Reply
Apr 14 2014
By: mochuuu SCEA 1489 posts
Offline

Regarding "Heartbleed" and PSN - SEN - PS.com

OFFICIAL POST
33 replies 2652 views Edited Apr 14, 2014

Hey all, 

 

As widely reported, a vulnerability called “Heartbleed” was recently found in OpenSSL, the popular open-source software used to encrypt and secure computer communications, that could allow data theft on systems using OpenSSL.

Like many others around the world, some Sony sites, including PlayStation and Sony Entertainment Network, used Open SSL. Sony immediately assessed the vulnerability and patched key affected systems. We have no evidence of any breach or data theft.

We continue to conduct a full investigation and will take appropriate action for any additional systems that might be affected. As our work continues, we will advise customers if we recommend the resetting of passwords or taking other action.

 

Thanks and feel free to post your feedback on this in this thread and if you notice any other threads discussing this topic, please refer them to this thread. 

- morgan haro - PlayStation.com
@morganharo


Message 1 of 34 (2,652 Views)
Splicer
Registered: 01/09/2010
Offline
43 posts
 

Re: Regarding "Heartbleed" and PSN - SEN - PS.com

Apr 14, 2014
Thanks for the update.
Message 2 of 34 (2,645 Views)
Reply
0 Likes
PlayStation MVP
Registered: 12/21/2007
Offline
50689 posts
 

Re: Regarding "Heartbleed" and PSN - SEN - PS.com

Apr 14, 2014

Thanks for the heads up Mochuuu.  I figured after that breach in the past that Sony's team would have been right on this, good to know I was right in that assumption! :smileyhappy:

 

 

Message 3 of 34 (2,640 Views)
Hekseville Citizen
Registered: 07/23/2013
Offline
341 posts
 

Re: Regarding "Heartbleed" and PSN - SEN - PS.com

Apr 14, 2014

Thanks for keeping us up to date on what's been going on :smileyhappy:

keep up the good work

Message 4 of 34 (2,615 Views)
Reply
0 Likes
Wastelander
Registered: 04/28/2009
Offline
818 posts
 

Re: Regarding "Heartbleed" and PSN - SEN - PS.com

Apr 14, 2014

Thanks for the update :catvery-happy:

Long, Live, Play ~PlayStation
Message 5 of 34 (2,594 Views)
Reply
0 Likes
MVP Support
Registered: 08/18/2009
Online
7710 posts
 

Re: Regarding "Heartbleed" and PSN - SEN - PS.com

Apr 14, 2014

Thanks for lettings us know.

              KANE-FIRE

Message 6 of 34 (2,585 Views)
Reply
0 Likes
First Son
Registered: 04/07/2014
Offline
19 posts
 

Re: Regarding "Heartbleed" and PSN - SEN - PS.com

Apr 14, 2014
Yes, thanks for letting us know.

Message 7 of 34 (2,560 Views)
Reply
0 Likes
Lombax Warrior
Registered: 10/26/2013
Offline
103 posts
 

Re: Regarding "Heartbleed" and PSN - SEN - PS.com

Apr 14, 2014
Agreed.

-"Q"
Message 8 of 34 (2,555 Views)
Reply
0 Likes
PlayStation MVP
Registered: 05/09/2006
Online
5967 posts
 

Re: Regarding "Heartbleed" and PSN - SEN - PS.com

Apr 14, 2014
Sad this is the exploit has been available for sometime but now suddenly everyone is freaking out about it.

Like if someone stole your **bleep** it would have happened a LONG time before now.
 photo newforumsig_zps5ec69817.png
Message 9 of 34 (2,553 Views)
Reply
0 Likes
Treasure Hunter
Registered: 11/20/2006
Offline
4391 posts
 

Re: Regarding "Heartbleed" and PSN - SEN - PS.com

[ Edited ]
Apr 14, 2014

Thanks for letting us know so quickly.  :smileymad:

 

I mean, after all, the exploit was made public a week ago.  Some have only been trying to get information from Sony customer support since the 8th.  Other major companies have only let people know their security status since that same date.

 

What the hell is wrong with Sony?  Do you not think that your customers deserve to know the security status of their private information that they have entrusted to you.

 

The exploit may not have been your fault, but the way you handle informing customers of the situation is.

 

I tell you, some laws need to start being passed regarding these type of things.  Companies should be, by law, issuing a security status statement to it's customers within 24 hours of such a vulnerability being made public.  With the current status of the security, and ETA of patch completion.

 

One week of saying nothing, especially when you have been asked repeatedly is ridiculous.

 

 


 


 


 


Be One With The Game.

Message 10 of 34 (2,533 Views)