PSA: PS3 DATA BREACH - CHANGE PASSWORDS / CREDIT CARDS

[Kirby]

My friend constantly gets pissed at me because i never got an online account for my ps3

times like these that i'm glad i'm too lazy to do shit

So your mom wouldn't have to get a new creditcard?

[[fr31ns]Karrde]

Cancelled my check card.  Only good thing about TCF Bank is they do let me change cards whenever the hell I want to.

[KarthXLR]

PSN is coming back up this week, all users get a month of PSN Plus, and each region will get "exclusive free content".

http://kotaku.com/#!5797412/sony-playstation-network-will-return-this-week

[Surf314]

Supposedly only a few 20k had their CC stolen and none in the US. Also I'd recommend using keepass or similar for your passwords, I've changed over all my important accounts to randomly generated 16 character passwords.

[CaffeinePowered]

Supposedly only a few 20k had their CC stolen and none in the US. Also I'd recommend using keepass or similar for your passwords, I've changed over all my important accounts to randomly generated 16 character passwords.

Um, they never got any account passwords, just CC numbers, also free month from SOE

[Squishy3]

[quote author=Surf314 link=topic=5591.msg205150#msg205150 date=1304440294]
Supposedly only a few 20k had their CC stolen and none in the US. Also I'd recommend using keepass or similar for your passwords, I've changed over all my important accounts to randomly generated 16 character passwords.

Um, they never got any account passwords, just CC numbers, also free month from SOE
[/quote]They're telling you to change your password when PSN is back up, in fact you won't be able to login to PSN until your password is changed. They also recommended to change passwords if you use the same password on other sites and services. They also said that they may have obtained your security answers, which is a big thing since every site uses the same horrible ones.           

[CaffeinePowered]

[quote author=Caffeine link=topic=5591.msg205156#msg205156 date=1304441590]
[quote author=Surf314 link=topic=5591.msg205150#msg205150 date=1304440294]
Supposedly only a few 20k had their CC stolen and none in the US. Also I'd recommend using keepass or similar for your passwords, I've changed over all my important accounts to randomly generated 16 character passwords.

Um, they never got any account passwords, just CC numbers, also free month from SOE
[/quote]They're telling you to change your password when PSN is back up, in fact you won't be able to login to PSN until your password is changed. They also recommended to change passwords if you use the same password on other sites and services. They also said that they may have obtained your security answers, which is a big thing since every site uses the same horrible ones.           
[/quote]

The security answers are more of a concern, but if they just got the hash of the passwords, AS NO ONE IN THEIR RIGHT MINDS STORES PLAIN TEXT PASSWORDS, you should be ok. That being said, nothing wrong with erring on the side of caution.

[rumsfald]

The security answers are more of a concern, but if they just got the hash of the passwords, AS NO ONE IN THEIR RIGHT MINDS STORES PLAIN TEXT PASSWORDS, you should be ok. That being said, nothing wrong with erring on the side of caution.

If they have a hash of a good number of the passwords, that makes reversing the hash much easier. especially if they have all of them. Hello, rainbow tables. With the service down for days, the crackers have plenty of time to decipher the hash.

Change any other passwords ASAP and change SOE as soon it comes back up.

Also, if it weren't for Caff and his PS sex, I would have escaped this.

[Squishy3]

The only account that has a password that's shared with my PSN account is my myspace account. They can have it.

[HeK]

If they have a hash of a good number of the passwords, that makes reversing the hash much easier. especially if they have all of them. Hello, rainbow tables. With the service down for days, the crackers have plenty of time to decipher the hash.

I like my hash with salt.

[[SiN] Merc]

[quote author=rumsfald link=topic=5591.msg205208#msg205208 date=1304467316]
If they have a hash of a good number of the passwords, that makes reversing the hash much easier. especially if they have all of them. Hello, rainbow tables. With the service down for days, the crackers have plenty of time to decipher the hash.

I like my hash with salt.
[/quote]

I like mine with sausage and an omelet on the side.

[HeK]

Merc link=topic=5591.msg205258#msg205258 date=1304491449]
[quote author=HeK link=topic=5591.msg205229#msg205229 date=1304476631]
[quote author=rumsfald link=topic=5591.msg205208#msg205208 date=1304467316]
If they have a hash of a good number of the passwords, that makes reversing the hash much easier. especially if they have all of them. Hello, rainbow tables. With the service down for days, the crackers have plenty of time to decipher the hash.

I like my hash with salt.
[/quote]

I like mine with sausage and an omelet on the side.
[/quote]

http://en.wikipedia.org/wiki/Salt_(cryptography)

[Kirby]

[quote author=Caffeine link=topic=5591.msg205169#msg205169 date=1304448158]
The security answers are more of a concern, but if they just got the hash of the passwords, AS NO ONE IN THEIR RIGHT MINDS STORES PLAIN TEXT PASSWORDS, you should be ok. That being said, nothing wrong with erring on the side of caution.

If they have a hash of a good number of the passwords, that makes reversing the hash much easier. especially if they have all of them. Hello, rainbow tables. With the service down for days, the crackers have plenty of time to decipher the hash.
[/quote]



What rummy said.

@ one point I had the SQL backup for the #script website on GameSurge when I was staff there, and both the forums and our site  login info used MD5 hashes for the passwords.* Just for shits and giggles, I threw my (then top end) 3.2GHz EE Prescott, single core HT CPU at the DB bruting it, and I got a match on like 7 other staffers pass' in less than 4 hours.

*Yes I know MD5 isn't exactly secure, is a poor example, and that SoE uses (hopefully) much more powerful obfuscation hashing on their sensitive info, but the underlying scenario is exactly the same.

There's also some seriously powerful bruting options out there now compared to just a few years ago. A savvy programmer could harness GPGPU, CUDA or OpenCL and have a parallel processing platform that goes 50x faster than a Core i7 980X could go in it's wettest dream.

[Squishy3]

And the blaming starts now.

[rumsfald]

[quote author=rumsfald link=topic=5591.msg205208#msg205208 date=1304467316]
If they have a hash of a good number of the passwords, that makes reversing the hash much easier. especially if they have all of them. Hello, rainbow tables. With the service down for days, the crackers have plenty of time to decipher the hash.

I like my hash with salt.
[/quote]

As more and more details emerge, it seems that Sony prefers their incompetence "straight up."

[[fr31ns]Karrde]

[quote author=HeK link=topic=5591.msg205229#msg205229 date=1304476631]
[quote author=rumsfald link=topic=5591.msg205208#msg205208 date=1304467316]
If they have a hash of a good number of the passwords, that makes reversing the hash much easier. especially if they have all of them. Hello, rainbow tables. With the service down for days, the crackers have plenty of time to decipher the hash.

I like my hash with salt.
[/quote]

As more and more details emerge, it seems that Sony prefers their incompetence "straight up."
[/quote]

Sadly yeah.  Dumb fucks.  Seriously glad on so many levels that I canceled my check card

[CaffeinePowered]

And the blaming starts now.

Really? Cyber Terrorists?


Is everyone who commits any crime now referred to as a terrorist?



I mean FFS, I think "cyber terrorism" I think "attack on computer systems running critical infrastructure". If the PSN qualifies I'm going to punch someone.

[Kirby]

[quote author=Squishy link=topic=5591.msg205294#msg205294 date=1304538471]
And the blaming starts now.

Really? Cyber Terrorists?


Is everyone who commits any crime now referred to as a terrorist?



I mean FFS, I think "cyber terrorism" I think "attack on computer systems running critical infrastructure". If the PSN qualifies I'm going to punch someone.
[/quote]


I'm a weed terrorist.

[CorpseFactor]

[quote author=Caffeine link=topic=5591.msg205506#msg205506 date=1304700867]
[quote author=Squishy link=topic=5591.msg205294#msg205294 date=1304538471]
And the blaming starts now.

Really? Cyber Terrorists?


Is everyone who commits any crime now referred to as a terrorist?



I mean FFS, I think "cyber terrorism" I think "attack on computer systems running critical infrastructure". If the PSN qualifies I'm going to punch someone.
[/quote]


I'm a weed terrorist.
[/quote]I'm a caffeine terrorist

[shoopfox]

[quote author=Caffeine link=topic=5591.msg205506#msg205506 date=1304700867]
[quote author=Squishy link=topic=5591.msg205294#msg205294 date=1304538471]
And the blaming starts now.

Really? Cyber Terrorists?


Is everyone who commits any crime now referred to as a terrorist?



I mean FFS, I think "cyber terrorism" I think "attack on computer systems running critical infrastructure". If the PSN qualifies I'm going to punch someone.
[/quote]


I'm a weed terrorist.
[/quote]

Actually I remember the ad campaigns saying you support terrorism by smoking weed. Sooooo retarded