I'm spontaneous, compulsive and addicted to these fee based MMO's. But I only play on PC and don't use consoles.
I've always assumed that these companies protected our credit card and personal information much as any financial institution would. The assumption was wrong!
On April 17th 2011, hackers bypassed Sony's security and stole all their customers personal information. The information included (but not limited to) name, address, date of birth, email address and credit card number. Some users even had their bank account information stolen. This information was required in order to activate a monthly subscription on both the PC and game console.
Sony violated the trust of it's users even further by not disclosing publicly what had transpired. It's in my opinion that people should have been notified immediately regardless of the companies reputation or loss of sales as a direct result of this breech. It has now backfired, and due to not notifying me and other users faster, I have decided to never again purchase anything with the Sony name on it's packaging or a company with any direct affiliation with them. I am furious that they allowed my personal information to get out in the hands of those that can only have malicious intent in mind. Who knows, perhaps their intent was to punch Sony in the nose and nothing more. Only time will tell. It's well known by many gamers that Sony could care less about it's player base anyway. It's all about money and everything else is secondary. Including thier reputation!
On May 3rd I received an email from Sony stating I had in fact been a victim of this breech. They went on to say my credit card info was not likely stolen and is stored in a different location. The letter states we should contact the three credit reporting bureaus and discuss option. They also recommend putting some sort of security block on our credit? I'm not sure how that work but whatever it is, I cant afford it. I have a small fixed monthly income (VA disability) and it doesn't allow for things like this. And I've already used my once a year free credit report so would have to pay for a new report. It's just bad timing financially. My car, this, that and the other prevent me from sinking hundreds of dollars into this... breech problem.
I should not have to do any of this!! I trusted them to keep my information secure.
I'm very upset that I'm being forced into a position where I have to not only worry about my financial security, but my personal security as well. They have my email address. A quick google search will result in the hackers knowing I'm an ex-cop. People like to kill cops. That's just how it is. So I fear for my personal safety as well and I'm considering moving as a direct result of this. If this information gets into the hands of organized crime, a lot of bad things can happen to a lot of people.
We're not talking about a few kids here. We're talking about 125 million professional working adults (very few kids). FBI agents, congressman, professional athletes, police officers and not to mention the thousand upon thousands of veterans. That is of particular concern. Veterans acknowledge serving and do so proudly (I have on many occasions). The SOE forums are FULL of veterans stating they kicked in doors in Iraq or Afghanistan. Vietnam vets included, all veterans now have a new risk. Another worry that we shouldn't have to burden! This information can be sold to the highest bidder. You must not assume the only valuable part of the stolen data is credit card numbers. A hit list could be generated like the world has never seen. With a little bit of effort and searching on line, this list can be easily generated via the stolen data. So it's in my opinion that SOE should erase all forum activity since 1999 and the launch of Everquest.
Terrorist organizations and perhaps foreign governments would pay millions for such a list! It would take 10 guys with minimal knowledge of the internet to find out much more about who you are or use to be. A list could be generated in less than a week. And if they had the ability to access Sony's security, what makes you think they cant access state databases (Dept. of Transportation, Treasury or Dept of Human Services for social security numbers) to support the information the already have? Name and date of birth do wonders when typed into a state computer!
Also, as a direct result of this breech, sites like AKO and other US military sites need to force members who play video games to change their passwords. Many of us use the same passwords on all our websites. It would be difficult for me to have a different password for every site I frequent.
Today something unusual happened in Lansing, Michigan. All the computer systems went down for some undisclosed reason. They said ".... statewide computer problem that has affected not just the SOS branch system, but other state departments including Corrections, Treasury, Community Health and Human Services."
If these hackers had the capability to access these databases with just the information SOE had, they could discover your entire life history and obtain your social security number. Department of Corrections is tied in to federal system used for background checks a.k.a. NCIC. I'm quite familiar with this system. A simple few keywords will give you all possible information on someone that you could ever want to know. Hackers logged into Michigan Department of Corrections would have full access to NCIC without anyone knowing until it's too late.
Sony should not have waited to tell it's customers about this. We should have known immediately and had the option of canceling our credit cards, deleting this or that, changing passwords, etc. Instead, they tried to save face and conceal it until there was no other option than to go public. So even if I had canceled my credit card immediately or not, it would have been too late. I've decided not to cancel it based on Sony's press release that they don't believe this card info got into the hands of the bad guys. But if something goes wrong and their wrong, I'm going to be in bad shape.
I want to clear up some stuff I read about "fault". Sony is to blame here, not the hackers. I trusted Sony, as did many others. They become a financial institution the second their trusted with our private information. There should have been sufficient security in place which would have avoided this from happening in the first place!
To make matters worse I discovered something interesting last night. A couple days ago SOE announced that EQ2 was back up and running and that all users were being granted free game time. So I logged on my account to delete my credit card info. What I discovered is Sony erased my last transactions as to make it appear I wasn't an active user or something. It still shows my entitlements granted by recent purchases, but the purchases themselves were deleted out of that part of their website. I'm not exactly sure why, but I got screen shots and receipts to prove I was an active user of SOE services.
Here are some screenies of one of my two accounts.
No Destiny of Velious or other subscription info for the previous year. |
I have contacted an attorney and I have every intention of joining this class action suit filed in California. It's not for personal gain, but I believe they should have to pay for their users to set up some sort of "Life Lock" or security for social security/credit card protection. I also believe they should be held responsible for this breech in our personal security and welfare. I'm furious that we were not notified right away. It was over 3 weeks until I got that letter from Sony explaining I was a victim. THREE WEEKS!!! It's too late to do anything about it now. The list is already out there and the damage is done. We just have to sit back and pray that hackers wont steal what little money I have. Meanwhile, I'm shopping for a new place to live.
Notice "Destiny of Velious". It released February 22, 2011. |
Gaming history has been rewritten this month. It will never be the same because of Sony's negligent misconduct while handling our personal information. Other things have changed as well...
This is how I found my account. No credit card number to delete. |
Who would have ever thought my that bad and compulsive habits would turn into something like this? Perhaps it was the lesson I needed to think twice before being so quick to drop my debit/credit card on things I don't need. A moth drawn to the flame only gets one chance. I'm lucky to be able to say I have a chance to learn from this and grow as a man. I pray that none of the 125 million victims have any irreparable harm from this breech.
Here is the actual letter I received:
HAVING DIFFICULTY VIEWING IMAGES IN THIS EMAIL? View as a web page. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
THIS IS A CUSTOMER SERVICE NOTIFICATION. SOE Privacy Policy | SOE Terms of Service www.soe.com | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sony Online Entertainment LLC 8928 Terman Court - San Diego, CA 92121 |