Tuesday, April 26, 2011

Sony PlayStation Network Unauthorized Intrusion Attack Damage is Still Not Known

As Sony finally broke the silence on why the Sony PlayStation Network had been down for a week, the Network had been hacked, new questions arise regarding the potential damage to the seventy million users that are members of the Network. The illegal unauthorized intrusion attack compromised for sure the user real name, complete address, birth date, E-mail, Network ID, password, user handle and the security question/answer. All the personable identifiable information data previously mentioned has been breached and as a matter of fact, confirmed by Sony. Sony warns that, at this time, the credit card names, billing address, card number and the card expiration date may have also been breached, but that they do not know that information presently. UPDATE: In a Blog release on April 28, 2011, Sony advises that the credit card data was encrypted (coded) and that there is no evidence it was stolen.UPDATE: In a blog release on May 07, 2011 Sony advises that another 24.5 million records related to users of Sony Online Entertainment were stolen. UPDATE: In a blog release on 07 May, 2011 Sony advises that 2,500 "old" records where also stolen, the information disclosed contained names and partial addresses of Sony customers who had participated in a 2001 sweepstakes.UPDATE: As of May 09, 2011, Sony beleives that there are no indication, as of this date, that the stolen data has been used by malicious hackers.

The Sony PlayStation Network had been in several previous hacker related incidents. None, as serious as this one. Some facts come to light; the site was down for a week without anyone being told that it had been hacked and that personal data had been compromised. This gave Sony and forensic criminal investigators time to research, detect and perhaps apprehend the criminal(s) individual(s), but at the same time, it left members identities in a compromised mode for a week, and worse, without the users knowledge. It all now depends on what the hacker(s) have done with the stolen data.

Sony itself, in the Blog Post warns users to prepare for a worse case scenario. That’s the same way that I advise my readers. If you are or know someone that is a member of the PlayStation Network, even if you have not used your account, but provided the credit information, we recommend that you take the following steps immediately:

(1)   If you are using the same PlaysStation Network password and security question/answer in other Websites or off line places, including banking places, change it.
(2)   Be extremely careful when opening e-mails and specially clicking on links in  e-mails, Facebook or Tweeter messages related to this breach, they may be a malicious scam.
(3)   Monitor your bank account regularly
(4)   If in the USA, consider using one of the free alert services provided by Expedia, Trans Union or Equifax. See the Sony Blog Post for telephones and e-mail addresses.

Cybercriminals wait a reasonable amount of time before they begin to scam the victims using stolen personable identifiable information. That period of time may tend to make potential victims forget about the event. Don’t expect lots of on-line purchases, purchases by telephone and scam e-mails to flow immediately. When the time comes, those that did not changed the passwords, monitored their bank accounts and where alert to e-mail scams will be the victims.

No comments: