Sony has finally admitted that the “external intrusion” which caused an outage of the PlayStation Network (PSN) last Wednesday could have led to users' personal details being stolen – including their credit card numbers.
In a blog post, Sony said that “between April 17 and April 19, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network.” It went on to say that in response to spotting the hack, it shut down PSN and Qriocity before bringing in outside security experts to complete a full investigation. Only yesterday evening did Sony admit that personal details of PSN and Qriocity customers were stolen, including: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity passwords and login, and handle/PSN online ID.
Sony then went on to say that credit card details may also have been stolen and warned users about possible “email, telephone, and postal mail scams that ask for personal or sensitive information.” Sony failed to mention the amount of people affected by this attack but there are over 70 million users on this network who could be affected. As for when the service will be reinstated, Sony said they are working “round the clock” to “to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.”
This is obviously a major PR disaster for Sony and Graham Cluley, senior technology consultant at security firm Sophos told the BBC: “This is a big one. The PlayStation Network is a real consumer product. It is in lots of homes all over the world. The impact of this could be much greater than your typical internet hack." PSN users were also less than complimentary towards Sony as they commented on the blog post. Tacotaskforce wrote: "You waited a week to tell us our personal information was compromised? That should have been said last Thursday." Another user, Sid4peeps wrote: "This update is about 6 days late. I think it is time to move to the other network, no regard for customers here."
A new update this morning clarified that there was a difference in timing "between when we identified there was an intrusion and when we learned of consumers’ data being compromised.” It added that it was only yesterday (26 April) that the security firm they employed discovered the extent of the data stolen. With no sign of the service being reinstated, Sony will have to work fast to recover the confidence of its customers following such a major breach.