Affected by the PSN Breach? Here’s What to Do Next...

Tuesday, May 24, 2011

Tom Eston


Affected by the PlayStation Network Breach? Here’s What to Do Next...

Sony has made the news once again, with yet another security issue regarding the password reset functionality of their site; it was supposed to support the password changes of 77 million PlayStation Network users after the recent security breach. 

This new issue is on top of the 25 million customers affected by the Sony Online Entertainment network that had also been compromised. 

Sony seems to be having multiple security issues going on at once, and as a Sony customer you should be concerned (even with the good amount of “freebies” Sony will be dishing out to customers post breach). 

What is a gamer supposed to do?  A breach like this could happen to Microsoft or Nintendo as well.  It just depends who is on the attacker’s radar at the time.

While there is much speculation regarding the cause of the Sony breaches, including unpatched web servers or leveraging a PS3 to connect to the PSN QA environment, there are also several important things to be addressed from a customer’s perspective. 

What should Sony customers do to protect their data?  Your personal information, including name, address, phone number, email address, user name, password, and birthday has most likely been compromised. 

Sony has not confirmed or denied that credit card data was stolen; however, as a customer you should take the following precautions when using a PS3 or any game console, including XBOX Live and Nintendo’s Wii and DS systems.

Use a Credit Card for online purchases, not a Debit Card

Always use a credit card for online purchases.  The reason is that most credit card companies will instantly reimburse you for fraudulent charges on your account. 

Your bank will also reimburse you for fraudulent charges on a debit card; however, you lose the money instantly out of your bank account and it could take weeks for the bank to reimburse you for these charges. 

Also, be vigilant with checking your credit and banking statements.  You should be doing this regularly to detect fraud!

Create a strong and unique password for each account

It goes without saying that you should always create a strong and unique password for each and every account you use.  Password reuse is a major problem many of us hate to admit to doing. 

Do not use “throw-away” passwords either, as this can make you lazy with your password choosing schema.  Do not be surprised if one of your throw away passwords comes back to haunt you because of a security breach.

While there are many techniques for creating secure passwords, my advice is to take the guess work and memorization out of it and use a password manager like KeePass. KeePass can create randomly generated passwords for each and every site or service you use. 

That way if your account on PSN gets compromised, all your other accounts are safe.  It is very typical that an attacker will try your user id/email address with your password on other sites.

Don’t give up your personal information if you don’t have to

Use false information for password reset questions and birthday information (if required).  Be cautious with password reset questions in general. 

Often times, it is easy to guess through public information or by what you post on a social network site the answers to these questions.  If using fake information, store the answers in your password database (like KeePass) along with your unique password.

Lastly, be aware of phishing and email scams if your email address was compromised.  Breaches like Epsilon and now Sony highlight the fact that your email can be used to target you for more personal information.

Tom Eston is a Senior Security Consultant for SecureStateTom focuses much of his research on the security of social media. He is the founder of which is an open source community dedicated to exposing the insecurities of social media.  Tom is also co-host of the Security Justice and Social Media Security podcasts.

Cross-posted from  SecureState Blog
Possibly Related Articles:
Information Security
Passwords Credit Cards Sony breach PlayStation PSN
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.