Tuesday, April 26, 2011

PSA on PSN Data Breach

Your Info, For the World to See

So Sony admits that data has been taken from the PSN breach, including:
  • Real Name
  • User Name
  • Password
  • Address
  • Phone Number
Other Possible Data Includes:
  • E-mail
  • Security Questions
  • Credit Card info (but not your CCV)
This is a major breach of trust. And from the sounds of things it could affect all 75 million users.

It Never Should Have Happened

The problem is Sony relied on their leaf node security to protect users. In other words, they thought the PS3/other services were not hackable so no need to secure the inner data. This is huge. The PS3 hacks only worked because they failed to use proper security on the console, and now we find out they didn't encrypt the user data?

It is called AES-256. Same encryption the military uses. Can it be hacked? Sure; however, given all the computing power on the planet (which hackers don't have access to) and reasonably long salts, the sun will explode first.

What To Do

Unfortunately not much. Change your security questions, passwords, etc. Be wary of phishing. While the hackers did grab the data, be glad they did it in such a public way. Imagine if you will, instead of mucking up the works the hackers only took 1 or 2 accounts. They could have done this for months or years unnoticed.

On The Brighter Side

Look for PS3s at a deep discount on CraigsList this weekend. Sony will hopefully learn from this.

Microsoft should take note as well. Since consumers aren't told how their data is secured, Xbox Live could have the same thing happen. Be safe out there.

Oh and I should note, they finally have a plan to get the network up, but only expect part of it to be up within the next week.

No comments:

Post a Comment

We reserve the right to remove any comment that is deemed offensive.

Post responsibly.

Real Time Web Analytics