Stolen Pixels #256: The E-Pology

By Shamus Posted Tuesday May 3, 2011

Filed under: Column 46 comments

Yesterday morning I turned in today’s comic. I’d written a little blurb about how Sony seems to be doing better. As soon as I hit “send”, I jumped over to read the news. The first story I found was this one:

Hackers Also Hit Sony Online, Stole 12,700 Credit Cards

Sony Online has been hacked, and now their online games are down. Amazing. This is distinct from the Playstation Network, which is also still down. I do wonder about this second intrusion. It took place in the middle of April, but they didn’t find out about it until recently. They most likely found out about it while auditing their own systems in response to the PSN hack. If not for the PSN hack, I wonder if they would have noticed it at all.

 


From The Archives:
 

46 thoughts on “Stolen Pixels #256: The E-Pology

  1. Rick Tacular says:

    Sony Online has been hacked, too? No worries, my cards are all maxed out anyway, and my credit score is already crap thanks to, well, myself. I feel sorry for you otherwise responsible people with good credit, tho.

  2. SolkaTruesilver says:

    Humm… what exactly Full Frontal Nerdity said about potential gains and loss?

    “While there are limits to your success, your potential of failure is unlimited.”

    Yup, sounds like Sony.

  3. X2-Eliah says:

    I wonder how this will affect Sony in the longer term. Monetary losses due to this whole thing could be huuuuuge.

    1. Raygereio says:

      Sony is one of the big boys; having to pay damages won’t hurt them one bit.
      I think Sony has more to fear from the reputation damage; but remember this is the company that came out relativly unscathed out of things like creating a fake movie critic to give glowing positive reviews to their own movies, the leaking of a document that contained information detailing Sony’s cold-war-style survailance of environmental activists and let’s not the BMG DRM scandal.
      And those were all things where the blame lay solely with Sony, while this can be spun as something an outsider did. Nah, give it a couple of months and this will have blown over.

      1. Chris B Chikin says:

        The thing is that although everyone heard about those things and thought “Yeah, Sony are bastards,” the customers themselves weren’t actually affected by them. It didn’t affect their financial security or ability to play with their consoles.

        This has.

        Millions of people right now will be wondering if their data is safe. Their. Personal. Data. This is an incident that directly affects the consumer and is therefore much bigger than any of the other ones you describe. In the past Sony were dicks but they were dicks you were safe to buy from. Now those dicks have chlamydia.

        This post brought to you by the Society for Metaphors which are Excessively Graphic (SMEG)

        1. Raygereio says:

          Sure, if you were affected personally by this particular screw up then it surely is a far bigger deal then other things by which you weren’t affected and heck, since pretty much all of us are gamers here (let us disregard the different consoles vs eachother and the PC-thing for a moment) this certainly hits close to home for non-Playstation-users. I’d like to imagine playstation users would be similarly taken aback if this were to have happened to Steam.

          But customers, non-costumers and employees of Sony were also affected by those other scandels I mentioned (and from other screw ups from Sony in the past).
          I can’t help but roll my eyes at the people going “this is the worst thing to happen to Sony evar!1!”. The notion of a ranking system of screw up is just silly to me considering how bad you think a screw up is depends wholly on wether or not you are affected by said screw up.

          1. Chris B Chikin says:

            Yeah, but my point is that the other screw-ups were mostly treated as business as usual for a big evil corporation like Sony or Microsoft. We expect them to be dicks so it’s barely a surprise when our suspicions are confirmed. But just as we expect them to be dicks, we also expect them to keep our personal data secure, and their failure to do so will affect, I imagine, almost every single PS3 owner in the world. Right now almost their entire console customer base, who on hearing about those previous incidents may have gone “Meh, so what else is new?” will now have totally lost faith in Sony.

            1. Raygereio says:

              You’d also expect a big evil corporation to not create giant hamster sized holes in your computer’s security, similarly one wouldn’t expect them to release poisons in the enviroment.

              I’m not saying this isn’t a big screw up. Let’s be clear about that; it’s a big one. I’m just saying that just because this hit close to home to us gamers, it doesn’t mean that Sony hasn’t already survived other big screw up that hit close to home for other people.

              Perspective; it’s a good thing to have. Also, let’s not forget that videogames is just one thing of many that Sony is involved in. It’s certainly a big part and – before this happaned – a profitable one, but they’re hardly dependent on it.

          2. Zukhramm says:

            Why would you not be able to compare this to similar, and rank them, and call which one turns out to be the worst, the worst.

            1. Raygereio says:

              Well, that you can do and while we’re on that subject:
              Sure, this is certainly a big data theft, there’s no denying that. But when compared to other similar incidents…

              Take a look at the security trackrecord of the various creditcard companies out there.
              Sure, I believe this surpasses the datathefts in 2005 and 2007 when roughly 40 and 45 million creditcard numbers respectively were stolen. But it still didn’t beat the incident in 2008 when someone got away with well over 100 million creditcard numbers.

              Again, perspective is a good thing to have. Is it bad? Yes. Is it the worst thing ever to have happened and will happen? Sadly no.

        2. Shamus says:

          What are you, some kind of SMEG-head?

          1. Chris B Chikin says:

            SMEG-off!

      2. Klay F. says:

        Even with all of Sony’s money and clout, there may be ramifications for gamers. This has the potential to drive many, MANY gamers away from Sony permanently. I was actually looking into buying a used PS3 that still had backwards compatibility (interestingly, at my local non-franchise game store, backwards compatible PS3 (which you can only get used) are actually more expensive than new PS3 slims) back in January, before I finally settled on an 360. I can tell you without a doubt that if I had bought a PS3, I would have traded it in after all this. Sony could possibly get out of the console game altogether, if things get bad enough.

        Also, some gamers (people like Shamus and myself) don’t forget easily. We can keep bile stored up a very long time.

        1. Peter H. Coffin says:

          This happened to happen to Sony. I don’t know of any reason why it could not have happened to Xbox Live. Or may still.

          1. Klay F. says:

            But I don’t really get the point of wasting time with “could-haves” or “what-ifs”. That isn’t the way the normal consumer thinks. It COULD HAVE happened to Microsoft, but it didn’t. I bet you it got EVERYONE in a position of power thinking about getting better security though.

            I still say that, if the lawsuits start piling up, Sony will eventually come to the conclusion that getting out of the console game completely (at least until public memory forgets about this) will be the most economically logical choice.

          2. webrunner says:

            Well, 1) it might not have happened to xbox depending on how it happened. If there was a major security flaw that people only just discovered, (which they have found at least one of: the whole “rebug” thing that let you get free PSN games using only client side changes. DONT TRUST THE CLIENT, SONY), it may indeed just be sony incompetence making it far easier to break into sony then microsoft.
            and 2) for the SOE leak, it was pure developer incompetence. They had a PLAINTEXT backup of a credit card database from 2007 sitting around just waiting to be stolen. AFAIK that’s not just stupid, it’s illegal and negligent. As a result, 900 people had their currently active credit card info stolen. For real, not just probably-false conjecture like PSN.

            1. Shamus says:

              “they had a PLAINTEXT backup of a credit card database from 2007 sitting around just waiting to be stolen.”

              Do you have a link for this? I’m thinking of writing a column about it but I can’t find this tidbit anywhere.

              1. Raygereio says:

                As far as I know that’s false info that’s been circulating the Interwebs. I certainly haven’t found any solid report that stated that, just unfounded statements on various fora and blogs.

                Some of the initial reports stated some information was stored in a plain text format (nothing wrong with that as long as it isn’t sensitive info) and another said that the passwords weren’t encrypted and everyone jumped on that and ran with it, not realising that the passwords were hashed instead of encrypted.
                I do recal a statement from Sony that clarified that, but i’m having trouble finding a good source for it. All google gives me are random news site that quoted the statement without giving a proper source.

  4. Chris B Chikin says:

    If I were Sony the best thing I could do would be hire some hackers and crack XBox Live. Their own public image may be irredeemably boned but that don’t mean they can’t still compete with the opposition!

  5. SolkaTruesilver says:

    Again, Shamus, no words on Canada?

    There are tremendous news happening there today!! Shaaaaame!!

    ;-)

    (keep up the good work, it’s always a pleasure coming to read you)

    1. krellen says:

      What, is there an extraordinary storm happening in Canada or something?

      1. kanodin says:

        Their elections just occurred actually, as I understand it the Conservative party gained a majority. Why anyone would expect Shamus to discuss not only politics but politics in another nation is another matter.

        1. Chris B Chikin says:

          Apparently the Prime Minister they re-elected’s a bit of a dick. Of course, I’m from the UK and therefore am a bit confused as to why this is considered news.

          1. Soylent Dave says:

            Perhaps he’s the only Canadian that is actually ‘a bit of a dick’.

            (They do usually seem to be quite nice)

            Or maybe we’re just far too used to electing dickish Prime Ministers over here.

            1. Chris B Chikin says:

              …Or not electing them, as the case may be (Yes2AV *plug!* *plug!* *plug!*)

              1. Soylent Dave says:

                Too late to plug anything to me, I’ve already voted by post… it’s like real voting, only lazier.

                (I did do a video about AV, but it’s not really pro-anything; I was just playing with some numbers to help myself decide, and I’m arrogant enough to think other people are really interested in graphs)

              2. Fists says:

                Australia’s polling system has always been AV I think, definitely is now, and that in no way reduces the PM’s dickish qualities. At best the vote allows us to sway who the PM is a dick to.

          2. Chris B Chikin says:

            Also, if I recall correctly, Shamus likes to keep his blog politics-free as much as possible to prevent flamewars

            1. SolkaTruesilver says:

              Hey, I like to complain friendily to Shamus.

              It’s either Canada, or Dwarf Fortress.

              Take your pic :-D

          3. Wilcroft says:

            [[[[nevermind]]]]

        2. Shamus says:

          Yeah, I’m not going NEAR that one. :)

          (Generalized, sanitized, non-denominational, non-partisan greeting to America’s Neighbor to the north.)

  6. StranaMente says:

    I don’t know exactly what happened, but I read this in the comments: “Martin Clarke
    They had differing operating systems installed on their various servers (redhat and a few others) and these were of various versions. Problem is a few weeks back a known exploit was discovered, one that penetrated all the way through the kernel allowing full access to the system and bypassing every security protocol.”
    Besides it seems that this attack happened the same time period of the other, which is likely, if they used some loophole in the security network before it was fixed.
    Luckly for me I do not have anything sony-related at the moment. But I look more nervously at all the other things that have all my datas (x-box live, steam, my own computer) and I’m starting to feel a slight paranoid itch in the back of my head.

  7. Jarenth says:

    Wait, this hack occurred around the 16th – 17th of April? And hackers got, among other things, over twelve thousand snippets credit card information?

    And we’re hearing about this only now?

    I… either these were some exceptionally skilled hackers, or else Sony’s network security consists of just throwing cooked pasta at the servers to see if it sticks.

    1. guy says:

      Actually, it’s not uncommon for hacking to go undetected for a while. Now, presumably it means they don’t have anyone look over server logs for suspiciously large numbers of queries from a small number of IPs or similar strange behavior, but successful hacks are pretty much definitionally hacks that security systems don’t realize are hacks.

  8. Someone says:

    And this is why, in all of my web interactions, I always fill “required” fields for personal information with stuff I make up on the spot.

  9. Dumbledorito says:

    So what is the schedule for ‘Spoiler Warning’ these days, anyway?

  10. Old_Geek says:

    Makes selling hats in Day1 DLC seem small potatoes in comparison. Let’s let Valve of the hook, shall we?

    1. Zak McKracken says:

      … until that incident where Valve is being hacked and they get your credit card number and stuff, just because you wanted to have that hat …
      In this glorious new internet world you can’t do a thing without giving away mountains of data. That’s a principal problem. We need some way of paying vie internet without identifying yourself, like paying cash in a shop.

  11. Kavonde says:

    Let me get this straight: when they say SOE was hacked, do they mean the service which holds information for cross-platform titles like DCUO? Does that mean that PC players of the game are now at risk as well?

      1. Kavonde says:

        Yaaaaaay.

        Serves me right for the schaudenfreude, I guess.

    1. webrunner says:

      From what I understand it’s only PC players. The credit card database was from 2007 when they had no pay-to-play game on consoles, and payment of DCUO PS3 is handled through PSN not SOE.

  12. Amarsir says:

    So Sony sent out an email to anyone registered with SOE (which apparently I am, though not recently) and said:

    We apologize for the inconvenience caused by the attack and as a result, we have:

    1. Temporarily turned off all SOE game services;
    2. Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
    3. Quickly taken steps to enhance security and strengthen our network infrastructure to provide you with greater protection of your personal information.

    So they did a review, notified everyone, informed what was at risk, identified what steps they’re taking, and gave further contact info. I’m impressed by the level of responsibility, actually. Yes, of course they shouldn’t have been accessed in the first place. But government agencies have been hacked and they have tanks! I have pity on anyone who’s such a clear target and can only play defense.

  13. Rick Tacular says:

    Not that I would want any innocent’s info getting out there, but why couldn’t this have happened to EA’s severs? I don’t know the history of Sony’s indiscretions, but if there’s ever a company begging to have the negative spotlight shone on them, it’s EA!

    Again, I don’t want anyone’s personal data hacked, I just would have preferred EA to be highlighted as the evil, self-centered, bastards that they are, instead of Sony.

  14. RCN says:

    Interesting tidbit of information. The Playstation account of my family (we only have one, owned by my father, mainly to play Blu-Ray discs) is kind of falsified. Because, you know, Sony won’t accept a credit card account from my country or accept accounts from denizens of my country, so the only way to use the service is to falsify some stuff and play the system.

    The interesting part? We’re not worried at all with the hack. The password is probably the weakest link, but the credit card number is for an account created just to occasionally pay for games in the PSN, so… it was limited and didn’t have any money in it. And the personal information is false. Remember, all this just so we can be allowed to use the service in the first place, the only thing we ever wanted was for Sony to just launch the damn thing here in the first place so we don’t need to resort to all this.

    What I’m saying is… all those DRMs and restrictions again are only benefiting those who have to bend the rules for whatever reason. Never thought I’d be grateful to Sony for being snobbish with my country, but…

  15. Zaxares says:

    I wonder if Microsoft (does Nintendo have this kind of online content?) is taking the opportunity to audit their own systems as well. If the SOE hack could have gone undetected for so long, it stands to reason that hackers may have penetrated into the XBOX-Live system as well and have remained undetected to this point.

Thanks for joining the discussion. Be nice, don't post angry, and enjoy yourself. This is supposed to be fun. Your email address will not be published. Required fields are marked*

You can enclose spoilers in <strike> tags like so:
<strike>Darth Vader is Luke's father!</strike>

You can make things italics like this:
Can you imagine having Darth Vader as your <i>father</i>?

You can make things bold like this:
I'm <b>very</b> glad Darth Vader isn't my father.

You can make links like this:
I'm reading about <a href="http://en.wikipedia.org/wiki/Darth_Vader">Darth Vader</a> on Wikipedia!

You can quote someone like this:
Darth Vader said <blockquote>Luke, I am your father.</blockquote>

Leave a Reply to Shamus Cancel reply

Your email address will not be published.