UPDATE: And believe it or not, per Wired, it’s even worse than the Engadget report. The personal information of another 24.6 million SOE users? Good god, Sony.
Okay, now this is just getting silly. Per a post up at Engadet, Nikkei.com is reporting that 12,700 credit card numbers have been compromised from Sony Online Entertainment (SOE). Engadget speculates that because the data “is said to be from 2007,” that it’s possible the card numbers come from an old backup. (I feel so much better now.) This, after I solemnly predicted this morning’s SOE shutdown was surely precautionary in nature. Shows what I know.
According to the article on Joystiq a press release said the data was stolen during the original “hack” on PSN dates of 17th-19th, and they only discovered they lost the data during a security audit.
Now, if you’ll allow me to adjust my tinfoil hat, this would fit in nicely to my conspiracy theories that this was someone breaking into Sony’s facilities. They’d steal the account info off Sony’s media servers, and steal a backup hard drive on the way out.
Just crazy theories, obviously, but it seems WAY more plausible to me security wise than “some chaps hacked their way in with custom firmware.”.
Security Update
As previously announced, we have been conducting an ongoing, thorough investigation stemming from the cyber attack in April and promised to notify you should there be any changes to the situation.
A press release was issued today outlining these details. We will promptly send a customer service notification via email to all of our impacted account holders whose customer data may have been stolen as a result of an illegal intrusion on our systems. This information was discovered less than 24 hours ago and in response, we took down our services until we could verify their security.
SOE is committed to delivering secure, stable and entertaining games for players of all ages and we’re working around the clock to ensure this situation is resolved as quickly as possible. We deeply regret the inconvenience this has caused and appreciate your continued patience and feedback.
Sincerely,
Sony Online Entertainment
I propose we get a rumor started. Let’s just assume that everything that Sony has ever known about anything, and has tried to keep secret, is now in the wind. ALL SONY KNOWLEDGE is available to Every Criminal With Internet Access.
We get that going good and strong, and we can just stop thinking about this farce until someone gets arrested.
And no one would think to check until someone tried to inventory the hard drive and found it missing.
People are always easier to scam than computers. I’d never rule out a con unless Sony specifically admits to the real problem.
But why bother admitting the real problem?
The whole world has gone “They got hacked! DAMN THOSE HACKERS”
This event has drawn a line in the sand with a lot of people. Sony has been trying to push back against the hacker community for a while now. What better way to get the public on your side than to go “Yes. We did get hacked. Those hackers ruined everything for everyone. Still support them?”
Makes more sense than the reality.
What is that beautiful, relatively well functioning technological marvel doing representing SOE?
But enterprise data facilities really don’t work like that, even in relatively small companies. In particular, backups aren’t stored on USB drives that can be conveniently picked up on the way out. And in most normal situations being physically present with the servers won’t give you any access that you can’t already get from elsewhere, aside from being able to turn off the power.
I do wonder though whether part of the attack has been based on theft of a laptop.
Sony did say that there was an issue with one of it’s media services that was known, but they hadn’t bothered resolving.
Maybe the issue was something within the server rooms. We don’t know what way they had their systems set up, but apparently there was an issue somewhere that they hadn’t bothered resolving, probably because they though “It’s safe! Nobody could just walk in here!”
It’s far more likely you’re correct. I just like having crazy conspiracy theories.
Seriously, why do you even have old bank account numbers from 2007? Why wasn’t that database destroyed once it was no longer used? And how the hell did you not know about this at the same time as the PSN hack, if it was the same day? That means SOE accounts have been compromised for two weeks now and nobody knew anything about it. Good God, I am never trusting Sony with any of my personal information ever again. I’m not buying shit on the PSN anymore, and cross platform games will be on my 360 exclusively.
You’d be amazed how long companies hold onto your stuff.
Most will hold onto it for as long as legally possible, just for the sake of reference. The database would be kept just because they can.
As for not knowing, they did a security audit on old systems and found information missing. When they originaly checked for breaches, they only checked current accounts.
Welcome to the digital age. Stuff about you is lying on some dusty old computer in the back of a warehouse somewhere. Just takes the right person in the right place at the right time for it to go walkies.
Spam filter double-tap.
I’d still say Labreya’s idea holds water, in the people-are-easy-to-con way, regardless of the technical particulars.
This is too much. I don’t wanted to think that this case will be similar to accounts hacked from financial institutions because recently, Maine Judge John Rich has reportedly decided that even though a financial institution authorized internet hackers to steal cash from a corporate consumer’s account, the bank isn’t really liable to repay the money. BankInfoSecurity reports the judge informed the plaintiff that they needed to have done a more satisfactory job of keeping their own account credentials safe.
Though, I am hoping that Sony’s precautionary measures should be intense these days. Besides, they are the ones responsible for the accounts of the consumers and subscribers.