On Apr 26, 2011, at 5:30 PM, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote:
> http://www.theregister.co.uk/2011/04/26/sony_playstation_network_security_brea > ch/ > > This couldn't have happened to a nicer company. Really. It just couldn't. > the interesting blurb from http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/ is "Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained." so unfortunately, due to password reuse by >20% of users, and the fact that they lost email addresses, everybody else is screwed too, even companies that are not evil. > "Sony's advisory on Tuesday means that the company was likely storing > passwords, credit card numbers, expiration dates, and other sensitive > information > unhashed and unencrypted on its servers." > > ====================== (quote inserted randomly by Pegasus Mailer) > [email protected] [email protected] [email protected] > If your protocol is successful, it will eventually be used for > purposes for which it was never intended, and its users will > criticize you for being shortsighted. - Charlie Kaufman > victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links > http://blogs.securiteam.com/index.php/archives/author/p1/ > http://twitter.com/rslade > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
