Blizzhackers: And just when Sony thought the worst was over...

Monday, May 2, 2011

And just when Sony thought the worst was over...

Charts explaining the intrusion handed out at the Sony conference yesterday.

With the PSN down and seemingly on a strong path to recovery, and Obama finally receiving a solid tip from an anonymous Sony hacker on Osama's actual location taken from the data leak, the last thing you would expect to make an abrupt interruption to the celebration is ANOTHER ~25 million accounts' data/thousands of credit cards/bank credentials compromised. But that's what happened. As Sony was announcing that they will be merging all the DC Universe servers into four convenient "super servers", they were also uncovering that hackers also reaped another few million accounts from SOE resulting in Sony also shutting down its PC services as well.

“Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems. We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password.

Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained. We will be notifying each of those customers promptly.” - SOE.com / Station.com

Just yesterday Sony held a press conference in Japan citing that PSN would be coming back up within the week with 30 days of free PSN Plus access as well as other region-specific free content as part of their "Welcome Back" compensation package. They also discredited claims that credit card info was compromised because of reasons stated previously. Oh, irony!
< Watch The Conference >

“Starting this week, some PSN services will come back online. The company has prioritized certain services over others, obviously, and the rollout will happen region-by-region. The list is as follows:

Restoration of online game-play across the PlayStation 3 and PSP systems (this includes titles requiring online verification and downloaded games)

Access to Music Unlimited powered by Qriocity for PS3/PSP for existing subscribers

Access to account management and password reset

Access to download un-expired Movie Rentals on PS3, PSP and MediaGo

PlayStation Home

Friends List

Chat Functionality”

Sony also reported at their conference that "Anonymous" had no responsibility in these attacks. The New York Times obtained a copy of a letter <view PDF> sent to Sony from members of Congress demanding answers about the attack. Currently all Sony Online Entertainment manged games are offline due to the newly uncovered attack as they work to repair this security issue as well, but it appears the database compromised was outdated from 2007 and US users were safe.

“This information, which was discovered by engineers and security consultants reviewing SOE systems, showed that personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007. The information from the outdated database that may have been stolen includes approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain”

When it rains, it pours.

0 comments:

Post a Comment

POPLINKS

• Battle.net Chat Bots

• Client Hash Files

• Original BNETdocs Archive

• SC2 1.3.2 Galaxy API Dump

• #bhdev (Mibbit)

• StarCraft II Hack Dev Forum

• Diablo II Hack Dev Forum

• Diablo 2 Botting System SVN

• Blizzhackers Toolkit SVN
- (Upcoming D2 Project)

• Blizzhackers Wiki

- (Coming soon... maybe..)

(Click the "Files" link on left navbar to see the entire file archive.)

Note: You should frequently check directories for the latest version of popular hacks that get updated actively, because I don't always make new posts in the event to avoid flooding the blog.

usoPreviewPopup

Site Disclaimer

This site in no way intends to induce or enable copyright infringement, nor promote interference or breaching of contractual relations between the end-user and any third parties. The enterprise of this site is purposed toward the goals of reporting and educating our readers on topics within the relevance of our and their interests/hobbies. Should you be a body - or (legal) representative - of any corporate party that has perceptively supposed that any file featured on this blog is infringing upon your rights - or the rights of your client - please contact THE ORIGINAL AUTHOR OF THE ALLEGED BINARIES. I have no capacity over these files, nor am I the owner of the official file server or message boards linked here. None of these files are being sold commercially and I accept no payments in that regard. In fact, I often attempt to deter that act myself - the Blizzhacker 'axiom' is free information and anti-monetiziation the exploitation of the work of others. I, Dark_Mage-, am simply acting well within my legal rights as a blogger (or "journalist" if you will) and if you so choose to engage me, a member or affiliate of the Electronic Frontier Foundation will contact you on my behalf as soon as possible. Any attempts for the desist and removal of a file hosted on the aforementioned site (BHFiles.com) should be forwarded to the site's hosting provider. Occasionally, interesting files discovered uploaded are sometimes enumerated and discussed. I am simply a "discovery agent" in the 'hacking scene' and have even been long retired from that interest as well as PC gaming all together. This blog is just that: a blog. If you attempt to impede upon my rights to freely discuss criteria loosely based around my interests with threats, or pursue to censor me with stifling, baseless obstruction, there will be consequence and blowback. If I may have journeyed a bit out of the bounds of reason, I will gladly amend my oversight. I have no desire to harm your business model nor am I trying to. If you feel I have stepped over a line at some point, please contact me and we can settle it in a civil manner. I will *never* receive a (DMCA/BayTSP/C&D) letter targeting any files hosted on any sites as I am not the successor to any. Attacking a blogger is not nearly a plausible solution to deterring the act of hacking/cheating, nor is it an effective substitute for fallible anti-cheating mechanisms. Be better than Sony. Be better than EA. And for God's sake, be better than Activisi-- oh, yeah. Well, shit, bros, at least you USED to be Blizzard Entertainment -- that name used to carry respect ya know?