All EverQuest Servers Down

[rob]

I think we should be wondering if this is going to sour SoE against hackers so much that they finally come after MQ2.

MQ2 users aren't even close to being in the same league as hackers stealing PII and CC numbers.

There isn't a company on the planet that would even view those two groups in similar light.

Playing devils advocate, with a good enough lawyer, a judge may.

 

[Kkthnx]

So, i just rant SoE, like they said to do if i had more questions. Every question i asked, the dude had no answer for. He just kept saying they are working on the servers, and would probably make another announcement later today.

 

[Zeta1]

Playing devils advocate, with a good enough lawyer, a judge may.

That's reaching a bit far.

If you're caught using MQ2, your account isn't even outright banned in most cases. You will most likely receive a suspension.

If you are caught stealing PII and credit card numbers, you are tried in a court of law by the State (probably the State you live in) and, if convicted, receive jail time and/or fines. Depending on the situation, you may even be tried in a Federal court (although this is rare).

 

[Chase369]

So is there a way to contact companies and tell them to delete your CC info? Will they do it? Can they do it? Is there a service?

Should I start my own company and make millions and billions in the light of this Sony situation? lol

 

[Lorekeeper]

you call your creditcard company..

 

[Chase369]

I doubt my bank/credit card companies would contact the different companies I buy things from online, and ask them to delete my info from their databanks.

I could be wrong...

 

[Lorekeeper]

They don't but they can delete your card making it useless lol.

 

[Chase369]

Well no shit lol! Thats already in process of happening... What I was referring to is for future transactions with my new account info.

 

[Brano11]

Was posted by SOE that there is no ETA \sad face

 

[Dogstar]

At this point, while I appreciate the make good time, I would rather gave us a really, super in-game item. Something, like your choice of one HoT raid level weapon or armor piece per account. They could set it upin the rewards window once they get the system back up.

 

[TheOneX]

At this point, while I appreciate the make good time, I would rather gave us a really, super in-game item. Something, like your choice of one HoT raid level weapon or armor piece per account. They could set it upin the rewards window once they get the system back up.

You would get more people quitting over that then over the downtime they are having now

 

[Rasmussenn]

Give everyone a freakin Steam Capacitor since they made the f*ckers so hard to get in the MG quest...

But yeah, something besides the free time would be cool

I also want some form of free ID theft protection/insurance for 6 months to a year to ensure that my personal info is beyond compromise.

Having to get a new CC/Debit card means having to change every single automatic payment arrangement I have. And remembering which ones use which cards is going to be a nightmare

 

[htw]

Another article, just for your reading enjoyment:

http://www.cnn.com/2011/TECH/gaming.gadgets/05/02/sony.hack/index.html?hpt=Sbin

htw

 

[dulak]

And now for other news:
http://www.leasticoulddo.com/comic/20030519

 

[Blitzkrieg]

So is there a way to contact companies and tell them to delete your CC info? Will they do it? Can they do it? Is there a service?

Should I start my own company and make millions and billions in the light of this Sony situation? lol

You can certainly request it, and I believe in some states, there is a disclosure requirement of how long if at all they retain your information.

I know AmEx does something like this upon calling it in, and will also give you an entirely new account and will keep access to your old one, as to ease the transition to the new numbers. It can be temporary too if you want to go back to your old cards.

 

[Zeta1]

At this point, while I appreciate the make good time, I would rather gave us a really, super in-game item. Something, like your choice of one HoT raid level weapon or armor piece per account. They could set it upin the rewards window once they get the system back up.

edit: nevermind. This makes such little sense on so many levels I won't further its cause by asking additional questions.

 

[tristar]

who don it?

Why does this always happen on my day off?....

omfg i know. every single time. lol. i get 1 day off a week and bam!

 

[speedi123]

Some realities here...

PCI compliance does NOT say that an Internet vendor cannot store credit card info. It specifically allows that but requires certain standards of encryption and data protection. Thousands of vendors store cc info... Amazon, for example. I'd be shocked if Sony didn't meet PCI requirements since the credit card processors themselves require proof of PCI compliance even from small mom-and-pop operations. For a lot of them, it's built into the credit card terminals so they don't even know they're complying. But if you have a business with a standalone cash register program, if you try to input credit card info into the program, you need to be PCI-compliant to have the program interface with the credit card terminal. Sony being a major Internet vendor, there's no way they don't meet PCI standards.

Now, if all that's true, how do credit card numbers get stolen by hackers? Well, PCI compliance can be certified by processors with respect to the transmission of credit card info from a vendor to the processor. How the vendor secures cc info in its own databases is not as easily verified. Basically vendors simply confirm to the processors, sometimes just by completing an on-line checklist on their "word of honor" that they comply with the requirements, one of which is, for example, not to store cc info without adequate encryption and password protections for the systems involved. But as far as I know this isn't subject to independent review unless an audit is triggered by something like... what happened here.

I doubt Sony stores the 3-digit CCV code... it's highly against the rules to do so and I think every single time I've ever bought something from Sony I had to enter the CCV code. This gets verified by the processor, not by the vendor. Of course one of their programmers could have fucked up and trapped this coded and saved it but that would be a big bad NO-NO especially for a company the size of Sony.

Now given the ridiculous programming bugs in their game code which often survive beta testing and get out into general play... I suppose anything's possible.

Everyone is entitled to an annual free credit report from each of the 3 big credit card houses. I suggest everyone make use of that. Don't order all 3 at once; order one now and then the other two at 4-month intervals in future. The place to get them is:

www.annualcreditreport.com

not those bastards at "freecreditreport", which charges for their "free" reports. Yeah, the reports are "free", with a paid subscription to their stupid monitoring service. I always love that bullshit... what if I ran an ad which said:

Unlimited free use of a 2011 Mercedes-Benz C300!
...with purchase of a 2011 Mercedes-Benz C300

Would that be fraud?

Finally, what should concern us more is that account login names and "hashed" passwords have been stolen. I sure hope "hashed" means that the passwords are encrypted. And nobody's mentioning if the hackers got access to the program which decrypts those hashed passwords. If they did we better all be changing our passwords as soon as possible. Plus Sony should allow us to change the log-in names, altho knowing Sony they won't ever do this since it would amount to a huge fuckin' deal and they'd mess it up big-time anyway.

Maybe I am reading something into this, but from https://www.soe.com/securityupdate/ they are stating

Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained. We will be notifying each of those customers promptly.

They make no mention of this data being encrypted.

From https://www.pcisecuritystandards.org/documents/PCI%20SSC%20-%20Ten%20Common%20Myths.pdf, Myth #9 clearly states: If merchants or processors have a
business reason to store front-of-card information, such as cardholder name and primary account
number (PAN), PCI DSS requires this data to be protected, and the PAN to be encrypted or otherwise
made unreadable.

So, a lot of this could be fluf if the data was properly encrypted. But if it was encrypted, why wouldn't SOE mention that tid bit?

 

[rob]

It was an old database and european only. Maybe they've only in the past 4 years transition and/or the requirements are more lax in the EU?

 

[SiegeTank]

I have to agree if the data had been securely encrypted they'd be very stupid not to reassure customers by mentioning it.

So if they didn't mention it and the data was NOT encrypted, than all the more reason to worry about this Sony fiasco.