The Incomplete Cynic
Q: If people have PlayStation accounts that have been compromised, how does this affect other accounts they have?
A: There are two right now that we’re really worried about it. It seems pretty clear that the passwords on some or all of the 77 million accounts have now been compromised. Most people reuse passwords across accounts, so if I’m the perpetrator who took these data, I’m going to know your e-mail address, and I’m going to know your password. I can then digitally test them against bank-account Web sites, credit-card-company Web sites, and online-health-record Web sites to see if I can get access to your account. The second thing—and, to my mind, this is even more troubling—is that the challenge answers were breached. When you forget your password, which we almost all do pretty frequently, Web sites have now gone to using these challenge questions, like your first pet or the name of your high school. Most of us answer those questions honestly because that’s the only way we have any hope of remembering the answers when we need them later. If you use the same questions across multiple sites, that means not only can someone go in and access your account, but they can use that to lock you out of your own account.
Q: The PlayStation network is still down, but are there things PlayStation users should be doing with their other accounts?
A: If I knew that my PlayStation password or password-reset questions were the same ones I had used on some other accounts, I would go in and change them today. I would also take this as a really valuable object lesson of why you shouldn’t use the identical password across accounts.
