Playstation Network Users: Check Your Passwords and Credit Cards

[kdogg]

I took a bit of time last night to go through all my passwords on various sites and change them, even though my PSN password was different.

I think the biggest thing wasn't the password change, but trying to remember what security question I used on for my PSN account. Even though you change a password, some sites can reset your password with your security question are at a risk.

[johnnyrocket03]

whats really grinding my gear (perhaps wrong thread) is that we cant get back in to change our information. i'd feel a lot better if i could change my password and remove my CC info...

[BlackEleven]

Quote:

Originally Posted by johnnyrocket03

whats really grinding my gear (perhaps wrong thread) is that we cant get back in to change our information. i'd feel a lot better if i could change my password and remove my CC info...

That'd be closing the barn door after the horse has already escaped.

[Burninator]

Quote:

Originally Posted by Russic

1Password pulls everything from one heavily encrypted master file. You can have it on your system and sync manually via wifi, or you can put the master file in your dropbox. If it's in there the changes just get pushed out to all your devices.

Edit: Or are you asking how that is used on a mobile device? Just in case you are:

You can log into the app, select your login and either view your username/password combo or you can click a link and it will launch the page within the app and populate all the necessary fields. Feels just like mobile safari, but it's 1passwords browser.

I was more curious of the second one. That makes sense, but how do you use it for your iTunes password on your iOS stuff? Or do you have to remember that one?

[Burninator]

Penny Arcade

[secol]

i don't even remember what PW i used for PSN so hoping to get on ASAP so i can change out accounts that i have which have the same PW

[Russic]

Quote:

Originally Posted by Burninator

I was more curious of the second one. That makes sense, but how do you use it for your iTunes password on your iOS stuff? Or do you have to remember that one?

Anything that isn't browser based is available to look at and copy to a clipboard, so it's best to remember those.

[Kipper is King]

I cancelled my credit card, just to be safe.

[photon]

Quote:

Originally Posted by kdogg

I don't know much about encryption..... even if the credit information was encrypted, these guys seem to be really good at what they do, couldn't they easily break the encryption if they had that information?

Kind of depends on a lot of things, but generally if something is encrypted no they can't break it. To break it would require calculating the key, and that would usually require a supercomputer working on it until after our sun explodes.

However that's not to say that the information still isn't vulnerable.

Even if it is encrypted, the whole point of storing credit card info is so that the information can be retrieved at some point for some purpose, so somewhere in their systems the key to decrypt the card numbers is known. However if they just took the database and that key was implemented in code or stored in a physical file or some other scheme, they wouldn't have the code and the CC info would safe.

Or if they implemented the encryption incorrectly in such a way that it was vulnerable (which Sony seems to be entirely capable of).

[Hack&Lube]

Quote:

Originally Posted by Kipper is King

I cancelled my credit card, just to be safe.

Sony claims the credit cards were encrypted which means people should be protected. If the hackers got the key ciphers or intercepted credit cards before they were encrypted, that would be a problem then.

[Hack&Lube]

Quote:

Originally Posted by photon

Kind of depends on a lot of things, but generally if something is encrypted no they can't break it. To break it would require calculating the key, and that would usually require a supercomputer working on it until after our sun explodes.

However that's not to say that the information still isn't vulnerable.

Even if it is encrypted, the whole point of storing credit card info is so that the information can be retrieved at some point for some purpose, so somewhere in their systems the key to decrypt the card numbers is known. However if they just took the database and that key was implemented in code or stored in a physical file or some other scheme, they wouldn't have the code and the CC info would safe.

Or if they implemented the encryption incorrectly in such a way that it was vulnerable (which Sony seems to be entirely capable of).

Well if you go by the Sony DRM story, the PS3 master keys were supposedly encrypted but it turned out that instead of using a random number on one of the calls, Sony was always using the number 4. That's why hackers were able to break the PS3 cryptography so easily. Hopefully they were not as stupid for the credit cards.

[Ozy_Flame]

Quote:

Originally Posted by Hack&Lube

Sony claims the credit cards were encrypted which means people should be protected. If the hackers got the key ciphers or intercepted credit cards before they were encrypted, that would be a problem then.

Well, if that claim turns out to be false or credit cards are getting compromised, they're going to be in even bigger trouble than what they are currently.

I think this is the biggest, most serious threat Playstation has ever faced. I wouldn't want to be in their shoes right now.

[photon]

Quote:

Originally Posted by Hack&Lube

Hopefully they were not as stupid for the credit cards.

I think we need a dart board to predict at this point.

[sclitheroe]

Quote:

Originally Posted by photon

I think we need a dart board to predict at this point.

This is Sony we're talking about. I'm willing to wager it's all bullseye

[JohnnyB]

Quote:

Originally Posted by Burninator

Penny Arcade

^^
What's the deal with stem cell research in there?

[jschick88]

Sony: We will resume some PlayStation Network services, create security post, strengthen encryption after big breach.

Also, rumor is that Sony's "goodwill gesture" may not be an incredibly significant one -- affected users can expect a free 30-day subscription to PlayStation Plus and a free software download of some sort, while Qriocity customers will get an extra 30 days of service on the house.

[jschick88]

Sony has a live press conference right now talking about what happened. You can follow the live blog below.
http://www.engadget.com/2011/05/01/s...ack-at-1am-et/

[LockedOut]

Quote:

2:18 JST: Yep, 30 day free PS Plus membership, 30 days of free service for Qriocity and Music Unlimited customers and a free gift of some software. Nice gesture.

2:19 JST: We missed a bit there, but it sounds like they're planning to restore full network functionality within the month. Considering it's May 1st, that could be quite a wait.

Meh.

[BlackArcher101]

What's so Meh about a month of PS Plus?

Don't tell me you actually expected a free full game?

[DownhillGoat]

I was kind of hoping for a free year, not a month.