Sony has admitted, in a message to customers on Tuesday, that a hacker has obtained the personal information of PlayStation Network account holders and subscribers of the Qriocity streaming service. These details include information such as those used for registration purposes such as the name, address, date of birth, login information, password and possibly credit numbers and/or expiration dates of account holders.
The enormous breach of security comes as a shock to many of the over 70 million customers who cannot help but wonder how on earth this situation could have been allowed to occur. As a result of the breach, Sony’s PlayStation Network has been offline for the past few days and services are not expected to resume until further notice. Meanwhile, Sony network customers are advised to be vigilant, change their passwords and check their emails regularly for signs of scammers who are seeking more information.
Read the full statement from Sony Entertainment below.
Valued PlayStation Network/Qriocity Customer:
We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:
- Temporarily turned off PlayStation Network and Qriocity services;
- Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
- Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.
We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security, tax identification or similar number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.
To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit or similar types of reports.
We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at 1-800-345-7669 should you have any additional questions.
Sincerely,
Sony Computer Entertainment and Sony Network Entertainment
Valued PlayStation Network/Qriocity Customer:
We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:
- Temporarily turned off PlayStation Network and Qriocity services;
- Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
- Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.
We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security, tax identification or similar number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.
To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit or similar types of reports.
We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at 1-800-345-7669 should you have any additional questions.
Sincerely,
Sony Computer Entertainment and Sony Network Entertainment
UPDATE: In a new development, Sony has revealed that credit card details held on its PlayStation Network were stored in securely encrypted files.
Thanks for reading this article. If you're new here, why don't you subscribe for regular updates via RSS feed or via email. You can also subscribe by following @techsling on Twitter or becoming our fan on Facebook. Thanks for visiting!
9 Comments
Leave a Reply
Cancel reply
Leave a Reply
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Jane Cooper
April 27, 2011 at 11:04 am
This is ridicolous, i think Sony may lose a lot of clients because of it and they may be hammered in next generation consoles rivalization.
Anne
April 27, 2011 at 3:49 pm
Unbelievable. This is a huge lesson to Sony.
Anita
April 27, 2011 at 7:48 pm
Wow! And I was worried when my Ashampoo account was stolen! This is bewildering!
Ava
April 28, 2011 at 12:52 am
I don’t actually have a Playstation, but my brother does. What kind of jeopardy is he in if his information has, in fact, been stolen?
Adam
April 28, 2011 at 2:41 am
Here’s the more important question…. Who the heck stores passwords unencrypted? How were they even allowed to get away with this for so long?
Heidi
April 28, 2011 at 3:20 am
I thought systems are now very sophisticated and secure! I wonder if PlayStation consumers would seek damages?
Karla
April 28, 2011 at 7:00 am
Hah. I can’t imagine the face of my cousin when I tell him this big news. I can’t imagine a huge corporation making that kind of error.
Nick
April 28, 2011 at 12:34 pm
Oh dear Sony.
I wander how this will affect their sales for their next console. I can see Microsoft having an even bigger market share with the next-gen consoles after this.
Admin
April 29, 2011 at 12:19 pm
I think the problem must have more to do with the network than the actual hardware itself. However, it will still be interesting to see how the market responds to this in future.