Recent News

[UPDATE] PlayStation Network Compromised; Hide Your Daughters

After over a week of drama and no access to the PlayStation Network or Qriocity, Sony lets us know how much damage has been done.
Author: Ryan Green
Published: April 26, 2011
Six days after the PlayStation Network and Qriocity music services were taken offline, Sony has let us know the preliminary damage report for their services and exactly how prepared consumers should be for the fallout. Though SCEA has been consistently updating us throughout the blackout via the PlayStation Blog, little substantive information has been released.


Patrick Seybold, Sr. Director, Corporate Communications & Social Media, announced through email and the PlayStation Blog that an illegal intrusion was detected between April 17th and April 19th, after which the systems were shut down by Sony. They have since launched a full investigation and hired "an outside, recognized security firm" to look into the source of the problem, as well as what precautions can now be taken to prevent this from happening again. They outlined, in particular, looking into how they can protect your personal information further.

Your personal information, however, is the main issue at hand. Although we still have no answer as to what information was taken from their servers, the following was outlined and should be your primary concern:



- Name
- Address (city, state, zip)
- Country
- Email address
- Birthdate
- PlayStation Network/Qriocity password and login
- Handle/PSN online ID

Furthermore, Sony believes it is "possible" that other key pieces of your profile data may have been compromised, including the following:

- Purchase history
- Billing address (city, state, zip)
- PlayStation Network/Qriocity password security answers

Finally, Sony cautions users that their credit card information (specifically excluding the security code) and expiration date may have been accessed as well. It is unclear if it has been accessed, and to what degree, but the company asserts that you should be wary of this.

Sony goes on to say that users should take the utmost care and prepare for the worst, outlining ways in which their users can look into fraud alerts and canceling their credit card.

Given that personal information was most likely accessed, phishing scams and identity theft are the most prevalent sources of potential frustration and anguish. Sony mentions several ways to protect yourself against such an eventuality, and mentions that U.S. residents are legally eligible for one free credit report from each of the three credit bureaus. For more information, visit www.annualcreditreport.com or call toll-free (877) 322-8228.

Although over a week has now gone by since the attack occurred, the facts are not as clear as many of us here would like. Whether personal information, including passwords and credit card information, was accessed in plain-text or an encrypted algorithm remains unknown. As for the status of the PlayStation Network, it is entirely possible, according to the post, that another week may go by before it is capable of functioning in any capacity.

Keep it here at TotalPlayStation.com to find out the latest on this ongoing issue.

--
UPDATE

Sony has since replied to the comments regarding the time discrepancy between the actual intrusion and the notification. The statement reads as follows:

"I wanted to take this opportunity to clarify a point and answer one of the most frequently asked questions today.

There’s a difference in timing between when we identified there was an intrusion and when we learned of consumers’ data being compromised. We learned there was an intrusion April 19th and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon.

For those who were looking there’s also an FAQ with some more frequently asked questions.

Thank you for your continued patience and support."


Additional, the FAQ support page mentioned in the posting (here) outlines the specifics as to what Sony can comment on at this time. They address the community concern, be it unwarranted or not, that the hacking moniker "Anonymousness" was behind this attack. According to the FAQ, they are looking into the matter, as any investigation would, but that is all that can be said on the matter.

A tentative timetable is set for within one week, which should bring some comfort to players looking to get back online as soon as possible. It is also interesting to note that Sony Online Entertainment (a functionally different organization within Sony's overall structure) was also attacked and had service interruption, but was not compromised, according to Sony.