Playstation Networked Hacked

kawaiku

Member
Joined
Nov 3, 2005
Messages
2,536
Reaction score
73
Location
Mars... the planet
Country
llUnited States
Wow!...
Update on PlayStation Network and Qriocity


We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network....

We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports...
To think that one person could have brought it down. I don't think I've purchased anything through the network since I've gotten all of my PSP stuff via local stores.


A Q&A + some clarification on what happened initially:
Q&A #1 for PlayStation Network and Qriocity Services

Q: Are you working with law enforcement on this matter?
A: Yes, we are currently working with law enforcement on this matter as well as a recognized technology security firm to conduct a complete investigation. This malicious attack against our system and against our customers is a criminal act and we are proceeding aggressively to find those responsible.

Q: Was my personal data encrypted?
A: All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.

Q: Was my credit card data taken?
A: While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained. Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network or Qriocity, and is therefore not stored anywhere in our system.

Q: What steps should I take at this point to help protect my personal data?
A: For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well. To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports.

Q: What if I don’t know which credit card I’ve got attached to my PlayStation Network account?
A: If you’ve added funds to your PlayStation Network wallet in the past, you should have received a confirmation email from “DoNotReply@ac.playstation.net” at the email address associated with your account. This email would have been sent to you immediately after you added the funds, and will contain the first 4 digits and last 4 digits of your credit card number. You can also check your previous credit card statements to determine which card was attached to your PlayStation Network or Qriocity accounts.

Q: When or how can I change my PlayStation Network password?
A: We are working on a new system software update that will require all users to change their password once PlayStation Network is restored. We will provide more details about the new update shortly.

Q: Have all PlayStation Network and Qriocity users been notified of the situation?
A: In addition to alerting the media and posting information about it on this blog, we have also been sending emails directly to all 77 million registered accounts. It takes a bit of time to send that many emails, and recognize that not every email will still be active, but this process has been underway since yesterday. At this time, the majority of emails have been sent and we anticipate that all registered accounts will have received notifications by April 28th. Consumers may also visit www.us.playstation.com/support and www.qriocity.com for notices regarding this issue. In addition, we have taken steps to disseminate information regarding this issue to media outlets so that consumers are informed.

Q: What steps is Sony taking to protect my personal data in the future?
A: We’ve taken several immediate steps to add protections for your personal data. First, we temporarily turned off PlayStation Network and Qriocity services and, second, we are enhancing security and strengthening our network infrastructure. Moving forward, we are initiating several measures that will significantly enhance all aspects of PlayStation Network’s security and your personal data, including moving our network infrastructure and data center to a new, more secure location, which is already underway. We will provide additional information on these measures shortly.

Q: Has Sony identified the party or parties responsible for the PlayStation Network hack and subsequent theft of personal information?
A: We are currently conducting a thorough investigation of the situation and are working closely with a recognized technology security firm and law enforcement in order to find those responsible for this criminal act no matter where in the world they might be located.

Q: When will the PlayStation Network and Qriocity be back online?
A: Our employees have been working day and night to restore operations as quickly as possible, and we expect to have some services up and running within a week from yesterday. However, we want to be very clear that we will only restore operations when we are confident that the network is secure.
Clarification:
Clarifying a Few PSN Points

I wanted to take this opportunity to clarify a point and answer one of the most frequently asked questions today.

There’s a difference in timing between when we identified there was an intrusion and when we learned of consumers’ data being compromised. We learned there was an intrusion April 19th and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon.

For those who were looking there’s also an FAQ with some more frequently asked questions

Thank you for your continued patience and support.
 
Last edited:

Scott Tortorice

Senior Member
Joined
Nov 18, 2003
Messages
7,663
Reaction score
99
Location
The shadows
Country
llUnited States
Yeah, I saw this story when it broke Easter Sunday. It's a pretty big story, but because it is gaming related, all the major news outlets have largely ignored it, no doubt much to the satisfaction of Sony. I am glad I don't own a PS3 because this is a serious breach of security (if your personal info was compromised, I strongly advise you to sign up with LifeLock or some other ID protection service...you're gonna need it).

This could really hurt the long term prospects of the PS3. It is already limping along to begin with. I wonder how long before the lawsuits begin.
 

Herman Hum

Composite Warfare Command
Joined
Jul 17, 2004
Messages
4,036
Reaction score
22
Location
Canada
Country
llCanada
This is exactly the kind of breach needed to show folks just how silly it is to rely upon others for the security of their personal information.
 

Scott Tortorice

Senior Member
Joined
Nov 18, 2003
Messages
7,663
Reaction score
99
Location
The shadows
Country
llUnited States

Peebs

Member
Joined
Nov 14, 2003
Messages
578
Reaction score
37
Location
Ohio
Country
llUnited States
I think businesses who end up losing their information should face stiff financial penalties. This way, maybe they would be more careful in protecting the data. In the past year, I have received notices from three different businesses telling me my personal information has been hacked and the only thing they offer is free credit monitoring for a year. They are the ones who should be required to pay for services such as LifeLock.
 

Scott Tortorice

Senior Member
Joined
Nov 18, 2003
Messages
7,663
Reaction score
99
Location
The shadows
Country
llUnited States
I just got this email from LifeLock:

SCAM TYPE: Sony PlayStation Network Breach Leaves Subscribers at Risk

Sony has released a statement that the security breach of its PlayStation Network may have exposed the credit card information of paid subscribers.

In an April 26, 2011 blog post on the Sony PlayStation site, the company warned that an unauthorized person was believed to have obtained the names, addresses, email addresses, birth dates, and PlayStation login information of registered account holders. Sony has not yet said how many accounts have been compromised, but CNN.com reports that the PlayStation Network has over 70 million subscribers.

Although there was no evidence as of the date of the blog post that credit card information had been stolen, Sony is taking extra precaution and warning users that this information may have been obtained as well.

For now, Sony has shut down their PlayStation Network and is working to rebuild it. If you are a PlayStation Network subscriber, you should expect an email from Sony detailing the breach.

Learn more about the Sony Playstation Network breach by visiting LifeLock's Facebook page.


Sincerely,
LifeLock Member Services

LifeLock recommends taking the following actions if you are a Sony PlayStation Network subscriber:


  • Check your credit card statement daily. Review the online statement for the credit or debit card you use for your PlayStation account. If you see suspicious activity, contact your bank or creditor immediately.
  • Do not provide sensitive information to in response to emails from Sony or PlayStation. Even if an email looks legitimate, do not provide sensitive information like your credit card number, credit card security code (the three digits on the back), or Social Security number to anyone claiming to be from Sony or PlayStation.
  • Change your password. If you use your PlayStation network password for other accounts, change them immediately.
 
Top