Bij Sony is het momenteel grote paniek. We wisten al dat rond 16 april de gegevens (username, password en eventueel kredietkaartnummers) van 77 miljoen accounts van het SOE (Sony Online Entertainment) Netwerk (met oa de PS3 games en Everquest) gestolen werden. Daarbij werd blijkbaar ook het netwerk zelf aangevallen en dat ligt als gevolg daarvan al 2 weken plat.
Nu blijkt dat er nog een 25 miljoen extra accounts gehackt zijn (waarschijnlijk zijn er in de periode 16-19 april 2 aanvallen geweest).
Het gaat waarschijnlijk om een wraakactie van de hacker community (via een groep 'Anonymous') die een gevolg is van het hacken van de PS3 console in december door een 21 jarige hacker.
Die hacker en de PS3 gebruikers die deze hack exploiteerden werden door Sony juridisch zeer hard aangepakt en de hackers hebben blijkbaar besloten om Sony een lesje te leren.
En dat is goed gelukt. Sony staat met de billen bloot. Het gaat naar verluid om de grootste geslaagde hackoperatie ooit.
At Sony, it is currently in great panic. We already knew that around April 16 the data (username, password and possibly credit card numbers) of 77 million accounts of the SOE (Sony Online Entertainment) Network (including the PS3 games and Everquest) were stolen. Apparently the network itself was also attacked and as a result it has been down for 2 weeks
Now it appears that another 25 million additional accounts have been hacked (there were probably 2 attacks in the period April 16-19).
It is probably a revenge action by the hacker community (via a group 'Anonymous') that is a result of the hacking of the PS3 console in December by a 21-year-old hacker.
That hacker and the PS3 users who exploited this hack were dealt with very hard by Sony legally and the hackers apparently decided to teach Sony a lesson.
And that worked out well. Sony is exposed with the buttocks. It is said to be the largest successful hacking operation ever.
1 dag nadat ik de vorige post deed : een mailtje van SOE. Ik dacht : het zal toch niet waar zijn zeker, maar helaas, het is waar. Tot een vijftal jaren geleden speelde ik Everquest 2 op SOE. Allang opgezegd, maar blijkbaar bewaarde SOE al die gegevens nog in een onbeveiligde 'outdated database'. De 25 miljoen accounts waarvan sprake gaan dus over gebruikers die allang geen gebruik meer maken van SOE.
Het is eigenlijk ongelofelijk. Een goede raad aan iedereen : enkel prepaid gamecards gebruiken !
Voor de geïnteresseerden hier is de Sony mail :
May 3, 2011
Dear Valued Sony Online Entertainment Customer:
Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems. We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password. Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) may have also been obtained ? we will be notifying each of those customers prompptly.
There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment.
We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1st we concluded that SOE account information may have been stolen and we are notifying you as soon as possible.
We apologize for the inconvenience caused by the attack and as a result, we have:
1. Temporarily turned off all SOE game services;
2. Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
3. Quickly taken steps to enhance security and strengthen our network infrastructure to provide you with greater protection of your personal information.
We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.
For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When SOE’s services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your Station or SOE game account name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.
To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports.
We are committed to helping our customers protect their personal data and we will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs. The implementation will be at a local level and further details will be made available shortly in regions in which such programs are commonly utilized.
We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at + 44 870-600-0267 (Monday to Friday 15:00 to 22:00 GMT excluding holidays) should you have any additional questions.
Sincerely,
Sony Online Entertainment LLC
1 day after I did the previous post: an email from SOE. I thought: it will not be true, but unfortunately, it is true. Until five years ago I played Everquest 2 on SOE. Long canceled, but apparently SOE still stored all that data in an unsecured 'outdated database'. The 25 million accounts in question are therefore about users who no longer use SOE.
It's actually unbelievable. Good advice to everyone: only use prepaid game cards!
For those interested here is the Sony mail:
May 3, 2011
Dear Valued Sony Online Entertainment Customer:
Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems. We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password. Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) may have also been obtained? we will be notifying each of those customers prompptly.
There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment.
We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1st we concluded that SOE account information may have been stolen and we are notifying you as soon as possible.
We apologize for the inconvenience caused by the attack and as a result, we have:
1. Temporarily turned off all SOE game services;
2. Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
3. Quickly taken steps to enhance security and strengthen our network infrastructure to provide you with greater protection of your personal information.
We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.
For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not asking the entity. When SOE's services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your Station or SOE game account name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.
To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports.
We are committed to helping our customers protect their personal data and we will provide a complimentary offering to assist users in enrolling in identity theft protection services and / or similar programs. The implementation will be at a local level and further details will be made available shortly in regions in which such programs are commonly utilized.
We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at +44 870-600-0267 (Monday to Friday 15:00 to 22:00 GMT excluding holidays) should you have any additional questions.
Sincerely,
Sony Online Entertainment LLC
Helaas raken databases nog wel eens uit de mode, en worden ze niet meer goed beveiligd dan. Het andere is alles wat je op internet invoer blijft op internet staan en is op de een of andere manier wel terug te vinden (helaas).
Het andere nadeel is, dat bedrijven en overheden dus ook alles via internet gedaan willen hebben, en dat kan dus ook weer problemen geven in de toekomst. Wat werkt is de stekker eruit en van het internet af, dat is de enigste beveiliging tegen hackers ;-)
Unfortunately, databases sometimes go out of fashion, and they are no longer properly secured. The other thing is everything you enter on the internet remains on the internet and can be found in one way or another (unfortunately).
The other disadvantage is that companies and governments also want to have everything done via the internet, and that can also cause problems in the future. What works is the plug and the internet, that is the only protection against hackers ;-)
Als een mailtje begint met neutrale aanhef als "Dear Valued Customer" stop ik meestal met lezen, omdat dat een standaard formulering van spammers is. En als er typefouten in staan zoals prompptly vertrouw ik het al helmaal niet. Op hun website is die fout al hersteld, maar je gaat je wel afvragen hoe zeker je nog kunt zijn van de afzender...
If an email starts with neutral salutation like " Dear Valued Customer" I usually stop reading, because that is a standard formulation of spammers. And if there are typos like prompptly I don't trust it at all . On their website that bug has already been fixed, but you are going to wonder how sure you can still are from the sender ...
Lol, ik heb net ff de wayback machine gebruikt, en ja hoor, mijn jaren terug opgeheven site staat in het archief.
Voor de liefhebber, http://www.archive.org
Lol, I just used the wayback machine, and sure enough, my site that was closed years ago is in the archive.
For the enthusiast, http://www.archive.org
Wat mij het meeste verwondert is hoe weinig weerklank dit krijgt in de pers.
Sony is stukken groter dan Rabobank, ING, Dexia, KBC (misschien wel groter dan allemaal tesamen). Hun volledige customer database is nu public domain.
Dat is zowel voor de huidige gebruikers (77 miljoen) als voor degenen die hun abonnement opgezegd hebben (25 miljoen = outdated database).
Naam, adres, telefoonnummer, emailadres, username, password en mogelijk ook creditcardgegevens gehackt.
En Sony is een 'computer' firma, die hebben nogal wat beters in huis qua IT'ers dan om het even welke bank hierboven vernoemd.
PS : over de afzender. Enkel SOE en de Hackers kennen mijn email adres op SOE network.
What surprises me the most is how little resonance this gets in the press.
Sony is much bigger than Rabobank, ING, Dexia, KBC (maybe bigger than all together). Their entire customer database is now public domain.
That is both for current users (77 million) and for those who have canceled their subscription (25 million = outdated database).
Name, address, telephone number, email address, username, password and possibly also credit card information hacked.
And Sony is a 'computer' company, they have a lot better in house in terms of IT staff than any of the banks mentioned above.
PS: about the sender. Only SOE and the Hackers know my email address on SOE network.
Het heeft in Nederland toch wel behoorlijk wat aandacht gekregen hoor.
In de krant, op het nieuws (Radio en tv), een item van een kwartier bij de wereld draait door...
En op elke game website is het uiteraard tot in detail besproken.
Het was bijna niet te missen.
Sommige belangrijke gegevens zaten niet eens achter een firewall.
Blijkbaar hadden ze niet verwacht dat men in die gegevens geïnteresseerd zouden zijn.
Ik mag hopen dat banken hun beveiliging serieuzer nemen.
It has received quite a bit of attention in the Netherlands.
In the newspaper, on the news (Radio and TV), an item of fifteen minutes with the world running by ...
And of course it is discussed in detail on every game website.
It was almost impossible to miss.
Some important data wasn't even behind a firewall.
Apparently they did not expect people to be interested in that data.
I hope banks take their security more seriously.
@Arwin
In België ook hoor. Op pagina 7 over de eerste aanval, niets over de outdated database. We hebben ook 20 minuten in Peeters en Pichal op de radio gehad, maar ik denk dat de meeste luisteraars dachten dat het over gamefreaks ging.
En ja de gamefreaks weten het nu ondertussen : SOE heeft er een potje van gemaakt, Blizzard misschien ook.
Onze banken ?
Gezien hun reputatie betreffende de bankencrisis, wat denk jij ?
@Arwin
In Belgium too. On page 7 about the first attack, nothing about the outdated database. We also had 20 minutes on the radio in Peeters and Pichal, but I think most listeners thought it was about game freaks.
And yes the game freaks now know it now: SOE has made a mess of it, Blizzard maybe too.
Our banks?
Given their reputation for the banking crisis, what do you think?
Mja, maar ik verwacht het ook niet op de voorpagina hoor.
Je zegt wel dat Sony groter is dan bijvoorbeeld de Rabobank, maar het effect is voor veel meer mensen in Nederland merkbaar als er iets met de Rabobank is, dan dat gegevens van Nederlandse playstation3 gebruikers gestolen zijn.
Ik schat zo in dat de meeste gamers in Europa ook geen creditcard gebruiken.
Eigenlijk verbaasde ik me over de hoeveelheid aandacht die het kreeg.
Wie het nieuws een beetje volgt, kon het eigenlijk niet missen.
Ik ben het zelf zeker een keer of 8 tegen gekomen in de “normale” pers.
Dat is best goed voor dit soort nieuws hoor.
De banken crisis is een gevolg van immoreel en onverantwoord geld uitlenen, gevoed door geldhonger van bankpersoneel en een groot deel van de bevolking, ondersteund door slechte wetgeving.
Veiligheid is toch wel een beetje de “Core business” voor banken, dat kun je niet vergelijken.
Al is uiteindelijk alles te hacken natuurlijk.
Yeah, but I don't expect it on the front page either.
You say that Sony is larger than, for example, the Rabobank, but the effect is noticeable for many more people in the Netherlands if there is something wrong with the Rabobank than that data from Dutch playstation3 users has been stolen.
I guess most gamers in Europe don't use a credit card either.
Actually, I was amazed at the amount of attention it received.
Anyone who follows the news a bit could not miss it.
I myself have come across it at least 8 times in the “normal” press.
That's pretty good for this kind of news though.
The banking crisis is a result of immoral and irresponsible lending fueled by the money hunger of bank workers and much of the population, supported by bad legislation.
Security is a bit of the “core business” for banks, you cannot compare that.
Although ultimately everything can be hacked of course.
SOE Online ligt nog altijd plat en géén ETA (enkele dagen ?). Niet zo erg voor de PS3 spelers denk ik, online gaming is daar meestal toch niet de hoofdzaak. Voor de MMORPG spelers moet het evenwel zenuwslopend zijn. Ik herinner mij dat WoW eens twee dagen offline was. Er was toen bijna een volksopstand uitgebroken.
Dus die probleempjes bij Catawiki van vandaag zijn eigenlijk peanuts ;-)
Laatste nieuws :
May 12, 2011
We thank you for your patience as we continue to work around the clock to restore our game services. We know this has been a frustrating time for you and appreciate your understanding as we work to confirm the security of our network.
In light of the recent outage of Sony Online Entertainment's game services due to April's cyber-attack, we are committed to compensating our loyal player base for the inconvenience caused by the data breach and lost game time while we improve our security measures.
We are currently in the process of an extensive upgrade to our network to further protect your information from future attacks. It will likely be at least a few more days before we restore our services, and when we come back online, here is what you can expect for each of our game services.
First and foremost, all impacted players will receive 30 days of game time added to the end of the current billing cycle in addition to one day for each day the system is down. Additionally, many games are offering a variety of in-game items and special events to welcome players back once our services resume (per the outline below). This is true for both PC and PlayStation®3 computer entertainment system based products.
- DC Universe™ Online: Batman™ and Two-Face™ Inspired Masks and 30 Marks of Distinction
- Free Realms®: Free daily items (7 to collect)
- Clone Wars Adventures™: Count Dooku v2 Outfit
- EverQuest®: A series of events, including Double XP, Double Rare Mob Spawns and Double Faction Gains
- EverQuest II and EverQuest II Extended: A series of events, including Double XP, Double Guild XP, Loot Bonanza, and City Festivals
- Vanguard: Saga of Heroes®: A series of Double XP events
- Star Wars Galaxies™: Bounty Hunter Statue, a miniature model of Boba Fett's ship, the Slave I™
- Magic: The Gathering - Tactics™: Four of each of these spells: "Ivory Mask", "Duress" and "Angelheart Vial", plus 500 Station Cash
- PoxNora®: Limited edition Carrionling, Welcome Back 5K Gold Award Tournaments and two Draft Tournaments, plus 500 Station Cash
For our lifetime subscribers, we'll grant in-game currency; specifically 20,000 coins for Free Realms, 7,500 Galactic Credits for Clone Wars Adventures and 10 Marks of Distinction for DC Universe Online (in addition to the items listed above).
And finally, our Station Access subscribers will receive 500 Station Cash, in addition to the subscription time and items listed above.
Additionally, we announced today that SOE will provide its U.S.-based Station Account holders with complimentary enrollment in an identity theft protection program through Debix, one of the industry's most reputable identity protection firms. For Station Account holders who live outside the U.S., SOE will be offering similar programs, if and as available, and will provide details as they're confirmed for each country or territory.
We continue to work around the clock to restore SOE's services and thank you for your continued patience as we complete our investigation of this criminal attack.
Thank you,
Sony Online Entertainment
SOE Online is still down and no ETA (a few days?). Not so bad for the PS3 players I think, online gaming is usually not the main thing there. However, it must be nerve-racking for the MMORPG players. I remember WoW was once offline for two days. At that time a popular uprising had almost broken out.
So those problems at Catawiki today are actually peanuts ;-)
Latest news:
May 12, 2011
We thank you for your patience as we continue to work around the clock to restore our game services. We know this has been a frustrating time for you and appreciate your understanding as we work to confirm the security of our network.
In light of the recent outage of Sony Online Entertainment's game services due to April's cyber-attack, we are committed to compensating our loyal player base for the inconvenience caused by the data breach and lost game time while we improve our security measures.
We are currently in the process of an extensive upgrade to our network to further protect your information from future attacks. It will likely be at least a few more days before we restore our services, and when we come back online, here is what you can expect for each of our game services.
First and foremost, all impacted players will receive 30 days of game time added to the end of the current billing cycle in addition to one day for each day the system is down. Additionally, many games are offering a variety of in-game items and special events to welcome players back once our services resume (per the outline below). This is true for both PC and PlayStation®3 computer entertainment system based products.
- DC Universe ™ Online: Batman ™ and Two-Face ™ Inspired Masks and 30 Marks of Distinction
- Free Realms®: Free daily items (7 to collect)
- Clone Wars Adventures ™: Count Dooku v2 Outfit
- EverQuest®: A series of events, including Double XP, Double Rare Mob Spawns and Double Faction Gains
- EverQuest II and EverQuest II Extended: A series of events, including Double XP, Double Guild XP, Loot Bonanza, and City Festivals
- Vanguard: Saga of Heroes®: A series of Double XP events
- Star Wars Galaxies ™: Bounty Hunter Statue, a miniature model of Boba Fett's ship, the Slave I ™
- Magic: The Gathering - Tactics ™: Four of each of these spells: "Ivory Mask", "Duress" and "Angelheart Vial", plus 500 Station Cash
- PoxNora®: Limited edition Carrionling, Welcome Back 5K Gold Award Tournaments and two Draft Tournaments, plus 500 Station Cash
For our lifetime subscribers, we'll grant in-game currency; specifically 20,000 coins for Free Realms, 7,500 Galactic Credits for Clone Wars Adventures and 10 Marks of Distinction for DC Universe Online (in addition to the items listed above).
And finally, our Station Access subscribers will receive 500 Station Cash, in addition to the subscription time and items listed above.
Additionally, we announced today that SOE will provide its US-based Station Account holders with complimentary enrollment in an identity theft protection program through Debix, one of the industry's most reputable identity protection firms. For Station Account holders who live outside the U.S., SOE will be offering similar programs, if and as available, and will provide details as they're confirmed for each country or territory.
We continue to work around the clock to restore SOE's services and thank you for your continued patience as we complete our investigation of this criminal attack.
Thank you,
Sony Online Entertainment