Anonymous Claims To Have Hacked Sony PSN Again 239
hypnosec writes "Anonymous has claimed a new attack on Sony's PlayStation Network, and this time around it seems they have information from nearly 10 million user accounts. As a proof of the hack they dumped more than 3000 credentials online in the form of a pastebin post. The notorious hacktivist group is claiming that the entire set of hacked credentials contains over 10 million PSN accounts and that the file is of around 50GB."
Update: 08/16 13:12 GMT by S : Sony has denied this claim.
Screw you, anonymous! (Score:5, Insightful)
Re:Screw you, anonymous! (Score:5, Insightful)
That's the thing about poor security, Anonymous isn't the only one that was able to access the credentials. Perhaps you should be wondering why Sony isn't storing your hashed password in a salted format -- it appears to be a SHA1 hash represented in base64. Who else had access to your information that didn't advertise it to the world, and for how long? That's where your concern needs to be.
Re: (Score:2)
Re: (Score:2)
Re:Screw you, anonymous! (Score:5, Informative)
Sure, and I want to live my life without Sony lobbying governments to fuck up the internet, but thanks to people like you giving them money I can't.
Besides, it's not as if Sony has a great track record of keeping your data safe so why do you keep putting it in their hands in the first place? Honestly, if a company can't notice 50gb of sensitive data flying out of it's network it has to have a pretty high degree of incompetence.
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
I guess it depends what country you are in. In the UK I think the repeated displays of ineptitude by Sony in holding your data secure would be grounds enough to be able to cancel your account and demand a refund for any content you would hence no longer have access to. The small claims court here is quite effective at dealing with those sorts of cases and the time/cost for using it is pretty low (£20 IIRC which you can claim back if you win). Many other countries have a similar thing.
Re: (Score:2)
I'm effectively stuck with Sony
And who's fault is that? It's not like Sony was still a paragon of virtue and responsibility when the PS3 came out.
You either already knew what you were getting into and didn't care, or you were ignorant if who you were dealing with. In either case, you've got nobody to blame but yourself.
--Jeremy
Re: (Score:2)
Re: (Score:2)
With a company as Big as Sony I wouldn't be surprised if there is a guy who Works there is part of Anonymous. Oh I need to do maintenance on the server today. While he is doing maintenance plugs in a USB Disk... (Heck an iPod or a Cell Phone could hold the data) and copies the data down.
And how Dare people who do not have the same political priorities and views of you not alter their lives to match you views. "Freedom for speech just as long as you are saying what I want to hear!!!"
Re: (Score:2)
"And how Dare people who do not have the same political priorities and views of you not alter their lives to match you views. "Freedom for speech just as long as you are saying what I want to hear!!!""
That's a rather ass-backwards way of reading the discussion. I simply made the point that I suffer when he funds Sony, so why should I care when he suffers for funding Sony?
I didn't say I expect him to change, I'm just saying don't expect sympathy when not changing comes back to bite you. It's a two way street
Re: (Score:2)
I agree that any impact I suffer is probably fairly small, but there is impact all the same.
As I say, Sony is one of the biggest forces in the RIAA lobbying to take away internet freedoms, lobbying to allow for site blocking, pushing court cases here in the UK to block sites like The Pirate Bay.
The cost to me isn't necessarily explicitly and directly financial, the cost may not even be tangible in some cases (I never used The Pirate Bay anyway), but there is a cost to my freedom to choose to visit now block
Re: (Score:2)
record of keeping your data safe so why do you keep putting it in their hands in the first place? Honestly, if a company can't notice 50gb of sensitive data flying out of it's network it has to have a pretty high degree of incompetence.
50 GB is nothing to data traffic on a game server.
Re: (Score:2)
Your statements are full of logical holes but most substantially, how about you make a guess as to what percentage that 50GB is of Sony's hourly bandwidth usage.
Go on, I'm waiting to hear how substantial you think it is.
Re: (Score:2, Insightful)
You should be thanking Anonymous for making you aware of how poorly Sony is protecting your personal data. After all, if those guys can get in then I'm sure people who do it for more than just lulz can too.
Re: (Score:2)
Re:Screw you, anonymous! (Score:5, Insightful)
Thanking Anonymous for stealing my credit card info to demonstrate Sony's/Stratfor's/whatever's poor IT practices is akin to thanking an arsonist for burning down my house to demonstrate that it's flammable.
There's not a shred of morality or good intention in Anonymous. None. They're vandals and thieves who never got over resenting authority figures when they were 13. Having the ability to run Metasploit against a video game host doesn't change the basic mindset.
Re: (Score:2)
Thanking Anonymous for stealing my credit card info to demonstrate Sony's/Stratfor's/whatever's poor IT practices is akin to thanking an arsonist for burning down my house to demonstrate that it's flammable.
Poor analogy. The better analogy is that you are renting that house, and the landlord is obligated as a condition of your rental agreement to ensure that your house is properly flameproofed to prevent it from burning. An arsonist informs your landlord that your house is not properly flameproofed and can indeed burn.The landlord does nothing. The arsonist *then* burns your front door as a means of publicly demonstrating that none of the other houses your landlord owns are properly flameproofed, either.
This a
Re: (Score:2)
Not that I disagree with your sentiment, but my point was that since the first round of Anonymous attacks didn't make a dent in how Sony operates, that actions less severe aren't going to hurry along any changes by Sony, either.
Re: (Score:2)
Nope, Anonymous only pointed out that your house has probably already been burnt, you just dont know it yet.
Re: (Score:2)
never got over resenting authority figures when they were 13.
That was only like a year ago, cut them some slack!
Re: (Score:2)
Your house? It's more like the house of some robber baron or sweat shop owner. Who just so happens to run the local gladiator stadium that gives you the occasional complementary beer. And they technically just set fire to the stadium only, not even the house.
Besides which, nobody told you to give Sony your information, especially with their track record. And then you've got the galls to come here and tell us you still give them money, even with all the crap they keep pulling.
If the hacked into your computer
Re: (Score:2)
Cyber-terrorists? (Score:3)
Re: (Score:2)
Honestly? I'm not really dissatisfied with what I've bought from Sony. I'm a little dissatisfied with some of their business choices, but the games I've bought are fine thanks. I happen to actually like them. I didn't do anything wrong by buying them, no matter what you and those like you want to claim.
If I'm deprived of them by any illegal action of Anonymous, then I expect to get them back at some future time. If you actually believe in what you wrote in your final paragraph, you're by far a bigger fool t
Re: (Score:2)
Re: (Score:2)
Yes, you approve of their illegal methods. Otherwise, you wouldn't be defending them.
Re: (Score:2)
cyber-terrorists
I strongly doubt this event has induced terror in you, or was intended to. Stop using the word "terrorist" as a scare word. I suggest "paedophile", it has more of a universal revulsion factor when trying to demonise people.
If you're going to criticise someone for something, criticise them for what they've actually done.
Re: (Score:2)
Terrorism is the attempt at political change through violent means.
Given that no violence has occured and sony are not a political entity, you've just defeated your own claims.
hacking in and stealing private information is violent. Cyber-violent.
You're redefining words to prop up a spurious argument, and concocting new ones out of whole cloth for the same reason. Cyber-violent?
I assume you wont reply to this, which I take as concurrence
Whether or not I care to reply isn't influenced by inane posturing like that. I am however becoming supicious that the sheer overt stupidity of what you're saying is an indication that you're merely a troll attempting to bait a response.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
For every hack that Anonymous does, there's probably dozens of others that you don't hear about.
Same as vulnerable software - just because someone reports it to you doesn't mean you can ignore it - you can bet others have found it and may be exploiting it, just
Re: (Score:2)
Those assholes really need to think about who they are hurting with this crap. It is the users, like me. I've got a substantial amount of PS3 games, both from PSN and retail. I just want to use them in peace without veing harassed by cyber-terrorists!
Considering that Sony rooted my computer with their XCP trojan and vandalized my system, and removed (stole!) OtherOS from people who had already paid for it, it's impossible to use ANY Sony product without being harassed by cyber-terrorists. Sony are cyber-ter
Re: (Score:2)
It's easier for me to take this stance, though. I dropped Sony many years ago for other unrelated ass-hattery, so I don't need to worry about any of this. The sooner everyone else drops them, the sooner they can sleep a little easier knowing that Sony can't hurt them any more.
Re: (Score:3)
Do we need to draw attention to this on Slashdot? (Score:5, Insightful)
Even if this is true, and PSN was compromised, what's the point? This benefits no good cause, and Sony isn't even the one being exposed here -- its users are.
Anonymous is repeating the mistakes of Cablegate; releasing private information of parties who didn't ask to be involved. That's bullying, not hacktivism.
Re: (Score:2)
Even if this is true, and PSN was compromised, what's the point? This benefits no good cause, and Sony isn't even the one being exposed here -- its users are.
Anonymous is repeating the mistakes of Cablegate; releasing private information of parties who didn't ask to be involved. That's bullying, not hacktivism.
It depends. If this is the only way to show that Sony doesn't give shit about security, then this is the way. They released 3000 credentials. If they release the 10 million, that's another case. But anyhow, Anonymous is not about going the diplomatic way.
Re: (Score:2)
Nonsense. They shouldn't release anyone's private credentials. Whether it's 3,000 or 10,000,000, the damage for any one individual is the same.
If they are able to crack PSN and there is work Sony should do to fix things, then they have other options.
- Tell Sony, see if they fix it
- Failing that, tell an independent person - a trusted reporter or other third party. Then that third party can confirm the leak and Sony will have to answer for their problems.
As someone with more than a few accounts online (inclu
Re: (Score:2)
The only thing this kid has defeated, is everyones critical thinking. Google the first hash on the list. View all the search results. See anything?
Re: (Score:2)
This list: http://pastebin.com/hhU8Q9di [pastebin.com]
Whoops! (Score:5, Funny)
Sonic is really going to have to hurry to get all those rings back! I hate this level!
Fail. (Score:5, Informative)
Proven false.
* the document of leaked data linked to in the Twitter account appears to be identical to one posted on the Internet back in March.
* Anonymous has deleted the Tweet claiming that it hacked the PSN.
* Direct statement from Sony: "We’ve confirmed that the recent claim that PlayStation Network was illegally hacked and that customer passwords and email addresses were accessed is completely false."
Re: (Score:2)
I've seen the pastebin from march (Or was it february? I'm not entirely sure). I can't find it in my twitter feed atm though.
It's just a kid trying to scare people.
Re: (Score:2)
Linky: http://pastebin.com/HUjZPaF3 [pastebin.com]
This could be...not good (Score:2)
Fool me once, shame on you and all that. The first time they could be excused a little by having put too much faith in their internal systems. If this is true, there can be no excuses left.
Sweden? (Score:2)
Seems like all the email adresses are for Swedes. Wonder what they've got against Swedes.
Re: (Score:3)
Seems like all the email adresses are for Swedes. Wonder what they've got against Swedes.
I dunno .. maybe because of that little thing between Julian, the UK, Sweden and Ecuador?
Re: (Score:2)
Because the list is from a different hack, not PSN. This scriptkiddie just copy-pasted a credentials list from march. Here: http://pastebin.com/hhU8Q9di [pastebin.com]
Sony's says this is fake (Score:5, Informative)
Last night someone claiming to be a member of Anonymous posted what was alleged to be information obtained from 50GB of compromised PSN data, but it turned out the data was the same as that released last year when PSN was hacked. "We've confirmed that the recent claim that PlayStation Network was illegally hacked and that customer passwords and email addresses were accessed is completely false," assured Sony in a statement.
Re: (Score:2)
isn't that what they said last time?
Re: (Score:2)
Except the march hack claims to be from a university: http://pastebin.com/hhU8Q9di [pastebin.com]
Pavlovian Response (Score:4, Funny)
The last time that this happened Sony gave me two free games. Now that it appears to have happened again my initial thoughts are regarding more free games. Somehow I don't think that this response is intentional on Sony's part.
Re: (Score:2)
The last time that this happened Sony gave me two free games. Now that it appears to have happened again my initial thoughts are regarding more free games. Somehow I don't think that this response is intentional on Sony's part.
It's the new marketing strategy. You are conditioned now. The hack is a hoax. You want games. Sony wins! HAHAHAHAHAHA!!!!!!
Probably not true.. Sony has best security (Score:5, Funny)
I can't imagine this is true.. Sony has always been on the cutting-edge of security tech. I mean this is the company that designed the text-based CAPTCHA:
http://pro.sony.com/bbsc/jsp/forms/generateCaptcha.jsp [sony.com]
Right click is disabled so it's impossible to crack.
Re: (Score:2)
Wait what? Right click is disabled? Was that foiled my noscript running on my browser?
Re: (Score:2)
Holy shit, that's incredible. They've invented a Captcha that's easier for a bot than for a human. I can only assume that they never figured out what CAPTCHAs were for, and assumed that their sole purpose was to annoy users.
Re: (Score:2)
Re: (Score:2)
Wow.. you're a really talented hacker. But be careful about posting exploits like that or you might be prosecuted for unauthorized computer access.
Of course it's fake (Score:2)
Most of the time its silly (Score:2)
Most of the time I think of Anon's actions as pointless vandals, best discouraged.
When the f**k with Sony though I can't help but cheer them on.
It Seems (Score:2)
Re: (Score:2)
Some people have pointed out that this hacker claim may be fraud. If true, how can you claim "Sony still cannot get it right" ?
Sony screwed up, and probably spent millions hardening their security, and will have to continue to do so. Time will tell if they have done enough. Bit if this is an invalid claim, and Sony weren't hacked, how did they get it wrong?
Re: (Score:2)
It is a fraud. http://pastebin.com/hhU8Q9di [pastebin.com]
So, the headline ought to be (Score:5, Insightful)
"Someone claiming to be from Anonymous claims to have hacked PSN."
Re: (Score:2)
"Internet web site speculates about someone claiming to be from Anonymous claiming to have hacked PSN."
Editor: "Run it!"
Re: (Score:2)
Log in Credentials (Score:2)
I think I should ask them for my password, I changed it after the last attack and now can't remember it.
Re: (Score:2)
Re:Why do people still use Sony (Score:5, Informative)
There was no hack. This is the same credentials list, posted in march: http://pastebin.com/hhU8Q9di [pastebin.com]
Re:Why do people still use Sony (Score:5, Insightful)
Depends on which people you are talking about.
The public at large doesn't give a shit about this kind of thing, which isn't really all that unreasonable. The slashdot crowd is very privacy/security conscious.. the general publis is not. Lest we forget when the network was hacked the first time around, the biggest, loudest complaint was not that CC info was leaked, along with personal details, but that the network was down and people couldn’t play the games they paid for.
Even the rootkit thing. Again, the biggest reaction from the general public, even with all the news coverage, was “well that was naughty of them..”.
Almost all companies are evil. Sony happens to be evil in a way that is perceived as particularly bad by the Slashdot community, but perceived as status quo by the general public.
And of course, even if everyone that even remembers the rootkit thing stopped using Sony for the rest of their life and recommended to all their friends that they do the same, wouldn't make a dent in the profit statements. Which means they don't care about us either!
Re:Why do people still use Sony (Score:4, Informative)
The public at large doesn't give a shit about this kind of thing, which isn't really all that unreasonable. ... Lest we forget when the network was hacked the first time around, the biggest, loudest complaint was not that CC info was leaked, along with personal details, but that the network was down and people couldn’t play the games they paid for.
Indeed. I made the mistake of answering "because Sony is evil and deserves it" to a comment "Why?" on the Kotaku forums.
That started off a rather nasty flamewar, but most of the counter-arguments boiled down to:
1) Accusing me of being an XBox fanboy (which apparently invalidates your opinions). They also often said that hackers must also be Microsoft fanboys, as Microsoft never gets hacked and they're "just as evil" as Sony.
2) Accusing me of being a troll ("obvious troll is obvious" was said at least once without a trace of irony)
3) Saying that the only people being hurt are Sony's customers, not Sony themselves (somehow not realizing the implications - if customers keep getting attacked, they aren't likely to continue being customers)
4) Saying that nobody ever used Linux on the PS3 and that Sony was 100% justified in removing it
And in one memorable case, bringing up Hitler, trying to minimize Sony's "evilness" by comparing it to that.
So no, none of "the general public" consider anything Sony does to be evil. They could probably kill a few people and people would care more about whether they can play their Final Fantasy XIII-2 DLC or not.
Re: (Score:2)
Last time I checked, the entire company was losing money, except the divisions where these privacy "black eyes" occured. The entertainment side of the business which was doing quite well, it was mainly the hardware side that is losing which isn't tied at all to the various evils we all talk about.
Re: (Score:2)
Sony claims the 'hack' is fake... (Score:4, Informative)
Re: (Score:2)
And it can be confirmed too. This is the same credentials list: http://pastebin.com/hhU8Q9di [pastebin.com]
Note the date on that pastebin...
Re: (Score:2)
Why are people still using Sony? They have done so much evil and have clearly shown that they don't care about protecting their users/customers. Do people really like to be abused that much?
Perhaps because there's not a great alternative available? If you like console gaming, then there's Sony, Microsoft, and to a lesser extent, Nintendo. I certainly wouldn't consider Microsoft any less evil than Sony. Nintendo, maybe - but their consoles aren't really the same thing as the similar 360/ps3... I guess people could give up console gaming entirely, but to just gripe that Sony is evil is a bit narrow sighted. Personally, I prefer PC gaming.. however at the moment that still means either play
Re: (Score:2, Redundant)
Exactly what evil has Sony done pretty please?
They invented My First Pony!
Re:Why do people still use Sony (Score:4, Informative)
Off the top of my head we can start with rootkit CDs, locking users out of their PSN accounts and denying them products they've already paid for, removal of the Other OS and poor security.
Re: (Score:3, Insightful)
So to punish Sony for hurting their customers, Anonymous hurts Sony customers. But Anonymous is stealing credit card info for YOUR benefit!
Good going, guys. Way to take the moral high road and to convince the public to support you. What's next, scrambling blood types in breached medical records databases to teach insurance companies a lesson with dead patients, so you can portray yourselves as Robin Hoods with a pile of bodies?
Re: (Score:3)
...But Anonymous is stealing credit card info for YOUR benefit!...
Where does TFA state that? Anonymous didn't mention anything about credit card info that I was able to see. Maybe its been modified in the time between when you read TFA and when I read TFA. Oh... wait...
Re:Why do people still use Sony (Score:4, Interesting)
1) I was stating several events where Sony had done something "Evil". Don't confuse disdain for Sony as approving of Anonymous actions.
2) I have a PS3, although I haven't used it since the Other OS fiasco, I'm affected by this.
3) No where has anyone said Anonymous has credit card info, there's a difference between Credentials and Credit Card info
Re: (Score:2)
I... don't think you understand how these Anonymous guys work.
They are doing it for no benefit except themselves. Because they want to see Sony burn, in this case. Just because they might be attacking someone you don't like doesn't make them your ally.
Re: (Score:2)
Is this evil? It looks like S&M between two consenting individuals, since people know about Sony's propensity for heavy handiness and yet they still pay them money for it and seem to find pleasure from it.
It's disturbing when you really think about it.
Re: (Score:2)
Re: (Score:2)
The proper response to a hack is a lock-out. Do you know anything about computer security? Sony did the right thing. linkedin did not, nor did Amazon, or dozens of other hacked companies in the last few years. Locking down everything, fixing the holes and then bringing it back online is the right response.
They also gave away lots of value in free games and services as an apology afterward.
Re: (Score:2)
I made good use of the Other OS before my wife and cousin accidentally updated my system after they rented a BluRay that forced a system update so they could watch it.
But effectively I was told if I didn't get ride of the other os I could not access my PSN account and the games I had boug
Re:Why do people still use Sony (Score:5, Informative)
Re: (Score:3)
You know that until recently, Sony Music (who makes those CDs) has almost nothing to do with SCE* which distributes the PS3, right?
Also, the Playstation allows ripping of music from CD and then transferring it to a USB device without hassle -- obviously not the same attitude as Sony Music, but keep the blinders on if you want.
Re: (Score:2)
Re: (Score:2)
You forgot The Lik Sang saga [lik-sang.com]. Sony shut down the hardware importer Lik Sang [wikipedia.org] because they were importing PSPs (when they were new) from Japan for sale in Europe. On what basis did Sony Sue them? They sued them by claiming that Lik Sang was selling devices that were "unsafe" in Europe. They also sued them from different countries in different languages. Lik Sang could no longer afford to defend itself and thus folded.
Re: (Score:3)
The Rootkit DRM
Price fixing of CDs
Everything SOE (their subsidiary) has done since they bought Verrant has been pretty evil.
Re: (Score:2)
Re: (Score:3)
The OS (and kernel) weren't to blame in most of those cases. Web servers on any OS can be insecure if they allow SQL injection or cross-site scripting attacks. Putting bad code on a web server doesn't mean the OS is inherently insecure.
Re: (Score:2)
Its becoming like finding holes in a fishnet.
A hole in a fishnet is a feature, and I'm not kidding. Without those holes, it would become useless. So better find a car analogy!
Wow... you are dumb (Score:3)
Finding holes in a fishing net is a saying, meaning it isn't any kind of challenge. Like finding freckles on a redhead.
Re: (Score:2)
"Nobody Seems To Notice and Nobody Seems To Care."
About crackpot conspiracy theories posted on Slashdot in a hideously verbose article (and I'm one of the worst culprits for verbosity)? Damn right.
Now, please go away. If the government want in to my computer, they will get it. Chances are that I detect the attempt but even if I didn't, so what? What precisely do you think will happen that wouldn't have happened without intrusion into my personal computer?
P.S. tampering with boot sectors is a DUMB way to
Re: (Score:2)
Because Anonynous are not the only ones able to access the data. If someone else used this security hole, they might not have said anything, or they could have released the whole database.
Re: (Score:2)
What, exactly, is Anonymous attempting to do by hacking Sony? What, exactly, started them hacking Sony and what was their end goal?
Re: (Score:2)