As I'm sure you know, the PlayStation Network has been down for over a week, and Sony today revealed the reason for the outage. There has been a security breach, and user information has been obtained by an unauthorized person.
Below please find our answers to questions you may have about what this means to you, the end user:
Whose information has been stolen?
Assume your data has been taken. Sony has not revealed how many of their estimated 70 million accounts have been compromised, so it's impossible to say for sure, but shutting down the entire PlayStation Network suggests the security breach is large. Also, the company has sent out email to every account holder about the situation.
What information has been stolen?
According to Sony, your name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. Additionally, Sony advises that your credit card number (excluding security code) and expiration date may have been obtained.
Wait, credit card information was stolen from the PSN as well?
Maybe. While Sony doesn't rule out the possibility that your credit card data (minus your 3-digit security code) has been stolen, they say that "there is no evidence at this time that credit card data was taken." According to Sony, your credit card data was encrypted by the company, meaning that even if it was stolen, it might never be recovered.
When did the intrusion take place?
Between April 17 and April 19, 2011
Can I change my PSN password now?
No. The PlayStation Network is offline. Sony says it is working on a new system software update that will require all users to change their password once PlayStation Network is restored. They promise to provide more details about the new update shortly.
When will the PlayStation Network go back online?
Within seven days. According to Sony, "We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week."
What should I do now?
We've prepared a guide for what to do if you're a member of the PlayStation Network.
Will the PSN network have better security in the future?
IYes. Sony says is is "enhancing security and strengthening our network infrastructure. Moving forward, we are initiating several measures that will significantly enhance all aspects of PlayStation Network’s security and your personal data, including moving our network infrastructure and data center to a new, more secure location, which is already underway." More details are coming.
Why did it take almost a week for Sony to inform the public of this leak?
Here's Sony's official statement on the matter:
There’s a difference in timing between when we identified there was an intrusion and when we learned of consumers’ data being compromised. We learned there was an intrusion April 19th and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon.