identity theft
Latest
SCEE 'working incredibly hard' to offer protection for European PSN users [update: Sony to offer ID theft protection and free PS3, PSP games]
With Sony already offering identity theft protection to PSN users in the United States, PlayStation Blog Europe has posted an update on the situation for European customers. SCEE head of communications Nick Caplin stated "we are working incredibly hard to offer you something very similar" to the protection scheme offered to US PSN users. Caplin noted that offering such a plan is "a very complicated thing to achieve" given the number of countries in the European region. That said, he added that Sony is "close" to finding a solution and hopes to announce something "very soon." Update: Caplin has penned another PlayStation Blog post, detailing some of Sony's plans to offer compensation and identity theft protection to European PSN users. Caplin reiterated the difficulty in providing ID theft protection in different countries, though Sony hopes to "provide details of exactly which services are available in each country and explain how to sign up" by "early next week." Furthermore, Sony will also offer free games to European PSN users. PS3 owners will be able to choose two free games from a selection of five. PSP owners will be able to choose two games from a selection of four. The available games should be announced "very soon."
Sony offers free Debix identify theft protection for PSN and Qriocity hack victims in US
Sony's "Welcome Back" package of free software and PlayStation Plus subscriptions was a nice gesture, but it won't help you if your credit card gets fraudulently charged in the aftermath of the PlayStation Network debacle. That, however, is exactly what Debix is for. Sony's announced that it will provide a complimentary one-year subscription to Debix's "AllClear ID Plus" identity theft protection service to all PlayStation Network and Qriocity account holders in the United States, which will attempt to protect your personal data from harm, by both monitoring known criminal activity for your private digits and providing up to $1 million in ID theft insurance coverage. We've never used Debix, so we can't vouch for its reliability, and this particular plan admittedly doesn't look quite as comprehensive as the one Debix offers regular customers for $10 a month. Still, some peace of mind is a heck of a lot better than none, so we think we might take Sony up on its offer and sign up by the June 18th deadline. If you'd like to join us, you should find an activation code in your inbox before long.
Sony to offer PSN users free identity theft protection for one year
In the latest turn of events involving the theft of personal data for millions of PlayStation Network users, Sony has announced that it is partnering with Debix to offer 12 months of identity theft protection free of charge. Debix's "AllClear ID" protection will be made available to PSN and Qriocity account holders in the US, with the console maker "working to make similar programs available in other countries/territories where applicable." Sony says that users should be receiving offer emails "over the next few days" containing a promotional code for Debix's service, after which they'll have until June 18 to sign up. It's not stated whether this offer extends to users who create PSN accounts once the service goes back online, or only to those who had accounts before the outage, but we're following up with Sony for clarification. Under the AllClear ID plan, users will be alerted if their private data turns up on criminal websites or during law enforcement raids, have "priority access to licensed private investigators and identity restoration specialists" and will receive up to $1 million in compensation if their stolen data is used fraudulently within 12 months of sign-up. We've included the full rundown on what the service will offer after the break.
SOE releases further breach details, 24.6 million accounts compromised
There's an old adage that things are always darkest just before the dawn, and right now the folks at Sony Online Entertainment -- as well as millions of customers -- are enduring another round of grim news. The San Diego-based MMORPG publisher has just announced that approximately 24.6 million accounts may have been stolen, in addition to the 12,700 credit or debit card thefts reported yesterday. A new SOE press release reports that personal information including names, addresses, email addresses, login names, and hashed passwords has been illegally obtained by hackers. Another 10,700 direct debit records were pilfered from accounts in Austria, Germany, Netherlands, and Spain, including bank account numbers and the information mentioned above. SOE plans to compensate consumers with 30 days of free subscription time as well as an additional day for each day its systems are down. The company will also provide "a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs."
PlayStation Network credit card info appears to be safe: 'No unauthorized activity relating to Sony'
It looks like the beleaguered Sony finally caught a break. The company, which has struggled for over a week following a hacker attack that stole massive amounts of player information, says that it looks as though user credit card information remains secure and encrypted. It turns out that Sony had encrypted some personal info but not all of it. Gamespot also reports that several financial companies, including MasterCard, WellsFargo and American Express, have witnessed "no unauthorized activity relating to Sony." Sony's Patrick Seybold passed along the positive news: "The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack." Sony's PlayStation Network is still offline while it's rebuilt with a higher level of security. The company saw its shares drop 4.5% today on the Tokyo exchange to $27.71.
The Daily Grind: Do you trust MMO companies after the Sony debacle?
It's hard to believe that it's been over a week after a major intrusion into the PlayStation network, and Sony is still trying to put the pieces back together. Many customers were dismayed to hear that their private information was compromised by the attack. Free Realms and DC Universe Online players are among those who have to feel shaken up at the revelation that Sony wasn't the impregnable fortress they perhaps hoped. It's unsettling to realize just how much personal info you hand over to these companies -- your name, address, birthday, credit card information, passwords -- when that info could be grabbed by hackers. In light of the Sony debacle, do you still trust MMO companies with this information, or has it made you think twice about the corporations to which you're handing the keys to your life? Every morning, the Massively bloggers probe the minds of their readers with deep, thought-provoking questions about that most serious of topics: massively online gaming. We crave your opinions, so grab your caffeinated beverage of choice and chime in on today's Daily Grind!
PSN Breach: What it means for you, and for Sony
It's been nearly one week since the PlayStation Network servers were taken down due to an "external intrusion," and nearly one day since we learned PSN users' personal information was stolen during said intrusion. We're still not quite sure of the full scope of the security breach, but the latest update from Sony paints a fairly upsetting picture: Gamers' personal (and, possibly, financial) data has been exposed on a scale more massive than the gaming industry has ever seen. To help get a grasp on the situation, we spoke with consumer advocates and tech industry figures about what gamers can expect in the aftermath of this security breach. For instance: What financial or legal repercussions might Sony be facing in the coming months? And what can PSN users do to protect themselves from potential identity theft?
Sony still investigating scope of PSN attack as maintenance outage enters Day 6
As Sony's forced PlayStation Network and Qriocity outages continue, stretching into what is officially Day 6, the company issued a very un-update to would-be users this morning: "Unfortunately, I don't have an update or timeframe to share at this point in time," said corp. comm. director Patrick Seybold on the PlayStation Blog. "As we previously noted, this is a time intensive process and we're working to get them back online quickly." Speaking to PCWorld, SCEJ spokesperson Satoshi Fukuoka clarified that a "thorough investigation" was ongoing into what the company has characterized as an "external intrusion" into its system, which prompted the service suspensions. More troubling than any frustration caused by downtime over this past weekend, however, is the continued uncertainty about the extent of the attack. According to Fukuoka, Sony had yet to determine if users' personal information or credit card numbers had been accessed by the apparent hackers. If that's found to be the case, he assured, Sony would promptly inform those potentially affected. On Saturday, Seybold noted that "additional security" would be put in place before the services relaunch, calling this "re-building" effort both "time-consuming" and "necessary."
A cautionary tale of account security in Club Penguin
Many MMO gamers have children who are eager to jump into the online world but are unaware of the dangers that lurk there. While many kid-friendly MMOs have systems to guard children from unwelcome contact and identity theft, they still require the assistance of parents to teach their kids how to be safe in games. The Ancient Gaming Noob's Wilhelm recently shared a cautionary tale involving his daughter, Club Penguin, and a breach of account security. Even though she was cautioned not to share a list of details with anyone in game, all it took was the offer of a special item to get her to give up her account name and password to a stranger. This resulted in a headache, as the account was banned, and Wilhelm went back and forth with Club Penguin to re-establish his daughter's account and security. In the end, he found that Club Penguin's security was just as questionable as his daughter's judgment, and passed this story along to the rest of us in an effort to guard our own young ones from this unfortunate event. Considering that account security, personal identity and privacy are hot topics these days, we feel that this story is an eye-opener as to how far both game companies and families have to go to protect our loved ones from being exploited. You can read Wilhelm's full account over at The Ancient Gaming Noob.
PSA: Scrub your gaming console's memory before selling
Usually, when we label a headline as a "PSA," it's in a joking manner; say, "PSA: Bacon is delicious, good for you." However, we're pretty sure this post constitutes a legitimate public service announcement: Ars Technica recently published an article that the frequent trade-in-ers among us should probably read. In short, if you're not erasing your consoles' hard drives before trading them in, there's a pretty good chance you could be robbed blind. (Or at least robbed astigmatic.) Seriously, if you're thinking about trading in or pawning one of your gaming consoles sometime soon, follow the helpful tips provided in the Ars piece. They'll ensure that you don't accidentally leave your credit card information in the system's memory for its next owner to exploit. You also don't want to leave your Avatar, Mii or PlayStation Home account on there, either. That's how e-stalkers get started, donchaknow.
AT&T fixes bug that logged users into random Facebook accounts
Okay, so we were under the impression that Facebook login credentials were a locally-managed affair, but it looks like almost anything can break when AT&T's involved -- according to CNET, the carrier just fixed "several problems" that had users logging into the wrong Facebook account from their phones. The issue was apparently related to subscriber identification numbers being mistranslated into bad URL session IDs, and AT&T says it's taken some security measures to prevent it from happening again, while Facebook's just shut off the automatic login feature that used the ID number entirely. Excellent work all around. Unfortunately, there's also a pesky incident in Atlanta where someone was able to login to another Facebook account from an AT&T phone due to a bad cookie, but AT&T says that was an "isolated" case and that it's "unclear how this cookie was set on the phone." How very reassuring. Back to Friendster!
The curious case of Ferarro
We, along with many of you, have been monitoring the curious case surrounding one of the most prominent Paladin bloggers, Ferarro. We originally did a 15 Minutes of Fame with Ferarro on May 26th. The article was about her life as a blogger, a paladin, and a game tester for Blizzard.After the article was written, a few things happened.First, Jagoex posted a story on Ferarro's use of pictures from the website TechDarling. Ferarro was claiming she was the person pictured, when in fact she wasn't. Sarah Townsend, the author of TechDarling, has stated she doesn't know who Ferarro is.Secondly, Ferraro's blog, Paladin Schmaladin, suddenly switched over to privacy mode blocking anyone from reading it who didn't have an invitation directly from Ferraro. Her Twitter account had the message "Stalkers are cool," and was then locked until it was deleted completely a day later. Her WoW character disappeared via a likely server transfer, and her contributions at RetPaladin.com were removed completely. Update: After this article was posted, Ferarro has once again made her blog, and thus her statement, private. However you can view a google cache of the page.This began raising many eyebrows and brought on a lot of speculation. All of which ended today when she posted claiming herself as multiple persons, which after investigation is now brought into question as well.
NY state inserts RFIDs into licenses; citizens next?
What can we say about RFIDs that hasn't already made you afraid? Your passport? Clonable. Your work ID and "secure" credit cards? Yeah, those too. Not scary enough? How about every adult New Yorker walking around with one in their back pocket? It's just a matter of time, as the Empire State's clearly enhanced drivers licenses (says so right on 'em) are now hitting the streets. For $30 on a new one, or $10 if you're looking to upgrade, you can get yourself a radio-wave emitting ID, enabling you to cross the border into Mexico, Canada, or the Caribbean sans-passport. Don't worry, the cards won't be broadcasting any personal information -- just a unique code that the government can use to track your every movement.[Via Crave]
Azeroth Security Advisor: Preserving your online privacy
Every week, computer security expert Jon Eldridge is your Azeroth Security Advisor. He will delve into the darkest reaches of computer security rumor and bring the facts back home even if they're wriggling at the end of a pike. His goal is to provide useful information to gamers who don't think about security much and flame fodder for those self appointed experts who need to rationalize the cost of their expensive certifications. Like any good security force he's a mercenary at heart and is happy to take subject requests from the user community that he serves. So feel free to leave a comment below or just sit back and enjoy the show. So you've made it to the top. You're in a 1337 raid guild that can sleepwalk through heroic instances. The PvP teams that are lucky enough to have you grace them with your presence are first in your battle group. Your favorite hobbies include disenchanting purples and watching the n00bs pass out when they inspect your gear. You've been around since beta and everywhere you go people know your name. Yep is sure is great to be you(r toon). /emote pat self on back. Then it happens. You login to find that somebody in your guild is the object of much ROFLMAO and that somebody is you. Your stomach drops out and your heart goes into overdrive as you read that chat. Now everybody in your guild knows your real name, home address, social security number, political affiliation, and drivers license number. But wait it gets better! Your arch rival just posted links to your online dating profiles, anarchist news group posts you made back in high school, and your criminal history. You've been RL PWN3D in the worst possible way.
Paper Tyger unveils printable RFID Shield
If you're wondering how the privacy advocates that get shipped off to Japan's wireless island will maintain their sanity, we've got a hunch that they just might look Paper Tyger's way before departing. The aptly-named RFID Shield is reportedly "easily printable" and unsurprisingly aims to protect personal information on contactless credit cards and similar wallet mainstays. Purportedly, the unit contains "a new security barrier to assure that sensitive information contained on the card's RFID chip remains protected when not in use," and can even be fabricated into envelopes or paper sleeves. No word just yet on when this here RFID-shunning technology will be available for purchase, but we're sure at least a small sect of individuals will be clamoring for dibs when it finally goes commercial.
Self-Service Shredder kiosk enables pay-per-use shredding
Hey, we can't fault anyone for taking advantage of mass paranoia, and it seems that Colorado Springs-based JRP Enterprises, Inc. is about to cash in on the growing threat of identity theft. The Self-Service Shredder will be built, distributed, and marketed by RealTime Shredding, and thanks to a recent patent grant, it looks like it'll have exclusive rights to do so. The kiosk sports a 2.5-horsepower motor, LCD display, and has the ability to chew through paper (200 pages per minute, no less), cardboard, credit cards, paper clips, staples, CDs, DVDs, and floppy disks. Current installations include banks, offices, malls, military bases, and schools, and while we're not quite sure how much it'll take to get one in your place of work, those $1 per two minute shredding sessions could really add up.
Your office photocopier could help steal your identity
While we've seen just how to have a Sharp miracle in your office, it now seems that Sharp copiers (along with Xerox and a smorgasbord of others) could become a miraculous find for identify thieves. Given that many all-in-one "bizhubs" of today feature some sort of internal storage device to capture copies, scans, and faxes in case you need to resend the file a week or two later, it's not too surprising to think how such a convenience could be exploited by ill-willed individuals to extract personal information about you and your office mates. Pointing at tax time in particular, it has been suggested that many Americans photocopy sensitive documents that contain all the information needed to jack your ID without even realizing how vulnerable they've made themselves. Both Sharp and Xerox, however, have both released security kits that encrypt the internal data stored on its machines, but if you're using some off-the-wall copier and have noticed something peculiar about that fellow across the hall, stay sharp.
AMBER Alert comes to Kingston's Child ID USB flash drive
Similar to just about every other USB flash drive manufacturer out there, Kingston's renditions aren't any stranger to somewhat superfluous security layers, but the firm's latest thumb drive looks to keep your child safe by teaming up with AMBER Alert. While the kid-protecting service has already been available via SMS, the Child ID Kit allows users to upload a smorgasbord of information about a single child including photos, birthdate, hair / eye color, contact information, nicknames, and even fields for parents to explain gaudy tattoos and embarrassing piercings that should only be divulged when searching for a missing youngster. Sporting 512MB of internal storage, password protection, and obligatory encryption, paranoid guardians can snap up one (or more) now for $29.95 apiece. Still, we're not entirely convinced this ultra-modern edition of the milk carton splash will actually help you find missing kiddos any faster, but at least you won't be forced to go searching for their blood type at inopportune times.[Via Gadgets-Weblog]
Elecom intros skim prevention kit for wallet, cellphone
If you're down with the whole "swipeless" idea, but don't much dig the potential lack of security associated with it, Elecom's coming to the rescue in an attempt to put your paranoia to rest. The Skim Black I lineup of gear consists of a thin, wallet-based card and a not-so-elegant adornment for cellphones (pictured after the jump), both of which eliminate snoopers from jacking your precious information (or identity) by cutting off a reported 99.9-percent of radio waves. To be effective, the skim prevention card must be close to any swipeless cards in your wallet or pocket, while the bulkier SKM-K001 needs to be stuck on the rear of your mobile to effectively destroy the hopes of data thieves (and all stylistic appeal your handset previously had). Both units should be hitting Japan any day, and while the SKM-C001 wallet card will run you ¥1,260 ($11), the cellphone guardian will demand ¥2,310 ($20).[Via AkihabaraNews]
Ireland getting naked e-passports
If you think you're at risk of identity theft and targeted assassination attempts with your new RFID-enabled passport, just think of the Irish for a moment: they started getting e-passports last week that don't even include the little mesh jacket that supposedly keeps our version safe from unauthorized readers. With Dutch and German passports based on the same ICAO guidelines having already been successfully intercepted and decrypted, people are understandably concerned that the US didn't think this policy all the way through before making it a requirement of the Visa Waiver program, and now it seems that some of the affected countries are willing to implement even shoddier security than a type that is already deemed risky. According to Ireland's Department of Foreign Affairs, shielding the new documents is not necessary because they can only be detected when open and close to a reader, even though the general consensus is that the read distance of the chips they're using can be as much as several meters. Apparently the immediate fear is not so much over stolen identities (because of encryption), however, as it is about terrorists being able to use so-called RFID skimmers for targeting groups of people based on their nationality.
