The Security Pub

Random Thoughts About Security

Category Archives: Personal Identifiable Information

Sony Admits PlayStation Network Compromised

 

 

Sony has confirmed that a data breach was the cause for the PSN outage. In a vague letter to customers, the gaming giant warned that 70 million users’ personal information was compromised. In addition, it fears credit card details were also included in the loss.

On April 17, an unknown number of PSN and Qriocity accounts were compromised. As a result, Sony shut things down in an attempt to mitigate the situation, allowing it time to correct underlying issues and launch a full investigation. Initially, the service outage was blamed on Anonymous, considering the group’s past actions against the Japanese electronics giant.

“Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained,” Sony’s letter explained [click here for the full letter].


 

 

Are You Disclosing Personal Information on Social Network Sites?

socialnetworksites Social networking users should be careful when accepting friend requests and to be conscious of the data they share. According to a new study by BitDefender, social network users do not appear to be preoccupied with the real identity of the people they meet online or about the details they disclose while chatting with total strangers.

The study revealed that 94 percent of those asked to “friend” the test profile, an unknown, attractive young woman, accepted the request without knowing who the requester really was. The study sample group included 2,000 users from all over the world registered on one of the most popular social networks. These users were randomly chosen in order to cover different aspects: sex (1,000 females, 1,000 males), age (the sample ranged from 17 to 65 years with a mean age of 27.3 years), professional affiliation, interests etc.

In the first step, the users were only requested to add the unknown test profile as their friend, while in the second step several conversations with randomly selected users aimed to determine what kind of details they would disclose.

The study showed:

  • More than 86 percent of the users who accepted the test-profile’s friend request work in the IT industry, of which 31 percent work in IT Security
  • The most frequent reason for accepting the test profile’s friend request was her “lovely face” (53 percent)
  • After a half an hour conversation, 10 percent disclosed personal sensitive information, such as: address, phone number, mother’s and father’s name, etc – information usually requested as answers to password recovery questions
  • Two hours later, 73 percent siphoned what appears to be confidential information from their workplace, such as future strategies, plans, as well as unreleased technologies/software.

Google Dashboard: Control Your Data

Google has launched a new feature that allows you to view what data is being stored on a number of Google services, with more to come.  Google Dashboard will let you control some of the data and how it is used by Google or even delete it.  Right now Google Dashboard supports Gmail, Picasa, Calendar, Google Docs, Alerts, YouTube, Web History & a few others.  Google is working to add more services to the Dashboard such as Checkout, Google Groups, FeedBurner and more.

Stay tuned as more information is released.

Are you using Facebook?

SocialNetworking PicIf your using Facebook your personal information could be at risk.  Did you realize by default when you subscribe to use Facebook, you are authorizing them to capture and send your personal information to 3rd parties?  Your Facebook account can be configured not to allow the sharing of this information, but most Facebook users don’t understand how to do it.

Basically when using a social networking site like Facebook check under the settings of your profile you will see something like Privacy Settings and there is were you can choose what is done with your information you place on social networking sites like Facebook.

In August of this year there was a suit filed in California against Facebook regarding the use of personal information and how Facebook allegedly violates California Privacy Laws.

Personal Information Stolen using P2P file sharing

Limewire_logoDuring the 2nd week in August, a Seattle man was sentenced to 39 months in prison for using LimeWire (a P2P file sharing network) to steal personal information which included tax returns and bank statements. This is a very simple exploit where he installed the LimeWire software giving him access to files that people were “sharing”.  While normally people are sharing music, movies, videos, and applications, some people aren’t careful about what their version of P2P software has indexed.

The Seattle man typed in words such as “tax return” and “account” and so forth. People who allowed their version of LimeWire or whatever P2P software they were using to index their entire hard drive including these sensitive documents ended up being available for download.  When investigators caught the man, he had personal data for 120 people and 8 different drivers’ licenses (each with a different identity) in his wallet. I suggest blocking P2P applications from your corporate networks and ensure end users cannot install applications.