The biggest hacker intrusion in the history of gaming industry

This post is also available in: Slovenian




Seemingly only short non-working networks Sony PlayStation Network (PSN) and Qriocity, later turning into a serious security problem of gaming networks on the Internet.

The problem is large, the sheer size of the Sony system; to them been accessed through different devices Sony HDTV, Sony Internet TV, Blu-ray disc players, Home Theater Systems and network media player and of course the PlayStation. In addition to games they allow video on demand and music synchronization.

What data information was stolen?

We are talking about 102 million users whose personal information was stolen:

  • Name
  • Address
  • State
  • Date of Birth
  • email address
  • Username
  • User Password
  • PSN ID

 

These data were not encrypted at all, so are very much useful for new owners. There is a possibility that they also get the history of purchases and the secret answers to security questions when changing password.

 

In addition to this personal information broke in the database, where was credit card numbers, but according to Sony’s this data information have encryption. Unfortunately, do not tell how strong the encryption was, so we can only hope that hackers will not be able to get to the credit cards data.

77 million users of the PlayStation Network: 36 million in both Americas, 32 million in Europe and 9 million in Asia. The number of stolen credit card numbers are only guesses, one claim only 13,000, the second one 2.2 million,. Sony said that has , 12.3 million numbers stored in the database (of which 5.6 million numbers in the U.S. only) . Qriocity network uses 25 million users.

 

This invasion is not the first invasion to Sony online network

Invasion took place between 17 and 19 April, but not until 21 April Sony posted the news and a week later they announced that they were also stolen credit card numbers. Since then, Sony kept us informed about new developments and investigation results on its blog.

 

For Sony it was hot the whole April. Earlier this month started DDoS attacks on all Sony’s websites and Sony gaming and entertainment network by hacking activist group Anonymous as a sign of support to hacker George Hotz (nickname Geohot).

Geohot jailbreak PS3, which Sony has claimed it was indestructible. Sony prosecutes him for that and after hacking activity by Anonymous group Sony settle with Geohot to stop those attacks. Interestingly, he has previously broken iPhone protection, but Apple is not prosecuting him. More…

Sony was probably sleeping because they think it will stop hacker attacks after settlement and have not dealt with the improvement of protection, which should be done. A week after unpleasant surprise came when, so far unknown person or group caused the suspension of services over networks PlayStation Network, Sony Qriocity and Facebook games.

Yes, the Facebook games, developed by Sony, it is not possible to play; PoxNora, Dungeon Overload, Star Wars, Wildlife Refuge…

 

How to protect yourself?

Internet security1. Change password NOW! (wherever you’re using the same password as for example the PSN login, Facebook, Twitter, online bank …)

2. Change password for mailboxes e.g. Gmail (expected to increase the number of spam mails and tweets)

3. Monitor balance on your credit card (if suspicious transaction block your credit card)

4. Change hidden security questions / answers (if they have the same questions / answers on other web services and sites, then there is also need to change for example. The name of the dog)

 

via Naked Security

Well, changing yours real dog name is not necessary for now : )))

 

What’s next?

There’s already a first legal action because Sony did not have activated the encryption for personal information.

Upon restart, system Sony promises a more secure system and more free content to its users as an apology. It is not expected over the casting of users.

 

P.S.: Microsoft informed that the Xbox network is having occasional phishing attempts (phishing) during online playing Call of Duty: Modern Warfare 2. Attempts are through virtual official email addresses. They try to solve the problem.

P.P.S.: Nintendo has changed the privacy policy in the Nintendo online network. Is this a case in reducing their liability in case of invasion?

 

 

Enhanced by Zemanta

Saša

Works as system engineer in Slovenian Enterprise in Microsoft environment focusing on security, deployments, SharePoint, SCCM and CheckPoint firewall. Author of successful blog about IT security, Microsoft tips & tricks, social media, internet trends.

Leave a Reply