breach
Latest
Facebook, Hulu partnership accidentally clicks 'security breach' instead of 'Like'
Even though there's a For Sale sign in the window Hulu isn't taking a break and today it unveiled a new partnership with Facebook to make its library of TV shows and movies more social. Adding Facebook Connect (competitor Netflix may be on the board, but it's still working on adding the button) should let the social network log you in, customize things based on preferences from you and your friends, and share time-coded likes and comments. Unfortunately what actually happened for some users was that they were suddenly given access to someone else's Hulu account, a problem documented by both AVRev and NewTeeVee. According to a second blog post, due to approximately 50 users being affected Hulu has shut down the program, required everyone to log in again and cranked privacy settings to the highest for anyone who logged in while it was on. Of course, with rumors from the LA Times that Google (along with Microsoft and Yahoo) is interested in purchasing the service, maybe they can get an invite to the Google+ party and forget the whole thing ever happened
Hacker pleads guilty to AT&T iPad breach
Nearly six months after his arrest, one hacker pleaded guilty to charges that he exposed the email addresses of over 100,000 AT&T iPad 3G users. It's been a year since Daniel Spitler and his compatriot, Andrew Auernheimer, coaxed Ma-Bell servers into delivering the goods, with a brute force script they lovingly named the iPad 3G Account Slurper. The hacker's plea agreement suggests a 12 to 18-month sentence, which is a lot more lenient than the 10-year maximum we hear he could face. Spitler's collaborator is apparently still in plea negotiations with the prosecutor. Both men initially claimed they were just trying to draw attention to a security hole, but maybe next time they'll think twice before embarking on such altruistic endeavors.
Sega's online Pass hacked, 1.3 million user passwords stolen
Let's bid a bitter welcome to Sega, the latest entrant to the newly founded club of hacked online communities. Sega Pass, the company's web portal, suffered a breach of its defenses on Thursday, which has now been identified to have affected a whopping 1.29 million users. Usernames, real names, birth dates, passwords, email addresses, pretty much everything has been snatched up by the malicious data thieves, with the important exception of credit / debit card numbers. We'd still advise anyone affected to keep a watchful eye on his or her banking transactions -- immediately after changing that compromised password, of course. In the meantime, Sega's keeping the Pass service offline while it rectifies the vulnerability; it'll be able to call on an unexpected ally in its search for the perpetrators in the form of LulzSec, a hacker group that boasted proudly about infiltrating Sony's network, but which has much more benevolent intentions with respect to Sega. What a topsy-turvy world we live in!
Report: LulzSec hacking group releases thousands of account logins, includes Xbox Live and Facebook [update]
Adding to the list of game-related companies it has attacked, LulzSec yesterday claimed to have stolen and leaked the login and password information for approximately 62,000 "internet accounts," reports the CBC. The stolen info is said to comprise logins/passwords from Facebook, Twitter, "dating sites," PayPal and, notoriously, Xbox Live. It is also claimed that the majority of accounts are from the United states, though several other countries are named in the report. The account database info is still currently available through the LulzSec website (though we'd suggest not visiting) -- various folks on Twitter responding to the group claim to have done a variety of things with the information, from having a large pack of condoms delivered to an elderly woman, to one person saying they bilked a PayPal account for £250 ($404). Earlier this week, the group attacked and successfully took down a handful of game industry websites, including EVE Online, Minecraft and The Escapist. All three sites quickly recovered and have been online since. Microsoft has yet to respond to request for comment on yesterday evening's alleged breach. Update: Microsoft has released a statement, which states that Xbox Live was not compromised to the best of Microsoft's knowledge, and the logins/passwords were released at random, with people encouraged to try said information on services like Xbox Live (among others). "This group appears to have posted a list of thousands of potential email addresses and passwords, and encouraged users to try them across various online sites like Xbox Live in the event one of the users happens to use the same password and email address combination. At this time we do not have any evidence Xbox Live has been compromised. However we take the security of our service seriously and work on an ongoing basis to improve it against evolving threats."
Codemasters website hacked, 'tens of thousands' of personal accounts compromised
This must be the season of the hacking witch as we've now seen yet another company's online security walls breached. Independent UK games developer Codemasters, responsible for titles like Dirt 3 and Overlord, has reported that its website was hacked on the third of June, exposing the names, addresses (both physical and email), birthdays, phone numbers, Xbox gamer tags, biographies, and passwords of its registered users. Payment information wasn't compromised, but when you consider that almost everything else was, that feels like hollow consolation. For its part, Codemasters says it took the website offline as soon as the breach was detected and a subsequent investigation has revealed the number of affected users to be in the tens of thousands. Those who might have been affected directly are being emailed with penitent apologies, while the rest of us are being pointed to the company's Facebook page while its web portal is kept offline.
Sony Pictures breach affects 37,500 users, far less than Lulz Security claimed
Well, Lulz Sec may have overstated its level of success by declaring it had stolen 1,000,000 passwords from Sony Pictures -- turns out the number is closer to 37,500. Now granted, any breach of user data is unacceptable, but when a hacker collective's haul is less than four percent of what it claimed, everyone can breathe a little easier. The troublemakers may have made off with email addresses, phone numbers, and passwords, but Sony says no credit card or social security numbers were compromised. The company issued a statement, which you'll find after the break, and is working with the FBI to track down those responsible. Hopefully this finally closes the door on Sony's security woes, and we can go back to bringing you stories about Angry Birds ports and Kinect hacks.
Sony says PlayStation Network will return to Asia, starting tomorrow
Good news, Asia -- the PlayStation Network is finally coming back. Today, Sony announced that it will restore its gaming network across the continent, more than a month after falling prey to a crippling data breach. The company's PSN services are already up and running across other parts of the world and, beginning tomorrow, will light up once again in Taiwan, Singapore, Malaysia, Indonesia, Thailand and even Japan, which had been harboring serious reservations about the network's security. Gamers in South Korea and Hong Kong, meanwhile, will have to wait a little longer before returning to normalcy, though Sony is hoping to completely resolve the issue by the end of the month. The company certainly seems eager to put this saga to bed, and for understandable reasons. The incident has already cost Sony an estimated $171 million in revenue -- not to mention the untold numbers of suddenly wary consumers.
Sony makes good, doles out identity protection activation codes for PSN and Qriocity users
Still feeling burned by Sony's record-breaking PlayStation Network outage? Fret not, promised reparations have arrived: a short form on the PlayStation website is now distributing activation codes for a free year of Debix AllClear ID Plus identity theft protection. The offer is good for all US PSN and Qriocity account holders who activate before June 28th, netting users up to $1 million in identity theft insurance coverage. Feel better? Hit the source link below to get your redemption code.
Sony Ericsson's Canadian online store hacked, more than 2,000 customers' data taken
The hackers just won't give poor Sony a break, will they? Following the infamous PSN breach last month and an attack on the company's Greek online music service earlier this week, Sony Ericsson has now seen another intrusion that extracted personal data of more than 2,000 Canadian Eshop customers. Fortunately, the company claims that passwords taken were encrypted and no credit card details were lost, but this is still worrisome nevertheless. Right now, the Eshop service has been taken off line -- for the sake of Sir Howard and his Japanese chums, let's just hope that this will be the last Sony breach we hear about. [Thanks to everyone who sent this in]
Sony estimates $3.2b loss this year, $171 million cost for PSN breach
It has not been a good year for Sony, which was affected both by the massive earthquake in March and the PSN outage that spanned from April into May. There couldn't be any doubt that those things would have a drastic impact on the company's bottom-line, and it's now taking the time to give investors an idea of just how big an impact that could be -- even though the financial issues lie largely elsewhere. Sony is set to announce its full financial report for its fiscal year this Thursday and, to soften the blow, estimates have been revised steeply downward. Previously Sony predicted a ¥70 billion ($855 million) profit, but now thinks a ¥260 billion ($3.14 billion) loss is rather more accurate -- a ¥360 billion non-cash charge taking the wind out of ¥200 billion in operating income. The earthquake was directly blamed for a loss of ¥22 billion, but that figure could certainly grow as this estimate is only through the end of March. Additionally, Sony has provided a early guess of a ¥14 billion (about $172 million) total cost for the PSN breach. That's less than two bucks per exposed account, but again we wouldn't be surprised if it's a figure that increases through the year. You know, once the lawyers start having their fun.
Xperia Play shipment to New Zealand stolen, Vodafone launch delayed (update: fake)
As if Sony Ericsson hasn't already had enough headaches with the Xperia Play. here comes Vodafone New Zealand with the announcement that its launch shipment of the gamer-friendly smartphone has been... stolen! We don't know how many Xperia Plays were in those crates, but it must take a pretty sophisticated operation to snatch up all of Voda's supply for an entire country. This slight hitch in transportation blatant lie follows an unexplained delay in shipments reaching the UK last month, and will compound shortages already caused by limited production capacity in Japan. Man, imagine how terrible this news might have been if the Play actually had any games worth playing. Update: It's all fake. Vodafone recently released some "security footage" of the "theft" in action, which only served to immediately incite outrage in viewers of the clip, and a Vodafone New Zealand spokesperson admitted to The Australian that the company made up the whole thing. For shame.
Sony misses promised PlayStation Network and Qriocity restoration date, begs for more patience
Whoops. If you'll recall, Sony held what can only be described as an emergency press event in Japan a week ago in order to issue a number of assurances about the resumption of service as it relates to the PlayStation Network and Qriocity. Seven days later, things are still as dead as they were pre-Cinco de Mayo. This evening, the company's Senior Director of Corporate Communications Patrick Seybold punched out a quick update to let the world know that they could actually leave the house and find something else to entertain 'em -- like it or not, PSN isn't coming back online today. The reason? On May 1st, Sony was apparently "unaware of the extent of the attack on Sony Online Entertainment servers," and now, it's spinning its wheels in order to restore security on the network and "ensure" that user data is safe. Mr. Seybold seems to understand that you're overly anxious about getting back into the swing of things, and he's even going so far as to ask your trust that Sony's doing "everything [it] can" to get the lights blinking once more. Oh, and if you were planning on visiting that source link just to find the new ETA... don't. Sony's planning to update you "as soon as it can." [Thanks, Alex]
Sony offers free Debix identify theft protection for PSN and Qriocity hack victims in US
Sony's "Welcome Back" package of free software and PlayStation Plus subscriptions was a nice gesture, but it won't help you if your credit card gets fraudulently charged in the aftermath of the PlayStation Network debacle. That, however, is exactly what Debix is for. Sony's announced that it will provide a complimentary one-year subscription to Debix's "AllClear ID Plus" identity theft protection service to all PlayStation Network and Qriocity account holders in the United States, which will attempt to protect your personal data from harm, by both monitoring known criminal activity for your private digits and providing up to $1 million in ID theft insurance coverage. We've never used Debix, so we can't vouch for its reliability, and this particular plan admittedly doesn't look quite as comprehensive as the one Debix offers regular customers for $10 a month. Still, some peace of mind is a heck of a lot better than none, so we think we might take Sony up on its offer and sign up by the June 18th deadline. If you'd like to join us, you should find an activation code in your inbox before long.
Sony responds to Congress: all 77 million PSN accounts compromised, finger pointed at Anonymous
We've heard Sony explain itself at length regarding the gigantic PlayStation Network breach, but this might be the most useful version of the story yet -- it's the one that Sony's Kaz Hirai is forwarding to US Congress members concerned about your personal information. The official PlayStation.Blog has the full English document up on Flickr for your perusal, and we'll warn you it's much the same tale -- Sony says all 77 million PSN and Qriocity accounts have had information stolen, but the company's still not sure exactly which pieces have gone missing, whether credit card numbers are compromised or not, or who could be behind the hack. Sony does say, however, that it had 12.3 million credit card numbers on file, and 5.6 million of them from the US, and that investigators found a file on one of the servers named "Anonymous" with the words "We are Legion" inside it. Hard to draw many conclusions from that. Update: Anonymous has apparently responded saying it "has never been known to have engaged in credit card theft."
Sony promises 'phased restoration' of PlayStation Network and Qriocity starting this week
Sony made quite a few promises this morning about how it intends to deal with the fallout from the PlayStation Network outage and breach when it wasn't profusely and solemnly apologizing -- you can find our liveblog right here -- including improved security measures and a few token handouts of 30-day free subscriptions to PlayStation Plus and Qriocity and possibly some free software. Perhaps more importantly for you gamers, Kaz Hirai told reporters that services will resume "soon," and by the end of the week we should see some functionality return. Of course, it made those promises in Japanese, but if you want an English copy you won't have to look far, as the official PlayStation.Blog got hold of a press release with them all spelled out. Find the full document after the break.
The Lawbringer: The system is down
Pop law abounds in The Lawbringer, your weekly dose of WoW, the law, video games and the MMO genre. Running parallel to the games we love and enjoy is a world full of rules, regulations, pitfalls and traps. How about you hang out with us as we discuss some of the more esoteric aspects of the games we love to play? For PlayStation Network users, this past week has been a harrowing one. The security breach and subsequent dismantling of the online network was a huge blow to Sony, which prided itself on being able to provide the service free of charge and expand into sales, downloads, and everything else synonymous with a next-gen online network. This past week's events, however, prove that these networks are fragile and have everyone asking the question, "What is next?" What would happen if World of Warcraft were down for a week -- not due to some prescribed downtime or voluntary upgrades, mind you, but a comprehensive security breach that affected every single member of our online community? From the PlayStation Network incident, we can see the hostile environment that these security breaches foster, from political ramifications to financial consequences and even legal trouble. Shall we muse about the stability of online networks?
Epsilon breach exposes TiVo, Best Buy email addresses, spambots stir into action
If you're subscribed to any of TiVo's email-based communiqués, now would be a good time to make sure your spam filters are up to scratch. Epsilon, TiVo's email service provider, has reported the discovery of a security breach that has compromised the privacy of some customers' names and / or email addresses. A rigorous investigation has concluded that no other personal data was exposed, however it's not just TiVo that's affected -- other big names, such as JPMorgan Chase, Citi, US Bank, Kroger, and Walgreens have also seen their users' deets dished out to the unidentified intruder. As we say, no credit card numbers or any other truly sensitive data has escaped, so the only thing you really have to fear is fear itself... and an onslaught of spam. Update: Best Buy and the US College Board have also joined the extremely broad list of affected organizations now, judging by the warning emails they've been sending off to our readers. Valued Best Buy customers should expect an email similar to the scawl posted after the break. Update 2: You can also count Chase Bank customers among those also affected -- not their bank accounts, mind, but their e-mail addresses. [Thanks to everyone who sent this in]
PSA: Breach patched for lag on XBLA, trial time extended
Following in the footsteps of its PC counterpart, the XBLA version of Breach is now patched. The update fixes "all known crashes," addresses lag issues and squashes a number of bugs, according to developer Atomic Games. Check out the full list of fixes after the break. Additionally, the time limit for online play in the free trial version of the game has been extended to one hour. As an added bonus, those who've already exhausted their free trials will receive the new, full hour. The full title update is available now and will be automatically applied upon starting Breach.
Breach patch claims to reduce lag on PC
Atomic Games announced a patch for the PC version of its downloadable shooter, Breach, designed to ameliorate lag issues. Along with "many" fixes for the lag problems, the patch corrects a number of bugs, including errors found in Sole Survivor and Retrieval games. Find the full patch notes after the break to find out if your favorite bug has been addressed. The new patch allows players to run Dedicated Server matches without having the Steam client running (see more info on dedicated servers here), and also adds user-configurable ports for the dedicated server function.
Breach review: Once more unto the FPS
If there's one genre that's stuffed to the gills on both consoles and PC, it's the shooter. Even the downloadable space is full of competition these days, with titles like Battlefield 1943, Monday Night Combat and Blacklight: Tango Down all fighting to pull players away from the yearly deluge of big-budget retail titles. As such, it's gravely important that any new FPS -- especially a lower profile downloadable title -- has something that separates it from the crowd. Breach has some well-executed ideas and some cool real-world gadgets, but I'm not sure what that hook is supposed to be. %Gallery-114420%
