Sony answers Congress' questions, details PSN attack

Complete account of PlayStation Network outage offered; info stolen from all 77 million PSN accounts; no fraudulent credit card transactions reported; Anonymous possible culprit.

954 Comments

Yesterday, Sony said it would answer a list of detailed questions presented by a US Congressional subcommittee looking into the PlayStation Network outage and data leak. Today, the company offered up its answers, which gave a detailed timeline of the data breach and subsequent downtime resulting from the cyberattack. Unfortunately, one of the responses confirmed the worst-case scenario--that all 77 million PlayStation Network and Qriocity service accounts had data stolen from them.

Sony has now officially confirmed that all 77 million PSN accounts had data stolen from them.
Sony has now officially confirmed that all 77 million PSN accounts had data stolen from them.

In a letter sent to the subcommittee--which can be viewed in its entirety here--Sony Computer Entertainment America chairman and Sony Corp. executive vice president Kaz Hirai offered a detailed timeline of the aforementioned attack. The saga began at 4:15 p.m. PDT on April 19, when employees of Sony Network Entertainment America, which took over PSN operations in March, noticed that "certain systems were rebooting when they were not scheduled to do so."

The following day, SNEA noticed "evidence that indicated an unauthorized intrusion had occurred and that data of some kind had been transferred off the PlayStation Network servers without authorization." However, SNEA couldn't determine exactly what type of information had been taken, so it then took down the PSN as a precaution.

Also on April 20, Sony called in an external computer forensics firm to look into the incident. To complete the investigation, the firm had to mirror all the servers that had been hacked, which was a time-intensive process. The investigation grew even more complex once the full extent of the attack became clear, causing Sony to enlist a second computer security company to help in the investigation on April 21.

It took until the afternoon of April 22 for the two firms to complete the mirroring of nine of the 10 servers that had been compromised. It then took until the following evening (April 23) for the two companies to confirm that "intruders had used very sophisticated and aggressive techniques to obtain unauthorized access, hide their presence from system administrators, and escalate privileges inside servers." The intruders deleted log files to cover their tracks, Sony said.

By April 24--Easter Sunday--Sony said it had realized it was dealing with a "sophisticated hacker" and called in a third outside firm to "determine the scope of the data theft." By Monday, April 25, all three teams could confirm the scale of the personal data that had been stolen, but couldn't say definitively whether or not credit card information had been taken as well.

The following day, Sony announced to the public that personal--and possibly credit card data--had been compromised. Hirai's letter then confirmed that "information appears to have been stolen from all PlayStation Network user accounts, although not every piece of information in those accounts appears to have been stolen. The criminal intruders stole personal information from all of the approximately 77 million PlayStation Network and Qriocity accounts."

Of the 77 million, some 12.3 million account holders had credit card information on file, with 5.6 million being in the US. (Those numbers include active and expired credit card accounts.) Luckily, Hirai said that, to date, "the major credit card companies have not reported that they have seen any increase in the number of fraudulent credit card transactions as a result of the attack." Last week, Wells Fargo, American Express, and MasterCard gave a similar account to the press.

The good news is that Hirai said that Sony now believes it has indentified the cause of the breach. However, the company does not want to make the information public out of security concerns. It has, however, taken a variety of steps to beef up security, including moving its servers to a new facility, adding additional firewalls, enhancing data encryption and protection, and increasing automated software monitoring.

When asked if Sony had indentified the individuals behind the attack, Hirai answered with a flat, "No." However, he did say that when Sony Online Entertainment discovered its own data theft this past Sunday, intruders had "planted a file on one of those [compromised] servers named 'Anonymous' with the words 'We are Legion.'" Though it was openly behind attacks on the PSN in early April, the hacker collective known as Anonymous has denied sanctioning the attack that has now kept the PSN down for two weeks. However, the loose nature of the collective, which has no official leaders, means that rogue elements could be behind the intrusion.

Got a news tip or want to contact us directly? Email news@gamespot.com

Join the conversation
There are 954 comments about this story
954 Comments  RefreshSorted By 
GameSpot has a zero tolerance policy when it comes to toxic conduct in comments. Any abusive, racist, sexist, threatening, bullying, vulgar, and otherwise objectionable behavior will result in moderation and/or account termination. Please keep your discussion civil.

Avatar image for vity606
vity606

25

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

well my account is here but i need to get it back i spent 150 please help me

Upvote • 
Avatar image for Benzo396
Benzo396

71

Forum Posts

0

Wiki Points

0

Followers

Reviews: 4

User Lists: 0

I find it funny that everybody is complaining and talking about moving over to Xbox, but nobody is going anywhere. You'll all wait until the PSN is back online.

Upvote • 
Avatar image for Zeta_Thompson
Zeta_Thompson

83

Forum Posts

0

Wiki Points

0

Followers

Reviews: 5

User Lists: 0

@Vodoo So, by that logic, If Microsoft was hacked and companies and individuals information was released every government in the world would be within in their rights to make an inquiry? If the corner store gets robbed and physical receipts are stolen and put online with credit card info the store is responsible? Somehow I suspect that if Ford or Bear Sterns or any other non government owned company were approached by a foreign government asking for information of the same nature that Congress asked they would be told to bugger off and Congress would protect their right to do so. That is sort of the point of capitalism in many ways. Now I DO question why Sony or any company needs all the data they claim they do. and this is a perfect example of why we should start refusing. As for Sony's liability - well what does their EULA say? If it is like most, it basically says oh well you use this and any other service at your risk. @CaptainHerloc exactly, why are they all worried about a foreign gaming company instead of ensuring the US companies and their own systems are secure against such an intrusion, I mean just think of the scandal if the world were to see the monthly lunch budget for any given senator. I bet it is more than my family's food budget for a month.

Upvote • 
Avatar image for chrisopo
chrisopo

25

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

I dont think playstation network will return this month. Its taking the P!s5 now nearly 3 weeks at this rate 77 million users will end being 25 million because they're taking to long to "test it"

Upvote • 
Avatar image for redskinStu
redskinStu

748

Forum Posts

0

Wiki Points

0

Followers

Reviews: 31

User Lists: 0

I knew Anonymous was in on it.

Upvote • 
Avatar image for max_wolfstein
max_wolfstein

25

Forum Posts

0

Wiki Points

0

Followers

Reviews: 30

User Lists: 0

These hackers have low self-esteem and are attempting to boost their self-importance by hacking PSN. I look down upon them as mere children.

Upvote • 
Avatar image for Vodoo
Vodoo

3076

Forum Posts

0

Wiki Points

0

Followers

Reviews: 2

User Lists: 0

@Zeta_Thompson... Congress got involved because over 5 million of those stolen accounts were Americans. If these hackers decided to use or sell even 1 million credit card #'s to go shopping it could devestate the extremely fragile economy. Banks not getting millions of dollars lent out on whatever purchases were made could be devastating. The banks just pulled their head above water and that would put them right back under. That's just one possible outcome of what could transpire and why congress got involved. They probably want to have some sort of contingencey plan in place in the worst should happen. And... I'm glad they gave Sony the impression that they're not above the law or persecution and that they will be held accountable for not investing more heavily in protecting peoples' sensitive data.

Upvote • 
Avatar image for master_phi
master_phi

26

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

Sony did happen to overstate the security of PSN, it was bound to happen sooner or later....tell a hacker that they can't handle it and they'll definitely try to prove you wrong...unless you're the NSA... :P Hopefully it'll be back up as they said-May 31st..

Upvote • 
Avatar image for Blulightning
Blulightning

30

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

lol... "We are Legion" didn't come from Mass Effect 2. It's an allusion from the Bible. It was actually a demon who had possessed a man said to Jesus "My name is Legion, for we are many." before Jesus exorcised the demon. Also, @FarmFreshDX, you have to understand that server reboots could be caused by system malfunctions. Servers go down occasionally, especially when they are being used as much as Sony probably uses them. As well, the workers at the facility holding the servers mentioned most likely have zero authority to issue an entire shutdown of the PSN. They likely had to contact their bosses, who had to contact their bosses, and etc. until someone could give the 'OK' to shutdown the PSN. Which I'm sure they didn't want to do. With a good connection, all of the data mentioned could be downloaded before this line of bureaucracy could take place. Also, some of you seem to misunderstand 'Anonymous'. They are NOT an organization. They are basically an anarchy of like-minded indviduals. All of them acting independently. Of course, like in any anarchy you'll find groups of people working together to perform a single goal, as well as those completely independent. This is the nature of people known as 'Anonymous'.

Upvote • 
Avatar image for kyzee_zul
kyzee_zul

64

Forum Posts

0

Wiki Points

0

Followers

Reviews: 1

User Lists: 0

Those hackers ruin our fun and took down our beloved PSN,truly hate them!!

Upvote • 
Avatar image for WCK619
WCK619

555

Forum Posts

0

Wiki Points

0

Followers

Reviews: 4

User Lists: 0

If Anonymous truely did this, they would release the information freely online for everyone to see. Anonymous is very strongly for free information for all. They don't like secrets.

Upvote • 
Avatar image for vegasdan30
vegasdan30

25

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

If they could do it to Sony they can do it to almost anyone. They chose Sony because sony dared to prosecute them. We need a way to find and prosecute all of these hackers. As much as people use online, this will be very important for the future.

Upvote • 
Avatar image for zeonfollower
zeonfollower

392

Forum Posts

0

Wiki Points

0

Followers

Reviews: 36

User Lists: 0

I want online!

Upvote • 
Avatar image for chrisopo
chrisopo

25

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

Playstation network is dead and will never return.

Upvote • 
Avatar image for Spahettificator
Spahettificator

460

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

@FarmFreshDX Maybe they were all popping off to the vending machines for a bit?

Upvote • 
Avatar image for FarmFreshDX
FarmFreshDX

558

Forum Posts

0

Wiki Points

0

Followers

Reviews: 1

User Lists: 0

I find it shocking that they noticed systems were going off and on and rebooting and did nothing. This isn't Jurassic Park, they weren't debugging the phone lines. Things like that don't happen, and you definitely don't ignore them when they do happen. Sony should certainly be able to tell something's wrong before 77 million pieces of information are taken.

Upvote • 
Avatar image for CaptainHerlock
CaptainHerlock

755

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

@Zeta_Thompson If they want to do business in the United States, then they have to abide by U.S. law in that respect. However, I understand what you're getting at. All of these well meaning congressmen and women are using this to grandstand a bit, so they look good in front of their constituents. After all this and things like steroids in baseball, and demanding to see President Obama's birth certificate are easier than addressing the economy, unemployment, the national debt, and rising gas prices.

Upvote • 
Avatar image for Mc_Trickz
Mc_Trickz

1039

Forum Posts

0

Wiki Points

0

Followers

Reviews: 143

User Lists: 0

lol

Upvote • 
Avatar image for Zeta_Thompson
Zeta_Thompson

83

Forum Posts

0

Wiki Points

0

Followers

Reviews: 5

User Lists: 0

What does the US government have to do with a Japanese Company? Seriously, I think congress is out of line. Yes ask Sony to contribute information regarding data security, But I think that was more than a bit high handed of congress. Maybe they should be more concerned about their own security instead of worrying about a gaming company?

Upvote • 
Avatar image for lunaticrichard
lunaticrichard

170

Forum Posts

0

Wiki Points

0

Followers

Reviews: 4

User Lists: 0

and now anonymous has claimed responsibility in part as to say that some of the group where involved, but they where afraid of the FBI and so stated that they had nothing to do with the attack. how sad is that ????

Upvote • 
Avatar image for alex_1889
alex_1889

463

Forum Posts

0

Wiki Points

0

Followers

Reviews: 1

User Lists: 0

The only reason these idiots hide behind the name of Anonymous is because it makes them look like they aren't completely alone in their attack. They are. Anonymous as a majority don't endorse this.

Upvote • 
Avatar image for GnomeGrown
GnomeGrown

57

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

Anyone else catch where "We are Legion" came from? It's in Mass Effect 2. I'm sure that's already been stated here in the comments, but seeing as there is almost 1,000, I didn't feel the need to read through every single one. I guess the Reapers are showing up early.........

Upvote • 
Avatar image for Bulzeeb3088
Bulzeeb3088

1076

Forum Posts

0

Wiki Points

0

Followers

Reviews: 6

User Lists: 0

I'm still waiting to link Portal 2 on my PS3 and PC and wanting to try out AC: Brotherhood Multiplayer.

Upvote • 
Avatar image for ppg4all
ppg4all

430

Forum Posts

0

Wiki Points

0

Followers

Reviews: 3

User Lists: 0

i have commented on this blog about 100 times and i just wanna say **** you damn as hackers

Upvote • 
Avatar image for KrazzyDJ
KrazzyDJ

460

Forum Posts

0

Wiki Points

0

Followers

Reviews: 23

User Lists: 0

Maybe the PSN hackers are XBOX fanboys who're trying to bring down the PSN so that XBOX LIVE is the only online service that thrives !!!

Upvote • 
Avatar image for james0718
james0718

44

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

Wow realy, "anonymous". who ever is hacking the PSN needs to seriously get a life i meen realy how can you benifet from hacking the PSN its just plane stupid.

Upvote • 
Avatar image for TheBlackKnight3
TheBlackKnight3

1586

Forum Posts

0

Wiki Points

0

Followers

Reviews: 3

User Lists: 0

Terrorists are taking revenge on bin Laden's death already!!

Upvote • 
Avatar image for voldalin
voldalin

121

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

i just wish the government would keep their big fat nose out of it and let Sony handle it.

Upvote • 
Avatar image for GSuser10
GSuser10

32

Forum Posts

0

Wiki Points

0

Followers

Reviews: 13

User Lists: 0

Well whoever the hacker is, they pretty damn smart to pull off this. This took awhile for he or them to plan it out. But can't they trace the numbers of the computer that hacked or check keystrokes or did they erase that too? But the bottom line is: lets catch who did this and get PSN back online.

Upvote • 
Avatar image for youngsexynerd
youngsexynerd

873

Forum Posts

0

Wiki Points

0

Followers

Reviews: 1

User Lists: 0

i doo doo on all hackers

Upvote • 
Avatar image for zinoalex
zinoalex

1057

Forum Posts

0

Wiki Points

0

Followers

Reviews: 8

User Lists: 0

Microsoft does have the most to gain from this incident.I'm sude secretly they like this.However them being behind it is all speculative at this point.It is not in thier character to do something of this nature.

Upvote • 
Avatar image for TheGreenBlazer
TheGreenBlazer

56

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

jets78, I'm sure your mom will be a little bit more upset than you to know that her credit card information has quite possibly fallen into the hands of some sneaky mother f***ers.

Upvote • 
Avatar image for TheGreenBlazer
TheGreenBlazer

56

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

I blame Microsoft. The bastards could not handle a little friendly competition from their Playstation rivals. God, damn it! You got the Black Ops map packs first, is that not enough?! FFS! On a side note, at least we can rest assured that these hackers are going to be violated in every sense of the word once they find their way to prison.

Upvote • 
Avatar image for ggregd
ggregd

850

Forum Posts

0

Wiki Points

0

Followers

Reviews: 4

User Lists: 0

@real_shengar Sony is responsible for securing your data. Anyone who takes credit cards and has half a brain knows there are bad people out there who want to steal cardholder information, and they have to secure it. They were negligent in their reliance on inadequate security. You don't leave your own wallet sitting out on the window sill, much less someone else's who entrusted it to you.

Upvote • 
Avatar image for real_shengar
real_shengar

40

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

You are so damn ignorant beelloo/ Think you can solve a problem like this scaled to your life in two week? They got WHOLE PSN and Qrocity service intrusion. I Don't see sony did anything wrong. They are the one who got breached, they are the one who got robbed. If a bank that you got an account in it got robbed pretty hard, should you really blame them for making your account getting emptied? think people, this is what those hackers want. To hate Sony while we really shouldn't.

Upvote • 
Avatar image for beelloo
beelloo

25

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

sony is the worst company of all time it been two weeks now and they couldnt solve the problem

Upvote • 
Avatar image for guyxeno
guyxeno

58

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

@frost192....that would be one of the reasons id get psn+ or xbox live. COD dlc is a damn rip off so i wait till they go on sale. i buy dlc and arcade games all the time so it works out for me especially the end of the year till now has been some crazy sales. i hope sony does something worthwhile for its user base. i say give em at least 40 psn dollars so they can buy whatever content they want as well as some deals.

Upvote • 
Avatar image for SolidSizzle
SolidSizzle

203

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

It's the Geth!

Upvote • 
Avatar image for voldalin
voldalin

121

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

My dad called me a few days ago telling me his bank account got wiped clean and the bank isn't doing anything about it except charging him fees. He does all his banking online and uses Norton antivirus. Go figure. Seems hackers are every where. Anyway, i'm hoping Sony can post some good news for us soon.

Upvote • 
Avatar image for awheaten
awheaten

833

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

@Frosty192 Posted May 5, 2011 6:35 pm PT "@_full_metal_ You are what is called an ignoramus. You're not even worth the ground I piss on." Dyam!!!! Are we getting personal. This is an emotional time, with all of us having withdraw symptoms from having no online play, I understand that XBL account holders are have a field day on us PSN holders. Lets just remember there is more to life than gaming. Me for one: I love my daughter. I'm going to spend more time play LAN vs. w/ her so we can spend the extra time together. I hope that you guys find special someone to hang with while the PSN is down. I don't let the ridiculing get to me. The PSN will be up when Sony's ready. And our data will be secure.

Upvote • 
Avatar image for Frosty192
Frosty192

1054

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

[This message was deleted at the request of the original poster]

Upvote • 
Avatar image for Frosty192
Frosty192

1054

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

@guyxeno Haha yeah pretty much everything else is down. I do see sales on psn mostly for psn + but I hardly buy dlc unless it isn't a rip off like all COD dlc is (on disk dlc is bs). Everyone enjoys whatever service they prefer. I prefer psn because well duh it is free and everyone likes free crap am I right? I usually play PC more anyways but I feel bad for everyone else who only has a ps3.

Upvote • 
Avatar image for guyxeno
guyxeno

58

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

@frosty192.....thank you for clarifying about the netflix. but that still leaves with quite a few things the user base is unable to do. i dont mind paying the yearly fee for xbox live since i have had no issues with live in the 5 years i had it and it is a much better streamlined experience than on the ps3. one of the many benefits i take advantage of is content constantly being on sale. so with all the money i save on dlc and arcade games my membership pretty much pays for itself by within a month or 2. i also only get gold memberships when they are on sale.

Upvote • 
Avatar image for Thuban_23
Thuban_23

276

Forum Posts

0

Wiki Points

0

Followers

Reviews: 1

User Lists: 0

I hope they get PSN back up soon, XBL has not been a suitable replacement.

Upvote • 
Avatar image for hippiesanta
hippiesanta

10299

Forum Posts

0

Wiki Points

0

Followers

Reviews: 4

User Lists: 0

maybe someone is angry at VALve Software when they said PS3 is a better system for Portal.... I might guess that annonymous is.....

Upvote • 
Avatar image for SesameSeeds
SesameSeeds

25

Forum Posts

0

Wiki Points

0

Followers

Reviews: 1

User Lists: 0

i realy have no game to play got no money to buy a new one finished some of my games twice and presently just playing ufc 2009 i just wanna play online

Upvote • 
Avatar image for SesameSeeds
SesameSeeds

25

Forum Posts

0

Wiki Points

0

Followers

Reviews: 1

User Lists: 0

i hope sony can get psn back

Upvote •