Things Get Worse And Worse For Sony As Another Massive Data Breach Detected
from the this-is-why-you-don't-trust-rootkitters dept
For the few of you left who still trusted Sony, now comes news of yet another massive data breach, this time for Sony Online Entertainment (SOE) users. SOE is their online multiplayer games offering. It sounds like a similar issue to the PSN hack, again with lots of data being taken. Making matters worse, apparently for players outside the US, Sony kept credit card numbers and/or bank details in an "outdated database" (read, one not properly secured or encrypted, apparently). And... Sony is now admitting that the breach occurred a few weeks ago, so this info has probably already been put to use. So, we've got the rootkit, the PSN and now the SOE issue. Who actually willingly pays Sony for anything any more?Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: breach, sony online entertainment
Companies: sony
Reader Comments
Subscribe: RSS
View by: Time | Thread
As it is, if this is correct, then Sony are in massive breach of the PCI compliance laws in the EU. No wonder they announced freebies for all PSN customers over the weekend - they wanted to bury the bad news.
[ link to this | view in chronology ]
Re:
BTW, I was gifted the PS3. I did not buy it on my own. Frankly, I'd have been perfectly happy playing a bunch of classic PC games from no later than, say, 2005, but oh well....
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
The moment a classic controller was no longer required to play them.
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
http://top100.ign.com/2005/001-010.html
There isn't even a single game on that list later than the 90'S! And when I think of the two glaring omissions in that top 10, they're both 2000 and before as well (Final Fantasy 7 & Deus Ex)....
[ link to this | view in chronology ]
Re: Re: Re: Re:
#88 Final Fantasy VII
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Had Sony even deigned to notify its consumers of the breach when it occurred, we would have been having a different discussion. As it is, the amount of stupid involved on Sony's part is insane.
Non-hashed PSN info? Check!
Holding CC details (including CVV)? Check!
Refusing to notify people after discovering the breach in a timely manner? Check!
Claiming everything's okay when it's clearly not? Check!
They don't deserve any money from anyone ever again.
[ link to this | view in chronology ]
Re: Re: Re:
I'm sure they will end up spending more money on PR to try and improve their image than they will on improving security. It's disgusting but that's just how it usually seems to go.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
You say that like it's a bad thing?
[ link to this | view in chronology ]
Sony wants to limit music with Amazon...
They want to spy on you with rootkits...
You have no privacy through their network...
If you research these hacks, they'll sue you...
If you try to help them in any way, shape, or form, they won't work with you...
Well, I guess you don't have much to say except sayonara Sony.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Well, yeah, but they can catch flies with chopsticks, so they've got that going for them....
[ link to this | view in chronology ]
Re: Re:
It would probably be cheaper for them in the long run.
[ link to this | view in chronology ]
Re:
I won't be happy until the entire company falls on it's sword.
...Or at least the legal dept.
[ link to this | view in chronology ]
Re: Re: Re:
The data of tens of millions -- if not over a hundred million people -- was exposed due to their profound negligence. The cost of that in monetary terms is well into the trillions. The cost in human terms is difficult to calculate: how do you give an identity theft victim their life back, their years of suffering and worry?
"Enormous" doesn't even begin to describe the impact of this. As a society, we're willling to lock up someone who merely steals a 4-year-old car. What should we do with Sony's personnel, who have done something that makes that microscopically inconsequential by comparison?
(And yes, 95% of the blame for this rests with Sony. Well-known, test, best-practice security techniques would have left the attackers with a massive encryption problem.)
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Well, shit.
- Get an 360 that suffers from head alignment problems
- Step back a generation and get a Wii, along with none of the games I actually want to play
- Shell out a couple of grand on a higher-end computer
This doesn't include the cost of re-purchasing all the games I still like playing. Unfortunately, I've got a lot of money already riding on this hacked-up horse, so I kind of feel like I'm going to stick it out until the next gen arrives.
God help me, I love that locked-in feeling.
On the bright side, my Netflix still streams and I've got a really large Blu-ray player.
[ link to this | view in chronology ]
Re: Well, shit.
[ link to this | view in chronology ]
Re: Re: Well, shit.
I'm resistant to PC gaming anyway. I've only got a limited amount of time to play and I don't want to spend part of it tweaking settings and downloading patches. I know that's short-sighted, but it is what it is. I would also like to take advantage of various mods, but I also like that when I boot up the game on a console, I know it will work.
[ link to this | view in chronology ]
Re: Well, shit.
1- Sell playstation.
2- Buy new generation xbox (to avoid RRoD) used on ebay.
3-Get gamefly, that way you don't have to purchase every single game you owned.
[ link to this | view in chronology ]
Re: Re: Well, shit.
[ link to this | view in chronology ]
Re: Re: Well, shit.
[ link to this | view in chronology ]
Re: Well, shit.
[ link to this | view in chronology ]
Re: Well, shit.
[ link to this | view in chronology ]
Re: Re: Well, shit.
[ link to this | view in chronology ]
Re: Re: Re: Well, shit.
Armor Games
Newgrounds
But playing some of the games on a PS3 or 360 can make it quite worth it. Ex. I love Scott Pilgrim, but Ubisoft won't release it for any system other than the consoles. Stupid of them, but it makes them money...
[ link to this | view in chronology ]
Re: Re: Re: Re: Well, shit.
[ link to this | view in chronology ]
Re: Re: Well, shit.
[ link to this | view in chronology ]
Re: Re: Re: Well, shit.
[ link to this | view in chronology ]
Re: Re: Re: Re: Well, shit.
[ link to this | view in chronology ]
The breech would have been discovered earlier...
[ link to this | view in chronology ]
Re: The breech would have been discovered earlier...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Typo
Should read: Who actually willingly uses Sony's free services any more, let alone give them money.
An interesting solution to this and other services, go to a retailer that is a bit more trustworthy and get the PSN giftcards. Same goes for XBox live, iTunes, anyone else that wants your credit card number and might store it wrong.
[ link to this | view in chronology ]
Re: Typo
If you are really concerned about your CC# then use a CC# generating service provided by several Credit Card companies so the number will be expired by the time anyone could use it.
[ link to this | view in chronology ]
Just got my email for SOE
[ link to this | view in chronology ]
Where to Go?
To comment on a few of the comments above, I do not think this will bankrupt Sony. I would hate to see all of those people without jobs in this economy. I do think, however, that there will be a huge whole ripped into the company by the pending lawsuits. People will get fired, trust me. Now, will the right people get axed, or just some scapegoats...time will tell. I also hope that this is an eye-opener to all companies that they can be breached, no matter how secure they think they are. It's always that one catastrophic FAIL that gets people in motion.
[ link to this | view in chronology ]
Re: Where to Go?
Why should they? They didn't learn anything from the rootkit debacle and it cost them less than a slap on the wrist.
As long as the sheeple keep buying their goods and services, there is NO REASON for them to learn. Or to even try to learn.
Sony cares about profit. Always profit, only profit. If they could prostitute children and make money from it, they'd do it without a second thought. They have no conscience, no morals, no ethics, no scruples of any kind.
So to expect them to learn, or to even WANT to learn, is insane. They've already repeatedly proven, beyond all possible argument, that they're not going to. And because the sheeple keep coming back, they don't need to.
[ link to this | view in chronology ]
It took seven days from them discovering the PSN server holding personal information was hacked into before they said ANYTHING that sounded like "Oh, and by the way, you should keep an eye open." Hell the first two days they claimed it was routine maintenance, they outright LIED to us.
And now this WEEKS after it happened? That is what I cannot excuse. The lies and coverups. Hell they probably would still be hiding the SOE breech, but I would wager something forced their hand.
Being hacked? Forgiven. It is the criminal's fault.
Having POS security? It annoys my tech side, but I can understand how they can cling to lumbering beasts or try to skimp with the money. Forgiven, grudgingly.
Hiding all these data breeches and outright lying as to their actions? No way.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
My answer.
Unfortunately, many although I will not be one of them.
This is a shame, too, because I once respected this company, often putting its products first on a list when shopping. However, the rootkit fiasco hit the news and I put my guard up.
The final straw was when Sony purposely proved to the world who really owns its console and this was pretty much it for the company. In fact, I just rid myself of every component of this maker from my house, save an old transistor radio (which is just too damn nice to give up).
It certainly doesn't help to turn and read personal attacks against users and data loss occurred after the "final straw" and I can honestly say I'm glad I left this company.
If anyone from Sony reads this post, I welcome you to the true definition of a "lost sale", and it will take you at least a decade to restore my faith into the company.
Isn't it about time Sony gets started?
[ link to this | view in chronology ]
Then again, I wonder when Sony will start failing in their photography department also... :-)
[ link to this | view in chronology ]
This piling on is ridiculous
Don't forget to keep those posts, so you can just change the company name when someone else gets hacked or screws up. I'm looking forward to your exasperated rage again.
[ link to this | view in chronology ]
Re: This piling on is ridiculous
Sony.........blows ponies
[ link to this | view in chronology ]
Re: Re: This piling on is ridiculous
[ link to this | view in chronology ]
Re: This piling on is ridiculous
[ link to this | view in chronology ]
Umm..
[ link to this | view in chronology ]
Re: Article
[ link to this | view in chronology ]