PSN hack might be a fake, Paste claiming to be hacked email credentials found to be hoax
PlayStation fans yesterday woke to a harried news of a major breach in the PlayStation Network. A paste on pasting site Pastebin claimed to leak hundreds of email ids and passwords of PSN users. Also a number of websites reported about the purported breach thanks to a CNET report that claimed an anonymous group had “released a log of customer logins” across PSN, Origin, and Windows Live, among other online services. After some verification and digging by researchers and Sony itself, it turns out that this leak might not really be a leak at all. Kotaku also reported the breach only to post a update the status later to say that the claim may be a hoax.
Red Flags
Researchers, while going through the list found it odd about CNET claiming 2k Studios had been hacked. Â There was no entity by the name of 2k studios. And the only resource that the claims were based on was a post on Pastebin, which was removed by the time we went over to check it for ourselves. The post was allegedly by hackers who have claimed responsibility for many other attacks in the recent past. But on digging, researchers found no proof of anything being real.
Verification
Today morning a researcher Jason Schreier of Kotaku, tried accessing a few of these leaked accounts. He realised that based on the wide news this leak had made, somebody would’ve changed the credentials of the accounts. Therefore, he tried “change your password” to verify if the accounts existed. Â Every single account tested gave him the message “Not a valid e-mail address. Please try again,” indicating that those accounts weren’t signed up for the PlayStation Network at all.
As for the 2K accounts? Though the hacking group claimed to have “800,000 from 2K,” it’s not really clear what they’re referring to since there was no such gaming publisher or no universal account for video games published by 2K. This could be a reference to the 2K forums or the MyPlayer accounts linked to NBA 2k, but when when tested, some of the Pastebin accounts on both of those respective websites, none of them appeared to exist. The researcher also searched around for a few dozen of those listed “2K” accounts, many of which were unique identifiers with limited internet presence. Some of those accounts were tied to hacking and botting forums; others were linked to other games, like Minecraft and Runescape. Some on the list are nonexistent addresses like “[email protected].”
Other Research
A security researcher named Colin Keighe, also did some digging. He broke down the list of accounts leaked and found similarities between these accounts and some other accounts that have been breached in the past. He concludes that this “leak” is possibly just a collection of previous breaches mashed up into one big database. The Guardian also talked to a security expert who also believes that this is fake. “Looking through the list, there’s certainly an awful lot of crossover with data from previous breaches, in particular the Adobe one,” Trend Micro vp Rik Ferguson told them. “The random sample cross-referencing I have done certainly show that the majority of data listed here has shown up already in previous breaches with a very few exceptions which seem to appear only in this particular paste.”
Matters soon reached Sony who responded by giving out a statement which is given below :
We have investigated the claims that our network was breached and have found no evidence that there was any intrusion into our network. Unfortunately, Internet fraud including phishing and password matching are realities that consumers and online networks face on a regular basis. We take these reports very seriously and will continue to monitor our network closely.”
The Guardian also talked to a security expert who also believes that this is fake. “Looking through the list, there’s certainly an awful lot of crossover with data from previous breaches, in particular the Adobe one,” Trend Micro vp Rik Ferguson told them. “The random sample cross-referencing I have done certainly show that the majority of data listed here has shown up already in previous breaches with a very few exceptions which seem to appear only in this particular paste.”
Looks like reporters jumped the gun on this one. But no one can really blame them. With the number of hackings and data breaches going on, you can never be sure. You do what lots of PSN users did when they heard about the hack, changed their passwords immediately!
