A reported breach of a Sony folder containing the serial ID numbers for every PlayStation 3 console appears to have led to users being inexplicably banned from the platform. This is just the latest of a huge increase in attacks on unsuspecting gamers
Every Sony PlayStation 3 ID was compromised, provoking bans of legitimate players on the network.
Message Boards
Sony reportedly left a folder with every PS3 console ID online unsecured, & it was discovered & reported by a Spanish YouTuber with the handle “The WizWiki” in mid-April. Sony is depicted in his reveal video as the ‘hind end of a rhinoceros defecating’, for an idea of the reaction posted on April 18 for non-Spanish speakers.
Now, several weeks later, players on PlayStation Network message boards are complaining that they cannot sign on & are receiving the error message 8071006. After enabling 2-factor authentication (2FA), 1 player was able to sign back in without issue, according to posts on the PS3 subreddit, which includes a link to instructions on how to opt into 2FA on the PS3.
Malicious Reasons
It seems threat players have started using the stolen PS3 console IDs for malicious reasons, causing legitimate players to get banned.
Another player on the PSN Profies forum put the stolen PS3 IDs & the ban together back on June 18.
“This has just happened to me now, tried to sign in & it says the console has being banned or temporarily suspended,” the user wrote. “My account is fine, I can log in on my other PS3, but my main PS3 has got a ban. I signed in fine about 2 hours ago & all I did was use Netflix.”
The player added that Sony should be doing more to explain the issue & stop it.
If it is Not a Console ID Leak….
“This is very worrying, if it’s true that console IDs have been leaked then over the next few months, I think we will see a huge increase in this happening, I can’t think of what Sony could do to stop this issue?” the person wrote. “If it’s not a console ID leak then what the hell is going on?”
Sony has not confirmed a connection between the PS3 ID breach & player reports of being locked out of the platform.
PS3 Network
“While it has not yet been confirmed that a data leak of PS3 IDs is correlated with the user bans on the PS3 network, this underscores the importance for all businesses to ensure enterprise-wide visibility of this type of sensitive data, to enable the facilitation of more robust real time security controls,” Kate Kuehn, researcher with vArmour explained
She added that this an example of a company’s lack of appropriate security protections & real-time visibility into their sensitive data.
User Credentials
“There are many concerns around these console IDs being leaked, not the least the impact of potentially minor or underage user credentials being now out on the Dark Web,”
Kuehn added. “The main concern is once again, due to lack of proper application relationship management, mainstream personal data has again been potentially stolen with malicious intent.”
Cyberattacks on Gaming Industry
Sony is not the only gaming company leaking data. A report from Jan. found a half a million credentials stolen from the Top 25 gaming companies on caches of breached data for sale in criminal marketplaces. In June, the “Battle of the Galaxy” mobile game leaked 6m gamer profiles, & attackers are working out how to use gaming platforms like Steam to host or deliver malware.
Coincidentally, Akamai released a report just this week showing that bored gamers stuck at home during the pandemic pushed the rate of cyber-attacks on the gaming industry up 340% in 2020.
More Seriously
There is no cheat code required to get the idea that its past time for gaming to take cyber-security more seriously.
“As we have seen in recent weeks through attacks like this & the initiatives the govt. is enacting in response, implementing robust zero-trust architecture is key to mitigate the risks associated with critical data exploitations by bad actors, as we see potentially again playing out in this latest Sony PS3 case,” Kuehn concluded.
https://www.cybernewsgroup.co.uk/virtual-conference-july-2021/