Considering that the PSN has been down for 2 weeks + a couple of days, now the pc side is going to be down until gosh knows when.
No it is not enough.
I want the names of the hackers, I want to know they are going to jail, and possibly see a couple of folks in their IT security department at soe fired for being totally incompetent.
I still say that 2 weeks after they fired 209 folks, you have to wonder if one or more of those 209 folks help this situation along with some inside information to help the hackers.
24 million folks identity exposed that's a lot. No telling what the hackers are going to do with all that information, now all those folks are going to have to put a fraud alert on their credit profile to keep folks from stealing their id.
What do you expect them to do? There is nothing they can do to set things right and make people forget that their personal and billing information might have been stolen -_-
You want marks as a compensation? I am at a loss for words -_-
Good thing I have never given them any of my info and I chose Xbox over Playstation...
Mission in life: Vanquish all MMORPG.com trolls - especially TESO, WOW and GW2 trolls.
I don't even really believe them and their promises anymore. The amount of times they've treated their players with absolute disrespect is outrageous. I'm sure that when PSN and SOE come back up they'll have some kind of trick up their sleeve which basically screws everyone affected by this fiasco.
well.. that at least is something they have a great deal of experience at...
i think the worst part of this debacle.. is that Sony didnt discover the intrusion themselves.. but had to be told by another company that their network had been compromised.. ..
I don't even really believe them and their promises anymore. The amount of times they've treated their players with absolute disrespect is outrageous. I'm sure that when PSN and SOE come back up they'll have some kind of trick up their sleeve which basically screws everyone affected by this fiasco.
well.. that at least is something they have a great deal of experience at...
i think the worst part of this debacle.. is that Sony didnt discover the intrusion themselves.. but had to be told by another company that their network had been compromised.. ..
I didn't know that part. Who told them and how did they find out?
I don't even really believe them and their promises anymore. The amount of times they've treated their players with absolute disrespect is outrageous. I'm sure that when PSN and SOE come back up they'll have some kind of trick up their sleeve which basically screws everyone affected by this fiasco.
well.. that at least is something they have a great deal of experience at...
i think the worst part of this debacle.. is that Sony didnt discover the intrusion themselves.. but had to be told by another company that their network had been compromised.. ..
I didn't know that part. Who told them and how did they find out?
Supposedly they had hired an outside firm that was doing an audit on the PSN stuff, that firm told them that during the audit they discovered that the PC side had been breached as well. The press releases is on soe.com its the only page they have up.
I don't even really believe them and their promises anymore. The amount of times they've treated their players with absolute disrespect is outrageous. I'm sure that when PSN and SOE come back up they'll have some kind of trick up their sleeve which basically screws everyone affected by this fiasco.
well.. that at least is something they have a great deal of experience at...
i think the worst part of this debacle.. is that Sony didnt discover the intrusion themselves.. but had to be told by another company that their network had been compromised.. ..
I didn't know that part. Who told them and how did they find out?
Are you that suprised? Both Sony and SOE have been laying off so many people the past 2 years. SOE had a major lay off just recently.
I wouldn't be suprised that they ditched security people during those lay off rounds, as they are not the cheapest bunch of resources.
The very strong rumors from sources indicating that they were using outdated software and slacking with applying patches and updates to their system all indicates they have some serious staffing problems within their IT department !
Which is very shocking, knowing they have the responsibility of systems holding sensitive and personal information of millions of users!
But hey, like has already been said, that is why a Class Action Lawsuit is already been prepared against Sony and SOE.
Are you that suprised? Both Sony and SOE have been laying off so many people the past 2 years. SOE had a major lay off just recently.
I wouldn't be suprised that they ditched security people during those lay off rounds, as they are not the cheapest bunch of resources.
The very strong rumors from sources indicating that they were using outdated software and slacking with applying patches and updates to their system all indicates they have some serious staffing problems within their IT department !
Which is very shocking, knowing they have the responsibility of systems holding sensitive and personal information of millions of users!
But hey, like has already been said, that is why a Class Action Lawsuit is already been prepared against Sony and SOE.
Using 'outdated' software is actually pretty acceptable practice in the corporate world.
Devil you know vs devil you don't know theory applies.
No large corporate is going to apply MS patches/OS just because MS says so. Their own test/QA comes in to make sure the latest hotfix/service pack doesn't break the software in their environment and go from there.
Security has always been about 'layers' and not 'one giant XYZ'. The press event Sony had indicates the 'layers' weren't present and access was not segmented between the different sections of their intranet.
Gdemami - Informing people about your thoughts and impressions is not a review, it's a blog.
I don't even really believe them and their promises anymore. The amount of times they've treated their players with absolute disrespect is outrageous. I'm sure that when PSN and SOE come back up they'll have some kind of trick up their sleeve which basically screws everyone affected by this fiasco.
well.. that at least is something they have a great deal of experience at...
i think the worst part of this debacle.. is that Sony didnt discover the intrusion themselves.. but had to be told by another company that their network had been compromised.. ..
I didn't know that part. Who told them and how did they find out?
Are you that suprised? Both Sony and SOE have been laying off so many people the past 2 years. SOE had a major lay off just recently.
I wouldn't be suprised that they ditched security people during those lay off rounds, as they are not the cheapest bunch of resources.
The very strong rumors from sources indicating that they were using outdated software and slacking with applying patches and updates to their system all indicates they have some serious staffing problems within their IT department !
Which is very shocking, knowing they have the responsibility of systems holding sensitive and personal information of millions of users!
But hey, like has already been said, that is why a Class Action Lawsuit is already been prepared against Sony and SOE.
I have to agree with almost everything said in this last quoted post. I think it is absolutely appaling that they had to be told by outside sources and I think it's also quite shocking if they've been letting account security measures slide.
Oh but wait thats something to do with the happiness and satisfaction of their games players. Never mind then, that would be one of their absolute lowest priorities then.
as far as I understand the 24 million accounts that had their information stolen did not have their cc details stolen, as it was kept in a different server - thats what soe.com says anyway, but they did keep 10.700 outdated customers credit card details on file from 2007, stemming from 4 european countries and those people had all their information stolen.
if you havent played a soe game since 2007, and you dont really keep up to date with gaming news and youre one of those 10.7k unfortunate people, you are screwed, unless your cc details have timed out naturally.
I think the other important question here is how long should these companies keep financial information on record from old customers. Why doesnt it get removed after say a few months of cancellation. Wouldnt you and I rather retype our details if we reactivate, than have them store out details and be subject to whatever effort they put into their security?
it just seems odd to me that this isnt among the questions raised in this whole debacle. Why do they keep those records. Do those details automatically belong to the company because you once was a customer of theirs?
I know its the standard mode of operation, but should it be?
as far as I understand the 24 million accounts that had their information stolen did not have their cc details stolen, as it was kept in a different server - thats what soe.com says anyway, but they did keep 10.700 outdated customers credit card details on file from 2007, stemming from 4 european countries and those people had all their information stolen.
if you havent played a soe game since 2007, and you dont really keep up to date with gaming news and youre one of those 10.7k unfortunate people, you are screwed, unless your cc details have timed out naturally.
I think the other important question here is how long should these companies keep financial information on record from old customers. Why doesnt it get removed after say a few months of cancellation. Wouldnt you and I rather retype our details if we reactivate, than have them store out details and be subject to whatever effort they put into their security?
it just seems odd to me that this isnt among the questions raised in this whole debacle. Why do they keep those records. Do those details automatically belong to the company because you once was a customer of theirs?
I know its the standard mode of operation, but should it be?
It's not only the old (bank)data that's at risk. Did you take a good look and wonder what you can do with only your (full) name, address and birth date? There's enough webshops and services out there that accept this data to sell stuff, send the goods to a different address and you the bill. And it's up to you to proove you didn't order the stuff sold with your identity...
I wish it was only the financial data that's making the risk right now. It's so much bigger for 100Mo registered SONY users...
I have personally already taken steps to avoid anyone to use my personal data against me. Called my bank to inform them, been to the police and been to my mobile telephone provider to take measures no one can use /change my data (I have a very beautiful premium phonenumber). Now it's just wait and see what will happen and how much shit will come my way *hopes nothing at all*
Are you that suprised? Both Sony and SOE have been laying off so many people the past 2 years. SOE had a major lay off just recently.
I wouldn't be suprised that they ditched security people during those lay off rounds, as they are not the cheapest bunch of resources.
The very strong rumors from sources indicating that they were using outdated software and slacking with applying patches and updates to their system all indicates they have some serious staffing problems within their IT department !
Which is very shocking, knowing they have the responsibility of systems holding sensitive and personal information of millions of users!
But hey, like has already been said, that is why a Class Action Lawsuit is already been prepared against Sony and SOE.
Using 'outdated' software is actually pretty acceptable practice in the corporate world.
Devil you know vs devil you don't know theory applies.
No large corporate is going to apply MS patches/OS just because MS says so. Their own test/QA comes in to make sure the latest hotfix/service pack doesn't break the software in their environment and go from there.
Security has always been about 'layers' and not 'one giant XYZ'. The press event Sony had indicates the 'layers' weren't present and access was not segmented between the different sections of their intranet.
It's an acceptable practice when you have non-critical systems.
I have been in the IT for over 12 years! non-critical systems you can slack a bit with security updates and do it less often.
But in every company I have worked, every assignment I have done so far! Critical and sensitive systems were always running the latest updated software (not talking about OS) and security updates / patches !
When you are running systems that contain sensitive and personal information from millions of users, you have the obligation as a company to handle that with utmost care and responsibility! Make sure you run the latest software, security updates and patches!
That on such a critical environment they were running Appache software that was outdated with known vulnaribilities is a crime on itself! Total neglegance on their part!
That is why this whole debacle is going to have a very looooooooong tail with law suits and Class Action Law suits coming from everywhere against Sony and SOE.
I don't even really believe them and their promises anymore. The amount of times they've treated their players with absolute disrespect is outrageous. I'm sure that when PSN and SOE come back up they'll have some kind of trick up their sleeve which basically screws everyone affected by this fiasco.
well.. that at least is something they have a great deal of experience at...
i think the worst part of this debacle.. is that Sony didnt discover the intrusion themselves.. but had to be told by another company that their network had been compromised.. ..
I didn't know that part. Who told them and how did they find out?
Are you that suprised? Both Sony and SOE have been laying off so many people the past 2 years. SOE had a major lay off just recently.
I wouldn't be suprised that they ditched security people during those lay off rounds, as they are not the cheapest bunch of resources.
The very strong rumors from sources indicating that they were using outdated software and slacking with applying patches and updates to their system all indicates they have some serious staffing problems within their IT department !
Which is very shocking, knowing they have the responsibility of systems holding sensitive and personal information of millions of users!
But hey, like has already been said, that is why a Class Action Lawsuit is already been prepared against Sony and SOE.
I have to agree with almost everything said in this last quoted post. I think it is absolutely appaling that they had to be told by outside sources and I think it's also quite shocking if they've been letting account security measures slide.
Oh but wait thats something to do with the happiness and satisfaction of their games players. Never mind then, that would be one of their absolute lowest priorities then.
The wording of your post is a bit off. Nobody had to be told by an outside security firm... the hired an outside security firm to confirm their findings. Which oddly enough would be "the standard" to have your data verified by another party. In other words its probably the one "right thing" they did.
I agree that there is no excuse for customer data being obtained. I agree that they have pissed off a lot of customers (I'm a former swg player among other soe games). However, being a pissed off former or current customer tends to cloud these posts.
We also as far as I know do not know how the system was compromised. So who is to say security measures slid? Perhaps one of those former employees left some presents within the system.. who knows at this point. I have worked for three different companies that had security issues that were former employees ways of "getting even". That doesn't mean this is the case but its much easier to be secured from the outside than it is from the people that are supposed to secure the system.
I'm not really an SOE fan, I came to this site because of SWG. You know to rant and stuff about SOE etc that's what most of us did when I first came here. However, when I read this thread.. I thought I would offer a different point of view.
CC I could live with from 2007 as any of those cards wouldnt exist anymore but now to hear of the 10,700 Direct Debit details being stolen is outrageous thats people bank accounts.
Knowing the UK is one of the countrys affected and the fact I had 14 accounts to SWG, EQ2 etc in 2007 then its extremely worrying.
WTF are we supposed to do change our banks that we have built relationships with over 10+ years.
CC I could live with from 2007 as any of those cards wouldnt exist anymore but now to hear of the 10,700 Direct Debit details being stolen is outrageous thats people bank accounts.
Knowing the UK is one of the countrys affected and the fact I had 14 accounts to SWG, EQ2 etc in 2007 then its extremely worrying.
WTF are we supposed to do change our banks that we have built relationships with over 10+ years.
That is why you have to call your bank immediately and go to the police!
This is the scary thing with this amount of personal data being stolen. They basically got enough details from you as person to potentially cause a lot of damage and misery on your person.
That is what basically identity theft is about and why it is so scary! As you will have to proof that it wasn't you, but someone else impersonating you.
And those of us who aren't current subscribers get ... ?
We got our info stolen too. I played DCUO at release for the free month and is the first and only SOE game I've ever played.
I let that sub expire but now you're telling me they stole all my personal information, login info and password used and that there's "no evidence" of the main CC database being compromised but you haven't done a security audit yet? and this is after the PSN debacle? WTF?
Obviously, I have no reason to believe that's true either and will likely have to contact my bank.
That's a hell of a lot of hassle for your lax IT standards. It's even better that they're leaving their station server down so people can't even check to see which login they used to know if they need to change it elsewhere.
Currently Playing: Perpetuum MMOs Played (most time spent to least): World of Warcraft (BG/Open world PvP focused), Lord of the Rings Online (PvMP focused), Warhammer Online (BG PvP focused), Global Agenda, Age of Conan, DC Universe Online (PvP focused), Runes of Magic, Allods, Aion, Fallen Earth
Are you that suprised? Both Sony and SOE have been laying off so many people the past 2 years. SOE had a major lay off just recently.
I wouldn't be suprised that they ditched security people during those lay off rounds, as they are not the cheapest bunch of resources.
The very strong rumors from sources indicating that they were using outdated software and slacking with applying patches and updates to their system all indicates they have some serious staffing problems within their IT department !
Which is very shocking, knowing they have the responsibility of systems holding sensitive and personal information of millions of users!
But hey, like has already been said, that is why a Class Action Lawsuit is already been prepared against Sony and SOE.
Using 'outdated' software is actually pretty acceptable practice in the corporate world.
Devil you know vs devil you don't know theory applies.
No large corporate is going to apply MS patches/OS just because MS says so. Their own test/QA comes in to make sure the latest hotfix/service pack doesn't break the software in their environment and go from there.
Security has always been about 'layers' and not 'one giant XYZ'. The press event Sony had indicates the 'layers' weren't present and access was not segmented between the different sections of their intranet.
It's an acceptable practice when you have non-critical systems.
I have been in the IT for over 12 years! non-critical systems you can slack a bit with security updates and do it less often.
But in every company I have worked, every assignment I have done so far! Critical and sensitive systems were always running the latest updated software (not talking about OS) and security updates / patches !
When you are running systems that contain sensitive and personal information from millions of users, you have the obligation as a company to handle that with utmost care and responsibility! Make sure you run the latest software, security updates and patches!
That on such a critical environment they were running Appache software that was outdated with known vulnaribilities is a crime on itself! Total neglegance on their part!
That is why this whole debacle is going to have a very looooooooong tail with law suits and Class Action Law suits coming from everywhere against Sony and SOE.
I'm sure you guys have infrastructure setup in different ways but even on critical systems, software vunerability is mitigated through multiple layers.
Latest patch/hotfix might introduce another bug. The bad thing with this is that your IT personnel does not know what that bug is, so they can not mitigate the risk.
Security and risk go hand in hand. Software that is known to have certain bugs but not others is vastly superior in terms of risk compared to the latest software patch that was released 24 hours ago.
Gdemami - Informing people about your thoughts and impressions is not a review, it's a blog.
CC I could live with from 2007 as any of those cards wouldnt exist anymore but now to hear of the 10,700 Direct Debit details being stolen is outrageous thats people bank accounts.
Knowing the UK is one of the countrys affected and the fact I had 14 accounts to SWG, EQ2 etc in 2007 then its extremely worrying.
WTF are we supposed to do change our banks that we have built relationships with over 10+ years.
That is why you have to call your bank immediately and go to the police!
This is the scary thing with this amount of personal data being stolen. They basically got enough details from you as person to potentially cause a lot of damage and misery on your person.
That is what basically identity theft is about and why it is so scary! As you will have to proof that it wasn't you, but someone else impersonating you.
Stuff that I'm away to hire a Ferrari for a day go on a shopping spree and have a few days on the lash all on my CC's and then blame sony
Are you that suprised? Both Sony and SOE have been laying off so many people the past 2 years. SOE had a major lay off just recently.
I wouldn't be suprised that they ditched security people during those lay off rounds, as they are not the cheapest bunch of resources.
The very strong rumors from sources indicating that they were using outdated software and slacking with applying patches and updates to their system all indicates they have some serious staffing problems within their IT department !
Which is very shocking, knowing they have the responsibility of systems holding sensitive and personal information of millions of users!
But hey, like has already been said, that is why a Class Action Lawsuit is already been prepared against Sony and SOE.
Using 'outdated' software is actually pretty acceptable practice in the corporate world.
Devil you know vs devil you don't know theory applies.
No large corporate is going to apply MS patches/OS just because MS says so. Their own test/QA comes in to make sure the latest hotfix/service pack doesn't break the software in their environment and go from there.
Security has always been about 'layers' and not 'one giant XYZ'. The press event Sony had indicates the 'layers' weren't present and access was not segmented between the different sections of their intranet.
It's an acceptable practice when you have non-critical systems.
I have been in the IT for over 12 years! non-critical systems you can slack a bit with security updates and do it less often.
But in every company I have worked, every assignment I have done so far! Critical and sensitive systems were always running the latest updated software (not talking about OS) and security updates / patches !
When you are running systems that contain sensitive and personal information from millions of users, you have the obligation as a company to handle that with utmost care and responsibility! Make sure you run the latest software, security updates and patches!
That on such a critical environment they were running Appache software that was outdated with known vulnaribilities is a crime on itself! Total neglegance on their part!
That is why this whole debacle is going to have a very looooooooong tail with law suits and Class Action Law suits coming from everywhere against Sony and SOE.
I'm sure you guys have infrastructure setup in different ways but even on critical systems, software vunerability is mitigated through multiple layers.
Latest patch/hotfix might introduce another bug. The bad thing with this is that your IT personnel does not know what that bug is, so they can not mitigate the risk.
Security and risk go hand in hand. Software that is known to have certain bugs but not others is vastly superior in terms of risk compared to the latest software patch that was released 24 hours ago.
True, but when you run online services and do it on outdated apache servers with "known" vulnaribilities. Sorry, but then you are really start making it easy for them to hack into your systems and bypass your firewalls.
CC I could live with from 2007 as any of those cards wouldnt exist anymore but now to hear of the 10,700 Direct Debit details being stolen is outrageous thats people bank accounts.
Knowing the UK is one of the countrys affected and the fact I had 14 accounts to SWG, EQ2 etc in 2007 then its extremely worrying.
WTF are we supposed to do change our banks that we have built relationships with over 10+ years.
That is why you have to call your bank immediately and go to the police!
This is the scary thing with this amount of personal data being stolen. They basically got enough details from you as person to potentially cause a lot of damage and misery on your person.
That is what basically identity theft is about and why it is so scary! As you will have to proof that it wasn't you, but someone else impersonating you.
Stuff that I'm away to hire a Ferrari for a day go on a shopping spree and have a few days on the lash all on my CC's and then blame sony
they giving a free month to inactive accounts by chance? might be nice to jump into eq or vg again for a bit to see if I care to resub.
Grouping in Old school mmo's: meeting someone at the bar and chatting, getting to know them before jumping into bed. Current mmo's grouping: tinder. swipe, hookup, hope you don't get herpes, never see them again.
Gotta love the way you guys are bitching about SOE and its bad software.
My credit card was hacked way back when i used to play WOW do you think BLizzard offered me anything no they told me to buy a authencator and change all my details.
Rift was hacked at the begining they gave us a free month.
All online software is vunable to hacking and there is no way anybody can stop it. Thats why i allways use disposable cards and i live in europe so dont say you cant get it here.
SOE have some of the best games and just cause they have been the victums of hackers you shouldnt give in to the hackers and stop playing there games.
You only have yourself to balme if your credit card or bank details are in danger. Have you guys not seen stuff like pay pal or cards where you load money on them to use online.
CC I could live with from 2007 as any of those cards wouldnt exist anymore but now to hear of the 10,700 Direct Debit details being stolen is outrageous thats people bank accounts.
Knowing the UK is one of the countrys affected and the fact I had 14 accounts to SWG, EQ2 etc in 2007 then its extremely worrying.
WTF are we supposed to do change our banks that we have built relationships with over 10+ years.
Actually my old cc information from 2007 is still valid. My card wasnt due to a reissue for a long time still. 6 yrs and counting. So yeah perhaps visas in some countries in europe are valid longer than you are used to where youre from. But dont asume they have all naturally expired, altho some ofcourse will have. I have now had mine closed and reissued a new one early.
Comments
Considering that the PSN has been down for 2 weeks + a couple of days, now the pc side is going to be down until gosh knows when.
No it is not enough.
I want the names of the hackers, I want to know they are going to jail, and possibly see a couple of folks in their IT security department at soe fired for being totally incompetent.
I still say that 2 weeks after they fired 209 folks, you have to wonder if one or more of those 209 folks help this situation along with some inside information to help the hackers.
24 million folks identity exposed that's a lot. No telling what the hackers are going to do with all that information, now all those folks are going to have to put a fraud alert on their credit profile to keep folks from stealing their id.
This entire situation boggles the mind.
What do you expect them to do? There is nothing they can do to set things right and make people forget that their personal and billing information might have been stolen -_-
You want marks as a compensation? I am at a loss for words -_-
Good thing I have never given them any of my info and I chose Xbox over Playstation...
Mission in life: Vanquish all MMORPG.com trolls - especially TESO, WOW and GW2 trolls.
well.. that at least is something they have a great deal of experience at...
i think the worst part of this debacle.. is that Sony didnt discover the intrusion themselves.. but had to be told by another company that their network had been compromised.. ..
I didn't know that part. Who told them and how did they find out?
Supposedly they had hired an outside firm that was doing an audit on the PSN stuff, that firm told them that during the audit they discovered that the PC side had been breached as well. The press releases is on soe.com its the only page they have up.
Are you that suprised? Both Sony and SOE have been laying off so many people the past 2 years. SOE had a major lay off just recently.
I wouldn't be suprised that they ditched security people during those lay off rounds, as they are not the cheapest bunch of resources.
The very strong rumors from sources indicating that they were using outdated software and slacking with applying patches and updates to their system all indicates they have some serious staffing problems within their IT department !
Which is very shocking, knowing they have the responsibility of systems holding sensitive and personal information of millions of users!
But hey, like has already been said, that is why a Class Action Lawsuit is already been prepared against Sony and SOE.
Using 'outdated' software is actually pretty acceptable practice in the corporate world.
Devil you know vs devil you don't know theory applies.
No large corporate is going to apply MS patches/OS just because MS says so. Their own test/QA comes in to make sure the latest hotfix/service pack doesn't break the software in their environment and go from there.
Security has always been about 'layers' and not 'one giant XYZ'. The press event Sony had indicates the 'layers' weren't present and access was not segmented between the different sections of their intranet.
Gdemami -
Informing people about your thoughts and impressions is not a review, it's a blog.
I have to agree with almost everything said in this last quoted post. I think it is absolutely appaling that they had to be told by outside sources and I think it's also quite shocking if they've been letting account security measures slide.
Oh but wait thats something to do with the happiness and satisfaction of their games players. Never mind then, that would be one of their absolute lowest priorities then.
Retired: EVE, SWG, STO, EQ2, Ryzom, AO, LotRO, FFXI
Currently Awaiting: SWTOR, TSW, ArcheAge
as far as I understand the 24 million accounts that had their information stolen did not have their cc details stolen, as it was kept in a different server - thats what soe.com says anyway, but they did keep 10.700 outdated customers credit card details on file from 2007, stemming from 4 european countries and those people had all their information stolen.
if you havent played a soe game since 2007, and you dont really keep up to date with gaming news and youre one of those 10.7k unfortunate people, you are screwed, unless your cc details have timed out naturally.
I think the other important question here is how long should these companies keep financial information on record from old customers. Why doesnt it get removed after say a few months of cancellation. Wouldnt you and I rather retype our details if we reactivate, than have them store out details and be subject to whatever effort they put into their security?
it just seems odd to me that this isnt among the questions raised in this whole debacle. Why do they keep those records. Do those details automatically belong to the company because you once was a customer of theirs?
I know its the standard mode of operation, but should it be?
It's not only the old (bank)data that's at risk. Did you take a good look and wonder what you can do with only your (full) name, address and birth date? There's enough webshops and services out there that accept this data to sell stuff, send the goods to a different address and you the bill. And it's up to you to proove you didn't order the stuff sold with your identity...
I wish it was only the financial data that's making the risk right now. It's so much bigger for 100Mo registered SONY users...
I have personally already taken steps to avoid anyone to use my personal data against me. Called my bank to inform them, been to the police and been to my mobile telephone provider to take measures no one can use /change my data (I have a very beautiful premium phonenumber). Now it's just wait and see what will happen and how much shit will come my way *hopes nothing at all*
It's an acceptable practice when you have non-critical systems.
I have been in the IT for over 12 years! non-critical systems you can slack a bit with security updates and do it less often.
But in every company I have worked, every assignment I have done so far! Critical and sensitive systems were always running the latest updated software (not talking about OS) and security updates / patches !
When you are running systems that contain sensitive and personal information from millions of users, you have the obligation as a company to handle that with utmost care and responsibility! Make sure you run the latest software, security updates and patches!
That on such a critical environment they were running Appache software that was outdated with known vulnaribilities is a crime on itself! Total neglegance on their part!
That is why this whole debacle is going to have a very looooooooong tail with law suits and Class Action Law suits coming from everywhere against Sony and SOE.
The wording of your post is a bit off. Nobody had to be told by an outside security firm... the hired an outside security firm to confirm their findings. Which oddly enough would be "the standard" to have your data verified by another party. In other words its probably the one "right thing" they did.
I agree that there is no excuse for customer data being obtained. I agree that they have pissed off a lot of customers (I'm a former swg player among other soe games). However, being a pissed off former or current customer tends to cloud these posts.
We also as far as I know do not know how the system was compromised. So who is to say security measures slid? Perhaps one of those former employees left some presents within the system.. who knows at this point. I have worked for three different companies that had security issues that were former employees ways of "getting even". That doesn't mean this is the case but its much easier to be secured from the outside than it is from the people that are supposed to secure the system.
I'm not really an SOE fan, I came to this site because of SWG. You know to rant and stuff about SOE etc that's what most of us did when I first came here. However, when I read this thread.. I thought I would offer a different point of view.
CC I could live with from 2007 as any of those cards wouldnt exist anymore but now to hear of the 10,700 Direct Debit details being stolen is outrageous thats people bank accounts.
Knowing the UK is one of the countrys affected and the fact I had 14 accounts to SWG, EQ2 etc in 2007 then its extremely worrying.
WTF are we supposed to do change our banks that we have built relationships with over 10+ years.
That is why you have to call your bank immediately and go to the police!
This is the scary thing with this amount of personal data being stolen. They basically got enough details from you as person to potentially cause a lot of damage and misery on your person.
That is what basically identity theft is about and why it is so scary! As you will have to proof that it wasn't you, but someone else impersonating you.
(mod edited)
And those of us who aren't current subscribers get ... ?
We got our info stolen too. I played DCUO at release for the free month and is the first and only SOE game I've ever played.
I let that sub expire but now you're telling me they stole all my personal information, login info and password used and that there's "no evidence" of the main CC database being compromised but you haven't done a security audit yet? and this is after the PSN debacle? WTF?
Obviously, I have no reason to believe that's true either and will likely have to contact my bank.
That's a hell of a lot of hassle for your lax IT standards. It's even better that they're leaving their station server down so people can't even check to see which login they used to know if they need to change it elsewhere.
Currently Playing: Perpetuum
MMOs Played (most time spent to least): World of Warcraft (BG/Open world PvP focused), Lord of the Rings Online (PvMP focused), Warhammer Online (BG PvP focused), Global Agenda, Age of Conan, DC Universe Online (PvP focused), Runes of Magic, Allods, Aion, Fallen Earth
I'm sure you guys have infrastructure setup in different ways but even on critical systems, software vunerability is mitigated through multiple layers.
Latest patch/hotfix might introduce another bug. The bad thing with this is that your IT personnel does not know what that bug is, so they can not mitigate the risk.
Security and risk go hand in hand. Software that is known to have certain bugs but not others is vastly superior in terms of risk compared to the latest software patch that was released 24 hours ago.
Gdemami -
Informing people about your thoughts and impressions is not a review, it's a blog.
Stuff that I'm away to hire a Ferrari for a day go on a shopping spree and have a few days on the lash all on my CC's and then blame sony
True, but when you run online services and do it on outdated apache servers with "known" vulnaribilities. Sorry, but then you are really start making it easy for them to hack into your systems and bypass your firewalls.
LOL!
they giving a free month to inactive accounts by chance? might be nice to jump into eq or vg again for a bit to see if I care to resub.
you would want to resub after this epic fail?
It could be worse. They could have just given everyone a free copy of Vanguard: Saga of Heroes.
I fail to see how this can be a bad thing... Imagine 24.6 million users at once in Vanguard oO
Gotta love the way you guys are bitching about SOE and its bad software.
My credit card was hacked way back when i used to play WOW do you think BLizzard offered me anything no they told me to buy a authencator and change all my details.
Rift was hacked at the begining they gave us a free month.
All online software is vunable to hacking and there is no way anybody can stop it. Thats why i allways use disposable cards and i live in europe so dont say you cant get it here.
SOE have some of the best games and just cause they have been the victums of hackers you shouldnt give in to the hackers and stop playing there games.
You only have yourself to balme if your credit card or bank details are in danger. Have you guys not seen stuff like pay pal or cards where you load money on them to use online.
Actually my old cc information from 2007 is still valid. My card wasnt due to a reissue for a long time still. 6 yrs and counting. So yeah perhaps visas in some countries in europe are valid longer than you are used to where youre from. But dont asume they have all naturally expired, altho some ofcourse will have. I have now had mine closed and reissued a new one early.