Lt. Commander
Join Date: Dec 2007
Posts: 120
Hey everyone. Just thought I would pass some information that was delivered to me in an email from Sony.

Just when you thought Cryptic had problems, Sony is even worse. Let's view this of an example of what we don't want to happen to Cryptic. A learning example, if you will.

Below is an email from Sony, describing a internet hacker attack.

Quote:
Customer Notification May 2, 2011


Dear Valued Sony Online Entertainment Customer:

Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems. We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password.

Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained and we will be notifying each of those customers promptly.

There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment.

We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1st we concluded that SOE account information may have been stolen and we are notifying you as soon as possible.

We apologize for the inconvenience caused by the attack and as a result, we have:

1. Temporarily turned off all SOE game services;
2. Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
3. Quickly taken steps to enhance security and strengthen our network infrastructure to provide you with greater protection of your personal information.


We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When SOE™'s services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your Station or SOE game account name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it:

U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228.

We have also provided names and contact information for the three major U.S. credit bureaus below. At no charge, U.S. residents can have these credit bureaus place a "fraud alert" on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below.

Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013

Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241

TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790

You may wish to visit the web site of the U.S. Federal Trade Commission at www.consumer.gov/idtheft or reach the FTC at (877) 382-4357 or 600 Pennsylvania Avenue, NW, Washington, DC 20580 for further information about how to protect yourself from identity theft. Your state Attorney General may also have advice on preventing identity theft, and you should report instances of known or suspected identity theft to law enforcement, your State Attorney General, and the FTC. For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone (877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202; telephone: (888) 743-0023; or www.oag.state.md.us.


We are committed to helping our customers protect their personal data and we will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs. The implementation will be at a local level and further details will be made available shortly in regions in which such programs are commonly utilized.

We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at (866) 436-6698 should you have any additional questions.

Sincerely,
Sony Online Entertainment LLC
People have been trying to hack online games for years, how did this happen? And better yet, how can we prevent this from happening at Cryptic?
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 2
05-06-2011, 12:32 AM
To me it feels like Sony took a lot of care to protect their games from illegal tampering but forgot to do the same with their database.
Assuming Cryptic/Atari is not that careless there shouldn't be a problem.
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 3
05-06-2011, 05:31 AM
Well thats what yah get if you have something for free, Sony network was free for the users if i'm not mistaken!
so its more that sony is at fault here, free almost = low security, good security cost and if something is free then i bet the cost has to be low ... anyways this smells like an "inside job" someone that got fired! or wants to be :p
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 4
05-06-2011, 07:51 AM
People forget that Xbox got hacked a few years ago too. People seem to have a short memory :p
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 5
05-06-2011, 08:16 AM
Microsoft gets hacked a lot, guess what falls under that flag starts with a Big X and ends in a 0.
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 6
05-06-2011, 08:32 AM
Quote:
Originally Posted by Summit View Post
People forget that Xbox got hacked a few years ago too. People seem to have a short memory :p
Uh, no.

Bungie.net was hacked, and some people had their Live information entered into said website.

Do people have their Live accounts stolen? Sure, but mostly due to social engineering and the general stupidity of the public. The security of Live itself has never been compromised.
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 7
05-06-2011, 08:40 AM
No system is 'unhackable'......remember that,if people are determined to get in....they will find a way.

But lets not make it easy shall we.
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 8
05-06-2011, 11:04 AM
Quote:
Originally Posted by Noxsa
Well thats what yah get if you have something for free, Sony network was free for the users if i'm not mistaken!
so its more that sony is at fault here, free almost = low security, good security cost and if something is free then i bet the cost has to be low ... anyways this smells like an "inside job" someone that got fired! or wants to be :p
Free does not have anything to do with security level. PSN connection is free, but the PSN is an extremely powerful revenue machine - their DLC sales rival Xbox Live (and remember aside from online play most XBL services are free to access), and it serves as the platform for some premium media services like Hulu.

The issue emerging is that Sony appears to have not altered any security after the network was compromised a while back, and their security was already running under a scheme that had been broken.

As for Microsoft getting hacked "all the time": Xbox live has never been compromised. Games for Windows Live has only been compromised in so far that its anti cheat measures have been occasionally bypassed. Windows Update has only beeh hacked in so far that copy protection has been occasionally bypassed (both of these are a client side hack), and the only time since that big denial of service in the 90's that a Microsoft service has actually been compromised by an external intrusion has been an idiot who kept using an unethical domain registrar to snipe hotmail.com in the 1 minute renewal window. The hack on Bungie was an interesting one because what information was made public strongly points to an inside helper which Microsoft and Bungie were deafeningly silent about.
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 9
05-06-2011, 11:25 AM
nevermind

/10char
Lt. Commander
Join Date: Dec 2007
Posts: 120
# 10
05-06-2011, 11:26 AM
Quote:
Originally Posted by daemonrebel
Hey everyone. Just thought I would pass some information that was delivered to me in an email from Sony.

Just when you thought Cryptic had problems, Sony is even worse. Let's view this of an example of what we don't want to happen to Cryptic. A learning example, if you will.

Below is an email from Sony, describing a internet hacker attack.



People have been trying to hack online games for years, how did this happen? And better yet, how can we prevent this from happening at Cryptic?
WE can't prevent this happening to Cryptic. CRYPTIC can prevent this happening to Cryptic.
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT -7. The time now is 06:06 AM.