Tag Archives: playstation-network

How LastPass is Handling a Security Breach the Right Way

I’m just as tired as you are of reading about security breaches, data being stolen and hackers sitting smugly behind their screens. Unfortunately, we’re not going to see a dip in the number of these crimes any time soon. The state of security within many companies is frankly deplorable. Corporations we have trusted for years are suddenly finding themselves in the number one spot on everyone’s “list.” Often, though, it’s not the actual breach of information that disturbs us – it’s the way a company handles the problem which gets our knickers in a knot. Just take a look at Sony…

Sony knew there was an issue several days before telling anyone, an oversight which is now causing them much more grief than the actual dilemma of stolen data. Let’s face it: we all know that hackers are out there stealing everything they can get their hands on. We hate them, right? We rant, curse and scream on a daily basis about the prevalence of online theft. But what we loathe even more than the bad guys are the companies who aren’t honest with us – and who aren’t very speedy at telling us they have a problem.

Earlier today, password manager LastPass openly admitted that they had possibly suffered a breach of data – nearly as fast as they discovered it. In order to maintain the safety of their customers, the business quickly disabled master passwords, forcing users to log in via offline mode. Everyone was then prompted to change their master password in order to resume normal operations. This was done as a precaution, folks. Yes, it likely inconvenienced you for a moment or two. However, isn’t taking that step just in case better than finding out later that some idiot now has control of your bank and credit card accounts?

This company absolutely handled the matter the right way. They aren’t even sure at this point that anything was taken at all. They simply found a possible problem, reported it to you immediately and took preventative steps to help you stay secure. What more could you ask for? Please don’t answer that by asking for impenetrable security. That’s never going to happen, y’all.

Nothing is perfect, not even security. The response from the LastPass team is daggone close, though.

Sony Knew Software Was Outdated Months Ago

During testimony at a Congressional hearing earlier today, Dr. Gene Spafford of Purdue University stated that Sony knew months ago that its software was outdated. Approximately three months before more than 100 million users had their information stolen by hackers, the company was informed by security experts that its version of Apache Web Server was seriously out of date. This version was unpatched and had no firewall protection of any kind.

Dr. Spafford spoke during a hearing with the House Subcommittee on Commerce, Manufacturing and Trade. Sony was also invited to attend but declined. In a letter to the committee, the company stated that it has now added “automated software monitoring and enhanced data security and encryption to its systems in the wake of the recent security breaches.”

Excuse me for pointing out the obvious, but Sony made these moves just a smidgen too late, don’t you think? Had it been actively monitoring its software all along, these colossal data breaches may never have occurred, and more than 100 million people wouldn’t have their information at risk. Any company – especially one that deals with credit card numbers and identifying personal information – has a duty to its customers to protect them by making sure that its Web site and service is as secure as could possibly be.

I cannot help but be outraged by this. I was not (thank the Lord) a PlayStation Network member. However, it doesn’t take much to set me off when a company is so obviously negligent. Heck yes, it has taken steps to correct the problem. Too bad that it’s not nearly enough to make up for the lack of security to begin with.

It’s bad enough that Sony never knew its software was outdated – or chose to ignore the fact. It’s far worse that it was told in a public place on more than one occasion by educated consumers and continued to do nothing. Was the company hoping to save money by not purchasing new software? If so, I think it’s safe to say that particular choice just bit it in the butt in a very large way.

Are the PlayStation Hackers Running up Debt?

This could very well be the first case of many we’ll see where the PlayStation hackers are using the credit card information they obtained. Rory Spreckley is one of more than 77 million people who had a credit card on file with Sony in order to access their PlayStation Network. He also is apparently now the victim of credit card fraud. The Adelaide man logged into his bank account earlier today only to find more than $2,000.00 worth of charges that he didn’t run up.

Sony claims that there is no solid evidence that any credit card information was stolen. The company firmly stated that this type of info is encrypted. We all know how fail-safe that is, right? At this point in time, the gaming giant isn’t even sure how many – and which – databases were accessed. Therefore, it cannot be sure. With the news of Mr. Spreckley’s unauthorized charges surfacing, I’d think it’s safe to say the hackers may just have gotten their hands on your financial stuff after all.

“There was a number of early transactions on the 23rd of amounts under $1, which they say is the usual kind of test run that fraudsters do and then there’s been a number of transactions of larger amounts, including domestic flights within Australia, bookings at Best Westerns [hotels] and what not,” the Australian man stated.

Most galling to me is that someone is telling these consumers NOT to cancel their credit cards. They should instead simply watch for unauthorized charges to their accounts. Uh… right. Who the hell thought this up? I’m sorry, but if my credit card information was taken by anyone other than myself, I would be on the phone to cancel it faster than you can blink your eyes. That’s absolutely ludicrous as far as I’m concerned.

Security experts agree that there needs to be MUCH more done on the part of the compromised companies. They agree that disclosure needs to be much sooner – even if all details aren’t clear. Customers deserve to be warned that something could be up, so that they can take proper precautions. These experts would even like to see a disclosure law in place: “It would require a company to contact and inform customers within one day or two days of the event occurring so that those customers can take action to cancel credit cards or change passwords or other private information and also to be aware that their information has actually been stolen,” said Mark Gregory of RMIT.

If you were a PlayStation Network subscriber, do yourself a favor: take action. Don’t sit around and wait to see if hackers will run up your accounts. Be proactive. Discuss with your bank or financial adviser the best steps to take in order to keep yourself – and your credit score – safe. Yes, you can get charges reversed if you have your cards stolen. But doing so can sometimes be a long and painful process.

Sony Playstation Breach Shows How Vulnerable You Are

Sony finally owned up to what was already clear several days ago: Playstation Network incurred a massive breach of user data. Over seventy-seven million user accounts are impacted in what is quite possibly the largest data breach ever. The FBI is on notice and one United States Congressman is accusing Sony of “taking too long to report the breach.” Whoever hacked the Sony Playstation Network likely has access to your username and password, your date of birth, your name, your address and your credit card information. They even have the answers to your security questions.

This data breach should put us all on notice – it’s becoming harder to know who to trust with your data. The problem is bigger than Sony. It proves just how vulnerable you really are. Canceling your credit card right away and adding a “high risk” alert to your credit file might help mitigate the short term damage. You can cancel your mother’s maiden name, or your first pet’s name, or the model of your first car.

Even if your username and password are unique at every site, you likely use the same security questions and answers. After all, how many different security questions do you see? We are asked our mother’s maiden name, our first girlfriend’s first name, our first job, and even what type of car we drive. Thinking back on the last five websites I signed up with, the security questions were almost identical at each one. Now those criminals know the answers to those supposed security boosts – along with all of your other personally identifying information. They can freely access nearly anything you’ve registered for online and they also have the power to assume your identity with brand new accounts.

Let’s dig a little deeper into what this means from a security standpoint. Imagine if you will a C-level executive with GE or Ford who happens to be enjoy gaming on the Playstation Network. Can you even imagine the potential for havoc once data theives access thier various online accounts? We’re talking possible repercussions of a massive scale, y’all. Down on main street, where business owners are struggling to survive and thrive, those who had their information stolen could end up seeing a bankruptcy judge in the near future. An unlucky teen’s parents may end up with a mountain of credit card debt they cannot escape from.

If our trust is violated by a huge corporation like Sony – or any of the other 2,447 companies who had a data compromise since 2005 – who can we trust?