans, Seybold said Sony is “initiating several measures … including moving our network infrastructure and data center to a new, more secure location, which is already underway”. More details are promised soon.

There’s a few other bits and bobs through the link above, including details on how to check which card you had associated with your PSN account.

The PlayStation Network has been down for over a week, taken offline after an “external intrusion“. Sony admitted earlier this week that user details had been compromised.

Breaking news

36 Comments

Sign in to post a comment.

  1. daytripper

    imagine the reaction if when psn returns its actually miles better than what it was previously, better interface, background downloads, cross game chat and much better security plus a free game download for everyone.

    #1 3 years ago
  2. Mike W

    Sounds like it’s going to be back up pretty soon. Thanks Brenna for the info, I think Patrick, John and that foolish girl Steph can learn a thing or two from you.

    #2 3 years ago
  3. Ireland Michael

    “This malicious attack against our system and against our customers is a criminal act and we are proceeding aggressively to find those responsible…”

    I remember the last time they tried that approach…

    #3 3 years ago
  4. Cygnar

    @1
    If Sony is feeling the heat from consumer distrust as a result of this incident, it will have to rely on more than words to win its consumers back. If any changes come, they will have to be positive if Sony wants to stop the bleeding.

    #4 3 years ago
  5. dtyk

    Well, since he “publically” said that our info was encrypted… I mean, it’s on his head if he’s caught lying. He’ll be fired so far up his ass that his children’s children can’t get hired

    I believe the guy

    #5 3 years ago
  6. gamestx

    I still don’t get it. Based on all the news and comments I’ve read on this site. Hackers are GOD and untouchable. They can do everything they want and yet their victim like Sony for the time being got blamed and bombarded. Why nobody take any law action or sue the hackers? Furthermore, what’s the big fuss about this, why keep making free publicity for those hackers. They’re sitting by the sidelines eating pizza, drinking beer and celebrating their victory in a small room somewhere in the basement or something.

    #6 3 years ago
  7. daytripper

    @4 exactly

    #7 3 years ago
  8. Cygnar

    @6
    People will blame whomever they want. And it is easier to blame a faceless, corporate entity than it is to blame an innocent script kiddie who probably didn’t know what he was doing, or if he did, he was probably a good guy sticking it to the man to stand up for consumer rights or something.

    But seriously, I have not seen very much sympathy expressed here or elsewhere for the persons responsible for the breach in this case. The blame falls on these people for the attack itself; upon Sony for not having been prepared.

    #8 3 years ago
  9. AJacks92

    @8 Well, an attack of such magnitude (yet still successful) was not expected by anyone, not even Nintendo or Microsoft would’ve been prepared. Kinda surprised how quickly Sony is quelling the attack and recovering at the same time. They better stick to their word though, cause their reputation is definitely riding on this one. They were doing so good with hardware sales and such too…

    #9 3 years ago
  10. Cygnar

    @9
    Successful attacks are inevitable. This is why many of the laws about data security don’t require of companies that attacks never succeed, but instead require them to make reasonable efforts to maintain security. The worry many people are expressing is that when the intrusion occurred, the data was not encrypted, or not encrypted enough. But we don’t know anything about the contents or organization of the databases aside from rumors and conjecture. We do not know what the industry standards are for keeping this information, we do not know whether Sony has significantly deviated from what they were required to do, and we do not know if it was negligent as to its data-keeping policies. It may be that Sony’s policies were more or less secure than its competitors. But we have nothing to compare to Sony in this case. The most reliable word yet is probably the one in this news story, because unlike forum users, Seybold is responsible for the accuracy of his comments. A real investigation is necessary to determine whether Sony fell below the standard of proper conduct. Until then, I am not ready to blame the victim for the success of this attack.

    #10 3 years ago
  11. gamestx

    @10
    Well said. Hope Sony learnt something from this incident and continue working hard to win back the trust of their customers. Still, actions should be taken against the culprit (hacker).

    #11 3 years ago
  12. Phoenixblight

    @1

    Keep dreaming, they aren’t going to improve their security software and hardware and then tack on a whole slew of features within a couple of weeks.

    @3

    Geohotz wasn’t a criminal case where this is who ever did this took or had access to personal info which is considered identity theft which is a federal offense. No fighting between two parties about if what they did was wrong. The hackers were wrong.

    #12 3 years ago
  13. rrw

    @12

    sony is rebuilding the PSN. improvement is possible. one rumor is X game chat

    http://www.gamersmint.com/cross-game-chat-and-more-might-be-implemented

    #13 3 years ago
  14. Phoenixblight

    “Taking into consideration

    Whenever the system gets back on the major update that is mentioned is for the security if anything SOny rebuilding the system will open the door for cross chat in a future patch. You can’t rebuild, test, debug within a couple of week unless Sony plans on having the PSN down for an entire month or months. If that is the idea then they have bigger issues like their consumer going else where and developers pulling out because a MOnth of downtime, hell even 2 weeks of down time is hurting them and their reputation.

    #14 3 years ago
  15. Dannybuoy

    Personally, I am not pissed off with Sony on this, I’m pissed off with the people who hacked in. Cancelling my visa card is a huge ball ache. Thanks twats

    #15 3 years ago
  16. Redh3lix

    @gamestx

    I suspect you can’t “sue hackers” if you don’t know who initiated the hack in the first place. These people would be WELL hidden from possible online identification/tracking. They’re not stupid.

    #16 3 years ago
  17. DigitalEnemy

    @ 12 – im not too sure, i personally think its a hoax. As soon as i read about in game video chat, alarm bells rang. Sony cant even get the xmb to run smoothly within games, its slow and laggy so how the hell can they expect to get video chat running during gameplay?!?

    I can kinda see cross game chat coming soon though, they are building the server system again and probably are allowing more bandwith through new servers, but then its wether or not they have the memory bandwith from the OS to squeeze it in..

    I guess we should wait and see over the coming weeks, but please dont build your hopes up…

    #17 3 years ago
  18. gamestx

    @Redh3lix

    I thought that FBI got all the latest most sophisticated tech/investigation tools and yet they can’t track down a scripted hacker? Wow.. no wonder we should not trust banks with our money.

    #18 3 years ago
  19. AHA-Lambda

    oh come on which one is it?!

    Was the cc data taken or not!? O__O

    #19 3 years ago
  20. Blerk

    I think the ultimate answer to that question is literally “they have no fucking idea”.

    So you should probably presume that it was and act accordingly.

    #20 3 years ago
  21. ManuOtaku

    “All of the data was protected, and access was restricted both physically and through the perimeter and security of the network,” he wrote.

    “The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.”

    However, Sony “cannot rule out the possibility” that credit card data was indeed taken”

    I dont know but that sounds kind of contradictory to me, it was strongly encrypted, they have no evidence that the data was taken, but they cannot rule out the possibilitty, so the credit card data was indeed taken ****scratchs head****

    #21 3 years ago
  22. Blerk

    Well, I surmise they mean that there’s nothing in the access logs to show that the data was read from the table, but there’s a chance they could’ve taken it and cirumvented the logs somehow. They don’t know.

    If they did take it, it’s encrypted so wouldn’t be immediately useful.

    Make more sense?

    #22 3 years ago
  23. Ireland Michael

    Why the fuck wasn’t the personal data encrypted? Jesus Christ.

    #23 3 years ago
  24. Christopher Jack

    @23, Mikey, Sony assumed that their floodgate would hold & that here wouldn’t be any need to put a second one in case of an emergency.

    GeoHot really screwed them & essentially us too but Sony should have known that egomaniac hackers would have tried their hardest against what they claimed was an unhackable wall but I guess Sony really believed their own hype.

    #24 3 years ago
  25. ManuOtaku

    #22 put it that way , yes it make it more sense, maybe i didnt read it the way it should, but now i did understand it, thanks

    #25 3 years ago
  26. McLovin85

    I find it incredible that people are weighing up whether to blame Sony for this or not…
    It’s like a burglar coming into someone’s house and cracking someone’s safe and stealing all their valuables and then blaming the home owner for not having done enough.

    Sure there is always something more that can be done but when you feel you have protected yourself adequately there comes a point when you economically and realistically have to say “I’ve done enough to protect myself”.

    It’s like airport security. After 9/11 and these crazy shoe bombers, security has been upgraded and there are more steps to take before you can get on your plane. Sure it’s a hassle but you deal with it.

    I’m sure Sony (or any company) could increase it’s security but it would come at the expense of ‘ease of use’ and ‘how quickly it would take to access their network’. They could make you type in a 50 digit code to enter into the first stage of their network where they then require another 40 digit code along with your date of birth and your password that needs to be more than 20 characters. And to be on the safe side none of this information can be saved or stored so you’d need to type it in each time.
    Sure you’d feel safer but would you want to do that each time you switched on your console?

    I for one think Sony are blameless for this and with bank security the way it is I don’t think much can happen with the credit card details that have potentially been taken especially if you just cancel your cards.
    In a bizarre way I think some of the blame has to be on the consumers shoulders. If you use the same password for everything (I’m guilty of this too) then you only put yourself at risk when it gets found out. An individual password for each website etc. that you use would have meant that this breach of security wouldn’t have worried you one bit apart from having to cancel your credit card.
    I guess I should learn and take the necessary steps but then I have to remember all these passwords and isn’t that just a hassle?….

    #26 3 years ago
  27. Dr.Ghettoblaster

    I just find it interesting that here Sony publicly states:

    “we have no evidence that credit card data was taken.”

    I can’t find the exact quote, but didn’t they JUST state the other day that our information has in fact been compromised/stolen? Seems contradictory unless I’m missing something.

    #27 3 years ago
  28. DrDamn

    @27
    I think it’s no evidence but can’t completely discount the possibility.

    #28 3 years ago
  29. Blerk

    From what I can figure, the user info was definitely stolen but they can’t say for sure whether or not the credit card info was also taken.

    #29 3 years ago
  30. spiderLAW

    ugg

    #30 3 years ago
  31. Frank17

    thats y i never ever put my credit card in a video game console. i got rid of my ps3 years ago.. THANK GOD cuz id b freaking out. but i jumped 2 xbox which has wayyyyyy better exclusives. cuz there xbox live service runs circles over PSN. use the pre paid so u dont have 2 worry about this breaches.

    BUY A XBOX better exclusives and u can get a blue ray player for under 100 bucks.

    #31 3 years ago
  32. Cozzy

    @31 To be honest I prefer the PS3 exclusives overall but the Xbox does have some great ones. I own both consoles and I prefer my PS3 but that’s only my opinion. All PS3 needs is party chat and it’d be sorted!

    #32 3 years ago
  33. get2sammyb

    @23 – I guarantee your personal data is not encrypted on many of the websites you store information on. This is not common practice because it significantly harms performance.

    #33 3 years ago
  34. Frank17

    #32 i agree party chat is amazing and should b on the ps3. ps3 has a decent network but with a subscription fee for ps3 i belive that it can improve cuz u have money coming in. i know u ps3 fan boy homos dont wanta pay 4 something thats been free for years, but i pay 60 a year for xbox live and i cant complain never had a issue. and its a great service that is always updated and easy 2 use. my only complaint about the ps3 is it seems in its dashboard that everything is all over the place. its got to many options. i would like 2 see a overhaul a new version. like 360s updates for dashboards. give it a fresh new look

    ps3 needs HELP and only if the dumbass sony execs can realize it. cuz 360 has been laughing at ps3 cuz they know there dashboard and multiplayer is the best in the business

    #34 3 years ago
  35. nurrel

    look at all the 360 fanboys gloating. yeah so your network works, but your shitbox is dead after 12 months lol.
    frank17 go to school before you start posting on messageboards.
    1 throwing money at it won’t make it more secure
    2 we already have blue ray with the ps3, so stick your eggbox.
    3 does xbox dashboard have built in internet explorer? nope!
    love 12 yrolds who think they know best hahaha.

    #35 3 years ago
  36. yungsway

    Sony should have been more prepared. Especially after being threatened by Anonymous. The blame lies on the Hackers for the malicious attacks, and Sony for not preparing for the worse. Because of this issue, We (the consumer) are on the butt end of a lose lose situation.

    #36 3 years ago