Originally Posted by FreePlay
Actually, there's quite a lot of debate in the matter. Sony did nothing wrong and everything right in this case.
Hackers got access to username/password information for ~96,000 users from some insecure website or websites. They then attempted to use the same combinations to get onto PSN. When Sony's network security detected a massive number of failed login attempts targeting specific users on PSN, they locked down all the targeted users' accounts in case they were compromised.
This is exactly what they should have done, and the data breach had absolutely nothing to do with Sony.
This is like if a company left its customers' credit card numbers sitting unencrypted in a database, someone hacks their server and steals the database, and then the hacker goes on to try to use the credit cards on PSN.
|
Very good explanation, BUT...How come a *Hacker* or *Hackers* got usernames and passwords from some *shady* website?.
So if i try bruteforce PSN with random usernames and passwords with zombie bots they perfom a lockdown on a certain sector?, In some credit card site i could accept that but on PSN no.
They say that only 0.1% were affected by this, and I said it's my point of view = Sony Failed Again. On minor scale they failed again that cannot be refuted with some poor excuse about a automatic lockdown due to masive login attemps.
If you perform a random bruteforce like i said, a massive attemp to login with RANDOM different usernames and passwords is NOT the same sceneario. I bet ten dollars that the lockdown will be not performed.
Ergo the security of SONY = PSN it's still in bad shape.
This is not a RANDOM case, the *hackers* or *hacker* got solid data about users and passes that were legit.
Get my point?