The PSN Fiasco

got served two guys in the park. Yeah, clearly you know what episode I'm up to now, Yes, and you're right, it was awesome. And those of you there, there are several of you out there who know exactly what we're talking about and will be very excited that Jonathan has jumped on the bandwagon. And you guys are also awesome. So let's talk about something that's totally not awesome. Yeah, yeah, this is definitely not awesome. This is um. You know.

From time to time in the podcast we tackle issues of privacy and internet security, partially because um, they're relevant, there are things that a lot of people want to learn more about, and partially because I think, if I may speak for you, Jonathan, I think there are issues that are are important to both of us personally that we're very interested and want to, uh to keep an eye on there's and there's still a very casual attitude among certain segments of the population that used the Internet

toward privacy. And I think some of it is just a lack of information of the sort of things that can go wrong if you do not protect your privacy. So let's we'll stop dancing around this. We're specifically going to talk about the breach of security within the PlayStation Network and Curiosity, which is q R I O C I T Y since one of Sony's online services, and there was a breach that happened between April seventeenth and

April nineteen eleven. Uh. And I want to stress this today, the day that we are recording this is April twenty nine. The reason why I say that is because hopefully by the time this podcast goes live, the PlayStation Network will be back up and running. It has been down since they um so uh, you know, ten days and counting of of no support from the PlayStation network, so all

that online support has gone. Uh. People cannot play online games, and some some games they can't play at all, even a single player local games they aren't able to play for for certain titles because those titles rely upon the PSN network. I'm just that's redundant. But the PSN in order to uh to update information on things like trophies and things like that, and so games that that tie into that, that rely upon that network, they do not

run when the networks down. So there are some single player games out there that just won't work on the ps So as a result, players are understandably upset, and they're upset for multiple reasons. One the network's down. That was the first thing that upset people because when the network went down, there was very little information from Sony

about the reason for taking the network down. As a matter of fact, I remember a story just a few days ago before it came to light what was really happening, um that uh one of I only read the headline, I admit, Uh. They were saying basically that Sony's customers

were actually not quite as irritated as they might have been. Now, granted, at that point, the network hasn't been down very as long as it has now it's you know, still out, it's going on more than a week now, so but you know, Sony's fans are known to be very, very loyal and outspoken, which I think is it can be

a good thing. Um, And I think basically it's surprised some that people weren't more concerned at the time, but again, I think that's probably because it had had been released that hackers were involved, and they had apparently UH managed to gather up some personal information. Yeah. So let's let's talk about kind of what Sony said at the beginning.

At the very beginning, when the PlayStation network went went offline, UH, Sony essentially UH issued a message that there was going to be some maintenance on the network and that it was going to be back up between twenty four and forty eight hours. Well, part of that wasn't a lie or or actually they probably didn't intend for it. Well, I'm sure they did not intend for it to be down longer than so they weren't weren't outright lying. They

just didn't know, but it was due to maintenance. Yeah, but they the way it was worded, it sounded like it was a planned maintenance sort of issue. Well, of course, I mean, if you again, UM, I like to get people to think from the other side of this. If you're PR, corporate PR. You're one, and it's something that they can sort of obfuscate about, they can sort of muddy the water about. They're probably going to try to

do it to make themselves look as good as possible. Yeah, you don't want to say, hey, guys, our security was breached and we don't know what the extent of the problem is yet, UH, and our network is down as

a result of that. So just chill out because it may have turned out that yes, security was breached, but nothing went beyond that, right And if that were the case, if no one had had a chance to access any private information or or anything along those lines, are fiddle with the network then Sony, So it would it would benefit Sony to just leave that little bit out because if no one managed to do anything, then there was no real harm done to the end consumer apart from

a couple of days of the network being offline. Right like the a few weeks ago, we were talking about the data breach that happened here in UH the United

States with a number of UH loyalty marketing companies. There was one provider that they used UM that that got hacked into and Epsilon and all they got from Epsilon really was names and addresses, although there may have been there may have been some account not not like not like credit card information, but loyalty account so they know the kinds of things you buy right or or it may or a number that identifies you for that particular system, like not a not a credit card number, but say

you know you are like when you join a club and it says you know you are member number four seven eight nine three, Well at four seven eight nine three is might be associated with you in that account, and they may the hackers also have access to that, but then has limited usability. Yeah, and that's not to say that it isn't serious, because it is serious, mostly because it can be used to target uh spear phishing attacks.

These are very directed phishing attacks where they say, hey, Jonathan Strickland member number four seven one eight three, Uh, we need to get your information. We don't have your social security number on file? Can you please just type that in this little box? I mean, or visit this website. And as it turns out, the website is not the corporate website. It's a different web. It's just there too

to steal as much of your information as possible. Well, at the time, Sony wasn't sure exactly what white extent the attack had, uh, you know, how far did the attack go? So rather than cause alarm, Sony said the network was down for maintenance and that it would be back up for hours while they conducted an internal investigation. So you could argue that Sony made the wrong call and that Sony should have said that there had been a breach and that there was the possibility that there

was more than just a breach of security. Uh. But on the flip side of it, Sony was you wasn't sure how bad it was. Once Sony was sure how bad it was, they did come forward and say, all right, our network is down due to a security breach, and it appears is that the hackers have accessed uh at least the personal data tables. These are the tables within the network that UH that have all the the user information things like your name, your address, UH, your m uh,

the country of origin. It might be your email as well, UM, your PlayStation network password and log in information, the handle that you use on the PlayStation network. UM. It might also include your purchase history and building address. If you've used the PlayStation network to buy games or or content within games. UM. But those tables did not include the credit card information. The credit card information were stored in separate tables which may or may not have also been accessed.

And here's the big difference between those two tables. Besides the content. The credit card table was encrypted, the personal data table was not. Right. So there's actually it's kind of UM. It's actually a little painful to read. But there's a a frequently asked questions document on PlayStation where they it addresses the actual outage and and what happened. UM. And there's a specific bit here. Let's see if I can find the particular question about uh whether or not

the personal data was encrypted? UM, because they kind of dance around it. Let's see here. You wanna do you

wanna dance while I do this? Well, UM, I could tell you that I was about to talk to uh, to you about the fact that UM just yesterday again as of the day we recorded this on the Stephen Mussel of c Net wrote that, UM, there have been messages circulating that hackers have claimed that they do in fact have credit card information and it is for sale, that they offered it back to Sony, but Sony refused

to buy it. Um, And the information includes, uh, not only the credit card numbers, but the expiration dates of the cards and the cvvs, which are the numbers on the back of most credit cards or the front. Actually it's not a CBV on an AMEX American Express card, but it's the same It fulfills the same purpose security. Do you have the security number? And so they claim to have that, but it has not been established whether or not that is legitimate. I would guess I'm guessing

that that's not legitimate. And the reason why I say that's not legitimate is because Sony does not collect the security numbers that and Sony collects the expiration date and the actual credit card number, but not the security number. So if someone claims to have all that information, they didn't get it from Sony. So where did they magically

get these security numbers? I call shenanigans on that claim exactly. Well, you see, um, you know, if you have a couple of million dollars and you want to buy this database, I'm sure they'll sell it to you. Show Uh So, yeah, I've also got a bridge that I would like to interest you in. But I did find the the specific section and the frequently asked questions document on at PlayStation's UM supports area, and it was was my personal data encrypted?

Here's Sony's answer. All of the data was protected and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted, and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was of course behind a very sophisticated security system that was breached in a malicious attack.

So alright, Sony, come on, guys, it doesn't help your case at all to say that your security system was incredibly sophisticated if once the stuff has already been stolen, right, I mean, that's like a bank coming out and saying we had the best security measures imp place the burglars stole everything. I mean, doesn't No one cares how sophisticated your security was if in fact it was breached, because

clearly it was not secure enough. I mean, it's obvious it wasn't secure enough, because if it were secure enough, no one would have breached it. So arguing that your security was really sophisticated doesn't impress anybody once the theft has already happened. And also, you know, like I said, it kind of danced around that question. Uh you know, they didn't just come out and say no, we did not encrypt your personal data until it got pretty far into the answer. But yeah, so that personal data is

all out there and it's available. And then my opinion that personal data is far more valuable than your credit card number. And and here's why. So, yeah, getting your credit card stolen stinks. I've had I've had my credit card number stolen once before. And it's a pain because it means that you you have to you have to uh, you know, you dispute the the charges, you have to change your credit card, you have to get a new card.

You know, they're there may be trouble disputing some charges depending upon your credit card company and all that mess. And this stuff can affect your credit rating and it's

a real pain in the neck. But ultimately you're talking about probably a few hundred dollars if you're paying attention, it may not even be that much, but you know that's there's still a lot of money to a lot of people, but it's not as much money as thousands of dollars or tens of thousands of dollars, which is what can be stolen from you or stolen within your

name should someone be able to steal your identity. And when you think about it, these if a personal information includes your name and your address and your birth date and all of this sort of things, people could start to use that to try and uh and apply for credit cards in your name. And then that's where you really start seeing some nasty, nasty hits. I mean, your credit rating could plumb it as people take advantage of

that and steal your identity. Yes, and speaking of someone who's had to do it, it's very very difficult to uh go in and try to clean up your past credit history, even when it's not um, you know, they're very the credit agents are very protective of their information. Um. And of course there are people who would love to go up and go no, no, it was it was it was hackers. Um. You know, so they uh, you know, I would imagine that they are just particularly concerned that

people are allying to them. But it is very difficult for even for those who can offer you know, more concrete proof to go in and make changes. So um, but even though I'm getting back to Sony specifically. UM, I think in a way, they did some things right and they did some things wrong. Obviously, the way they handled it with regard to the customers, especially in the eyes of the customers, leaves a lot to be desired. I've seen many, uh complaints about that, and there's there

have even been law suits filed at this point. Yeah, and we'll we'll talk. We'll need to talk a little bit about those lawsuits because there's some there's a recent Supreme Court ruling that might actually bear upon that. And there's also one other element within the terms of use that I would like to address as far as the lawsuits are concerned. Yeah, we can, we can totally do

that in just a second. I just wanted to mention though, that Sony did, in fact, UH call in an external security auditor to take a look at the practices, um and and did shut the networks down as soon as

they realized that there was a serious problem. And Uh, the reason it's taking Song at least according to Sony, is to get everything back up online is they're changing the security structure of the site, which and I think that that's an excellent thing and they're require They're going to require everyone as soon as they reconnect to the network to change their password. UM and that's something else

we should point out. If you are, if you're practicing good security, first of all, you're in the most people out I know there's some people out there who are our listeners who claim that they do, and that's great, I'm glad, fantastic. The rest of you are probably doing the same thing that almost everyone is doing, which is

that you use maybe maybe a handful of passwords. Some people just use one and they use it across everything, and they might even use the same user name across everything, in which case, if someone has access to your name, your email address, your user name, and your password, and you're using that same password across multiple platforms, all of

those platforms are now at risk. UH. That means the hackers who stole that information could, in theory, access your accounts across multiple platforms that might include emails, social networks, other services. So you want to make sure that you're using multiple passwords, make them difficult to guess. Don't just make it a variation off a password that you're using over and over again. Use a strong password generator. If you need to, um, yeah, those are those are excellent.

There's there's a couple out there that you do things like, for instance, you want to create a password, you put in the u r L for the the website that you're going to use. You can actually download code that will allow you to do this, and you can even turn your computer offline so that you know, you don't have to worry about it broadcasting this anywhere. But you put in the u r L for the website you

plan to visit. You put in a master password that this is the same password you're going to use for every single site. But using the master password and the u r L, it creates a hash of that and creates a strong password based on that. So then all you do is put in different u r l's with the same master password and it will generate its strong password for you. You create your accounts that way using that strong password, and if you ever forget it, all you have to do is go back into that program.

You know, again disconnect yourself from all the networks if you want to, but go back into that program, type in the u r L and your master password again and it will the same strong password will pop up again. Yeah, yeah, and I have a I have a password wallet that I use that will generate passwords, and uh, I have the app on my phone and iPod and there's a plug in for my browser. So it's that that actually

goes into the database and everything is encrypted. And if I, if I do happen to lose my phone, the uh uh and somebody else gets it and and breaks into it, they have to they won't find out specifically what is in there because they would have to actually get into the password app two, which requires a separate and more

complex password. Um. So yeah, I mean it's uh, these are these are good ideas, but uh, it doesn't change the fact that that Sony customers are very upset not only that they got that they weren't told about this, but that they're on top of that, you know, that's really insult to injury having their information taken. And a lot of people are upset that they can't go back in and change their user name and password on the

network because the network is down. Of course, if no one else can get in, I would argue that that's not quite as big as at this point, you should really be concentrating on changing your password everywhere else. Yes, like all the different emails and and social networks and all the other services you use. If you use that same password, you need to change it. Um, I want

to put a fraud alert on your credit report? Yeah. Yeah, those can be a real pain too, just because if you start using your credit card and you're you know, you're out of town, then you may end up getting a call from your your bank or credit union every time you Yeah. Compared that compared to yeah, that it's it's inconvenient, and it's a pain in the butt, but it's less of a pain in the butt than dealing with the fact that someone has stolen your information and

is using your card without your approval. Just as an aside, Yeah, I've I've heard recently, very recently that the people who steal credit card numbers now are not And you know, if I were stealing credit card numbers, I would think that I would want to do things as quickly as possible to avoid, uh, you know, the person I stole it from. Changing, Yeah, to call in and say, hey, my credit card, my credit card has been stolen. Um. But in a lot of cases, when when, apparently, when

this kind of thing happens. They don't run out and buy lots of big screen TVs and designer genes and all sorts of other cool fun stuff computers, video games. They go and they buy stuff for twenty dollars or thirty dollars because it doesn't go noticed. People let that kind of thing slide on their card. They go, wait a minute, I don't remember going to Best Buy and spending twenty five times. I probably bought a movie or something. Oh, well, you know, I'm sure it's it's just twenty bucks. It's

no big deal. That's the thing that they've started to do. And that's very insidious because they could continue to do that and continue to hold on your information and take money from you for years. Well, like we said, though, credit cards, that's cheap. In the long run, the long game, credit card is nothing. In fact, we had a security expert come and talk to the editorial department at House Stuff Works just as part of our we have this ongoing lecture series where we get to listen to various

experts in different fields. And the security expert was talking about how credit card information is cheap. It's it's you know, it's like fifteen cents for a credit card number, and it's because it's because there is no guarantee that credit

card number is going to be good for very much longer. Um. What's valuable is the personal information, because that's where you can start to you know, you you create your own credit card based upon this person's identity, on that person's credit rating, and you have all the billing go to information go to a different place. You don't have to

worry about paying for it. You're just gonna run that up as much as you can, and that's where you make the big purchases, right So, and and ultimately the person whose name is attached to that number that's their credit rating, is going to suffer as a result, and

that's where you really have to worry. So again, even if the credit card information wasn't touched, that personal data is very important now they the hackers would lack certain information that would really make it useful, like your Social Security number. That part is not in your ps N profile, So he does not ask for that. So for that reason, Sony has alerted users that they should be on the lookout for any spear phishing attempts. Sony has said it

will not ask for personal information through email. Just like most retailers and organizations will say the same thing. They will never ask for your personal identifiable information to be sent over email. So if you get an email from apparently Sony that says, all right, we're ready to reinstate your ps N profile, but we need your Social Security number in order to do it, that's a red flag.

That's a that's a sign of spear fishing, and that the person who sent that is probably just trying to gather as much user information as possible to sell it

off to whomever. So um we we said this a few weeks ago, but basically, any reputable company who values your business and and may actually need some of this information for legitimate purposes, legitimate real world companies are not going to ask for you to mail that in or to send it in over um A network because basically, at this point they all know that these kinds of things are going on. It's always better if you have any questions to give the company a call at the

number listed on its legitimate website. Go to the website yourself, don't click on any links and those emails, and h get the phone number, use the one on your bill or whatever to I to call and say, hey, did you do you actually need this information? Talk to a customer service representative and say, you know, I'm happy to you know, hopefully I'm happy to give you the information you need if you need it. But I believe this

might be an attempt to get my information. And if so, you guys need to be aware of it so that you know, you can maybe message out to people that there are these kinds of attacks. Um and yeah, I've I've actually had my information soul and wasn't actually related to a tech thing. Somebody else that I did business with, um had a person on the inside who was uh selling information. Yeah, yeah, that can happen. That's essentially you know, sabotage is really what that comes down to. Yeah. Yeah.

And so you know, if you were if you were in a situation like this, either through the PlayStation network or some other company, you want to make sure you keep an eye in your your credit reports. And in

the United States you can do that. Um. You know, I believe there's there's a law and effect now for everybody that you can get one reporter year free, one free credit report from each of the credit Yeah and um, and those would be Equifax, trans Union, and Experience UM and you you would definitely want to keep an eye on that. UM. Some states like the one we live and allow you, I believe, to reports per year. You can sign up for services that will allow you to

check it as many times as you want to. I I you know, there's usually a pretty decent fee associated with that. UM. And I've talked, I've I've heard information from some of the UH consumer protect your folks. I can't think of what you call them, like consumer watchdogs and say, yeah, you know, you do need to keep an eye on your credit, but you might not need to spend twenty dollars a month to keep an eye on your credit every day. UM. So you know, just

just be wary of that. Certainly, UH, if I were affected by the PlayStation network fiasco, I would I would certainly change that credit card number immediately if you haven't already hopefully you already have. Yeah, and um I changing credit card numbers today is even a bigger pain than it used to be. The reason for that is things like when you set up recurring payments for stuff. Yes, I mean, as we make these systems simpler to do all your your payments online. Then we have to remember, oh,

I changed my credit card number. I have to go through every single building service I use and change my information there or else I'm going to default on a bill. Yeah. Yeah, pain in the butt, but still still better than having your identity still in For Sony, though, this is gonna be a real headache for sometime. Sony has got This is gonna be costs Sony big time. And it's gonna cost it because there are between seventy and seventy seven

million users of PSN. That's a lot of people. And to UH to update the security information is it's this is a major investment to to fix this problem. It's almost like creating the network over from scratch. And they have a huge blow to their reputation because not all of those users are necessarily going to be willing to

come back after having their information stolen like this. They aren't, and new users might rethink joining because of this breach, and so they may say, I don't want to put my information in the hands of a company that has shown itself incapable of keeping it protected. Well, I would, uh, I would go out on a limb. We It's a long ways away now from our prediction episode, I would go out on a limb and say that's Sony. The thing that saves Sony in this case, if anything does,

is that amazing loyalty that PlayStation customers have. But I still think a lot of people are going to be extremely upset and quite a few will probably drop out. Yeah, and this is again, by the time this podcast goes live, there may very well be many more developments. Maybe you will know exactly who was responsible for these attacks. As

of this moment, we don't. We can't say Sony may have an idea, but Sony's not letting everyone know, which makes sense, rightification Right, So by the time this goes live, we may have more information. I might have to come in with a breaking news segment at the end and kind of update. But but as of the twenty ninth of April, we should also mention you you talked about the fact that there's a class action suit or some lawsuits being levied against Sony. Have seen one right so far?

There was an interesting news report I saw that said that um, because of a different UH suit that was brought forth to the Supreme Court. UM, there was a class action lawsuit that was brought against a phone company UM.

A Southern California couple uh levied a lawsuit, began a class action lawsuit against the phone company because they were they had a fee of around thirty dollars tacked onto their cell phone UM bill or cell phone purchase, and they said that that that was an unfair bill and that it wasn't communicated to them, and that they were essentially that the company had stolen that money from them.

So I started a class action lawsuit. A class action lawsuit, it's like a when you get a whole bunch of people who all have been affected by the same well if the if the court decides at the same crime, and they all are seeking damages against a company for that crime. Now, normally the money in a class action lawsuit for each individual consumer is pretty low, uh. And

that that's why you want a class action lawsuit. You want a lot of people banded together for this because it doesn't make any financial sense to pursue this in a small claims court because you're gonna spend way more money in court than you would reclaiming whatever it was was stolen from you. Right, But together you can pull the costs and and actually bring a suit and and lawyers love them because they get a little bit off

of each and every transaction. And if there are if there are millions of people in the in the lawsuit, that that's big bucks. It's It's very weird though, when you're somebody who didn't actually bring the suit and you get the letter in the mail and says, hey, you're so sure, so and so customer, you're part of this class action lawsuit. Here's your five dollars, yeah, dollar forty nine. Here you um And they're like, hey, I won five

dollars and you don't even think. You don't even think of whatever it was that was the purpose of the suit in the first place. But the in this case, the cell phone company or they said that they ad within their terms of use a a statement that prevented people from bringing a class action lawsuit against them. And that's what was being taken to court, the challenge of can you have something in your terms of service that that will prevent the the ability of class action lawsuit

being levied against you? And the Supreme Court upheld that five to four. So if you are a company and you put in your terms of service that you do not allow class action lawsuits to be levied against you for whatever reason. Apparently that can be Um, that's upheld by the Supreme Court. That doesn't mean that that's permanent. And of course that's just the United States. Not every uh country does this. Not every country allows class action lawsuits. Actually,

so UM, it's not it's not a done deal. But also there was I saw someone mentioned that Sony has a statement called the limitation of liability and uh, if you read that paragraph in their terms of use, uh, it says, I'll just read the part that pertains to this. We have to throw in some more legal language. We need to protect us so that we can provide you

the benefits of the sites. In no event will s c e A, Its officers, directors, employees, shareholders, representatives, or agents be liable to you for any direct, indirect, incidental, special, punitive, or consequential damages whatsoever resulting from any and then there's a list of of criteria, but the one that pertains to our discussion is c any unauthorized access to or use of our secure servers or any and all non secured personal information. I saw someone suggest that maybe that

would give Sony an out in this case. I don't think so. And the reason why I don't think so, now, granted I am not a lawyer, so this is just

basically this is based upon my understanding of the English language. Right, So, they said all non secured personal information, but this is secured, Yes, this information was, well, the credit card is encrypted, but the personal data they don't know that the credit card information was taken in the first place, but the personal data they do know that someone that was that was

one of the targets of the attack. The argument might be that it wasn't secured, right, So, well, they would argue that maybe they might argue that they're that information, that the liability means that they're free to go. But because it says non secured personal data, you know, they specifically said in uh in that in that fact that I mentioned that the the that it was restricted both physically and through the perimeter and security of the network.

They were very specific to say that this information was behind state of the art, sophisticated security system. So I don't think they could argue that it was non secured personal data. No, probably not, because in their own statements out to the customer they said no, no, no, no, no, no no, this information was cure. It's just these people were really good and they managed to breach the system. So I don't think Sony can avoid a lawsuit based

upon that criteria. Now there may be that there's other information buried within the terms of use that would would protect Sony from that, but in that particular paragraph, I don't think it applies. Yeah, it sounds like it, but

I don't. It's certainly going to uh too. This is going to dog them for some time, I belive, especially on the heels of other missteps they've made over the past few years well, and and that, and the fact that it came on the heels of the Epsilon breach, so people's attention to security online security has already been heightened, and to see this happened shortly after that that breach

became public was really bad news for Sony. And also I have to say, you know, Sony's strategy of not coming forward and saying that there was a breach early on that probably has hurt them quite a bit as well. But there was no way of knowing at the time that it was going to hurt them. It's just that in retrospect, you sit there and you you come forward and say, oh, it's just down for maintenance, and then a couple of days literally say all right, there was

a breach. Then people say, well, we how how can we trust you as a company if you're going to um, you know, lie to your users. Now, you could argue that Sony had to do that in order to conduct its investigation and as uh effective a way as possible, because all the more information Sony gives out, the more firepower they give to the attackers. So there's there's a

scale there. When I meant miss when I was saying missteps, I was specifically thinking of the root kit situation from a few years ago, which we mentioned on an podcast, and they were very um, oh no, nothing's wrong. Okay, So yeah, there was this root Kit. Sorry, Yeah, I've seen I've seen kind of the same thing. I've seen some journalists out there say that Sony should at least

actually offer an apology to users. Uh, there's a lot of we regret that this information was stolen, but not an outright we're sorry, right, and that we're sorry might go a long way. I'm not or what Sony's thought, what the the executives at Sonny, what their thought processes.

I know that if I were an executive at Sony, I would probably if I were not issuing an apology, it would probably be because in my mind, that would be accepting even more responsibility for the breach, and there that might in turn look bad to shareholders because we have to remember that for companies, they have multiple kinds of customers. Right, there's the customer like I mean myself, you know, or Chris there. We're customers of various companies

where you know, we're purchasing goods or services. But then there are customers like the shareholders who own a stake within that company and to serve them, you know, you have this delicate balancing act. There's only so much responsibility you're going to be able to lay claim to without making the shareholders say, you know, maybe this isn't the right company for me to invest in. So yeah, it's um, it's a dirty world there. It's a dirty, dirty world

out there in the in the financial sector. So uh, guys, be careful with your personal information. You may need to keep an eye on your accounts. Like we said, change your password if you're using the same password everywhere. Really try to consider using multiple passwords. I know it's a pain in the butt, but it it it death does pay off. I mean, it's it's much better than finding

out that all of your accounts have been compromised. Um, and yeah, just be careful and we hope that the PSN system is back running by the time this podcast goes live and that everyone's having fun with Portal Too. That was a big bummer. Portal Too launched, has this awesome online gaming component and then the network goes down. Yikes.

So I'm just gonna go and plan my xbox alright, guys, Well, if you want to know about other news stories within the tech world, you'd kind of like to hear some more context around it, or you just have a particular subject do you think that we should tackle Let us know. Oh, you can contact us on Facebook and Twitter. That handle is tech Stuff h s W. Or you can send us an email that addresses tech stuff at how stuff worth dot com and Chris and I will talk to

you again really soon. Breaking news everyone, So this is Jonathan Strickland, just coming back with some stuff that's developed since we recorded this podcast. Actually lots happened. First of all, the problem was bigger than anyone thought it was at the time. The Sony online entertainment accounts were also compromised, which added another million or so accounts to the seventy to seventy seven million accounts that have been compromised, So

that makes about a hundred million accounts total. Of course, there's probably some overlap there, so that was a big problem.

Then around the beginning of May, Sony said that they were going to roll out an identity theft protection program to all ps N and Curiosity customers, which would involve having a a year long program that would allow this company called all Clear i D Actually that's a program name to cyber monitor your information and if your information was being used for nefarious purposes, they would alert you

to it. You could also have some ready access to private investigators as well as some identity restoration specialists to try and fix things once they go wrong, and there would be a one million dollar identity theft insurance policy on all accounts and this was complimentary. Uh PSN players would have to enroll in the program, but it was completely free. Then a little later in May, Sony announced that the new ps N rollout was going to take place.

This around May fourteen, and that at this point you would start to see restored services in online play, online video, online music. All of these services were starting to come back, not everything under the PSN network. Sony said that that stuff would be rolled out by the end of May, but we'd at least start to see some of the the service return, and sure enough, it started to get rolled out across North America. So then Sony announced a

welcome back program for North American customers. Uh P S three owners would be allowed to select two titles from the following Dead Nation, Infamous, Little Big Planet, Superstar, Dust h D and wipe Out the HD plus Fury. Now PSP owners would be able to select two titles from the following Little Big Planet, moder Nation, Racers, Pursuit, Force Kill, Zone Liberation, and that this offer would last for thirty days.

UH since the PSN UH service was restored and it was completely free and you get to keep the games forever UH the you would also get a thirty day ps N Plus membership if you were not a PSN Plus member before. If you were a ps N Plus member, you got an extra sixty days free of that service. So Sony was really trying to do a lot to apologize and make up for the lost service during the whole hacking incident. However, on May seventeen, Nilivia website reported

that there's a possible problem with sony solution. Now. Part of that solution was that Sony wanted everyone to go in and reset their passwords for their accounts to make

them safe. But Nilivia reported that there was a nasty hack going around that would allow hackers who had access to your email and your date of birth to reset your password for you, thus effectively stealing your PSN account, and they they had some detailed information about this that they later went back and removed and dumbed down so that to to help cut back on actual stiff thefts.

They did point out that if the hackers did not have your email or date of birth, could not perform this hack, but since that information was hacked in the initial attack on Sony, there's a good bet that a lot of hackers out there had access to that information.

So what Nilvia suggests is that people who are PSN users go in and change their email address, create a new email address just for the PSN network, and use that update their information through PSN so that the hackers would not have the right email address and could not steal your account. Meanwhile, Sony actually took down the web based service to change your password so that hackers could not access that and and and change it for you.

So it's still a big mess. Even at the recording of this update, Sony has not yet returned that web based system to reset your password to full service, so we'll keep an eye on it see if things develop further. This has just been an enormous headache for Sony. They've been trying to do the right thing, trying to to make it up to users, but it's definitely a blow against online security in general, identity, theft fears, all of that has really taken a big hit as a result

of this hacking program. We'll keep an eye on it, will update anything that happens from this point forward. Well, you can check it out on the blogs, you can check it out on our Facebook and Twitter feeds, and we may even do another podcast about a similar topic in the future, just because this has become such a huge story. So thanks a lot, guys, and we'll talk to you again soon for more on this and thousands of other topics. Is it how stuff works dot com.

So learn more about the podcast, click on the podcast icon in the upper right corner of our homepage. The House Stuff Works iPhone app has arrived. Download it today on iTunes. Brought to you by the reinvented two thousand twelve camera. It's ready, are you