Sony: Some PSN user data was unencrypted

Matthew DeCarlo

Posts: 5,271   +104

After Sony announced that its servers were hacked, users bombarded the company with concerns about the safety of their personal information. In its announcement earlier this week, Sony admitted that the attacker(s) gained access to customers' names, addresses, email addresses, birth dates, and PSN login credentials.

Naturally, the severity of that breach would be largely dependent on whether the information was encrypted -- something Sony neglected to mention in its initial announcement. Sony has addressed the question in its latest post revealing that some data was in fact stored on the company's servers in an unencrypted state.

Rest assured that your credit card information was encrypted and Sony says that there is still no evidence any financial data was swiped -- though it's entirely possible. However, your personal details were kept as a separate, unencrypted data set. This includes your identity, location and contact information.


Although Sony doesn't directly mention how your username and password were stored, it seem likely that they were housed with your other unencrypted data. Sony makes it abundantly clear that you should change your password for other online services if you're using the same one that you did on PSN/Qriocity.

As for your PSN credentials, Sony is developing a new software update that will require all users to change their password once the service is restored. The company also reminds users to beware of email, telephone and postal scams that request you to reveal further sensitive information such as your Social Security number.

You can bet Sony is furious about the intrusion and regretful about not encrypting your data. The company said it's working on strengthening its network infrastructure and enhancing PSN security across the board. Additionally, it's already in the process of moving its data center to a new, more secure location.

Permalink to story.

 
my confidence in Sony has really taken a dive in the last week, and i can't even do anything for my account because the service is still down.
 
Well i already cancel my internet service and my bank account sony why u let thz happen im sad dissapointed im just 1 person ....u just like state farm 40 million gamers 40 million reasons to be mad at u ....jerseyshorelove
 
I do not encourge this kind of hacking but I saw this coming with how harsh Sony went with the Geo lawsuit.

100% agree.
 
Sony's fighting a loosing battle. The only thing they can do right now is come up with PS4...
 
Unencrypted login credentials?! First thing I learned in computer science is to never store passwords in plaintext; only their hashes should ever be stored.

I hope sony goes bankrupt soon; they've been losing money year over year
 
Just when I thought nothing was more *****ic then Sony, I came here and read some of these comments and I'm not so sure anymore.
 
Give Sony a break they made a mistake and there doing there best to fix it. if they can't fix them then u can get on them.
 
as i look at these comments i can understand the frustrations of some of these users...then again i've never had to pay a monthli service charge to play on the network...yall r knocking and they provide u with a free service...it is not a good thing this has happened but remember its gamers like u and me who hacked them their security could have been godly still someone would've found a way this time its ohhh k to hate the player and not the game...
 
scshadow said:
Just when I thought nothing was more *****ic then Sony, I came here and read some of these comments and I'm not so sure anymore.

More *****ic "THEN" Sony?

Right, I assume you're including you're own comment in that too...
 
Guest said:
Give Sony a break they made a mistake and there doing there best to fix it. if they can't fix them then u can get on them.

They made a mistake?

A mistake is walking into a bear's cave while under the influence.

Walking into the bear's cave, clubbing the cubs, and stealing all the honey isn't a mistake.

Sony was asking for it and the got more than they bargained for.
 
I dont see this as the end of the world, either for sony nor any other person on the PSN.
It´s true that u might expect alittle more from a multibillion corporation, but then again u only need security as long as there are criminals to rob u. I do lock my door when i leave my home, but thats all i do to prevent....then again i live in a country with very low criminal activity and im a **** poor dude :p

The PSN will be back and i think u can asume it might be the most secure network for a while, so im not going to stop playing my ps3 now and then, since i now know it has all been redone and build from scratch with the knowledge if today.

ps.to who or whom that did this, the cause do not justifie the actions, so many inicent ppl has been affected by this, and i still cant belive other ppl cant see how disguisting this kind of crime is. The perfect vengance only hit the target.
 
What a blunder sony has committed.Either they were ignorant about user security or were being purely foolish(I think both).I never imagined that such a reputable company would deal with such important issues in such a careless way.
"The company said it's working on strengthening its network infrastructure and enhancing PSN security across the board. Additionally, it's already in the process of moving its data center to a new, more secure location." Too Late....
 
@lawfer: Why insult someone only to show that you are a hypocrite?

"Right, I assume you're including you're own comment in that too... " should be "Right, I presume you are including your own comment in that too."

"Assume" means "to accept without proof." "Presume" means "to accept before proof is established."

If your intent was to write with proper grammar you should avoid using contractions, rather than "you're" you should use "you are". You also should avoid using "you're" in replacement of "your". ;p
 
Well as long as Sony encrypted the credit card details it's OK. They have a very good track record of implementing encryption standards so I don't think anyone has anything to worry about.
 
Back