Cathode Tan - Games, Media and Geek Stuff
logo design by man bytes blog

Monday, May 02, 2011

Sony clarifies PSN breach, somewhat...

The LA Times is reporting a few updates on the PSN breach after Kaz Hirai's press conference. Two notable bits:

Sony has revealed that 10 million credit card accounts may have been exposed two weeks ago when a hacker broke into the company's computers in San Diego and stole data from 77 million PlayStation Network accounts.
-- Sony apologizes, says 10 million credit card accounts may have been exposed in network attack

Which isn't much of a clarification. Actually, just a more dire way of putting what Sony has been saying all along: they don't know if the credit card information was obtained, so you should probably act like it was.

Then there's this (and the only reason I'm still blogging on this topic):
Clarifying an earlier statement that said consumer passwords were not encrypted, Sony said they were "hashed," a form of mathematical obfuscation that makes it difficult for a hacker to read the passwords.

So "hashed" means it wasn't in plain text - but any hacker capable of this breach is capable of decoding the password somewhat easily. If the passwords used a salt with the hash (I know, I'm thinking of breakfast foods as well) - it would much harder, perhaps prohibitively so, for the hacker to get them.

So what does that mean? Means you should still treat your password like someone else has them. And honestly, Sony is being kinda dodgy about this (took me forever to find the article above) ... so I'm kinda guessing they were unsalted ... since if I were Sony I'd be trumpeting anything they did correctly right now, no matter how geeky the explanation.

No comments: