account security

Although SOE games and services remain offline, readers have noticed some curious changes. Most obvious is that http://www.EverQuest2.com/ and http://www.SOE.com/ are no longer resolving correctly and presenting an error message. The secure version of https://www.SOE.com/ (notice the additional ‘s’) is however online and presenting the same updates we were provided with yesterday. UPDATE: http://www.SOE.com is now resolving properly to https://www.SOE.com/. As there has been no announcement from SOE about what the steps will be for users to change their passwords, login, secure their accounts, and start playing again (indeed SOE communication has been nothing short of atrocious — perhaps...

Howard Stringer, Sony Corp Chairman and CEO over America, has posted an apology letter and the first details of the Identity Theft protection package that will be provided for free to PlayStation Network customers. No word on if said protection will be made available to Sony Online Entertainment customers. Dear Friends, I know this has been a frustrating time for all of you. Let me assure you that the resources of this company have been focused on investigating the entire nature and impact of the cyber-attack we’ve all experienced and on fixing it. We are absolutely dedicated to restoring...

As posted on the Playstation Blog at May 5th at 4:30pm PDT: Today our global network and security teams at Sony Network Entertainment and Sony Computer Entertainment began the final stages of internal testing of the new system, an important step towards restoring PlayStation Network and Qriocity services. As previously mentioned, we’ve been working around the clock to rebuild the network and enhance protections of your personal data. It’s our top priority to ensure your data is safe when you begin using the services again. We understand that many of you are eager to again enjoy the PlayStation Network...

There’s only so much PSN, Anonymous, and Sony news I can post. I mean, what we really want to know is when OUR games and OUR network will be back online. But, if you just crave this type of information, or your enjoyment of your PS3 (when you’re not playing EQ2) has really been cramped by this debacle, well, here is some further reading: Sony Community Manager for EU: PSN Still on track to resume service this week Kotaku: These are the People Hired to Hunt the PlayStation Network Hackers ‘Anonymous’ denies involvement in Sony cyberattacks Anonymous: Sony is...

UPDATE: Unreliable source used for PSN returning in Japan. PSN service has not been restored anywhere to date. News is now trickling in that the PlayStation Network, down now for over 2 weeks, has been restored in Japan and headway is being made in bringing at least parts of the service (lacking most notably microtransactions and the PlayStation online store) back to Europe and North America. Unfortunately we have no further timetable on when Sony Online Entertainment services and games will be restored. According to a completely unsubstantiated comment posted on a blog, there is now a timetable for...

File this under pure speculative analysis, but Wired’s Threat Level has some thoughts on just who (and why) the PlayStation Network (and Sony Online Entertainment) were compromised and records pilfered. If you’d like a little more insight into the players, it’s worth a read: It’s one of the biggest data breaches in history. Now that Sony has come clean — sort of — on a computer intrusion this month that exposed personal information on 77 million PlayStation Network users, one obvious question remains: Who pulled off the hack? In the old days, the answer would be simple: some kid did...

Some players have asked for updates every 12 hours from SOE, even if it’s just to report there has been no new progress. If this was you, well here you go with an SOE Facebook update from about 2 hours ago: We regret that we were unable to bring services back online today, and continue to work hard on the issue!

This is from May 1st but due to some requests I’ve gotten about whether Sony will reimburse customers for any bank-related costs due to the security breach, I thought it was worth highlighting. From FeedTheGamer: In this morning’s news conference, Sony Computer Entertainment head Kazuo Hirai said the company would consider covering costs associated with reissuing credit cards to PlayStation Network subscribers who feel their accounts have been compromised by the massive data breach of April 20. Hirai, noting that there have been no confirmed incidents in which fraud was committed with a credit card number stolen from the...

From Consumerist.com: In congressional testimony this morning, Dr. Gene Spafford of Purdue University said that Sony was using outdated software on its servers — and knew about it months in advance of the recent security breaches that allowed hackers to get private information from over 100 million user accounts. According to Spafford, security experts monitoring open Internet forums learned months ago that Sony was using outdated versions of the Apache Web server software, which “was unpatched and had no firewall installed.” The issue was “reported in an open forum monitored by Sony employees” two to three months prior to...

After initially going on the record stating that Anonymous, the evangelist hacker group, had no involvement in the actual hack of the PlayStation Network (and by extension the SOE network), Sony have now pointed the finger for a different reason. In a letter to congress, Sony has posited that the very disruptive flooding/attacks on Sony servers in retaliation for the George Hotz lawsuit was a sufficient distraction to leave a much larger window for hackers to enter Sony systems and leave undetected. Sony has suggested that had the coordinated denial-of-service attacks not happened, a compromise of their servers would...

Today, the Subcommittee on Commerce, Manufacturing and Trade of the U.S. House of Representatives Committee on Energy and Commerce held a hearing in Washington, DC on “The Threat of Data Theft to American Consumers.” Kazuo Hirai, Chairman of the Board of Directors of Sony Computer Entertainment America, submitted written answers to questions posed by the subcommittee about the large-scale, criminal cyber-attack we have experienced. We wanted to share those answers with you. Complete 8 page written response (click here) on Flickr Summary on PlayStation Blog (click here) Note that much of this information is generic to the PSN (SCEA)...

SOE.com has been updated with a new Recent Updates section which answers a few questions, although there are few concrete answers at this point. Also, according to a Facebook update, the $10 discount on Fan Faire registration will be extended due to the service outage. May 4, 2011 We want to thank you again for your patience as we work to get the SOE services back up and running. We received several questions and comments relating to the criminal attack to our network and would like to address some of the most common questions today. We are also going...

From MSNBC.com: A U.S. House of Representatives subcommittee is demanding answers from Sony after private information from some 102 million personal accounts was taken by hackers. In a letter written by the Congressional Subcommittee on Commerce, Manufacturing and Trade and addressed to Sony chairman Kazuo Hirai, representatives asked the company to answer a list of 13 questions related to the hacking of Sony’s PlayStation Network. The Congressional committee has demanded answers about the PlayStation Network breach only perhaps because news of the Sony Online Entertainment breach wasn’t released until Monday afternoon.

From SignOnSanDiego.com, the website of the San Diego Union-Tribune newspaper. Customers of San Diego-based Sony Online Entertainment must watch out for “spear phishing” scams after a hacker may have gained access to personal information on 24.6 million accounts, including email addresses and passwords. Privacy experts say cyber criminals could have enough information to send highly customized emails or postal letters — or make phone calls — that will appear to come from Sony in hopes of tricking customers into revealing more sensitive information — such as credit card or Social Security numbers. Sony Online Entertainment urged its customers to...

From MSNBC.com: Sony has hired outside investigators to help clean its networks and catch the people behind a massive breach that exposed the personal data of more than 100 million video game users. The Japanese electronics giant has retained a team from privately held Data Forte that is led by a former special agent with the U.S. Naval Criminal Investigative Service to work alongside the FBI agents, who are also probing the matter. Sony said on Tuesday that it has also brought on cyber-security detectives from Guidance Software and consultants from Robert Half International Inc.’s subsidiary Protiviti to help...

From SOE Facebook: Hey folks, in response to many inquiries, we wanted to reassure you that all of your characters and items are safe and awaiting your return. We continue to work on the issues as fast as we can, but unfortunately the servers will not come up today. Thank you for your continued patience; we expect to be back up very soon.

Barring any unforeseen circumstances, the Jethal Silverwing Show and EQ2’s Day podcasts are expected to run on-schedule tonight and should no doubt bring to bear some interesting discussion about the latest turn of events at SOE causing what could be a protracted downtime for EQ2 and related games. EQ2’s Day seems to be at 4pm-6pm Pacific (this could be clearer on the website), with Jethal’s show starting at 7pm. Last night’s Down Range already tackled the security compromises and you can listen to that podcast as well. These podcasts are hosted at OnlineGamingRadio. Also, although it was drowned out...

SOE’s Facebook Update as of 30 minutes ago is brief and to the point: We’re working as hard as we can to get the servers up as soon as possible, but have no ETA at this time.

SOE Customers have started to report receiving e-mails from unscrupulous individuals attempting to lure frustrated players to websites which look and feel like official SOE customer portals to try to acquire additional login credentials and credit card information. Please check the sender of these e-mails and further watch the addresses linked in any suspicious e-mail. When in doubt, go to http://www.SOE.com/ and disregard any links provided in outgoing e-mails. There is currently no “action” that players can take other than to wait-and-see how SOE and Sony addresss the current crisis. UPDATE: SOE’s website has been updated with the following...

First, some comments from SOE President John Smedley: It’s been a rough day. We hope to be up soon, but we aren’t ready to announce just yet. It can’t get any worse than today! I’m sorry the service is down. I really am. Regarding if the forums will be down for tonight: Unfortunately yes. I wish they were because we can’t really communicate with our players right now in a good way except on Facebook. It’s frustrating. But the account system is linked to the forums. and when EQ2 ZAM contacted him: We shot off a quick e-mail to...

Ok not really, but folks, PLEASE be at least polite when calling SOE Customer Service. They didn’t setup the servers. They didn’t write the software or security protocols of the servers. They are not wearing shoulderpads or other protective armor. Their only line of defense is the press release you ALREADY read in your e-mail about this situation. So if you decide to ring up SOE to ask what’s going on, please realize they have a limited script to read from, and won’t be able to magically get the servers back up and running. If you want to express...

Today’s news that the SOE Customer Database has been stolen has continued to break around the Web from the BBC to Reuters to Nikkei news in Japan. We have news from: Nikkei.com ConsumerAffairs.com Reuters.com BetaNews.com CNet Wired.com PCWorld.com ZAM.com Yahoo Finance PC IGN