Ping Identity > Blogs > PingTalk 

PingTalk Blog

How to save $50 (but lose your identity)

A story from Reuters details how the perpetrators of the Sony PlayStation Network data breach obtained "people's names, addresses, email address, birthdates, usernames, passwords, logins, security questions and more."

There was no need to add "...and more," the first 11 words are scary enough. Along with the fact it took Sony a week to report the breach.

But the soothing next sentence in the Reuters story saying Sony is not seeing any evidence that credit card numbers were stolen, brought a smile to my face.

What a sigh of relief those 77 million breached users must have experienced knowing they would not be on the hook for a $50 fraud charge with their credit card providers. I've said it here before, your personal data is valuable. Sony's customers are now a proof point.

At least one user gets it. CNet reports a suit was "filed today on behalf of Kristopher Johns, 36, of Birmingham, Ala., in the U.S. District Court for the Northern District of California. Johns accuses Sony of not taking "reasonable care to protect, encrypt, and secure the private and sensitive data of its users."

Of course, Sony added that it isn't completely sure credit card data wasn't stolen, but it did advise users to place fraud alerts on their accounts.

"Even if it turns out credit card data wasn't stolen, the consequences of this attack are huge," Fred Cate, director of Indiana University's Center for Applied Cybersecurity Research, told the university's news service.

Cate, who also is a distinguished professor and the C. Ben Dutton Professor of Law at the IU Maurer School of Law, said the attack presents a "massive security threat," with the potential to affect millions of people, including children.

Cate recommended people affected should urgently change their passwords and reset questions not only for PlayStation accounts but all accounts.

In the IU news service report, Cate said, "Password data is very revealing. Many people reuse the same passwords and reset questions across most, if not all, sites they use."

Cate says that could give the PlayStation hackers access to users' banking, credit card, online retail, email, and corporate network accounts.

"In fact, by using the password reset information, the thieves can reset account passwords, thereby blocking individuals' access to their own accounts and information," Cate said.

....and more. 

Follow John on Twitter and check out his Identity-Conversation Tweet list

Add your comment