Home / News / Games News / Sony Admits Data Theft From PlayStation Network

Sony Admits Data Theft From PlayStation Network

David Gilbert

by

Sony Admits Data Theft From PlayStation Network

Sony has finally admitted that the “external intrusion” which caused an outage of the PlayStation Network (PSN) last Wednesday could have led to users' personal details being stolen – including their credit card numbers.

In a blog post, Sony said that “between April 17 and April 19, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network.” It went on to say that in response to spotting the hack, it shut down PSN and Qriocity before bringing in outside security experts to complete a full investigation. Only yesterday evening did Sony admit that personal details of PSN and Qriocity customers were stolen, including: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity passwords and login, and handle/PSN online ID.

Sony then went on to say that credit card details may also have been stolen and warned users about possible “email, telephone, and postal mail scams that ask for personal or sensitive information.” Sony failed to mention the amount of people affected by this attack but there are over 70 million users on this network who could be affected. As for when the service will be reinstated, Sony said they are working “round the clock” to “to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.”

This is obviously a major PR disaster for Sony and Graham Cluley, senior technology consultant at security firm Sophos told the BBC: “This is a big one. The PlayStation Network is a real consumer product. It is in lots of homes all over the world. The impact of this could be much greater than your typical internet hack." PSN users were also less than complimentary towards Sony as they commented on the blog post. Tacotaskforce wrote: "You waited a week to tell us our personal information was compromised? That should have been said last Thursday." Another user, Sid4peeps wrote: "This update is about 6 days late. I think it is time to move to the other network, no regard for customers here."

A new update this morning clarified that there was a difference in timing "between when we identified there was an intrusion and when we learned of consumers’ data being compromised.” It added that it was only yesterday (26 April) that the security firm they employed discovered the extent of the data stolen. With no sign of the service being reinstated, Sony will have to work fast to recover the confidence of its customers following such a major breach.

Source: PlayStation.Blog

Icey

April 27, 2011, 2:30 pm

This is really world wide news now.... make sense since it impacts so
many but the numbers are somewhat exaggerated depending how you look at it, after all the worldwide install base for PS3 is around 50m but clearly many people have multiple PSN accounts.

You can't really blame Sony for being hacked but where they messed up is with releasing information to their customers.

They should have come forward last week and let everyone know so
people could beware, instead they shut up like a clam and only made a real statement yesterday.

I do think this is not as bad as 2007 when the UK government "lost"
the complete personal data for 25 million people!

MrGodfrey

April 27, 2011, 4:31 pm

This is just Sony being as uncommunicative as unhelpful as ever; they should have kept people updated during the last week and oh yes, apologised profusely as if their future business depended on it... but after previous PSN issues I know better than to expect that from Sony.

But since all the focus so far has been on Sony, I'd like to know more about the source of the "intrusion" (and how I can get my hands on them). If it genuinely is hackers mounting some kind of revenge attack over the George Hotz business, then I wonder... acting like thieving scumbags, losing any possible sympathy or support and drawing the anger of millions of normal people who just wanted to play the occasional game... how exactly does that help their cause?

David Gilbert

April 27, 2011, 4:53 pm

@MrGodfrey That's a very good point. There has been little focus on who has attacked PSN with most of the focus on Sony's inability to handle the problem. obviously a lot of people will be assuming it could be a revenge attack relating to Hotz but it could be simply a distraction and the attackers are simply criminals looking to get hold of credit card numbers and personal info via PSN.

Enigma

April 27, 2011, 7:23 pm

Why Sony says ''it believes'':

>> It is saying this to cover itself legally IN CASE data indeed has been taken. After all it is NOT SAYING in the definite.

>> It makes the hackers look criminals rather than Robin Hoods attacking a big multi-national corporation who has just picked on a guy who hacked Sony's ware(s) recently.

So I don't buy their corporate bullshit. Nevertheless, I would take precautions in regards the matter of personal data security as CLEARLY Sony's security has been compromised.

Kaiser202

April 27, 2011, 10:09 pm

I smell a class action lawsuit!!!

Ataripower

April 27, 2011, 11:15 pm

While Sony clearly havent exactly covered themselves in glory the fact remains that some anonymous internet terrorists who clearly have nothing better to do in their sad lives have ruined my ps3 experience and put my personal data at risk. Why should this fact be overlooked. I hope these people will be found, and jailed but I somehow doubt it. Rant over

Hans Gruber

April 28, 2011, 12:25 am

http://spong.com/feature/10110323/Opinion-PlayStation-Network-the-Credit-Card-Theft-Storm

"Essentially, this amounts to a storm in a teacup. If you just want to use your PS3 to play games and buy stuff on the PlayStation Store and have never installed a custom firmware then your credit card details are as safe and secure as they are when you shop online on your PC."

At this stage, it seems like only those using non-standard PS3 firmware who have added banking details to their accounts are the ones to be most alarmed by the potential for some serious fraud. Though this does not mean standard PS3 firmware users' are out of the woods if they are in the habit of using the same password and email address combinations for other popular sites like Facebook, Amazon etc.

http://spong.com/feature/10110323/Opinion-PlayStation-Network-the-Credit-Card-Theft-Storm

That guy writing for Spong, a security expert, recommends changing passwords for other online accounts to something that isn't a straight from the dictionary all lower-case word like flower/whatnot due to relative ease in using 'brute force' decryption attacks to break simple passwords. Choosing a pass 'phrase' with additional punctuation, symbols or mixture of upper and lower case characters rather than just a pass 'word' is advisable as it takes far more effort to crack and is statistically much safer.

comments powered by Disqus