IM ON UR SRVR PWNING UR NOOBS!By now, many of you have heard of the recent breaches of Sony’s PlayStation Network (PSN). The mind boggling sum of 77 million compromised accounts has been attached to this breach alone. I feel some context is needed to be able to truly appreciate the sheer scope of this number.

We all know that New York City has a rather large population. However, the entire population of New York City would only account for less than 11%. Now if you throw Los Angeles into the mix with NYC you are still left with less than 16% of the total number of compromised accounts! In fact, if you were to total up the entire population for the 50 most populated cities in the United States you would still be left with a number that rests just under 63% of the number of compromised accounts! To take the number crunching even further this averages out to be one in every four people in the ENTIRE United States. Any way you slice it, this is a staggeringly huge amount of pwnage!

With number like that it’s easy to see why Sony opted on the more cautious route of pulling the service down entirely (and keeping it down) till such a time as they can ensure the data integrity. Personally, I am grateful they are taking the time to ensure things are done right this time… or as close to it as you can get. However, to get the full scope of things you must also know what data was actually compromised.

Here’s a short rundown of the compromised data…

  • Real Name
  • Address
  • Email
  • Birthdate
  • PSN login name
  • PSN password
  • PSN handle
  • PSN password security answers
  • Credit Card

Keeping in mind most people tend to use the same email address and password for multiple sites you can begin to appreciate the sheer scope of things. All information with the exception of credit card numbers were not encrypted. The credit card numbers were encrypted. However, how long they remain that way is another matter entirely and should be considered compromised as well.

 

My recommendations for those effected…

  1. Change your passwords on every account, email, and service that may potentially resemble the password used on your PSN account. Also, use complex/unique passwords for sites online. This will help prevent one compromised site from having a domino effect on all your other.
  2. If possible, abandon the email account associated with your PSN account. If not, prepare for the oncoming torrent of spam and phishing attacks coming your way. It would be a good idea to create a special email account and/or an email alias that can be used for certain types of sites (ex. socialmedia@yourdomain.com or forums@yourdomain.com). If you have access to your very own domain & mail server there are a lot of options you have to play with to help mitigate damage.)
  3. Cancel your associated credit card & keep a close watch on your account.
  4. When the service come back up, don’t put your credit card info into the PSN service. Rather, purchase the cards from a local retail outlet to add funds.
  5. Whenever you fill out security questions get in the habit of lying! (Just be consistent in your lies so you can remember them! Who would ever guess that your favorite teacher was “Kleenex”, that the street you grew up on was “Michael Jordan”, or even that “Cytoplasm” was your mother’s maiden name! This has the added benefit of allowing you to tell the truth on those stripper names/royal wedding names/or other such social media viral fun!)

In fact, all of these recommendations (sans canceling your credit card) would be good ideas for other sites such as Amazon and iTunes also.

As I always say, the key here is awareness on the part of the end-user. Take some simple steps and you can help ensure that should another data breach occur (which invariably it will eventually) its effects will be minimal upon your daily life. The most important thing through all of this is to remember the timeless words of Douglas Adams, “Don’t panic!”

How has the recent Epsilon & PSN network breaches effected you and your perceptions of security?