According to Sony's Sr. Director, Corporate Communications & Social Media, Patrick Seybold an "unauthorized person" has obtained PlayStation Network Users' personal information, including name, address, password, login. According to the company, it's possible that credit card data has been accessed as well. In other words, things just went from a inconvenience to a potential catastrophe for millions of PlayStation 3 users.
"If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."
Sony's full statement is under the cut.
Valued PlayStation Network/Qriocity Customer:
We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:
- Temporarily turned off PlayStation Network and Qriocity services;
- Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
- Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.
We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.
To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it:
U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228.
We have also provided names and contact information for the three major U.S. credit bureaus below. At no charge, U.S. residents can have these credit bureaus place a “fraud alert” on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below.
Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790You may wish to visit the web site of the U.S. Federal Trade Commission at www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania Avenue, NW, Washington, DC 20580 for further information about how to protect yourself from identity theft. Your state Attorney General may also have advice on preventing identity theft, and you should report instances of known or suspected identity theft to law enforcement, your State Attorney General, and the FTC. For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone (877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202; telephone: (888) 743-0023; or www.oag.state.md.us.
We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at 1-800-345-7669 should you have any additional questions.
Sincerely,
Sony Computer Entertainment and Sony Network Entertainment
We'll have more info as it develops.
Comments are Closed
Comments
Displaying 41–60 of 268
212345678910…13144
StunGunMilly
Oh poo this is no fun me and my friends really wanted to play COD for days now. and i been wanting to play LBP2 with my boyfriend. oh well lets hope they get this fixed and we all can get back to gaming am i right ppl. mean time play old games and have fun beating the games that we all been working on. so til PSN pops back up i guess its back to my games.
nixon45jm
See there is this thing called fun and cheaters and hackers r ruining that on the online experience in videogames how wud u feel if some1 jus posted nude photos of u on the internet r somethin, this retaliation for that geohat guy not cool...i dont like courts and prison but i think all who's invilve so get locked the eeff up
nightsnipe
I guess what they say is true.
you get what you pay for. life lesson
FuzzofPekinopolis
@crackingcody
It is a little bigger deal than just Sony. If corporate entities such as Sony can have things tampered with, then any company that you have ever signed a document with could have the same thing happen. Let me be clear I don't even have a PS3, but that doesn't mean this doesn't concern me.
Sure people are blowing this out of proportion, just like you are not giving this problem enough attention. It goes both ways, people can have there blinders on like you, or they can overreact like some others. It still doesn't make the problem any less serious.
crackingcody
everyone should just relax and listen to some elvis or beatles or the who to calm down. sony will only lose billions of dollars and if enough possibly file for bankrupcy. its not like its the great depression or world war 2 again. if it were...... we'd be screwed cause FDR is DEAD!!!! :o
FuzzofPekinopolis
Is it possible it's China, who as reported, have tried to hack corporate and government sites around the world before? Could they be using the tragedies that have befallen Japan to hurt Japanese corporations? I'm just asking, it's not a secret that China and Japan haven't gotten along for centuries.
I only single China out because of the reports of this sort of thing over the past couple years. It could also be another country/group. It just seems to me that if I wanted to hurt Japan (which I do not), now would be a prime time to engage in such activities.
iceknightangel
disclaimer xbox fanboy
who are they really hurting? Sony yes but what about the kid that mow lawns all summer to play with his friend. What about the dad serving our country in another land who's only way to connect with his son is video games online? In a bad economy a big company trying to survive will have to let go a lot of american worker just what we need death penalty to all HACKERS no trial just shoot them in the head
Hob_Gadling68
The most disturbing thing, and the reason to hate on Sony for this, is the fact that they didn't even bother to hash the user passwords for our PSN accounts. This is just basic security and is definately unacceptable. Besides the fact that it took almost a week to decide to say that their "experts" in security had just found out that that information was compromised. Any security person worth their salt should have found that in the first few hours. Hackers may know their stuff, but the good securtiy people are the really scary ones.
XxKiLLiNG-BoBxX
SONY WHENS PSN IS GOING TO BE ON MAN IM GOING TO HATE PS3 SOON
Kristinfan410years
their needs to be better security in consoles. proportional representation on Xbox and sony! this just needs to end! we should start a new thing. KILL A HACKER DAY!
KaiVorail
I feel sorry for you guys, hope it's just a scare towards sony to have them shut down PSN momentarily. Good luck playstation peoples
rx7ah
Petition against Rothken's unjust suit. It's not right that they're trying to fatten their gullets instead of doing something useful with their lives.
Sign at www.petitionspot.com/petitions /SonyAndRothken
Preyer
The real question here is, "could Sony have stopped this? if not, could have anyone else?"
Ihatehackers
Dude it's a bmch of xbox Dooche bags who hacked us its agrop call anonamys or what ever but yeah I no that a bunch of xbox homosexuals hacked Sony and Sony sued anonamouys partner hotboyz that y anonamouys hacked Sony and we better have like a free something for the inconveinc like the new map pack escalation for cod black ops right guys
Hindean
so on Attack / THE FEED / they said PSN users credit cards are being used, is this true or false, Sony's website/blog is saying nothing of this news, ??????
TheEpicsmoothie
although im a person that owns and prefers to have an xbox, i kinda feel bad about the ps3 owners. who would seriously want to have their info stolen and be offline?
Opiyum
Don't get bent at the black-hat hacker(s); get really angry at Sony for 1) needlessly retaining customer data in a way that was obviously insecure (obvious I mean as of now), 2) locking down the PS3's access to play online games and other services to a single closed authentication system which Sony alone controls, 3) shutting down a service (that all of us do pay for as part of the price of the PS3 when a much better solution would have been to decouple PSN account access and online play (i.e. let us connect to EA, Zipper, Slant6 servers directly even if/when the PSN is down) in the first place, 4) most importantly, because Sony is to blame for their own actions and inactions; Sony themselves created the landscape and the situation which motivated the black-hat hacker(s) to venture down the path they saw as they're only recourse. I am personally really bummed I can't use my system, but I do support the principle that motivated this black-hat, and contrary to what others are saying, taking Sony down as hard and as long as they did was very constructive. Especially if this was the act of a single person; it's a huge problem that Sony has to deal with ... making headlines, creating bad press, and putting a huge exclamation point over Sony headquarters Metal Gear Solid style! So I'm mixed. I want PSN back up, but I also want to see Sony suffer from they pain they have caused me and other PS3 users.
roxas41195
i know this isnt the usual , and pointless , complaints about the server being down , but how are people commenting on sonys website, if any one knows please let me know ,
for science,
roxas
quintin1995CODkings
INORDER TO PAY BACK THE PSN USERS, PLAYSTATION SHOULD GIVE US A QUAD POINT WEEK FOR BLACK OPS. THIS WOULD BE A GOOD GIFT IN MY OPINION FOR STAYING WITH PS3 THROUGH THEIR HARD TIMES. I DIDNT GO TO XBOX AND I THINK I DESERVE A BIT OF A THANK YOU FOR IT. IM SURE YOU GUYS WILL AGREE. VOTE THIS UP AND SEND ME (Quintin Yourmother) ON FACEBOOK AND YOU CAN JOIN MY CLAN (C.O.D. Kings) FOR NO INITATION!!!
cpnet
No system is hack-proof and it sounds like Sony did the right thing by encrypting credit card info. However, from their own statement it sounds like they were directly storing user Passwords and answers to security questions - both of which you should NEVER EVER do in a secure system. Instead they should only be storing a one-way hash of this data. That way even if a database is comprimised, the hacker doesn't get your password. It does mean that if you forget your password they can't send it to you - instead you have to reset it, but it's a small price to pay for good security.
Unfortunately I see the G4 website is also storing passwords directly (I know because it was able to send me my password instead of requiring me to reset it when I forgot it). G4, and Sony please learn from this and only store one-way hashes of things like passwords and answers to security questions!!! I have changed my G4 password to one not used on any other sites since the password security is poor.
Storing one-way hashes of passwords is a well-known and pretty basic security best-practice, unfortunately many sites don't bother with this, and as a result our online info is a lot more vulnerable than it needs to be.
Displaying 41–60 of 268
212345678910…13144