Sony confirms personal PSN data compromised, 'some services' back up 'within a week'

PS3 maker says "unauthorized person" has gained access to identifying information including username and password; credit card data possibly revealed; US Senator expresses dismay.

by

Sony has entered the seventh day of its PlayStation Network outage, and the situation has turned from bad to worse. Offering an update on the "external intrusion" that gave the Japanese electronics company cause to brings its online service for the PlayStation 3 and PSP offline, Sony has confirmed that personal information has been compromised.

PS3 owners have had their personal information compromised.

"We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network," a Sony spokesperson confirmed on the company's official blog.

As for what that means to PSN and Qriocity users, Sony said that "an unauthorized person" has gained access to such identifying information as registrants "name, address (city, state, zip), country, e-mail address, birth date, PlayStation Network/Qriocity password and login, and handle/PSN online ID." Sony recently told a group of investors that the PSN currently has some 75 million registered users.

According to the publisher, it is also possible that the intruder may have gleaned certain profile data, including "purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers."

Sony also confirmed speculation that credit card data may have been compromised as part of the attack. "While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility," the Sony spokesperson said. "If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."

Sony is taking a three-pronged approach to addressing the situation. The first, as many gamers have noticed, has been to indefinitely bring down the PSN and Qriocity media service. Sony said that it has also "engaged an outside, recognized security firm to conduct a full and complete investigation into what happened." Finally, the publisher said that it is currently taking steps to "enhance security and strengthen our network infrastructure by rebuilding our system."

Sony noted that US PSN and Qriocity users can contact credit-monitoring agencies Experian, Equifax, and TransUnion for a free "fraud alert" that ensures credit agencies will take extra precautionary measures toward identity verification. The publisher notes that this fraud alert may impede the expediency of legitimate credit requests.

Luckily there appears to be a light at the end of the tunnel, with Sony saying, "We have a clear path to have PlayStation Network and Qriocity systems back online and expect to restore some services within a week."

[UPDATE] Meanwhile, the PSN outage is beginning to draw attention from the highest levels of the US government. In a letter to Sony Computer Entertainment America president and CEO Jack Tretton, US Senator Richard Blumenthal (D-CT) has called on Sony to offer full disclosure to PSN users if their information was compromised and to offer two years of free access to credit reporting services to check if their credit was adversely affected. "Affected individuals should also be provided with sufficient insurance to protect them from the possible financial consequences of identity theft," Blumenthal said.

Discussion

1760 comments
IGDetail
IGDetail

Nice ... signed up for Experian and now I'm getting reoccuring $15 monthly fees from creditreport.com. Careful everyone - thanks a ton GS!

amaan4ever
amaan4ever

man i bought alot of stuff on psn like dlc, mini games. I hope nothing happens

tequilasunriser
tequilasunriser

Some people just don't know how to manage their own finances. That's when they sign up for scams like Lifelock.

Phatjam98
Phatjam98

[This message was deleted at the request of a moderator or administrator]

tequilasunriser
tequilasunriser

[This message was deleted at the request of a moderator or administrator]

Phatjam98
Phatjam98

@zkslycooper It is an accurate assessment of Mr tequilasunriser and his comments. It was not a personal attack it was simply an observation that someone that thinks that taking responsibility for ones personal info and credit has no self confidence. It is a silly and immature argument that any adult would quickly recognize as coming from a child who does not have to care for themselves or their personal standing yet. So yes, assessing such statements as coming from a child living off mommy and daddy is correct and is adult like. ID theft is a serious issue these days and Mr tequilasunriser simply wants to try and start a feud for no reason and make light of a fairly important subject.

Phatjam98
Phatjam98

@tequilasunriser So let me get this straight. You have nothing of substance to say, and so you now stoop to trying to use my exact arguments about your immaturity and lack of responsibility? I'm done with you. When you have something of worth to say perhaps I'll pay some attention. Until then, enjoy your little baby games of trying to start something. Anyone that is intelligent has read my comments on the subject and knows I know what I am talking about simply because my comments have substance and context. Your little bashing game is nothing but one liners and personal attacks. Be gone.

zkslycooper
zkslycooper

@Phatjam98 Telling some to enjoy there mommy and daddy's house isn't exactly adult like.

tequilasunriser
tequilasunriser

@Phatjam98 You've got nothing to properly retort with so you stoop to the assumption that I'm a child dwelling at home with parents? Keep digging that hole deeper. Time and time again you continue to prove my point that you are an immature person with little to no confidence in one's self. Have fun with that. :lol: ;)

Phatjam98
Phatjam98

@MrFinalFantasy Oh and yeah, to your main question. You have to report it to the creditor that hit your credit report. After you've disputed the item with the creditor you need to contact the police and file an official report that your a victim of ID theft. Then you can contact the 3 credit bureau's and lock down your credit for a time which does suck because you are basically making it impossible to do anything with your credit while you have it locked down. It is a major pain. But worse than all that is having to pay for a bill that isn't yours and worrying about getting hit again with something that isn't yours.

Phatjam98
Phatjam98

[This message was deleted at the request of a moderator or administrator]

Phatjam98
Phatjam98

@MrFinalFantasy Its really hard to prevent. My wife for example ended up having another woman's credit items end up on her credit report because she had the same name as this other woman and we lived in the same apartment complex. Clearly that isn't stolen identity but it is in effect the same thing. My friend had his stolen by his ex girlfriend. She opened up a credit card and a Kohls card in his name. I personally had my credit get hit by someone on the east coast(I'm a west coast kinda guy) which was clearly ID theft. The trick is to keep a close eye on your credit report so that if something hits it that shouldn't you can dispute it right away. The quicker you tell a creditor its not yours, the easier it is to get rid of. Its when something sits on your credit for a time that makes it really hard to get rid of. But no matter how you look at it, it is a huge pain in the butt. They will hit your credit in a second, but they make you beg and plead to get it off.

tequilasunriser
tequilasunriser

@Phatjam98 "I suppose you are trying to say because I take measures to ensure my identity is not stolen, I have no confidence in the handling of my personal business." Hey, look at that, you CAN read between the lines. Except it was only one line and you still had trouble with it. Not everyone can be the sharpest knife in the block. Yes, you have no confidence in yourself, you'd rather contract a group to do a job that you feel you are incapable of doing yourself. It's your money, friend, waste it however you like. ;)

MrFinalFantasy
MrFinalFantasy

@Phatjam98 a question if i may. how do you prevent such a thing? freezing credit account? or to report to authorities that you are at risk of Identity Theft?

Phatjam98
Phatjam98

@planetpisces You would be surprized. Identity theft has become an art. If someone wants to get your SSN it is really easy if they can get a credit card number, your birth date, address, name, or any combination of info like that. It is a mistake to assume that your SSN is a private number. We give that number out to employers, credit applications, tax forms(obviously), if you win more than 2k here in Vegas you have to give it to the casino for tax purposes, college applications, you name it. Our SSN and much of our other personal data is out their in the web and with a few bits to get someone started it is very easy to get it all. So yes, Identity theft is a threat here. This clearly was not an amateur that did this but no one knows the motive. It could just be to steal CC info, or just to give Sony headaches, but I doubt it. My point, just be proactive about your credit as it is your right to view your credit history. The best way to stop it is to catch it when and if it happens to you.

Phatjam98
Phatjam98

@tequilasunriser Your comment doesn't even make sense. What are you talking about confidence? Really, make more sense when you try and make a point otherwise it is lost to the world. I suppose you are trying to say because I take measures to ensure my identity is not stolen, I have no confidence in the handling of my personal business. That just makes no sense. If anything, taking steps to secure your personal information and assets breeds confidence. Again, next time you want to try and dig at someone, make some sense in the logical world, otherwise you just sound dumb.

planetpisces
planetpisces

Maybe I'm wrong but is the risk of identity theft even a possibility? I don't have a PS3 but I know on Xbox they don't ask for your SSN or a Tax ID which would be needed to open any new accounts under your name. I assume Sony is the same. If credit card #s were compromised the banks will just reissue new ones with new account #s, or if I was affected I would consider phoning up my CC company and asking for a new one which they'd be happy to do. And remember, nobody is responsible for unauthorized charges on their CCs. I just think this would be more appropriate action than considering any of those expensive credit bureau monitoring subscription services.

melvz99
melvz99

i do not play online thats why im not that affected..Stil i would prefer sony over ms.

seriousplayer_d
seriousplayer_d

@sagtlthl Sure Sony has the full right for suing those guys. If i was one of the millions of people who uses a credit card and all my information has been compromised, i would su those hackers for stealing. Because that's what they are, ordinary thiefs. And what if it was just to punish Sony because they hunt down hackers, now the hackers have millions of gamers turned against them.

alasredye
alasredye

i just have internet yesterday to play my ps3 online to the psn i cant get in.now i understand why.

perfect_player1
perfect_player1

I don't use internet on my PS3 o: but what sucks is I have the 3 beeps of death and I have no idea how to fix it :/ the only time i update my ps3 is when i buy a new game cause it comes with the update and im scared while updating my ps3 it will crash. anyway, if anyone here had their credit card information viewed, i wish all the best to you and hope that nothing is taken from your bank.

HT89488
HT89488

@hahamanin sorry, I've been taking everything on these boards its seems offensively. Its hard to tell who is sarcastic and who can respond with a intelligent reply without the childish name calling.

tequilasunriser
tequilasunriser

@Phatjam98 I'm not an idiot with my money. Sorry you don't have as much confidence in yourself as I have in myself. The world needs betas I guess.

rahulraja
rahulraja

This Is gonna be a long week

Hanrock
Hanrock

So the witch hunt goes into full effect today! Leave it to Cyber Terrorism Police to deal with the situation. Where are you Bruce Willis? *Yippie Ka Yay MF-ers!*

hahamanin
hahamanin

lol i just thought does the internet browser work on the ps3 atm.....gonna check it out later

the_requiem
the_requiem

@teknicz: EVERY company cares more about its image than its customers. Even when they "care about customers" it is them caring about their image. They put up a face of caring about customers coz it is good for their image, which in turn is good for bottomline. EVERY single company cares about only one thing: money. Customer care and good image are just means to that end, money.

hahamanin
hahamanin

@HT89488 read my comment again....n false claim??...who wouldnt love 4years of replacement warranty....FYI here in india ms provides free replacement for faulty consoles in india....they dont repair it....we just have to call customer support & in a day or two the courier guy comes with a new xbox & thats it...also yes it was a positive reply MS customer support in india is one of the best....

HT89488
HT89488

@hahamanin So are you saying because you live in India you can't get your xbox repaired? Cause if you are, that is a false claim. And you do have a postal service. Unless you live a very poor part of India in which case you probably wouldn't be playing on a unmodified xbox and probably have no option but to purchase pirated games. Just wondering if your insinuating anything or is that a positive reply?

Azarend
Azarend

@ wywern271 Your argument is weak. Different situation, different type of interaction.

hahamanin
hahamanin

@HT89488 u wrote---(At least Microsoft provides a good warranty on their systems and admits fault then lying to there consumers. ) correct & also u wouldnt believe the warranty system here in india tht ms provides for xbox.....replacement warranty for 4years as there is no repair centre here

HT89488
HT89488

Geohot broke his promise and gets sued. Sony breaks their promise and gets sued. Seems fair to me. I am talking about the TOS agreement when purchasing a PS3 as with any hardware that is used, or not its intended use. Sony promises your privacy and a secure network. This is all per Sony agreement. I am I right or wrong? Read other various sites on the subject and Terms of Service usage etc.. Seems like Karma is getting the best of Sony, and not because of this Geohot deal, its because they screwed me out of a 2200 laptop that was brand new, and lasted 11 months before it overheated. Flat out refused to follow there word on the warranty because they wanted to condemn it as a fan that had alot of dust and that is why it failed when the internet is plagued with faulty fans for this Sony Viao laptop and even the same model as mine. Take that Sony, I hope you get the full 9 yards of fines, fees, and whatever negative comes your way that cost you big. Sorry this is happening to PS3 users, but Sony was a evil corporation...much more so than Microsoft or others. At least Microsoft provides a good warranty on their systems and admits fault then lying to there consumers.

luciferbelmont
luciferbelmont

@Phatjam98 naw I never took your attackes personally its just you need a little help you just sound stupid sometimes too.

Phatjam98
Phatjam98

@tequilasunriser That is nifty and all, but their are many steps that can be taken to ensure that when identity theft happens you can nip it in the bud quickly. Lifelock is one step that can be taken and it must be joined up with other active measures as I do. So, I'm happy that you can read articles, but I'm curious, what are you doing to ensure your credit is safe? I would guess nothing.

Phatjam98
Phatjam98

@luciferbelmont I love getting reply's to my comments that really don't match up with what I said. Love that you take my comments as a personal attack, then wish something terrible on me. Even though I in no way wished identity theft on anyone, or implied that those that use PSN should be subject too it. But hey, you spout off all you want sparky LOL

BelaidKL
BelaidKL

According to University IT Engineers this crash came due to an unexpected usage of the computers that run the system when made in 2005. The overload and usage with new strong online release such as Black-Ops has caused the servers to crash completely leaving Sony to use hacks as a cover up of their mistake 6 years ago with misjudging the PS3's future. Anonymous stepped around at just the right moment.

cheesyrhino
cheesyrhino

I wonder how the person who did this feels now

hordaak
hordaak

Lets go play some battlefield online!!!! Except you...mr. ps3 owner. Sorry. -B Gates

CaMpInG_BaNaNa
CaMpInG_BaNaNa

Who You Gunna Call???? GHOSTBUSTERS!! But this seriousally needs to be sorted so that there is less chance of this happening again..what ever compnay.. and game console

luciferbelmont
luciferbelmont

@tequilasunriser your talking about messing with your system, which i agree on you on, im talking about illegal distribution online which is under copyright laws. Im just trying to tell you where talking about two different things.

NoremaC-_-
NoremaC-_-

@teknicz dont make conclusions. i can make on saying that sony probably didnt have enough information to say how much info was conpramised.could be true and makes sense as i cant imagine how hard it would be to discover if someone went round the psn security and what they did while in there. so a weeks actually pretty fast responce

teknicz
teknicz

Wow, Sony fanboys really will look the other way on this. What's important is that Sony knew about this issue, and only released a statement a whole week later that your credit card info might be compromised. Yes, any company could be hacked, but how that company deals with the situation is indicative of what priorities they place; in this case, Sony cared far more about its own public image than its customers. Probably because they wanted to announce their two new tablets first.

NoremaC-_-
NoremaC-_-

wait they only have acess to our acounts now and the credit card info and numbers and such are saved to the account but the middle few numbers are censored. correct? unless the jailbreak lets them see the fullcard number (doubt it) they can only spend our money on psn downloads. correct? kinda worthless buying everything on psstore and having 70 million users lives to spare (Lol only 1 guy will probably have a recipt for warhawk and fat princess when this is over. correct?) or does everyone know this already and im just a idiot. correct?

Nuk1euz
Nuk1euz

By the way, Xbox 360 also shut down for 2 weeks in 2008. Whether it was hackers or not, i dont know. Then again, international corporations find it very easy to cover things up. At least Sony is being honest and not pulling a BP (British Petroleum).

Arkady_Husky
Arkady_Husky

Yeah, don't worry about your credit card details potentially being in the hands of criminals. Probably nothing to worry about. I mean, if you can't trust criminals with your financial details, then who can you trust, amirite?

BigTMays
BigTMays

i like how people are freaking out and suing over this. it honestly could of happened to any major gaming system and now they're trying to make psn uncrackable. what are people's reaction to this? "IM GONNA SUE AND MAKE THEIR JOB MORE STRESSFUL AND HARDER, BECAUSE I WANT TO BE A DICK!" chill the hell out everyone and wait. playstation didnt have any more warning about this than we did. the only reason you would have to be mad is if you had a charge on your card for a 30 pack of natty and a hooker to share them with

hordaak
hordaak

@neophyte555 its a joke. They'll fix the problem. go drink some warm milk.

Neophyte555
Neophyte555

@hordaak was that supposed to be funny?