Reply
Apr 09 2014
By: The-Sarge Treasure Hunter 4392 posts
Offline

HeartBleed Passwords at risk?

[ Edited ]
15 replies 1944 views Edited Apr 9, 2014

I, and I am sure many others, would like to know if the PlayStation Network, the forum, and anything else related to the Sony Entertainment network was suseptible to the HeartBleed Open SSL security flaw that was discovered.

 

If so, then has Sony patched the security flaw yet?

 

I would like to know if our passwords were vulnerable, and if they still are or not.

 


 


 


 


Be One With The Game.

Message 1 of 16 (1,944 Views)
Reply
0 Likes
MVP Support
Registered: 01/23/2013
Offline
2943 posts
 

Re: HeartBleed

Apr 9, 2014

To my knowledge Sony has yet to release a statement regarding the Heartbleed situation going on right now. It's my understanding that before the heartbleed was officially announced they let the developers behind OpenSSL know about the flaw and get extra time to work on it. According to several articles I've read this bug has been around for quite some time now, so just to be safe it's never a bad idea to change your passwords for any service you use. Until Sony or any other service provider comes out and says whether or not they have been affected it's wise to take the extra precaution of changing your password. I'm sure that if Sony was worried about the Heartbleed affecting their services for an extended period of time they would've notified us already. 

Message 2 of 16 (1,936 Views)
Reply
0 Likes
Treasure Hunter
Registered: 11/20/2006
Offline
4392 posts
 

Re: HeartBleed

Apr 9, 2014

It is pointless to change your password until we have confirmation that Sony has patched the security flaw.  If they haven't, the new password is just as vulnerable.

 

This is why Sony really needs to issue a statement on this, and inform people as to the security status of their Network.

 

For all we, and Sony know, there could be hackers eavsdropping on their SSL traffic and picking off passwords and Credit card information right now.

 

It is Sony's responsibility, in light of these developments, to inform people as to the state of their network security.

 

 


 


 


 


Be One With The Game.

Message 3 of 16 (1,932 Views)
Reply
0 Likes
MVP Support
Registered: 01/23/2013
Offline
2943 posts
 

Re: HeartBleed

Apr 9, 2014

Absolutely, I agree that it'd be nice if Sony issued a statement either saying "We fixed it" or "It never affected us". However, no major site or service provider to my knowledge has acknowledged Heart Bleed pubicly. It's likely because they're all testing everything to make sure it's clear. If a company came out and issued a statement like "We don't know if we are affected by the Heart Bleed bug, but we are looking into it" you'd see a massive wave of panic and claims that [insert company name here] is clueless and has no idea what they're doing. They'd rather know for a fact that they aren't affected by it, or that they were but have since fixed it. That's my $0.02 on why I think there hasn't been a statement or one yet at least.

Message 4 of 16 (1,918 Views)
Reply
0 Likes
Treasure Hunter
Registered: 11/20/2006
Offline
4392 posts
 

Re: HeartBleed

Apr 9, 2014

Determining if they were and still are affected is very simple.

 

If they are using a version od Open SSL that is older than two years, they were not affected.  If it is newer then they were affected.  If they have patched it with the new security patch, then they are no longer vulnerable.

 

My company determined it in literally 5 minutes.

 

 

Does Sony even respond to this support forum?

 


 


 


 


Be One With The Game.

Message 5 of 16 (1,885 Views)
Reply
0 Likes
MVP Support
Registered: 01/23/2013
Offline
2943 posts
 

Re: HeartBleed

Apr 9, 2014

These forums are not to be used as a method to directly reach Sony. The forums are mostly browsed, moderated, and posted in by everyday gamers. If you want to reach Sony regarding the issue you'd want to contact them directly either by phone or by live chat. You can do that by clicking here.

Message 6 of 16 (1,883 Views)
First Son
Registered: 04/10/2014
Offline
1 posts
 

Re: HeartBleed Passwords at risk?

Apr 10, 2014

I actually got hacked on Wednesday early morning at 2am. However I did not store my credit card information on my PSN account, that i remember. I found this out by opening my email on Wednesday morning when I woke up to find that someone spent $70 on fifa and fifa points under myaccount and with my check card. So needless to say, I don't feel protected with any sites and such. I found out that steam also had this "bug" and other big places like amazon and such. I know most have patched it now. But I have now changed my passwords on everything I have out there and I have close my accounts and issued new ones. I learned from sonys hack a few years back to not store my card online, but seems to me now that I should never buy anything with my card now. Guess I'll move to buying network cards or gift cards for online purchases!

Message 7 of 16 (1,540 Views)
Reply
0 Likes
Treasure Hunter
Registered: 11/20/2006
Offline
4392 posts
 

Re: HeartBleed

Apr 10, 2014

Well I'm definately not doing a live chat with them.

 

It requires me to enter my password.  Doing so is the very thing that is possibly unsafe.

 

Why has Sony not issued any kind of statement on this?

 


 


 


 


Be One With The Game.

Message 8 of 16 (1,466 Views)
Reply
0 Likes
Hekseville Citizen
Registered: 04/18/2005
Offline
301 posts
 

Re: HeartBleed Passwords at risk?

[ Edited ]
Apr 11, 2014

I think we're safe cause I found this article: http://qz.com/197258/how-to-tell-if-heartbleed-could-have-stolen-your-password-and-when-its-safe-to-...

 

I found playstation.com on the list and it says 'no ssl", I'm not an expert but it sounds like if a site doesn't have ssl it's safe or it it the total opposite?

[url=http://www.yourgamercards.net/profile/kratos1984/][img]http://www.yourgamercards.net/trophy/a/kratos1984.png[/img][/url]
Message 9 of 16 (1,249 Views)
Reply
0 Likes
Treasure Hunter
Registered: 11/20/2006
Offline
4392 posts
 

Re: HeartBleed Passwords at risk?

Apr 11, 2014

I called Sony PlayStation Network Support last night to enquire as to their status.  Twice.

 

The first guy didn't even know what I was talking about.

 

The second guy said that they haven't finished fixing it yet.  Not sure if I trust him or not.

 

The point is, there is no official statement from Sony either way on this.  What the hell is wrong with this company.  If eveything is fixed, then tell people that.

 

If it isn't fixed yet,then people deserve to know that as well.

 

This is ridiculous!!!

 


 


 


 


Be One With The Game.

Message 10 of 16 (1,054 Views)
Reply
0 Likes