Your Info, For the World to SeeSo Sony admits that data has been taken from the PSN breach, including:
- Real Name
- User Name
- Phone Number
- Security Questions
- Credit Card info (but not your CCV)
It Never Should Have HappenedThe problem is Sony relied on their leaf node security to protect users. In other words, they thought the PS3/other services were not hackable so no need to secure the inner data. This is huge. The PS3 hacks only worked because they failed to use proper security on the console, and now we find out they didn't encrypt the user data?
It is called AES-256. Same encryption the military uses. Can it be hacked? Sure; however, given all the computing power on the planet (which hackers don't have access to) and reasonably long salts, the sun will explode first.
What To DoUnfortunately not much. Change your security questions, passwords, etc. Be wary of phishing. While the hackers did grab the data, be glad they did it in such a public way. Imagine if you will, instead of mucking up the works the hackers only took 1 or 2 accounts. They could have done this for months or years unnoticed.
On The Brighter SideLook for PS3s at a deep discount on CraigsList this weekend. Sony will hopefully learn from this.
Microsoft should take note as well. Since consumers aren't told how their data is secured, Xbox Live could have the same thing happen. Be safe out there.
Oh and I should note, they finally have a plan to get the network up, but only expect part of it to be up within the next week.