Sony PlayStation Network Restart in Japan Blocked By Government

Sony will not be allowed to restart its halted online game services in Japan until it provides further information on what measures it has taken since an earlier hacking incident, a Japanese regulatory official said Sunday.

A Japanese government official said the country has not yet allowed Sony to launch PlayStation Network within its borders because of concerns over the security of the service.

"We met with Sony on May 6 and 13, and basically we want two things from them," Kazushige Nobutani, director of the Media and Content Industry department at the Ministry of Economy, Trade and Industry, told Dow Jones Newswires.

He listed two areas where it requires further explanation before approval will be given following the incidents regarding its PlayStation Network and Sony Online Entertainment videogame services.

"The first is preventative measures. As of May 13, Sony was incomplete in exercising measures that they said they will do on the May 1 press conference," he said, adding that he could not provide details on the outstanding issues for security reasons.

The second was in how Sony hoped to regain consumer confidence over personal data such as credit card information.

Sony began a limited and phased restoration of the services Saturday, bringing the company a step closer to normalcy following an attack on its systems that compromised personal information for more than 100 million user accounts last month. It said that it would begin bringing its PlayStation Network back online in the Americas, Europe, Australia, New Zealand, and the Middle East.

Related articles

• Japan says 'no' to PlayStation Network relaunch (news.cnet.com)

Sony Knew Software Was Outdated Three Months Ago

In congressional testimony this morning, Dr. Gene Spafford of Purdue University said that Sony was using seriously outdated software on its servers and knew about it approximately three months before, the company was informed by security experts monitoring open Internet forums that its version of Apache Web Server was out of date.

This version was unpatched and had no firewall protection of any kind.

Read the congessional testimony here (PDF)

Sony Blames Partially Anonymous For Security Breach and Data Theft

Sony has blamed the online vigilante group Anonymous for indirectly allowing the security breach that allowed a hacker to gain access to the personal data of more than 100m online gamers.

In a letter to the House Energy and Commerce Committee's panel on commerce, manufacturing and trade, Sony said the breach came at the same time as it was fighting a denial-of-service attack from Anonymous, also they discovered a file planted on one of its servers named "Anonymous" with the words "We are Legion," the tagline for the group that has brought down the websites of big corporations such as Visa, the letter said.

In response, Anonymous released a statement Wednesday denying the allegations, but did allow that individual members may have been involved.
"Sony is incompetent," the group said. "While it could be the case that other Anons have acted by themselves AnonOps was not related to this incident and takes no responsibility."

Related articles

• Sony blames vigilantes for breach (bbc.co.uk)
• Sony blames online vigilante group 'Anonymous' for security breach (thestar.com)

Sony Hacked Again 25 Million More Accounts Hacked

Hackers may have stolen the personal information of 24.6 million Sony Online Entertainment users.

More than 20,000 credit card and bank account numbers were also put at risk.

This in addition to the recent leak of over 70 million accounts from Sony’s PlayStation Network and Qriocity services.

Sony said that the compromised personal information includes customers’ names,
addresses, e-mail addresses, birth dates, gender, phone numbers, logins and hashed passwords.

Also at risk are the credit card numbers and expiration dates of 12,700 non-U.S. customers, plus 10,700 direct debit records from customers in Austria, Germany, Netherlands and Spain, containing bank-account numbers, customers’ names and addresses.

This information was stored in what Sony said was an “outdated database from 2007.”

Hackers may have had this information for more than two weeks now. The intrusion occurred April 16 and 17, Sony said.

 

As compensation for the Sony Online Entertainment leak, Sony said that it will give all of its customers 30 days of additional subscription time, plus an extra day for each day the servers remain down.

Related articles

• Sony Says 25 Million More Accounts Hacked (foxnews.com)
• Sony says 25 million more accounts hacked (seattletimes.nwsource.com)
• Sony says 25 million more accounts hacked (seattlepi.com)

Sony Details PlayStation Network Revival

Within a week Sony will turn on most features of the PlayStation Network and offer its customers a selection of free downloads.

The PlayStation maker’s online service for its PlayStation 3 and PSP consoles will come back online this week following a massive security breach in which the personal information of over 70 million accounts, possibly including credit card numbers, was obtained by hackers.

Here's what's going to be coming back, as well as details on the new security measures that they hope will prevent events like this from happening again:

• Restoration of Online game-play across the PlayStation®3 (PS3) and PSP® (PlayStation®Portable) systems
  -This includes titles requiring online verification and downloaded games
• Access to Music Unlimited powered by Qriocity for PS3/PSP for existing subscribers
• Access to account management and password reset
• Access to download un-expired Movie Rentals on PS3, PSP and MediaGo
• PlayStation®Home
• Friends List
• Chat Functionality

• Added automated software monitoring and configuration management to help defend against new attacks
• Enhanced levels of data protection and encryption
• Enhanced ability to detect software intrusions within the network, unauthorized access and unusual activity patterns
• Implementation of additional firewalls

All PlayStation 3 owners will have to download a system update and change their passwords before they will be allowed to sign in to the service again; all password changes must take place on the PlayStation 3 console on which the password was originally registered. This, says Sony, is an additional security

Sony has issued a press release read it here.

PSN: Credit Card Details For Sale

This just keeps getting worse by the day, hackers responsible for the PSN breach last week are attempting to sell users' credit card details online.

They claim to have the details of 2.2m Sony PlayStation Network users, including Credit card security numbers.

They are hoping to sell the credit card list for upwards of $100,000.

Read more here

What You Need To Know Right Now About The Sony PSN Hack

Sony revealed  additional information, about the hack

name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity passwords and login, handle/PSN online ID.

Note that the email addresses, logins and passwords also have been stolen from Sony

This is going to turn ugly considering that many users on the web use the same email and password combination on a lot of sites.

If you are a customer you need to immediately change your passwords on site where you may have used the same password, and your email account.

Furthermore Sony says that it is possible that profile data may have also been obtained, which would include purchase history and billing address. Worse, they cannot eliminate the possibility that created card data was taken as well.

That’s the worst case scenario, and there is not lot that users of the network can do at this time, but to actively monitor their credit card bills to check for unauthorized payments.

To protect against possible identity theft or other financial loss, remain vigilant to review your account statements and to monitor your credit or similar types of reports.

The data stolen could also be used in custom attacks as the attackers could use the user’s name and other information to make requests look legit.

Sony asks all users to change their PSN passwords as soon as the service goes online again.

A frequently asked questions section has been uploaded to the Playstation website which contains further information and support phone numbers.

With 70 million users, the data alone could be worth a fortune on the black market.



Final note:
1 - PSN users need to change their web account passwords immediately.
2 - You need to change the password of your email accounts if identical
3 - Monitor your credit card statements and account statements to make sure that no unauthorized payments are made from the accounts.