Like many Playstation 3 owners I’ve just read the latest update from Sony regarding this weekends outages.
Its great to hear that Sony are working day and night to re-establish the network – I really do believe them and hope they can implement some hard learned lessons.
If you are a Playstation 3 owner, it might be worth taking a deep breath and focus on what’s important at the moment – your compromised data.
From reading todays update on the Playstation Network blog I get the feeling that someone pulled a WarGames and got themselves a little more than they bargained for. I don’t care if you’re a university drop out or a highly skilled mathlete who’s only part of the problem – but that sort of data is worth a lot of money to the right (or wrong) people.
All of those adverts you see about identity theft is big business to a lot of people, so lets get to work seeing if we can’t do something to protect ourselves.
Lets break down the advise given in the blog post and see what we can do.
We believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate…
Okay, I’m not going to move house and judging by the amount of junk I get through the postal system, I don’t think this is the biggest problem.
PlayStation Network/Qriocity password and login, and handle/PSN online ID.
This I must admit is something which (either rightfully or wrongly) concerns me more. I for one haven’t manually logged into my PSN ID in a long time, so can only guess at which of my email address / password combinations was used. If your concerned enough it probably isn’t a bad time to spring clean your password chain.
If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained
I’m not a parent, so I can’t comment on the moral ramifications of this, but like with the above suggestion – get those passwords reset.
While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
This is where things start to get more concerning, but lets hope it isn’t the case. While no expert, I have been involved in service security testing and know how much thought goes into encryption – but there is no certainty. Thankfully I didn’t purchase from the store, if I had I would seriously consider voiding my current card.
For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number
I’m always on the look out for scam emails, often from fake Blizzard and Paypal accounts, the easy spot was always “Dear customer” – if anything official makes it your way, you better believe they refer to you by name. However with names also out to match the email addresses, you can always hope your web broswers picks it up. So that said, its probably about time to make sure all firewalls, spam blockers and browser security are up to date.
So there you have it… its a pretty sucky day to be Sony. While its easy to point the finger and make a lot of noise about the service, it might be worth taking stock of the situation first.