http://www.gamepolitics.com/2011/05/02/sony-online-entertainment-services-taken-down

from TFA:


Sony Online Entertainment's various services seem to be down and a message on the official site (http://maintenance.station.sony.com/) does not give much information on the particulars. According to a short post on the site, the services were taken down after an investigation revealed a deeper "intrusion" than expected at first. This is the first we have heard that Sony's MMORPG arm had some sort of security breach. Below is the message from the official site:
"Dear valued SOE Customers,

We have had to take the SOE service down temporarily. In the course of our investigation into the intrusion into our systems we have discovered an issue that warrants enough concern for us to take the service down effective immediately. We will provide an update later today (Monday)."
This could be part of Sony's plans to beef up security for the PlayStation Network, but this message seems to indicate that something more serious going on.
It could be that PC game p[layers may have something to worry about, but we hope that is not the case. We will have more on this story as it develops.
Anyone playing SoE stuff may want to keep a close eye on their credit cards. Sony has already said 10 million credit cards may have been exposed (http://latimesblogs.latimes.com/technology/2011/05/sony-apologizes-says-10-million-credit-card-accounts-may-have-been-exposed-in-network-attack.html) (from PlayStation Network breach)

Fucking wonderful.

http://www.soe.com/securityupdate/pressrelease.vm


Tokyo, May 3, 2011 - Sony Corporation and Sony Computer Entertainment announced today that their ongoing investigation of illegal intrusions into Sony Online Entertainment LLC (SOE, the company) systems revealed yesterday morning (May 2, Tokyo time) that hackers may have stolen SOE customer information on April 16th and 17th, 2011 (PDT). SOE is based in San Diego, California, U.S.A.
This information, which was discovered by engineers and security consultants reviewing SOE systems, showed that personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007. The information from the outdated database that may have been stolen includes approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain.
With the current outage of the PlayStation® Network and Qriocity™ services and the ongoing investigation into the recent attacks, SOE had also undertaken an intensive investigation into its system. Upon discovery of this additional information, the company promptly shut down all servers related to SOE services while continuing to review and upgrade all of its online security systems in the face of these unprecedented cyber-attacks.
On May 1, Sony apologized to its customers for the inconvenience caused by its network services outages. The company is working with the FBI and continuing its own full investigation while working to restore all services.

Sony is making this disclosure as quickly as possible after the discovery of the theft, and the company has posted information on its website and will send e-mails to all consumers whose data may have been stolen.
The personal information of the approximately 24.6 million SOE accounts that was illegally obtained, to the extent it had been provided to SOE, is as follows:


name
address
e-mail address
birthdate
gender
phone number
login name
hashed password.

In addition to the information above, the 10,700 direct debit records from accounts in Austria, Germany, Netherlands and Spain, include:


bank account number
customer name
account name
customer address.

SOE will grant customers 30 days of additional time on their subscriptions, in addition to compensating them one day for each day the system is down. It is also in the process of outlining a "make good" plan for its PlayStation®3 MMOs (DC Universe Online and Free Realms). More information will be released this week.
Additionally, the company is committed to helping its customers protect their personal data and will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs. The implementation will be at a local level and further details will be made available shortly in each region.
Sony Online Entertainment LLC (SOE) has been a recognized worldwide leader in massively multiplayer online games since 1999. Best known for its blockbuster hits and franchises, including EverQuest®, EverQuest®II, Champions of Norrath®, PlanetSide®, Free Realms®, Clone Wars Adventures™, and DC Universe Online™, SOE creates, develops and provides compelling online entertainment for virtually all platforms, including the PlayStation®3 Computer Entertainment System, Personal Computer, mobile and social networks. SOE is building on its proven legacy and pioneering the future of the interactive entertainment space through creative development and inspired gameplay design for audiences of all ages. To learn more, visit www.soe.com (http://www.soe.com/).
For more information and update about the SOE services, please visit www.soe.com/securityupdate (http://www.soe.com/securityupdate).

Just my thoughts, not important stuff. I think they pissed off moders/hackers with the lockdown of the PS3. So they are trying to get back at them. The GeoHot person said he doesn't approve of hurting other people, he just wanted to do what he wanted on his machine. But, if you mention you are pissed to the wrong people and they take it the wrong way, they might try to help you out by doing something you wouldn't have done. I don't hate Sony, but I don't think they should have picked a fight if they didn't want to have a fight.

Man if my guy with 6 million plat on him from EQ gets hacked I gonna sue.

I haven't had an active SoE account for a few years but apparently they kept that info on record.
Changed all my passwords just in case. I think the credit card numbers would be old ones by now.

So my name, address, e-mail, credit card, account name and passord is hacked/stolen and thus traceable to me at home and for sale on the internet along with everyone else and they think 30 days game time for a fucking game is adequate compensation?

So I have 30 days free time on my seven EQ accounts!
I should download the client, or however the install process goes...
And play for a month!

If your account has been inactive for a few years where do you log in?

So my name, address, e-mail, credit card, account name and passord is hacked/stolen and thus traceable to me at home and for sale on the internet along with everyone else and they think 30 days game time for a fucking game is adequate compensation?
get a new credit card number from your bank if your'e worried. It will cost you nothing except some time on the phone. what more compensation do you think you deserve? they got your CC # - so does every waitress and cashier you've handed it to except the waitress/cashier actually has your 3 digit security code as well. the sky is not falling.

get a new credit card number from your bank if your'e worried. It will cost you nothing except some time on the phone. what more compensation do you think you deserve? they got your CC # - so does every waitress and cashier you've handed it to except the waitress/cashier actually has your 3 digit security code as well. the sky is not falling.
So, it's completely okay that Sony let this happen and they should just be able to walk away from all of this scot-free? What if
PayPal treated bank accounts and credit cards the same way that Sony did? Would they be in more trouble? What if your bank
was following the same unsecure procedures that Sony had. Would it matter then?

I'm pretty sure that waitress isn't stealing CC#'s and selling them to the highest bidder. If you don't care maybe you should
just walk around with your credit card information on your shirt.

get a new credit card number from your bank if your'e worried. It will cost you nothing except some time on the phone. what more compensation do you think you deserve? they got your CC # - so does every waitress and cashier you've handed it to except the waitress/cashier actually has your 3 digit security code as well. the sky is not falling.

The difference is that in Sony's case, all these stolen datas now are guaranteed to be in the hand of ill-intentioned people who aimed for the thief ...

get a new credit card number from your bank if your'e worried. It will cost you nothing except some time on the phone. what more compensation do you think you deserve? they got your CC # - so does every waitress and cashier you've handed it to except the waitress/cashier actually has your 3 digit security code as well. the sky is not falling.

My time must be A LOT more valuable than your time. As someone who just went through the process of switching banks and getting all new credit cards it was a giant hassle and a good bit more than "some time on the phone"

I second what Daeri and Fenril have said above.

I tried to get to the EQ website to make some account changes and every address I try redirects to the SOE press releases. So I guess everything is frozen for the time being. I wonder if they wipe all the auto-pays on file and make everyone redo them?

lol like it helps after the fact that they wipe account pay info.

It means I don't have to login and wipe it myself. I am feeling real lazy about account management.

From my understanding, there were 2 seperate attacks. The one hitting the PSN secured systems, and then another hitting the SOE secured systems. The PSN attack did get credit cards from the PSN and Qriocity systems. However the SOE attack hit only user identity info and about ~22k credit/debit cards from Germany, Austria, Netherlands and Spain.

If you have a PS3 and never bought anything via it's store or Qriocity, your bank accounts should be ok from this perspective.

If you have a SOE account and are not in the above listed counties, your bank accounts should be ok from this perspective.

However, most everyone will have to worry about identity theft.

These stolen accounts have most likely already been sold to chinese gold farmers. I used an e-mail to sign up for the PSN
network a few months ago that I only use for 3 different things. I've had it for years and, believe it or not, I've never gotten
a spam mail. Just last week I received my first spam mail about my WoW accounts that don't exist on this particular e-mail.

In addition to that, my roommate, who owns the PS3, had used the same e-mail/password on his PSN account and his WoW
account and it was miraculously hacked last week. He was using the dial-in authenticator but now he's obviously moving to
a real one after this.

Coincidence?

From my understanding, there were 2 seperate attacks. The one hitting the PSN secured systems, and then another hitting the SOE secured systems. The PSN attack did get credit cards from the PSN and Qriocity systems. However the SOE attack hit only user identity info and about ~22k credit/debit cards from Germany, Austria, Netherlands and Spain.

If you have a PS3 and never bought anything via it's store or Qriocity, your bank accounts should be ok from this perspective.

If you have a SOE account and are not in the above listed counties, your bank accounts should be ok from this perspective.

However, most everyone will have to worry about identity theft.


Believing Sony would be the ultimate display of naivety.

I had a Steam authentication request sent to my email that I use for PS3 - just like 2 days ago. I can't even figure out how to change my stupid steam password.

Everquest and some others are back up. You are prompted to change your password upon log on. Secret questions not required for password change, this time.

Generic password reset form here (https://account.station.sony.com/cam/resetRequired/resetPassword!input.action?theme=soe&service=https%3A%2F%2Fauth.station.sony.com%2Flogi n%3Fservice%3Dhttp%3A%2F%2Feqplayers.station.sony. com%2Fj_acegi_cas_security_check%26theme%3Deqplaye rs).