Playstation & Identity Theft

PlaystationYesterday, Sony announced that the Playstation Network (PSN) had been compromised and users’ personal information was stolen. This information included name, address, email address, birth date, and login info for PSN. Sony also announced that purchase history and credit card information may have also been obtained.

Mistakes happen and, at least for me, it’s not a huge deal that PSN had a temporary security hole that let hackers get in. The hackers gained access to the information because Sony’s bug treated their Playstation consoles as if they were developer consoles.

What really upsets me is that credit card information is at risk. I can’t think of any reason why developers should have direct access to credit card numbers.

And this brings up another thing that scares me: I have no way of ensuring that when I enter sensitive data online, the company/individual on the other end is doing their job to ensure that the information remains secure.  I would hope that developers dealing with sensitive data are competent enough to know how to use encryption and the like (and for goodness’ sake, don’t store it as plain text), but that certainly isn’t always the case.

Last summer, I gave a persuasive speech in my speech class about identity theft. I talked about things like phishing, website spoofing, and downloadable malware. Since it relates to the topic, I figured I would include a few simple tricks from my speech for preventing identity theft:

1. Use strong, secure passwords.
Microsoft recommends using passwords that are at least 14 characters long. They should contain both uppercase and lowercase letters, and a mix of letters, numbers, and symbols. And don’t use the same password for everything. Your email password, in particular, should be unique and your most secure password, because if anyone gets access to your email account, they can easily gain access to any of your other accounts.

WoW Authenticator2. Use an alternate verification source, when available.
World of Warcraft, for example, allows players to get an optional authenticator and have it tied to their accounts. With the push of a button, the authenticator generates a seemingly random six-digit number for the player, who then enters that number along with his or her password. The six-digit number is created based on the time and a special key tied to each individual authenticator, so that the number can be verified on the server end.

Side note: Yes, I talked about WoW in my speech. I even gave an entire informative speech about WoW. I got everyone’s attention when I started the speech with, “Some people say that I don’t exist… because I’m a girl and I play World of Warcraft.” 😛

3. Make sure you use anti-virus software.
And only one anti-virus software program, because having multiple anti-virus programs running at the same time just isn’t good or safe.

4. Verify URL’s before entering any personal data on a website.
Spoofed websites are designed to look like legitimate website and can easily trick people into entering their personal information on fraudulent websites. You should also avoid clicking links directly from email, because they can be disguised.
At the time of my speech, I had also just heard about a new scam called “tabnabbing.” The theory behind the scam is that people are learning to detect spoofed websites, so the webpage will initially look like any normal webpage. After the page detects a period of inactivity (probably due to switching to another tab in your browser), the page will transform itself into the look-a-like of another webpage, like the Gmail login page.

I would hope that most people already know about the things I talked about in my speech, but sometimes people surprise me.