Everyday breachesSony's gaming network hacked, Microsoft's follows suit
Gamers are in a frenzy over Sony’s announcement that its PlayStation network security had been breached, resulting in the exposure of a large amount of each user’s personal and financial information; the first of an expected flood of lawsuits, as well as class action is filed in U.S. District Court; Microsoft announces an exploited vulnerability in one of their game titles leading to phishing attempts, and acknowledged that previously banned “modded” consoles were attaching to the network again
The portal to the PlayStation network // Source: gameinformer.com
Gaming devotees of Sony’s PlayStation network are fretting over the revelation that the company’s security has been breached. Users of the system, up to seventy-seven million of them, have been exposed to having vital personal and financial information fall into the hands of hackers.
The PlayStation network provides online gaming and movie download services to its subscribers. In a statement on the PlayStation Web site, the company advised users of the popular entertainment network to be aware that personal information, such as name, address (city, state, zip), country, e-mail address, birth date, password and login, and handle/PSN online ID.
Sony said that it is also possible that any given user’s profile data, including purchase history and billing address (city, state, zip), and PlayStation Network/Qriocity password security answers may have been obtained. If the user had authorized a sub-account for a dependent, the same data with respect to the dependent may have been obtained.
Sony maintained that there is no evidence indicating that credit card information had been obtained, they also refused to rule out the possibility, indicating that the credit card account number, along with the expiration date, may have fallen into the hackers’ hands.
Sony also warned that with so much personal information exposed, customers should be vigilant against lower-tech events like phishing and human engineering attacks.
The Los Angeles Times reports that Sony spokesman Patrick Seybold said that the company learned of the breach on April 19, and subsequently shut network services down.
Seybold then went on to say that Sony brought in outside consultants to conduct a several-days-long forensic analysis to understand the nature and scope of the breach. The company then shared that information with its customers.
The repercussions have already begun. Cnet.com reports that the first lawsuit has been filed in U.S. District Court for the Northern District of California on behalf of a Birmingham, Alabama man, accusing Sony of failing to take “reasonable care to protect, encrypt, and secure the private and sensitive data of its users,” and of allowing too much time to pass before notifying customers, thereby not allowing them to take steps to protect themselves in a timely manner.
Microsoft, maker of PlayStation’s competitor X-Box, initially took a position of publicly ignoring the the Sony tempest. However, they have now announced their own security problems.
Microsoft announced via its Xbox Live status page that one of its game titles, Modern Warfare 2, has been exploited by hackers so that users will receive an in-game message asking for personal information that is, in reality, a phishing attempt.
Adding to the embarrassment of being hacked in such a way, the Guardian reports that dozens of “modded” Xbox 360 game consoles, that had been previously banned, were again able to access the Xbox Live network.
Modding is the term of art for the modification of a game console so that it will run pirated software and unofficial applications. Microsoft periodically scans the network for such machines, and suspends or cancels the machine’s account so it is unable to access the network