The main issue is that all the info used for password reset are in the hackers' hands. There may not be a perfect method, but maybe having a system that calls the phone number on file to give you a password reset code would have been more secure.
You are correct; that is what I meant. Users may have used the same password on the psn and their email account though. If sony did the right thing and only stored salted hashed passwords then that would be mitigated a bit.
Another option would be to send out a new password via mail to the billing address if they had no other way to do it electronically. Out of luck if you moved since then. Make the old password a requirement so mail thieves cannot steal your account.
I was pissed that I needed to change my credit card number because of these clowns. If someone wants to make a cool startup make a credit card number that is a one off that will only work for a certain time frame(extendable), dollar limit, and business name(though this one might be tougher because the business name given to the credit card company might be different than the business name I would enter).
I heard of the one off card numbers before but I thought those were for just one month before they expire. Are they not? I haven't seen the amex gold one though thanks.
