Personal Details Compromised During PSN Hack

An update to the ongoing PSN outage has revealed that PSN members details have been stolen and credit card information may also be at risk. It has been recommended that you change your account password as soon as you are able, and it was also suggested that you cancel your credit card. Only a slightly better note, PSN will hopefully be back up within a week, but all in all, a huge fucking headache caused by a few fucking assholes, well done.

Valued PlayStation Network/Qriocity Customer:
We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:

  1. Temporarily turned off PlayStation Network and Qriocity services;
  2. Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
  3. Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it:

U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228.

We have also provided names and contact information for the three major U.S. credit bureaus below. At no charge, U.S. residents can have these credit bureaus place a “fraud alert” on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below.

Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790

You may wish to visit the web site of the U.S. Federal Trade Commission at www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania Avenue, NW, Washington, DC 20580 for further information about how to protect yourself from identity theft. Your state Attorney General may also have advice on preventing identity theft, and you should report instances of known or suspected identity theft to law enforcement, your State Attorney General, and the FTC. For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone (877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202; telephone: (888) 743-0023; or www.oag.state.md.us.

We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at 1-800-345-7669 should you have any additional questions.

Sincerely,
Sony Computer Entertainment and Sony Network Entertainment

PS Blog

Advertisements
This entry was posted in PlayStation and tagged . Bookmark the permalink.

12 Responses to Personal Details Compromised During PSN Hack

  1. Fabe says:

    Woke up at like.3am [for some reason], first thing i did was checl the PS EU Blog.

    Flippin ‘ell man, i didn’t realise how serious this whole thing was. They make it seem like the PSN may be down till mid-May or even June.

  2. dv8r1970 says:

    The most disturbing part of this is it took Sony days to confirm what most people already knew, not only that the network has been down for the last 5 or 6 days but the original problem started 10 days ago. It brings the following questions to mind. 1. did they know 10 days ago that they were hacked ?. 2 if they had known, why did it take so long to respond ?.3 What come back do we the consumer have with Sony if our accounts have been compromised ?… Sony’s arguement has always been that the network is a free service.. its not free because we have to buy a playstation to use it.you can be sure a percentage of what we pay for playstations and games goes towards funding the network, so how about treating your customers with a bit more respect Sony. Sony’s actions so far is a bit like closing the gate after the horse bolted.

    • yvdsvestas says:

      Well they probably did know but you got a reputation to keep
      and 77 million accounts so they probably sat down and thought about it first.

      But this is some serious shit I’m glad I don’t have a credit card….

      I also heard about problems on the Xbox Live network but this was something with phising.

  3. Muse83 says:

    I got a credit card, doh………

    I hate hackers….I mean wankers….I mean…

  4. Golden says:

    I hope this doesn’t come off as sounding somewhat fanboyish, because I’m certainly not one, I’m a fanboy of good games, what platform those games come out on is irrelevant, but Sony are taking an awful amount of flack for this. Now, I’m not saying they don’t deserve it, the blame lies with them as well as with the person/people who broke into the PSN, but to hear some people around the various gaming sites you’d think Sony had just left the gates lying wide open with a sign reading ‘gone fishing’ hanging on the door.

    I’m sure they have put adequate security measures up, but as we all know, no network is 100% secure, Christ, somebody broke into Valve’s server’s years back and stole a whole game that was still in development right out from under their noses, and there are also security breaches all the time on companies that hold personal data like credit card numbers and other such things.

    Sony and the security firms working with them to sort this whole thing out are still not 100% sure that credit card information was definitely stolen, they are just taking precautionary steps in case it was.

    And to be fair to Sony, they took the network down as soon as they realised something was up, granted, it may have been too late, as DV8 says, but at least is was lying open getting molested by every Tom, Dick and Harry the whole time. The fact that they, and their security partners still don’t know 100% what has happened may have been the cause of the delay in contacting everyone.

    Like I said, I hope this doesn’t come off as a fanboy rant and that Sony can do now wrong, I just thought I’d state my opinion because a lot of people seem to think the blame lies solely on Sony when it doesn’t. There’s only so much security you can put in front of something,but eventually, some very smart person is gonna crack it, and then you end up with this mess.

  5. Muse83 says:

    *RANT ALERT*

    I bet whoever did it was backed by Microsoft. First Apple and now Sony – their biggest competition in the respective markets of phones (vs the HTC) and consoles (vs Xbox). Nothing buffs your own product more than damaging the oppositions and if you’ve a got some guy stupid enough to threaten to do it (Anon.) then you’ve got the perfect fall guy too.

    Not that I’m a fan of any of these companies, I’d rather not get involved in who’s right or wrong or justified. I just know who ends up paying for it in the long run . You guessed it, us.

    *rant over*

  6. dv8r says:

    Sorry Golden, I will have to disagree.Sony did not take the network offline when they found out they were hacked, they took it offline 4 days later. I’ve worked in I.T and it is very rare that you wouldn’t know you’ve been hacked. Its a global network and they will have their protocols for what constitutes a network shut down. The person in Sony who first became aware of the intrusion would not have the authority to shut the network down he/she would have had to notify a supervisor and up the ladder it would have gone very quitely till someone in a managerial position would have taken the decision to seek a current status report. This in most global companies takes up to 48 hours. Someone would have being given the task of putting together the report, taking into account different time zones would have taken approx 12 hours, The report is sent back up the ladder and legal advice is then sought before the decision to shut down the network is taken, at this stage 4 days have passed and people have been logging in and out and shopping in the store with their credit cards oblivious to the fact they are been ripped off, but it takes Sony a further 6 days to notify its customers. It takes less than 24 hours for stolen credit card details to be processed for someome elses use.Sony will not contact anybody in relation to credit cards been compromised. Most multinationals have the attitude ” its your credit card its your problem, you choose to use it to , therfore you must also accept the consequences” they all have indemnity clauses, read the small print.. It sucks but we are the ones who will suffer in the long run.” Gone phishing ” they left the door open for four days…

    • Golden says:

      Fair enough, and it’s nice to get a bit of inside knowledge on who these things work, I didn’t know it would take around two days to respond to something like this, I thought it would have been a lot more instantaneous than that.

      My first comment was in no way slyly directed at your earlier comment though, just in case you though I was being a bit of a smart ass, I just meant it as a response to what I had generally seen going on around various websites/blogs which was people acting like Sony had no security to begin with and basically left the door open for these people to do what they wanted from the get go. Which is untrue, I’m sure they had as much security as was required for them to be allowed to hold cc info, but as I said before, no system is 100% secure. There are intrusions like this on a daily basis in companies around the world, this one just happened to be in one with over 50 million customers (which is probably why it has gained so much traction in the mainstream media).

      Are you sure it was four days later? I thought they had been pretty swift in taking it down cus I remember hearing one morning early last week (Monday I think) that people were having problems signing in and then by that night the service was completely offline to everyone. I could be completely wrong however, but that was just my understanding of the situation.

      I wasn’t meaning that they didn’t know they had been hacked, just that they weren’t sure if the cc info had been compromised or not. I do however agree that the time it took to notify everyone was unacceptable.

      Again, this isn’t a bleeding heart ‘Sony can do no wrong’ post, they poked the wasps nest repeatedly (the whole GeoHotz/Anonymous debacle) and got stung badly, unfortunately all the people in the surrounding area also got stung, us. But the way people were acting was like it was all a one sided affair. The best analogy I’ve heard was, “you wouldn’t come home to a burgled house and then blame yourself for it being burgled.”

      This really hasn’t been Sony’s generation has it?!

      Oh, and I lol’d at the ‘gone phising’ comment, can’t believe I didn’t think of that while I was writing mine! Nice catch… ZING, ahh, I feel much better!

      • dv8r says:

        No Golden I didn’t think you were being a smart ass. Looks like Sony may be facing a federal investigation in the hacking plus looks like legal action against them is also forthcoming. The hacking if memory serves me happened 17 to 19 april the network went offline around the 21 april. Sony have not made any full precise statement on the matter its only been bits and pieces> There is also huge legal implications in regards to what actualy took place from the 17 april to 21 april. Sony have not said wether it was a single prolonged attack between the 17 and 19 or mulitiple attacks between the same dates , the main issue arises due to their in-action between the 19 to 21 plus a further 6 days before admitting credit card details were compromised. There are some big fat lawyers in America in particular rubbing their hands together right now with Sony in their sights. The consequences are frightening , dont be surprised if we end up having to ” pay to play” as a result … its a sad day when gamers become the real life victims… one more thing george holtz and sony settled out of court rumour has it that he could end up doing independant work for them?…now thats phising…… by the way i no longer work in telecommunications, its boring went back to college to become a legal executive better known as a paralegal in the u.s.. I specialise in employment law more fun and can do most of my work from home when not on bc2…..regards dv8r

  7. dv8r says:

    hey Muse …hackers + wankers = wackers

  8. Fabe says:

    No more PSN WITHDRAWAL SYMPTOMS anymore… I got that attitude right now of; ‘Eh [shrugs] PSN will be back online soon…’

    And i highly doubt any of our Debit/credit cards got hit.

    [Hands everyone a Pepsi… “Drink up”] [P]

    – Pepsi Product Placement Fund Credited: (£275.00)

  9. Muse83 says:

    dv8r :The consequences are frightening , dont be surprised if we end up having to ” pay to play” as a result

    Cannot even begin to tell you how pissed I would be if this happened!!!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s