Sony VS Hackers (Pirates)

PSN and Credit Card Information was Potentially Stolen in Early February

 

 

 

 

 

I dont know how to say this in a nice way, but a few of you may remember me complaining about my credit card info being used fraudulently back in February of this year.

 

The fraudulent charge on my credit card got me looking into logs I found on my router that appeared to be the PSN scanning my home network, to which I ended up making this tweet.

 

 

Originally Posted by madshaun1984 via twitter

 

 

On Wednesday 23rd February 2011, @madshaun1984 said:

 

@sony @Mathieulh be warned the fraudsters have started!!! (someone made an online transaction on a cc that was last used on psn (a year or so ago) fraudulently today! but the card was destroyed shortly after my last real transaction),

 

offending IP, are being traced by my ISP, and the one that worries me Source:65.197.244.172,3478 which resolves to

 

[DNS] Canonical: a65.197.244.172.deploy.akamaitechnologies.com Numerical: 65.197.244.172 (aka psn)

 

My ISP has comfirmed the request originated from ^ IP, but will pass further details to the team investigating the fraud at my bank.

 

Once again, my details have not been connected with my account for over a year, and the fraud took place today, even though the account in question has only ever been used on the psn (once last year!!!).

 

It appears sony are lying and that details are held for far longer than when you delete the info from your ps3, and that the info is readily obtainable by the hackers/script kiddies sthat know how!. (phoned sony less than half hour ago to report the incident and was told that the details arent kept (clearly they are).

 

Unfortunatly in as a result of this incident, it now clear to me that sony really arent encrypting any data, and once the incident has been dealt with by my bank, depending on the outcome, I may persue further charges against sony.

 

Deleting your account info/card details clearly doesnt work to stop this from happening, so I can only advise you keep an eye closely on your bank statements (for cards/accounts that have been used on the psn). and look for small amounts that you havent made. (in my case £1.74 to a travel agent (likely a fraudulent site set up just as a front to hide the fraudsters real intentions). I was lucky and my bank phoned me as they were aware I had not used my account for quite some time, and they felt something wasnt right.

 

In the interest of security, I advise anyone on efnet #ps3dev (or other chans) to definatly check your accounts for today, as all the other offending IP’s originated from there, which gets my spider senses tingling that a spy/fraudster is among you!

 

My router log is as follows, with my IP removed (it has been changed since pasted, but my IP is xx’d out.

 

This is not coincidence at play, as there is no other possible way for my details to of been obtained, as all info is securely disposed off at my end (and in actual fact stored inside my property till it can be disposed off safely and securely). I have not lost the card, (it is still shredded in my drawer (and will remain there till the account in question is closed).

 

@BBCWatchdog, I think you have a case to investigate here!!!

 

Log’s that enabled me to figure all of this out are here http://www.pastie.org/1599044

 

@sony shame on you!! getting ****y gets you exposed, security like this should never be overlooked, and nothings unhackable!!

 

 

Source

 

As no one knows when the intrusion on Sony’s network took place exactly, or what info was stolen, I thought I would make this post, to alert users of the PSN, that even though it appears the breach was only found recently, it could of been several breaches over a much longer period of time.

 

My advise to all users who have used bank or credit cards with the PSN, is to check back for at least 4 months, and look for small charges that you weren’t aware of. If you find any charges, report them to your bank immediately, and ask for a new card to be sent out and for a watch to be put on your account for any other suspicious transaction that may take place in future months. It also is not a bad idea to get your credit cards linked to PSN to be cancelled/changed as well and for future PSN purchases you should use PSN cards.

 

You may also want to read this post for more info on how bad the security is on the PSN, and for more info on how long this has been known..

 

Call of Privacy: Modern Spyware By PlayStation Network

 

Sony: It’s not our fault

 

 

Yesterday it was announced officially by Sony that some darn hacker(s) may or may not have managed to creep in their system and run away with 77 MILLION peoples account details including passwords & credit card details. This has caused a massive poop-storm with sceners and fanboys alike calling for answers but mainly for Sony’s head on a pike.

 

 

Well just as you think it couldn’t get any worse for Sony, it has been rumored that Sony may be trying to get out of being held responsible for this total blunder using their own PSN T&C as a escape clause HOWEVER the “ICO” (A UK Information Rights Body) has decreed that if the user-data was held on servers within the UK then Sony may face a £500,000 fine to add to the bill.

 

To quote from MCVUK News:

 

It has emerged that part of Sony’s PSN terms and conditions claim that the company is not liable for any loss of user data!

 

“We exclude all liability for loss of data or unauthorised access to your data, Sony Online Network account or Sony Online Network wallet and for damage caused to your software or hardware as a result of using or accessing Sony Online Network,” the terms state.

 

However, speaking to Edge, the Information Commissioners Office (ICO) claims that Sony is accountable to stipulations outlined in the UK Data Protection Act which says that companies are obligated to keep users’ details secure.

“While we are unable to say where the data is being stored at present, if it was in the UK, this clause would not free them from their obligations under the UK Data Protection Act,” ICO stated.

“If we found a breach, one of the actions we could take would be to issue an undertaking, which is an agreement between the ICO and the company that if they are handling personal information they have to bring about set improvements in order for them to be compliant with the act.

“If the company is not compliant with the act within a certain time limit, further action would be taken and we might consider an enforcement notice or issue a monetary penalty.

“For serious breaches of the act, we can issue a monetary penalty up to £500,000.”

 

 

 

 

Taigi kas nepašalino kreditinės kortelės duomenų iš PSN - FUCK** . O SONY nekalti. Va tokia kompanija. Ir galite ginti ją kiek norite kad ji visas duomenys varė net neapsagotai. Ir nulaužymas konsolės čia išvis neprie ko net.

Redagavo Balandžio 27, 2011 Skeith

Ne į temą

Kazkuriam forume skaiciau kad Anonymous MS grasino, liepe atbaninti visas uzbanintas konsoles. MS taip ir pasielge, taciau beveik nelaukdami vel uzbanino.

 

Ne į temą

Beje, Skeith, koks tau tikslas tokius tekstus Anglu kalba cia kopijuot? Jei tingi isversti (del ko taves ir nekaltinu), tiesiog parasyk Lietuviska tl;dr versija ir numesk nuoroda. Vis del to jug cia Lietuviskas forumas. Jei noreciau Angliskai skaityti konsoliu naujienas, eiciau i uzsienieciu forumus.

 

lol

Redagavo Balandžio 28, 2011 mazhas08

Neblogas paveikslėlis

 

 

SCEA/SCEI Being Sued By PSN User Due To PSN Being Hacked

 

When Sony Computer Entertainment, removed the OtherOS function, we posted about the various court cases, well now we have PSN that has been down and out of action, due to a massive security breach.

 

We have the first court case taken against SCEA/SCEI for negligent data security, violations of consumers’ rights of privacy failure to protect those rights, and failure and on-going refusal to timely inform consumers of unauthorized third party access to their credit card account and other nonpublic and private financial information.

 

Here is a quote from the court document:

 

 

KRISTOPHER JOHNS, on Behalf of Himself and for the Benefit of All with the Common or General Interest, Any Persons Injured, and All Others Similarly Situated,

vs.

SONY COMPUTER ENTERTAINMENT AMERICA LLC, a Delaware Limited Liability Company; SONY NETWORK ENTERTAINMENT INTERNATIONAL LLC, a Delaware Limited Liability Company,

 

Plaintiff KRISTOPHER JOHNS (“JOHNS” or “Plaintiff,”) brings this action against SONY COMPUTER ENTERTAINMENT AMERICA LLC (“SCEA”) and SONY NETWORK ENTERTAINMENT INTERNATIONAL LLC (“SNEI”) (collectively, “SONY” or “Defendant”), on behalf of himself, all others similarly situated and the general public, and alleges upon information and belief, except as to his own actions, the investigation of his counsel, which included, inter alia, review and analysis of Defendant’s press releases, Defendant’s websites, web forums, and various news articles, as follows:

OVERVIEW

1. This action is brought on behalf of plaintiff individually, as representative of the common or general interest and as class representatives for all others similarly situated nationwide against SONY to redress defendant’s breach of warranty, negligent data security, violations of consumers’ rights of privacy, failure to protect those rights, and failure and on-going refusal to timely inform consumers of unauthorized third party access to their credit card account and other nonpublic and private financial information.

 

 

Parsisiųsti pilną dokumentą

Nieko asmeniskai nenoriu izeisti, bet protingo zmogaus duomenys PSN'e yra FAKE. Nepradesiu aiskinti kodel, nes protingi ir taip supras apie ka kalba

Nieko asmeniskai nenoriu izeisti, bet protingo zmogaus duomenys PSN'e yra FAKE. Nepradesiu aiskinti kodel, nes protingi ir taip supras apie ka kalba

 

Na tai reiškiasi tu esi ne iš protingųjų tarpo... Kam pirkti papildymo korteles po dabar jau 25 svarus ar daugiau, kaip gali tiesiai nuo kreditkės atsiskaityti, tiek kiek už tą prekę sumoki.

Nieko asmeniskai nenoriu izeisti, bet protingo zmogaus duomenys PSN'e yra FAKE. Nepradesiu aiskinti kodel, nes protingi ir taip supras apie ka kalba

 

O tu visose elektroninėse parduotuvėse rašai neteisingus duomenis, vardą, pavardę, adresą ir tt.? Įdomu kaip tu tada užsimoki už viską ir kur keliauja tavo pirkiniai? Visgi paaiškink, neprotingiem žmonėm.

Rumor: PSN Database containing 2.2 Million Credit Cards Numbers for Sale

 

 

http-~~-//www.youtube.com/watch?v=Cwn4R_GexLM&feature=player_embedded

 

 

Rumors are also that a very big part of the German database is stolen, which makes some people point to Graf because he is also German. Personally I think Graf has problems enough already and has nothing to with it, but maybe someone wants to make some money to pay for the “criminal” 1.000.000 euro claim

 

Kevin Stevens, Security Researcher tweets that this indeed is NOT a rumor and it IS for sale (but nothing to confirm if database is legitimate or not).

 

Discussion about #psnhack and possible speculation about the hackers being from Europe Logs – efnet – #ps3dev – 2011-04-26

 

trixter, people I know had a shell on the psn servers

 

did you know that sony didn’t disable the function that sets the psn server under maintenance ?

 

The hackers that hacked PSN are selling off the DB. They reportedly have 2.2 million credits cards with CVVs #psnhack

 

Sony was supposedly offered a chance to buy the DB back but didn’t #psnhack

 

@mikkohypponen That is what is going around on some underground forums. The DB contains pretty much everything

 

@the_pc_doc That is what I thought but the guys selling it say that they have CVV2 numbers

 

@RiquezJP Well not properly securing your server breaks compliance as far as I know.

 

@RangerRick Yeah, this information about the CVV2 numbers could be bogus. The guys selling the DB could just be making it up.

 

Supposedly the hackers selling the DB says it has: fname, lnam, address, zip, country, phone, email, password, dob, ccnum, CVV2, exp date

 

No, I have not seen the DB so I can not verify that it is true

 

Here are some interesting screenshots of the so called “underground” forums and snippets of convo taking place.

O tu visose elektroninėse parduotuvėse rašai neteisingus duomenis, vardą, pavardę, adresą ir tt.? Įdomu kaip tu tada užsimoki už viską ir kur keliauja tavo pirkiniai? Visgi paaiškink, neprotingiem žmonėm.

 

jis duoda svetima adresa :) jis juk protngas

 

 

 

as tai isvis nepergyvenu ,moku kreditine,o jos yra visos apsaugotos nuo tokiu bajeriu, menesuio gale parejus atskaitai paziuri kur kas pikro ir jei matai kad kazkas kitas naudojosi pasuki i banka ir probkemu kaip nebuta ,tik nemaisykit kreditines su debitine ,sita neapsaugota nuo nieko

O tu visose elektroninėse parduotuvėse rašai neteisingus duomenis, vardą, pavardę, adresą ir tt.? Įdomu kaip tu tada užsimoki už viską ir kur keliauja tavo pirkiniai? Visgi paaiškink, neprotingiem žmonėm.

 

Tuo mes ir skiriames, kad as savo teisingus asmeninius duomenis, palieku teisingose sistemose ir del vagysciu ar dar kitu nutikimu nesuku galvos, nes zinau, kad bus atlyginta ir tt. Jei jum patinka buti kvailinamiem, tai cia jusu asmeninis reikalas, nes abejoju ar sony bent vienam atlygins nuostolius uz informacijos nutekinima ir finansu praradima, nes jum paduoti i teisma sony kompanija tiesiog neimanoma, nes Lietuvos regiono nera sarasuose. Yra geras rusiskas posakis "лохов везде разведут"

 

as tai isvis nepergyvenu ,moku kreditine,o jos yra visos apsaugotos nuo tokiu bajeriu, menesuio gale parejus atskaitai paziuri kur kas pikro ir jei matai kad kazkas kitas naudojosi pasuki i banka ir probkemu kaip nebuta ,tik nemaisykit kreditines su debitine ,sita neapsaugota nuo nieko

 

Man idomu kaip gali tavo kortele buti apsaugota nuo apsipirkimo pateikiant korteles numeri, jos galiojimo data, varda ir pavarde bei stebuklingus tris skaitmenis kurios yra ant kiekvienos korteles. Viso sito uztenka apsipirkineti internetu, ir vagystes tu nepastebesi, nebent kiekviena diena tikrini sasakaita, nors ir pastebejes, bankas neatsakys uz tavo pinigus iki tol kol tu nepateiksi prasymo sustabdyti korteles galiojima

Tuo mes ir skiriames, kad as savo teisingus asmeninius duomenis, palieku teisingose sistemose ir del vagysciu ar dar kitu nutikimu nesuku galvos, nes zinau, kad bus atlyginta ir tt. Jei jum patinka buti kvailinamiem, tai cia jusu asmeninis reikalas, nes abejoju ar sony bent vienam atlygins nuostolius uz informacijos nutekinima ir finansu praradima, nes jum paduoti i teisma sony kompanija tiesiog neimanoma, nes Lietuvos regiono nera sarasuose. Yra geras rusiskas posakis "лохов везде разведут"

Matosi, jog labai daug žinai ir ne tik apie mane, bet apskritai apie viską ir net skirtumus gali įvardinti. Džiaugiuos dėl tavęs ir norėčiau gražų lietuvišką posakį pateikti: "kvailys tol išmintingas, kol tyli". Linkėčiau tau dažniau tylėti.

 

Kitiem linkiu nenusimint dėl susidariusios PSN padėties, nes galų gale ji bus išspręsta. Nėra tokių, kurie yra apsaugoti nuo nelaimių, ypač nuo tokių, kurias sukelia piktavaliai žmonės.

kvailys tol išmintingas, kol tyli

 

Ne į temą

Ryztingai tare Epikus ir prisijunge prie netylinciuju tarpo

Tuo mes ir skiriames, kad as savo teisingus asmeninius duomenis, palieku teisingose sistemose ir del vagysciu ar dar kitu nutikimu nesuku galvos, nes zinau, kad bus atlyginta ir tt. Jei jum patinka buti kvailinamiem, tai cia jusu asmeninis reikalas, nes abejoju ar sony bent vienam atlygins nuostolius uz informacijos nutekinima ir finansu praradima, nes jum paduoti i teisma sony kompanija tiesiog neimanoma, nes Lietuvos regiono nera sarasuose. Yra geras rusiskas posakis "лохов везде разведут"

 

 

Man idomu kaip gali tavo kortele buti apsaugota nuo apsipirkimo pateikiant korteles numeri, jos galiojimo data, varda ir pavarde bei stebuklingus tris skaitmenis kurios yra ant kiekvienos korteles. Viso sito uztenka apsipirkineti internetu, ir vagystes tu nepastebesi, nebent kiekviena diena tikrini sasakaita, nors ir pastebejes, bankas neatsakys uz tavo pinigus iki tol kol tu nepateiksi prasymo sustabdyti korteles galiojima

 

 

 

aiskiai parasiau kad nemaisytum kreditines su debitine, bet tu juk gudrus turetum susigaudyti

aiskiai parasiau kad nemaisytum kreditines su debitine, bet tu juk gudrus turetum susigaudyti

 

Ne į temą

Man uztenka proto, kad atskirti debetine nuo kreditines korteles, ko negalima pasakyti apie tamsta. Cituoju: Debeto kortelė – atsiskaitymo kortelė, naudojama kaip alternatyva gryniesiems pinigams atsiskaitant. Fiziškai beveik tokia pat, kaip kredito kortelė (tik kortelės numerio skaitmenys neiškilūs), bet debeto kortele galima atsiskaityti tik banko sąskaitoje esančiais pinigais – dėl to teoriškai negalima išleisti daugiau pinigų, nei yra sąskaitoje. Esminis skirtumas tarp šių kortelių rūšių – debeto kortelių naudojimo mokesčiai paprastai yra gerokai mažesni, jomis dažniausiai negalima atsiskaityti ten, kur nėra elektroninių skaitytuvų (pvz., internete), ir tokių kortelių turėtojams bankai paprastai siūlo mažiau papildomų privilegijų.   Kredito kortelė – mokėjimo kortelė, susieta su sąskaita banke. Skiriasi nuo debeto kortelių, nes suteikia galimybę pirkti kreditu. Kredito kortelę dažniausiai išduoda bankai, išdavimo metu nustatomas kredito limitas. Seniau atsiskaitymo metu kortelės savininkui užtekdavo pasirašyti pirkimo čekį, pastaruoju metu dažniausiai naudojama elektroninė sistema (naudojanti magnetinę juostelę), užtikrinanti, kad kortelė nėra padirbta ir kad kortelėje yra pakankamai pinigų (arba pakankamas kredito limitas). Kredito kortelėmis taip pat galima atsiskaityti telefonu ar internetu. PS Tai va zmogau, PSN'e nei vienas, net praktiskai, negalejo atsiskaitineti debtine kortele, o tik kreditine arba kreditines alternatyva leidziancia atsiskaitineti internete, jei duomenys is tikruju buvo pavogti, tai vagis gali laisvai pasinaudoti jusu kreditinemis kortelemis, nes jus ivedete duomenis kuriuos anksciau paminejau, nes kitaip PSN'as ar kita istaiga neatlikti pirkimo-pardavimo

Redagavo Balandžio 29, 2011 Fake

tiek kreditine tiek debitine galima pirkti interentu,telefonu ir t.t. is kur tu cia nukopinai sita teksta bbz

 

vienu zodziu nera tikslo gincitis su tavim, nes tu net neturi maziausio supratimo kaip kas veikia

bratva jus cia ir isivaziavot.net nezinau nuo ko pradet.imkit gyliau.mat kai negyvenu lt, tai mane gina kiti istatymai,pvz yra toks dalykas UK uz id nutekejimus,kuris baudziamas yra.Vien is tai puse limono iplauks i biudzeta svarainiu,kaip bauda.Mums zemes dulkems tipo priklausytu po50 svarainiu kiekvienam.Snekama,kad vien UK SONY apturejo bedos virs 150 000 000,tokia kompensacija priklausytu tiem 3 000 000 account useriu.Man ju 50 svarainiu nereik,svarbu greiciau vel ant koju atsistotu.Kas liecia pasisakymu del LT psn ,tai akis draskykit sony atstovybei LT ,jei tokia yra.o asmeniskai mano nuomone,jei kazkas netinka,kam vartojat?!siaip mazose salyse net filmai rodomi originalo kalba,tik subtitrai idedami kolkioj salyje transliuojama kalba.tad tik gimines ziuretumem lt kalba,rembo tik subtitrai.ir nesigautu tokiu kuriozu LTkalboje ,kai finding Nemo isvercia ieskant zuviuko Nemo .Ir tokiu vertimu tikrai ne vienetai.Tad arba gyvenam salyje blogoj arba .........