Sony PSN offline until next week, user accounts compromised

By on April 26, 2011, 6:45 PM
As you've undoubtedly heard, Sony's PlayStation Network was taken offline last week following a security breach. Sony remained incredibly quiet about the matter through the weekend, but with mounting pressure from gamers, the company has finally released an official explanation. According to a post on the PlayStation blog, Sony discovered that between April 17 and 19, certain PSN and Qriocity account details were compromised in a network intrusion.

In response to the break-in, Sony flipped the switch on its PSN and Qriocity services and hired an external security firm to perform a complete investigation. At this time, it's believed that the attacker obtained access to your name, address, country, email address, birthdate, PSN/Qriocity name and password, as well as your handle/PSN online ID. It's also possible that your password security answers were obtained along with any sub-account information.

Sony says there's no evidence that users' credit card data was taken, but it can't rule out the possibility. If such information was snagged, it would "only" be your credit card number and expiration date, but not your security code. As such, the company recommends that you keep track of your financial statements and credit reports, noting that US residents are entitled by law to one free credit report per year from each of the three major credit bureaus:

  • Experian: 888-397-3742; P.O. Box 9532, Allen, TX 75013
  • Equifax: 800-525-6285; P.O. Box 740241, Atlanta, GA 30374-0241
  • TransUnion: 800-680-7289; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790

"At no charge, U.S. residents can have these credit bureaus place a 'fraud alert' on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity."

With your name, contact information and login credentials in the hands of a criminal party, it would be wise to change your passwords to other online services. Additionally, the company suggests that its users should be extra cautious about email, telephone and postal scams that request sensitive information. Sony itself will never contact you in any way to request "personally identifiable" information such as your credit card or social security number.

If you have further concerns about identity theft, Sony's blog post contains contact information for the FTC and your state's Attorney General. As for PSN's recovery, Sony says the service will remain offline until its investigation is complete and it implements the proper security measures to prevent this from reoccurring. At the time of writing, the company estimates that "some services" will be back online within a week -- surely longer than you wanted to hear.




User Comments: 97

Got something to say? Post a comment
Xclusiveitalian Xclusiveitalian said:

Sony is going to have to do something big to make up for this because i have a feeling a-lot of people will not be trusting them with any more information.

chaboi390 said:

Oh great. even if i can't seem to play online atm, my whole credit card details as well my address is stolen by some punk. DAM IT!!!

Guest said:

I'm glad i have a credit freeze on all 3 bureaus to help protect myself when this cr@p happens. I just hope it's enough to help protect myself. I can almost guaranteed ANON is behind it, they won't admit it because it'll mean a deeper and harder investigation from FBI and put them at risk from getting caught if they take credit. Hope they get caught and get butt rape in prison.

It'll be interesting to see how sony rebounds to this.

gwailo247, TechSpot Chancellor, said:

Now my mother is going to have to change her maiden name. Thanks Sony!

Lurker101 said:

On the bright side, at least PS3 users are thinking rationally about what effect this data breach could have on them;

Link to the quote below

+ Tgebbs on April 26th, 2011 at 1:03 pm said:

What about our trophies? Are they safe?

dotVezz said:

Wow. Sony, just gotta say, you guys are awesome. I mean, this is the best PR stunt, like, EVER! (SARCASM)

superty12 superty12 said:

I did a post on the shortage. It can be found here: http://www.techspot.com/vb/topic164190.html

Guest said:

What is wrong with you guys!!!!!!

The Playstation Network is hacked!!

You guys that work for the Playstation Network should arrest the hacker and turn the Playstation Network back online!!!!!!

Lurker101 said:

[fanboy]Guest said:

What is wrong with you guys!!!!!!

The Playstation Network is hacked!!

You guys that work for the Playstation Network should arrest the hacker and turn the Playstation Network back online!!!!!![/fanboy]

Guest said:

This is the funny part about this screw up.... The first day it was taken offline they said "it should take a day or two." Two days pass, no psn.... Than it said it will be back online on tuesday, now it says wednesday... WHEN SONY!!!

MasterNate365 said:

Okay, This has really pissed me off now, I had 3 active credit cards linked to my account, I also had my home address registered, If ANY of this goes towards getting me cloned and defrauded, Sony is going to have a LOT of f*cking work to do to pay me back!!!

Guest said:

Hey, how about we all buy xbox360's, and let sony lose buissness!!!!! OH YEAH

(And now that hacker is going to cahnge my freeking password, than i cant get online!)

Win7Dev said:

Well they finished with one law suit. Apparently the first one wasn't enough. Lol.

Guest said:

Lololololololol I'm glad I'm an XBOX user!

Guest said:

okay im starting to get annoyed by people who complained about them not giving an answer to what happend until a few days later. you should at least be thankful they keep giving us updates. also its not like they're going to tell us exactly how they got hacked because some other hacker could be like "oh thats how they did it now i could try something like that" so they could learn from the other hackers mistake. last im just saying in my opinion why would you use a credit card when you could of just bought psn cards that way none of your information is they're system. also with credit cards you should only buy things thats you can sell back. just saying.

Guest said:

Thanks Sony u really did it this time!!!!

That stupid punk who hacked the psn is gonna pay my credits on the psn store!!!

Why in the world did he hack it in the frist place hes not getting anything for just hacking it!!!!

hes a really stupid guy to hack the psn!!!

now that punk gots my address and profile for him self!!!

you better make the psn better and pay us all back our f*** MONEY!!!!!

:(((((

UPGRADE THE PSN!!!!

THANKS ALOT!!!!!!!!

DAMM IT!!!!!!!

Lurker101 said:

Well they finished with one law suit. Apparently the first one wasn't enough. Lol.

They paid good money for that judge and they want their moneys worth

Guest said:

i already have fraudulent charges on my credit card!!!!!!!!!!!!!

Guest said:

Yeah lets all get a Xbox 360 and let the Playstation Network lose there f*** money

and thats hella true the hacker is gonna change my f*** password!!!!!

Guest said:

Same thing happened to microsoft in 07 stop whining it can happen to even the best online companies.

Guest said:

they should give use one whole week of free downloads including games, map packs, movies, music, themes, avatars, and anything else

Guest said:

thats why I use a pre-paid visa or mastercard. If you put your debit card or a real credit card online period , Than you are an *****! Get with the program people.There are other people that can not make money in any other way than stealing yours. Use some street smarts if you have any.

Guest said:

Its been 6 days, i barely bought this system now its having problems,maybe XBOX is better! Wow what a spring break i had.SCREW YAL

Xclusiveitalian Xclusiveitalian said:

That's the problem, why waste money on another console at the end of it's prime...let's hope project Cafe is something better and start saving up.

Guest said:

I bet you the people (or person) behind this would be a Geo fan or at least a supporter. So... keep cheering your hero on i guess....

n00bzZy said:

Let's all ditch consoles altogether and go back to PC's. Can't say this wasn't expected...

Lurker101 said:

Its been 6 days, i barely bought this system now its having problems,maybe XBOX is better! Wow what a spring break i had.SCREW YAL

Imagine how much better it would've been if you'd gone outside and gotten a girlfriend

Guest said:

screw PSN, I'd like to cut the balls off the f'n hacker.... sorry punk sittin in his parents basement in his stained underwear with pizza sauce stains on his tee shirt. PUNK!

Guest said:

I totally appreciate how everyone feels but folks this can happen anywhere any time. Not everyone has there credit card numbers take so people stop over reacting. It has been a free service for many and the fact that they shut down the entire network and stopped millions of other players from going online to protect you, you should honestly be proud that the company would be willing to lose millions of dollars to save someones credit. It shows a true concern for the people not just for there own pockets. How many of you think that credit card numbers have never been stolen from X-Box????????????? Do you honestly think microsoft would shut down. There is no way. They would keep letting the hacker steal until they could catch him instead of telling the people what happened. There is no solid evidence that someone even has your card numbers for sure. The wisest would realize that what was said is "that it was POSSIBLE!!!!!!" Not that someone did exactly that. I will be glad when the network is back up and I am sure it will be completely safe to use. To the representatives at Sony thanks for your actual concern.

Guest said:

Imagine if all 75 million people get cloned because the hackers know where we live that would be alot of gamers

Guest said:

looks like xbox live is going to get a bit more crowed soon lol

Lurker101 said:

Guest said:

screw PSN, I'd like to cut the balls off the f'n hacker.... sorry punk sittin in his parents basement in his stained underwear with pizza sauce stains on his tee shirt. PUNK!

If you project any harder, you'll be able to show off powerpoint presentations from your fingertips

Guest said:

Nice I'm already pissed off at Sony for selling me a faulty PS3, now there network got hacked. I just don't see how thats possible, they are one of the largest businesses in the world... and they dont even care about there network, the thing that makes them money. It should've been there top priority before they got hacked not after.

Guest said:

I'm an ecom web dev, and what is shocking to me is that Sony appears to have been lax on basic security practices. In particular, to compromise all those passwords means that the passwords were not hashed when stored, which is a big no-no. Also, if the database of credit card numbers were compromised, that would indicated that if it wasn't in inside job that they failed on some significant PCI rules on how card numbers can be stored and how they can be accessed.

Most appalling to me, though, is how slow they are to be honest and inform endusers. They also are very much lacking in customer support. For example, a simple thing they could do is have some basic, easy way for users to check to see if they had a credit card on file with PSN which might have been compromised. I own a PS3 and I honestly don't know if I ever put my card on file with them. Instead they recommend you go use some third party credit check website.

As another user pointed out, this smacks of the same silence and downplaying of importance that we saw in the first few weeks of the nuclear accident in Japan with TEPCO.

Guest said:

"I totally appreciate how everyone feels but folks this can happen anywhere any time. Not everyone has there credit card numbers take so people stop over reacting. It has been a free service for many and the fact that they shut down the entire network and stopped millions of other players from going online to protect you, you should honestly be proud that the company would be willing to lose millions of dollars to save someones credit. It shows a true concern for the people not just for there own pockets. How many of you think that credit card numbers have never been stolen from X-Box????????????? Do you honestly think microsoft would shut down. There is no way. They would keep letting the hacker steal until they could catch him instead of telling the people what happened. There is no solid evidence that someone even has your card numbers for sure. The wisest would realize that what was said is "that it was POSSIBLE!!!!!!" Not that someone did exactly that. I will be glad when the network is back up and I am sure it will be completely safe to use. To the representatives at Sony thanks for your actual concern.

lol dude your a fan boy i can tell and just so you know NO credit info has ever been stolen from anyone on xbox lol and it took them how long to tell use this? its not concern for us its concern for there pockets when they get law suits for not putting up the right security in the first place"

Guest said:

Well to those of you who ACTUALLY placed your credit card on your account. Grats on being morons. There's a reason they sell the redeem cards, safer and less of a hassle. People think "oh wait but what if the code is wrong and you have to call? That's hassle." Well better that, than having my credit card info stolen. Next time you wanna sign up for something and you look at your credit card, think twice!!

Unfortunate that psn was hacked, but it happens to anybody. Bet you wouldn't blame yourself if you had that security and got hacked as well. Not being a fanboy or anything, I was an Xbox user till the bills caught up with me. But Xbox went offline during Xmas in '08 for 2 weeks. Don't know about you, but Xmas is a better holiday for me than Easter. So top you whining and wait patiently, it's a free service!!!!

PS. Except for the ****** that actually got Plus.

Scshadow said:

I don't ****ing care that sensitive data is stolen. **** happens. IT TOOK SONY THIS LONG TO TELL US OUR CARD INFORMATION COULD BE COMPROMISED. F U SONY. HOW LONG WERE YOU GOING TO TRY AND NOT TELL US THIS? People have to PRESSURE YOU to make a statement?

Guest said:

True, they would have never told you that your credit card information was stolen if this was fixed in a shorter period of time.

MrAnderson said:

Are companies still storing Credit card information in clear text or are they encrypted? I mean come on... I smell class action lawsuite just for stupidity... how many times has this happened that you would think a large company with resources to implement best practices would actually implement them... I have yet to read the official statement... but I bet MS is loving this... perhaps this is also making a point to have paid service which really sucks...

Guest said:

"lol dude your a fan boy i can tell and just so you know NO credit info has ever been stolen from anyone on xbox lol and it took them how long to tell use this? its not concern for us its concern for there pockets when they get law suits for not putting up the right security in the first place"

Its not about being a fan its being on the other end of business ownership my friend. Once again if you think info has never been stolen from X-Box your crazy. Once again it was only still a possibility not a certainty. I am not a fan of any type of system or company they all have there draw backs. Every last one of them. More than likely it was someone with extensive knowledge of the networks if that is the case. Getting credit card numbers is a hell of a lot easier through different ways. Hacking into one of the worlds largest networks with literally millions of eyes staring at it isnt about the credit cards for sure. "If" and whom ever "might" have hacked it its not about our cards because in order accomplish and be unseen is apparently impossible. People make fake facebook pages everyday and fake log ins people fall for it then use the same passwords to get there private info from there email accounts everyday. That is a hell of a lot easier way to get someones credit card info and not get caught doing it.

MrAnderson said:

(more)...

Oh and the user passwords better be at least asymmetrically hashed at least - or I've just lost respect for Sony... and anyone else that at least does not employe this simple messure... if you have a custome system it should be a little bit easier to lock down things you'd think... part of the next generation R&D money should really go into security!

Sorry this is just silly to me.

Guest said:

@MrAnderson

There are specific PCI rules about how you can store credit card numbers and fetch them back. If you don't use an external service (such as authorize dot net's CIM service, amongst others) and store them instead yourself on your own servers, you essentially have to have the physical and technical security of an actual bank. pcisecuritystandards dot org has some good info.

If there's any good news to come out of this, it is that Sony is using an external auditing/consulting company to do a third party analysis. I've been through a PCI audit (after one cellphone company bought another that we did an ecom site for) as a standard practice and it costs on the order of $100k to do a basic PCI audit. No more bending the truth, although that doesn't mean it can't come out filtered through Sony PR...

I just wonder how I can know if I ever put a CC on file with PSN... I don't remember, and I can't check, of course!

Guest said:

Revenge of Geohotz

Guest said:

Are you sure you didn't buy an XBox and then just heard about PSN being hacked?

Coz surely you couldn't have just bought a PS3 for the soul purpose of using PSN... I have a PS3, PSN's been hacked, my account may also have been hacked and that is much more serious than complaining about the Service being down, at least they pulled the plug to avoid OTHER PSN users' info getting hacked and not just to stop free game downloads with the DEV firmware. Time to go back to playing one player games offline... WHILE THEY HOPEFULLY FIX PSN...

AnonymousSurfer AnonymousSurfer said:

WTF Sony.... I'm going to Xbox...

Guest said:

You know, because it's just that easy. Plus, the people that work for PlayStation are just ready and willing to arrest someone.

Guest said:

This deffinatly sucks because I was hoping to get a lot of level ups on MW2 during my spring break, but with it coming back up next week it almost seems like it was planned to go down just so I couldn't play during break. =\

Guest said:

Good thing I never buy anything that says sony.

AND I NEVER WILL.

Guest said:

it is not sonys fault you *******. it is the hackers who did this

Guest said:

Wow. Never in my life have I seen a literal epidemic on a company's service like this before. Not only are the players and devs screwed because the gamers can't play online, but now our SECURITY INFO is available. Wow. **** you Sony. I will burn you to the ground. When this is all over and I have charges on my credit card from someone buying Toy Story Racing for psOne, you can suck my ****. GO **** yourselves Sony. Thank God for my PC.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.