It looks like owners of living room gaming consoles like the Xbox One, Xbox 360, PS3 and PS4 should change their passwords immediately. According to a report from CNet security on both services may have been compromised recently.
DerpTrolling, which is a hacker group that’s claimed responsibility for other nefarious acts in the past claims to have been able to comprise the security of PlayStation Network, 2K Games and Microsoft Accounts. To prove that it had successfully penetrated some accounts on each network the group posted more than five thousand usernames and passwords from all three services.
DerpTrolling has always maintained that it’s not in the business of sharing users account details for the sake of simply sharing them. If true, it’s not trying to build an underground network of sites where people can buy user data. Instead, DerpTrolling says that it’s leaking the information because it wants companies to handle their user’s security differently. The group has claimed responsibility for a debilitating attack on World of Warcraft maker Blizzard.
In that case, it simply maintains that by attacking services they’re acting as a consumer advocate. If the claims are true than a lot more than PlayStation and Xbox owners should be worried. The group claims to have 800,000 usernames and credit card data from around 500,000 people. It’s claiming around 7 million usernames and passwords have been compromised. Twitter, Comcast, Facebook and EA’s Origin gaming service accounts are all among that giant number.
It’s unclear, how the hacker group managed to get so many accounts. It’s clear they aren’t bluffing though. The group has posted some accounts as proof of its work.
At this time, CNET is still waiting on comments from Microsoft, Sony and any other company included in the report. None have been added to the story yet. If you’re using one of these services then it’s a good idea to reset and change that password immediately. If you aren’t, it’s a good idea to consider whether you’re practicing safe password habits.
For starters, if you’re using the same password for more than one website you should stop now. Go to each site that you’ve used it on and reset them all. Make sure, you’re using strong passwords. Try to include at least a number and a symbol if at all possible. Services like LastPass can help you track multiple passwords so more complicated passwords aren’t a big hassle.
Second, everyone has an alliance to an ecosystem and an account to match. If you’re an iPhone or Mac user, that’s probably your Apple Account. If you’re an Android user than it’s your Google Account. If you have an Xbox One, Windows 8 device or Windows Phone than that’s your Microsoft Account.
Both Google and Microsoft offer two-step authentication for their users through apps. Microsoft even makes an app that sends users a code whenever someone tries to log into their account. Without the code, users can’t get in. If your main ecosystem account offers two-step authentication, turn it on.
There is nothing more important than protecting your username and password online. That being said, if someone does breach your account they might have access to your payment information. If that’s the case, you’ll it to be a Credit Card with some of fraud protection instead of E-Checks or some direct access to your bank account. Most credit cards have decent coverage for money that’s spent without permission and will refund it. Even better, most will alert you of strange transactions happening on your account. If they detect a strange transaction they’ll kill your card and have a new one for you on your doorstep within a few days.
Remember to be vigilant, to take your security seriously and to not use the same passwords on multiple accounts unless you absolutely have to.