Patterico's Pontifications

10/12/2011

PSA: A Big Attack on the Playstation Network’s Security

Filed under: General — Aaron Worthing @ 6:03 am



[Guest post by Aaron Worthing; if you have tips, please send them here.  Or by Twitter @AaronWorthing.]

From the official Playstation blog:

We want to let you know that we have detected attempts on Sony Entertainment Network, PlayStation Network and Sony Online Entertainment (“Networks”) [abbreviated as “SOE”] services to test a massive set of sign-in IDs and passwords against our network database. These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources. In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks. We have taken steps to mitigate the activity.

Less than one tenth of one percent (0.1%) of our PSN, SEN and SOE audience may have been affected. There were approximately 93,000 accounts globally (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000) where the attempts succeeded in verifying those accounts’ valid sign-in IDs and passwords, and we have temporarily locked these accounts. Only a small fraction of these 93,000 accounts showed additional activity prior to being locked. We are currently reviewing those accounts for unauthorized access, and will provide more updates as we have them. Please note, if you have a credit card associated with your account, your credit card number is not at risk. We will work with any users whom we confirm have had unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet.

Read the whole thing.  You will know if you were one of the targeted ID’s because you will get an email from Sony.

Personally with that PSN outage a few months back, I have decided not to keep any credit card information associated with my account.  Instead I buy physical Playstation gift cards when I want to download something, limiting my exposure.  So as of right now, if someone hacked my PSN account, they could buy a whole whopping $0.96 cents of crap.  Don’t spend it all in one place, hackers!  And while surely those who use Xboxes will have a snicker, let’s face it, sooner or later it could happen to you, too, and it might be wise to follow the same approach, with this and other online accounts.

H/t: Joystiq.

[Posted and authored by Aaron Worthing.]

13 Responses to “PSA: A Big Attack on the Playstation Network’s Security”

  1. What they are also saying is: do not reuse signon/password pairs across the internet for anything that matters to you. There are any number of encrypted cloud-based password caching services (where the cloud host doesn’t have the encryption key). Use them to remember the passwords.

    Also, use strong password of the “word1*word2$word3%word4” variety, rather than the silly “w0rD1” format that people think is secure. See xkcd

    Kevin M (563f77) 10/12/2011 @ 7:44 am

  2. Now, that’s interesting. The commenting system “fixes” a zero “mistyped” for an “o”, like in “w0rd”

    Kevin M (563f77) 10/12/2011 @ 7:46 am

  3. Great tips Kevin. I agree that’s a better way to make a password.

    Dustin (b2fb78) 10/12/2011 @ 9:50 am

  4. The only problem you run into is password length.

    Personally, I tend to use the old “cipher book” method these days (one particular book that I can almost be certain none of these jackholes own) as my password generator.

    I then keep a txt file on a jump drive which lists page number, line number, and word number for each of several account I have that I very much desire to keep secure (e-mails, and a couple of forums).

    Scott Jacobs (d027b8) 10/12/2011 @ 10:17 am

  5. That’s pretty damn secure, Scott!

    Dustin (b2fb78) 10/12/2011 @ 10:22 am

  6. Paranoia is like a warm, fluffy blanket on a cold winter night. 🙂

    Scott Jacobs (d027b8) 10/12/2011 @ 10:24 am

  7. Any Roku attacks yet? No?

    Just a matter of time.

    mojo (8096f2) 10/12/2011 @ 10:42 am

  8. Forza 4 just came out and it looks very good.

    One thing that annoyed me about the PSN downtime was that GT5 has a weird mode where you have a team of drivers. Mine were all shared online. And I couldn’t get them back without going online. Yet the PSN was down for over a month (much longer, IIRC).

    Sooooooo annoying. Very bad game design.

    Dustin (b2fb78) 10/12/2011 @ 11:54 am

  9. The “online” requirement for a lot of PS3 stuff is very odd. I mean, Heavy Rain requires a connection to PSN to work, and it’s a single player only game.

    Why can I not play a single-player game off line???

    Scott Jacobs (d027b8) 10/12/2011 @ 12:49 pm

  10. I have at least one other single player game that won’t work offline, though I downloaded it and assume this requirement is an anti-piracy measure.

    I think they fixed that, but I can’t recall. It is pretty stupid.

    Heavy Rain was an awesome game, though.

    Dustin (b2fb78) 10/12/2011 @ 12:54 pm

  11. And while surely those who use Xboxes will have a snicker, let’s face it, sooner or later it could happen to you, too.

    Don’t be silly.

    Microsoft’s security experts are the worlds’ bestuses.

    I mean, no one’s ever successfully hacked a Microsoft product, after all…

    Ah. Really?

    That many times…?

    Well, then.

    Never mind.

    IgotBupkis, President, United Anarchist Society (c9dcd8) 10/12/2011 @ 7:39 pm

  12. Paranoia is like a warm, fluffy blanket on a cold winter night.

    WHO SAID THAT?

    He’s a LYING BASTARD!

    I wouldn’t trust a single word he says!

    IgotBupkis, President, United Anarchist Society (c9dcd8) 10/12/2011 @ 7:40 pm

  13. Well thank god I don’t go there.

    DohBiden (d54602) 10/12/2011 @ 7:44 pm


Powered by WordPress.

Page loaded in: 0.0680 secs.