PlayStation Network users may have credit card details stolen due to breach

For a week now, Neowin has been actively reporting on Sony’s PlayStation Network as many gamers find that they’re unable to connect. As reported by Sony themselves, the reason for the downtime was because of an ‘external intrusion’ which caused Sony to take PSN offline and start to rebuild the system.

Although gamers everywhere were sad to see they couldn’t access the service, today Sony reported what has to be the biggest issue with the external intrusion. In a blog post on their website Sony claim that between April 17 and April 19, the account information of some PSN and Qriocity service users was compromised due to the intrusion.

As well as temporarily shutting down PSN and Qriocity services they have contacted a security firm so that they can conduct a full investigation into the matter. As previously reported by Neowin they also added that they have begun to rebuild their system in an attempt to enhance their security so that they don’t encounter a problem alike anywhere in the near future.

Unfortunately for its users, practically all of the information they have personally entered is at risk including name, address, country, email, birthdate, PSN/Qriocity login and password, PSN online ID and even a chance that your purchase history, billing address, password security answers and credit card number - along with expiration date may have been taken too.

Sony urges its users to be aware of any email, telephone and postal mail scams that may ask you for sensitive information as they will likely be a scam. Sony will not contact you in anyway in relation to the incident. Once PSN and Qriocity services are back online it would be a smart idea to change your account password in addition to any other websites that may have the same login/password.

The company stated that its users can expect to see some of the services back online within a week.

Image credit: Gaming Target

Report a problem with article
Previous Story

Verizon launches Incredible 2

Next Story

Microsoft lets slip new features in Windows Phone 7.5

149 Comments

Commenting is disabled on this article.

and people cancling there credit card, are you stupid? it was data from 2007. your card would ofr un out before now , and you would of had a new card anyway!

Why was my post deleted explaining that it was old credit card data and the security code wasnt used + there are other firms being hacked like XFACTOR so doesnt matter how big u are, they will get u

Well I just cancelled my credit card. I'm going on holidays in 2 weeks, so while I'm away I wont have access to my bank statements so I thought it might be best to get a new card.

I wonder if and how Sony will try and make this up to the using of the PSN?? Free games?? Free subscription to PSN Plus??

Got this BS eMail where Sony admitted to not encrypting my data in their database:

Valued PlayStation(R)Network/Qriocity Customer:

We have discovered that between April 17 and April 19, 2011,
certain PlayStation Network and Qriocity service user account
information was compromised in connection with an illegal and
unauthorized intrusion into our network. In response to this
intrusion, we have:

1) Temporarily turned off PlayStation Network and Qriocity services;

2) Engaged an outside, recognized security firm to conduct a full
and complete investigation into what happened; and

3) Quickly taken steps to enhance security and strengthen our
network infrastructure by rebuilding our system to provide you
with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill
as we do whatever it takes to resolve these issues as quickly and
efficiently as practicable.

Although we are still investigating the details of this incident,
we believe that an unauthorized person has obtained the following
information that you provided: name, address (city, state, zip), country,
email address, birthdate, PlayStation Network/Qriocity password and login,
and handle/PSN online ID. It is also possible that your profile data,
including purchase history and billing address (city, state, zip),
and your PlayStation Network/Qriocity password security answers may
have been obtained. If you have authorized a sub-account for your
dependent, the same data with respect to your dependent may have
been obtained. While there is no evidence at this time that credit
card data was taken, we cannot rule out the possibility. If you have
provided your credit card data through PlayStation Network or Qriocity,
out of an abundance of caution we are advising you that your credit
card number (excluding security code) and expiration date may have
been obtained.

For your security, we encourage you to be especially aware of email,
telephone and postal mail scams that ask for personal or sensitive
information. Sony will not contact you in any way, including by email,
asking for your credit card number, social security number or other
personally identifiable information. If you are asked for this information,
you can be confident Sony is not the entity asking. When the PlayStation
Network and Qriocity services are fully restored, we strongly recommend that
you log on and change your password. Additionally, if you use your PlayStation
Network or Qriocity user name or password for other unrelated services or
accounts, we strongly recommend that you change them as well.

To protect against possible identity theft or other financial loss, we
encourage you to remain vigilant, to review your account statements and
to monitor your credit reports. We are providing the following information
for those who wish to consider it:
- U.S. residents are entitled under U.S. law to one free credit report annually
from each of the three major credit bureaus. To order your free credit report,
visit http://www.annualcreditreport.com or call toll-free (877) 322-8228.

- We have also provided names and contact information for the three major U.S.
credit bureaus below. At no charge, U.S. residents can have these credit bureaus
place a "fraud alert" on your file that alerts creditors to take additional steps
to verify your identity prior to granting credit in your name. This service can
make it more difficult for someone to get credit in your name. Note, however,
that because it tells creditors to follow certain procedures to protect you,
it also may delay your ability to obtain credit while the agency verifies your
identity. As soon as one credit bureau confirms your fraud alert, the others
are notified to place fraud alerts on your file. Should you wish to place a
fraud alert, or should you have any questions regarding your credit report,
please contact any one of the agencies listed below:

Experian: 888-397-3742; http://www.experian.com; P.O. Box 9532, Allen, TX 75013
Equifax: 800-525-6285; http://www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
TransUnion: 800-680-7289; http://www.transunion.com; Fraud Victim Assistance Division,
P.O. Box 6790, Fullerton, CA 92834-6790

- You may wish to visit the website of the U.S. Federal Trade Commission at
http://www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania
Avenue, NW, Washington, DC 20580 for further information about how to protect
yourself from identity theft. Your state Attorney General may also have advice
on preventing identity theft, and you should report instances of known or
suspected identity theft to law enforcement, your State Attorney General,
and the FTC. For North Carolina residents, the Attorney General can be
contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone
(877) 566-7226; or http://www.ncdoj.gov. For Maryland residents, the Attorney
General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202;
telephone: (888) 743-0023; or http://www.oag.state.md.us.

We thank you for your patience as we complete our investigation of this
incident, and we regret any inconvenience. Our teams are working around the
clock on this, and services will be restored as soon as possible. Sony takes
information protection very seriously and will continue to work to ensure that
additional measures are taken to protect personally identifiable information.
Providing quality and secure entertainment services to our customers is
our utmost priority. Please contact us at 1-800-345-7669 should you have any
additional questions.

Sincerely,

Sony Computer Entertainment and Sony Network Entertainment

The one thing this tragedy does is expose those people who are totally blind Sony Fanboys

Seriously if after this complete and total mess you are still trying to somehow defend Sony you have officially been lobotomized.

Their is no defense for Sony's lack of actions in the last week or their total lack of security which caused this to happen.

No excuses, no one should be trying to sugar coat this or try and give Sony any benefit of the doubt for this issue.

This problem has no comparisons to anything Xbox or Nintendo have ever done so their is NO point in dragging them down with Sony.

RROD never caused tens of millions of users PII to be leaked.

Giving/advertising the option for OtherOS was the major flaw on Sony's part. They made such a secure system only to give it a loophole for installing linux etc. That and the fact they have plain text personal info and a non secure internal dev network. Personally I'm not worried since the info stolen has to be sifted through 75-77 million users. Simple way to fix this is call up bank and get a new replacement card number. Funny how everyone just wants something free or money out of this whole ordeal when it was clearly hackers doing the harm and Sony's ignorance/negligence for not protecting 75-77 million users info after they learnt the firmware was moddable and that keys were obtainable.

Also, http://vgn365.com/2011/04/26/p...f-dollars-stolen-from-them/

I just got off the phone with my bank to have my current credit card terminated and issued a new one. I am not taking any risks and I advise you all to do the same. This is the last Sony product I will ever purchase. The way they are handling this situation and the inadequate security that PSN had plus the half-assed way of storing highly critical customer data in plain text shows exactly the kind of company that Sony is, a complete and utter joke. They are nothing more than a bunch of posers with overpriced products that don't give a flying turd about the very people that keep them in business. I hope people sue them for everything they've got, they deserve to go down for this. I feel sorry for all of us who have stuck by them throughout the years knowing the bomb of a company that Sony is. learn more at http://www.creditcardshelplines.com/

Thanks a lot Sony! Damn it all. Just called my bank and cancelled my credit card. The person asked me if it was in regards to the PlayStation security breach. Yup!

Just rang my bank to cancel my Debit Card. They asked if its lost or stolen. I said neither but I am taking preventive measures due to the Sony PSN issue. Oddly enough he said a lot of people have rang to do the same thing.

Whilst I wouldn't normally bother I feel this is somewhat concerning. A major company taking their systems off-line for a week! I know Sony haven't confirmed the plain text concern but really they need to and advise people change passwords and card details etc.

Those people saying "oh, it's not a big deal - get over it" clearly haven't been a victim of identity fraud. It's not just a case of keeping your money safe. There's more to it than just cancelling your credit card...

If you actually look into the technicalities of what's happened here, you will see it's a massive Sony blunder rather than fault of the hackers.

Here is a novel idea to prevent your company from being sued: provide all the PSN-registered credit card accounts temporary credit card fraud protection offered from the credit card companies. I am sure the credit card companies would be willing to give Sony a discount considering the massive amount of card numbers Sony would need to purchase insurance for.

So, me being lazy and never actually having updated my credit card information on my PSN since my credit card was replaced last year paid off... being lazy pays off too frequently.

The hackers got access to users passwords?? So basically Sony is so stupid they saved passwords in plain text? Really? How can a big company as Sony with details for so many users completely disregard such a basic security measure?!

Nashy said,
My Live account is still working.... ;-)

...Working on your /second/ xbox after the first one failed from RROD? ;-)

mehta708 said,
Hopefully tons of people will sue Sony for what happened. I love this kind of drama.

So it cost everyone more money? Great idea!

Even though people may think this, anonymous had nothing to do with this. A group claming to be anonymous? Without a doubt. But this isnt the sort of thing anonymous wants to get into (stealing personal information and gaining control of bank accounts)

spaaaace said,
Even though people may think this, anonymous had nothing to do with this. A group claming to be anonymous? Without a doubt. But this isnt the sort of thing anonymous wants to get into (stealing personal information and gaining control of bank accounts)

However, you are taking Sony's word, and they may be inflating the personal information theft 'possibility' to make the hackers behind their 'ongoing' outages to seem more sinister and garner sympathy from their users.

Whether Anonymous had anything to do with this, their problems have been ongoing since the first Anonymous attacks, and these are at the very least follow ups using the exploits people learned or copy-cat attacks to send a bigger slap to Sony for crossing the line, which I believe Sony did cross the line.

spaaaace said,
Even though people may think this, anonymous had nothing to do with this. A group claming to be anonymous? Without a doubt. But this isnt the sort of thing anonymous wants to get into (stealing personal information and gaining control of bank accounts)

it's not that anonymous don't want to get into this stuff. It's that they don't have any real hackers, noone with the skill to do this, and anyone who do have the skill, don't want to be part of that immature bunch of brats. They're to smart to get mixed up in that crap.

spaaaace said,
Even though people may think this, anonymous had nothing to do with this. A group claming to be anonymous? Without a doubt. But this isnt the sort of thing anonymous wants to get into (stealing personal information and gaining control of bank accounts)

I believe anonops has stated multiple times they don't know everyone...so doesn't that mean they may have a quiet lil rogue individual or group getting a paycheck on the side? It goes both ways, you get the good with the bad and the bad with the good.

heh, what can i say ?

$ony = epic FAIL in history

now what, they"ll sue geohot again to do not alert em about this coming ?

LMFAO in here

ps: ofc psn NEVER MORE for me.

tester.br said,
heh, what can i say ?

$ony = epic FAIL in history

now what, they"ll sue geohot again to do not alert em about this coming ?

LMFAO in here

ps: ofc psn NEVER MORE for me.


another defender for geohot? its funny how someone that risks Sony's multi-billion USD investment gets defended so much. Place yourself in Sony's shoes and see a major risk in the project you spend many...many billions of USD in.

I just got off the phone with my bank to have my current credit card terminated and issued a new one. I am not taking any risks and I advise you all to do the same. This is the last Sony product I will ever purchase. The way they are handling this situation and the inadequate security that PSN had plus the half-assed way of storing highly critical customer data in plain text shows exactly the kind of company that Sony is, a complete and utter joke. They are nothing more than a bunch of posers with overpriced products that don't give a flying turd about the very people that keep them in business. I hope people sue them for everything they've got, they deserve to go down for this. I feel sorry for all of us who have stuck by them throughout the years knowing the bomb of a company that Sony is.

ManOfMystery said,
I just got off the phone with my bank to have my current credit card terminated and issued a new one. I am not taking any risks and I advise you all to do the same. This is the last Sony product I will ever purchase. The way they are handling this situation and the inadequate security that PSN had plus the half-assed way of storing highly critical customer data in plain text shows exactly the kind of company that Sony is, a complete and utter joke. They are nothing more than a bunch of posers with overpriced products that don't give a flying turd about the very people that keep them in business. I hope people sue them for everything they've got, they deserve to go down for this. I feel sorry for all of us who have stuck by them throughout the years knowing the bomb of a company that Sony is.

then enjoy a lowsy rebuild computer with a rebranded windows they call Xbox, or a overpriced CD-rom player they call a wii.

Shadowzz said,

then enjoy a lowsy rebuild computer with a rebranded windows they call Xbox, or a overpriced CD-rom player they call a wii.

Don't forget a safe, functional place called Xbox Live. Not the joke now known as PSN.

Shadowzz said,

then enjoy a lowsy rebuild computer with a rebranded windows they call Xbox, or a overpriced CD-rom player they call a wii.

The irony is that you have no clue what you're talking about, where the xbox, is purpose built in every part to be a gaming console. while the PS3, was supposed to use the cell for everything, and then they failed terribly at that, so they had to slap on a separate graphics card. making the PS3 the closest to a custom low end computer you get of the two. and no, it's not more pwoerful than the 360, and yes, the PS3 has now peaked.

ManOfMystery said,
I just got off the phone with my bank to have my current credit card terminated and issued a new one. I am not taking any risks and I advise you all to do the same. This is the last Sony product I will ever purchase. The way they are handling this situation and the inadequate security that PSN had plus the half-assed way of storing highly critical customer data in plain text shows exactly the kind of company that Sony is, a complete and utter joke. They are nothing more than a bunch of posers with overpriced products that don't give a flying turd about the very people that keep them in business. I hope people sue them for everything they've got, they deserve to go down for this. I feel sorry for all of us who have stuck by them throughout the years knowing the bomb of a company that Sony is.

+1 i'm removing myself from the PSN and returning to the Xbox Live that actually works. Sometimes it's worth paying for a service. What did I expect to get for free?

All I want to do is play PSN at the moment. With all the employees working on getting it back up and with reasonable security, is that too much to ask?

So, I dont really have it hard to understand that something can get hacked, it happens. But how can you retrieve ALL the users info without them noticing midway through it?
Not that it's been confirmed, but they dont even know, so it's not really assuring.

Well maybe now sony will release my email address that was blocked, cuz some idiot created an account by mistake with my email account (you dont have to type your email twice when registering on PSN, at least on the website, not sure if it changed since a few months back). It was a misspelling mistake, and now I have some of his info, except his CC in my email... I contacted sony, they blocked the account or removed it. My email is blocked. I know it was a user mistake, but Sony didnt seem to care too much about the sensitive data.

So whats ironic, maybe even my email got stolen, and I'm not even involved with Sony, heh.

IMO - The hackers will NOT do anything with any personal info stolen. This whole thing is just the hacker community getting their "own back" for Sony suing one person.

That said, its always better to be safe than sorry.

WarioTBH said,
IMO - The hackers will NOT do anything with any personal info stolen. This whole thing is just the hacker community getting their "own back" for Sony suing one person.

That said, its always better to be safe than sorry.


so if you spend billions and billions of dollars into a project, you wouldnt mind someone stealing basically any income that it could generate?

Shadowzz said,

so if you spend billions and billions of dollars into a project, you wouldnt mind someone stealing basically any income that it could generate?

I would mind, but that's life... you will always have people modifying anything you create.... from cars to phones.

The PS3 & PSN has been "secure" for 5 years now, that's pretty good going tbh seeing as the new phones / hand held consoles are cracked about 6 months after release.

I heard on the news today that there are 77 million PSN accounts word wide. Now from what ive heard... Sony wasnt even storing sensitive data properly, most of it was stored in clear text! Words cant even describe how bad that is for a big company like Sony.

This has to be one of the biggest heists of all time?!
75+ million user details stolen.
I wonder what the story is regarding why it's taken them 7 days to tell everybody?...

Just cancelled my card. Was hoping to get my PS3 drive repaired but I guess ill scrap that and use it as a doorstop instead.

warwagon said,
Note to sony... This is what happens when you when you **** off the hacking community.

Note to everyone, this is how hackers steal your data and make you go through troublesome things you shouldn't. Punch all hackers in face next time one speaks up. Because they are the reason your info is stolen.

No he's got it about right. It's like war.
You fk with you customers, and customers will fk you back.
Like all wars there will always be Civil casualties.

Theirs nothing wrong with hackers.. In fact hackers have invented a lot of niffy things that are use in every day things.

shakey said,

Note to everyone, this is how hackers steal your data and make you go through troublesome things you shouldn't. Punch all hackers in face next time one speaks up. Because they are the reason your info is stolen.

Change some passwords if you use a 'unified' password (which you shouldnt anyway) and iif you want to be 100% call the CC company and ask for a new card, not that hard.

I personally dont think anything bad will come of this, appart form bad publicity to Sony - if members of annon were responsiblle then the goal was to hurt Sony, and they've done it!

I really dont think any of these details will be used, just a hunch though. but even if they are, its not much to change a few passwords and call the bank..........should you have to? NO! Should Sonly have acted they way they did over the last few months......NO! What were the alternative avenues of retaliation......NONE!

This will make companies think twice before ****ting on customers, even if this didnt effect you at all, you'll most likely benefit down the line, companies will not want this crap to happen to them, and all they have to do to avoid it is not crap on the people paying the money, buying their villas and nice cars and private jets etc......

perochan said,
i dont understand why people are blaming Sony. We should all blame who ever hacked Sony and caused this whole mess.

So with that attitude applied to banks we should blame robbers if banks have no proper security, safes etc and they just walk in and take your money, right......

perochan said,
i dont understand why people are blaming Sony. We should all blame who ever hacked Sony and caused this whole mess.

The company responsible for keeping the information safe is always held liable for security breaches. Always.

perochan said,
i dont understand why people are blaming Sony. We should all blame who ever hacked Sony and caused this whole mess.

I think people are blaming Sony because Sony are culpable in this. However, I do agree that the actions of the hacker(s) are being almost entirely overlooked.

http://i.imgur.com/l2h2A.jpg
Hackers eh? What paragons of virtue they are!

perochan said,
i dont understand why people are blaming Sony. We should all blame who ever hacked Sony and caused this whole mess.

I blame Sony for trying to control what we do with the console.

perochan said,
i dont understand why people are blaming Sony. We should all blame who ever hacked Sony and caused this whole mess.

Yes we should, they tried the usual corporate bully **** after ****ting on their customers by removing an advertised feature of the games console then tried to ruin a guys life for all intents and purposes, the internet fought back!

perochan said,
i dont understand why people are blaming Sony. We should all blame who ever hacked Sony and caused this whole mess.

Because a company that has 70 million users personal information and credit card information should not only have better security to prevent a breach like this but should also notify it's users the minute anything like this is even remotely known about. When they shut down PSN they should have notified users of a breach and to have them watch their credit.

I can't see ho you would not blame Sony for this, how could anyone still defend Sony after all of this?

If Sony had appropriately secured the data, and informed us of the intrusion last week, Sony wouldn't have been to blame. As it turns out, their security was weak and it took them a whole week to let us know our details had been compromised, it's unacceptable. Obviously it isn't all Sony's fault, someone actively hacked in and all, but it shouldn't have been possible in the first place.

My PSN account has my card details and everything but to be honest i don't care. When it is back up i will change my password and that is it. I'm with a decent bank, so if my card was used, i am well protected.

It is a shame it happened and to Sony at a time when they've been in the press a lot. People will/have blown it all out of proportion and think Sony should have been able to protect itself against this. You can never fully secure anything. If someone is smart enough, they'll find a way through.

My trust in Sony hasn't changed one bit with this. So their network got hacked and someone MIGHT have got access to these details. No worse than what has happened to the UK government in the past.............. satire.

Lingwo said,
My PSN account has my card details and everything but to be honest i don't care. When it is back up i will change my password and that is it. I'm with a decent bank, so if my card was used, i am well protected.

It is a shame it happened and to Sony at a time when they've been in the press a lot. People will/have blown it all out of proportion and think Sony should have been able to protect itself against this. You can never fully secure anything. If someone is smart enough, they'll find a way through.

My trust in Sony hasn't changed one bit with this. So their network got hacked and someone MIGHT have got access to these details. No worse than what has happened to the UK government in the past.............. satire.

Exactly. Worse has happened. I doubt anything bad has happened to anyone here, and I hope nothing does. But there isn't much that you need to do to protect yourself. Just remember, nothing is secure. If it is that important it stay private, don't put it up anywhere.

Lingwo said,
My PSN account has my card details and everything but to be honest i don't care. When it is back up i will change my password and that is it. I'm with a decent bank, so if my card was used, i am well protected.

It is a shame it happened and to Sony at a time when they've been in the press a lot. People will/have blown it all out of proportion and think Sony should have been able to protect itself against this. You can never fully secure anything. If someone is smart enough, they'll find a way through.

My trust in Sony hasn't changed one bit with this. So their network got hacked and someone MIGHT have got access to these details. No worse than what has happened to the UK government in the past.............. satire.

They botched security, whether this would have happened if security was done properly from the start is academic now, they didnt - its was botched! why do you think they are 'rebuilding' the PSN in a more secure fashion now, it was not done so properly before.

But you keep that faith, I'm sure they will love you for it

Soulsiphon said,
Some US Senator appears to be demanding an explanation from Sony now...ugh (via joystiq)

http://www.joystiq.com/2011/04...ncurs-ct-senator-blumentha/

” Connecticut Senator Richard Blumenthal is “demanding answers” about why Sony Computer Entertainment of America failed to inform customers of the data breach of the PlayStation Network on April 20. ”

DukeEsquire explained it in the original thread. In cases like this where there is a sensitive data leak, the company must inform the attorney general in certain states before releasing this information to the affected customers.

NeoTrunks said,

DukeEsquire explained it in the original thread. In cases like this where there is a sensitive data leak, the company must inform the attorney general in certain states before releasing this information to the affected customers.

what original thread? And oh yeah, the letter and this article is dated today. You're welcome btw.

Kushan said,
Well, Sony DID poke the bear....

what by removing OtherOS? Which was removed because the attempts of hackers breaking the machine?

For this and removal of OtherOS, PS1/PS2 compatibiltity.... blame the hackers Not Sony, thats just stupid.

Shadowzz said,

what by removing OtherOS? Which was removed because the attempts of hackers breaking the machine?

For this and removal of OtherOS, PS1/PS2 compatibiltity.... blame the hackers Not Sony, thats just stupid.


Yes, it's the user machine, not Sony's machine anymore. If I buy it, I should be able to do whatever I want with it.

They DID poke the bear indeed.

Shadowzz said,

what by removing OtherOS? Which was removed because the attempts of hackers breaking the machine?

For this and removal of OtherOS, PS1/PS2 compatibiltity.... blame the hackers Not Sony, thats just stupid.

If you advertise a feature and people buy your product because of this advertised feature then you remove this advertised feature which is mainly used by very tech savy users - WTF WOULD YOU EXPECT?

Then you go all legal on GeoHot, use your corpporate weight to grabb all IP addresses of anyone whos been on his site/youtube page etc, then start a witch hunt regarding it all - WTF should you expect?

The 'nomal world' unfairly favours the big bully 'loads of cash and power' corporations - the internet is free and open and will kick you in the balls when you try that ****! How long it remains this way is up for debate, as people like you seem to miss the point!

Kushan said,
Well, Sony DID poke the bear....

I don't give a rat's god da***d arse about poking the bear...If it was indeed the bear that stole my information, they have crossed a line. You want to air Sony's dirty laundry that is one thing, I didn't do anything to be brought into this fight.

AdamLC said,
Wow so basically all the data they hold about you could have been obtained? That's pretty bad really!

Yep, basically everything you gave Sony, they gave out unencrypted

Byron_Hinson said,

Yep, basically everything you gave Sony, they gave out unencrypted

Luckily for me, they only get what the local phone book would show them anyway. I think some are blowing this a little out of proportion at the moment. Wait and see what really happened before going into a total panic.

While this is not a good thing, how many had very very sensitive information on there? It really only allowed for you to have Name, Address, and CC info. Texas Workforce Commission had a worse leak of my personal information than this... and that was the government.
How can anyone expect anything online to be safe from anyone. A good rule to always remember, " If someone want's something bad enough, they will get it." If our own government can't keep my info secure, I don't expect Sony or anyone else to either.

shakey said,

I think some are blowing this a little out of proportion at the moment.

Almost everyone is blowing this out of proportion. **** happens, people just need to get over it and move on.

InterceptorX said,

Almost everyone is blowing this out of proportion. **** happens, people just need to get over it and move on.

Ya, most who are posting may not even own a ps3. It affects me, but very very little. There are 70 million psn users... I doubt they got every single user. And the personal information is not sensitive at all, since it is in the phone book. Luckily for the CC part, I use a prepaid CC for all online transactions, just in case of such a thing like this.

InterceptorX said,
Almost everyone is blowing this out of proportion. **** happens, people just need to get over it and move on.

Yes, and identity theft and bank fraud "just happen" too. Personally the issue isn't that they were hacked.. it happens quite often. But typically they don't wait a week to mention little details like personal or banking information being potentially stolen. I'm sure one person's "I don't care I used a prepaid card" attitude is going to make everything sunshine and roses for millions.

Jen Smith said,

Yes, and identity theft and bank fraud "just happen" too. Personally the issue isn't that they were hacked.. it happens quite often. But typically they don't wait a week to mention little details like personal or banking information being potentially stolen. I'm sure one person's "I don't care I used a prepaid card" attitude is going to make everything sunshine and roses for millions.

Duke had a answer as to why it might have taken so long:


Before everyone gets up in arms about why Sony didn't reveal this sooner, I actually just handled a matter similar to this for a client.

Most states have a data breach notification statute that requires a company to notify clients, usually within 45 days, if there has been a breach of sensitive personal information such as credit card # + pin # or social security number...etc.

However, some states go further and actually bar the release of client notifications UNTIL the company has contacted the state attorney general first.

So, Sony have have needed to contact certain state attorney generals before they were legally allowed to notify clients that there may have been a data breach.

That may or may not have been the case here and, in fact, may explain why Sony sent out a cryptic blog post earlier saying that they could not confirm that no information had been breached.

InterceptorX said,

Almost everyone is blowing this out of proportion. **** happens, people just need to get over it and move on.

Fortunately I don't own a PS3, but if bank card details have been stolen then it is very severe! Some people who may have used debit cards aren't always covered by their bank for fraudulent transactions.

Its certainly going to get people's backs up. If the whole database was leaked then it could cause all sorts of problems!

Jen Smith said,

Yes, and identity theft and bank fraud "just happen" too. Personally the issue isn't that they were hacked.. it happens quite often. But typically they don't wait a week to mention little details like personal or banking information being potentially stolen. I'm sure one person's "I don't care I used a prepaid card" attitude is going to make everything sunshine and roses for millions.

no they should just tell without researching it themself and cause blind panic among people world wide?

good thing your not a spokesman or manager of anything.

vanx said,
While I do not have a PS3, what if users paid using debit cards? Or is that not a possibility?

As said they have all details of the card except the security code on the back. If your worried I would change your card. Going to ring my bank to get a new one.

Total incompetence on Sony's part. I will be cancelling my debit card and changing all passwords tomorrow. My PS3 will be sold to the highest bidder this weekend as well. Good riddance. Taking 6 days to reveal this is deplorable. I can't take Sony's word that credit/debit card details are safe.

Advis said,
Total incompetence on Sony's part. I will be cancelling my debit card and changing all passwords tomorrow. My PS3 will be sold to the highest bidder this weekend as well. Good riddance. Taking 6 days to reveal this is deplorable. I can't take Sony's word that credit/debit card details are safe.

By your logic, you can't trust anyone to keep anything safe. The government has had many leaks of personal information, along with many websites online. In fact, if it bothers you so much, you should stop doing anything "banky" online, as it is all at risk in one way of being taken.
Calm down, and wait to see what goes on.

shakey said,

By your logic, you can't trust anyone to keep anything safe. The government has had many leaks of personal information, along with many websites online. In fact, if it bothers you so much, you should stop doing anything "banky" online, as it is all at risk in one way of being taken.
Calm down, and wait to see what goes on.

*Facepalm* no comment.

shakey said,

By your logic, you can't trust anyone to keep anything safe. The government has had many leaks of personal information, along with many websites online. In fact, if it bothers you so much, you should stop doing anything "banky" online, as it is all at risk in one way of being taken.
Calm down, and wait to see what goes on.


So I should start to panic when the hacker actually managed to spend thousands of dollars on my card? OMGWTFBBQ!!!!111 Now I'm panicking!!

The PS3 has been such a magnificent disaster from the very beginning. It's hard to imagine them making a PS4 after all this.

TRC said,
The PS3 has been such a magnificent disaster from the very beginning. It's hard to imagine them making a PS4 after all this.

I would like to sell 34 million consoles if that's what you call a disaster.

Depicus said,

I would like to sell 34 million consoles if that's what you call a disaster.

Jacked high prices on release date, Removal of features, Broken Firmware Updates (IE 3.40V1 & 3.56V1 were they caused Bricks)

And then compared theirs 34Mill units next to Nintendo or Microsoft. ya I agree its been a disaster form the beginning.

WolvesHunt said,

Jacked high prices on release date, Removal of features, Broken Firmware Updates (IE 3.40V1 & 3.56V1 were they caused Bricks)

And then compared theirs 34Mill units next to Nintendo or Microsoft. ya I agree its been a disaster form the beginning.

Except that according to world wide console sales, both PS3 and XBOX are at 50 million with the Wii leading at 86 million.

WolvesHunt said,

Jacked high prices on release date, Removal of features, Broken Firmware Updates (IE 3.40V1 & 3.56V1 were they caused Bricks)

And then compared theirs 34Mill units next to Nintendo or Microsoft. ya I agree its been a disaster form the beginning.


and billions of USD losses for Sony put into the whole Playstation Project.... for the pleasure of hundreds of million of people... hmm ye, much worse then the Xbox which was made only because of MS's jealousy towards Sony. And also way worse the Nintendo's aim for little kids, homosexuals and girls playing the console.

oh wait, Sony made a console that was more then a generation ahead at the time, still not reached to its full potential, tons and tons of great games exclusive to it.

if you werent aware already, sony always had the same attitude towards its customers, they are open and fair about it. "Buy our product, enjoy it or GTFO"

TRC said,
The PS3 has been such a magnificent disaster from the very beginning. It's hard to imagine them making a PS4 after all this.

Yeah because the PS3 has been full of problems, unlike the Xbox 360, that things perfect.. right? Millions of people were affected by the RROD and still are being affected, my xbox got the RROD again last week.

On top of that, it's not like you're paying for this service, if you don't want it, don't freaking use it.

Meanwhile my launch box is going on 6 years strong.

My PS3 is not going anywhere, regardless of this. They probably had very little access to their own network while this all was going on. As a network engineer I can understand waiting to get some solid information before sending the entire PSN into a panic about financial information, which could still very well be more of a precaution. They can't tell specifically what accounts have been compromised or if any have been at all. All they can really see is how far into the network they got and what is there, or what ypes of information they were looking for.

djdanster said,

At least the European HQ did something


Yes it seems like they are thinking of some form of compensation according to question 16.

So what exactly are non-US citizens supposed to do now that their credit card details are in the hands of hackers?

SoyoS said,
So what exactly are non-US citizens supposed to do now that their credit card details are in the hands of hackers?

The same thing a US citizen does... call your credit card issuer and request a new credit card on account of your old one possibly being compromised.

SoyoS said,
So what exactly are non-US citizens supposed to do now that their credit card details are in the hands of hackers?

No news yet as to whether they are, don't go over the top yet. Your banks will now know of it and will be watching for fraud - just keep an eye on your account. They don't have your security code

Byron_Hinson said,

No news yet as to whether they are, don't go over the top yet. Your banks will now know of it and will be watching for fraud - just keep an eye on your account. They don't have your security code

Your faith in the banking system is laudable but we are talking about the same people who bought sub-prime and thought it was a good idea

Byron_Hinson said,

No news yet as to whether they are, don't go over the top yet. Your banks will now know of it and will be watching for fraud - just keep an eye on your account. They don't have your security code

Delusional.

Byron_Hinson said,

No news yet as to whether they are, don't go over the top yet. Your banks will now know of it and will be watching for fraud - just keep an eye on your account. They don't have your security code

pretty casual approach to personal finance in my opinion.

Byron_Hinson said,

No news yet as to whether they are, don't go over the top yet. Your banks will now know of it and will be watching for fraud - just keep an eye on your account. They don't have your security code


Your statement looks like you're the hacker that have all the info and trying to calm down those affected so you can use the cards. Really.

Uplift said,
Should we bother doing anything if our bank card details are on there?

Call your bank and let them know what is giong on and request a new credit card #

Uplift said,
Should we bother doing anything if our bank card details are on there?

I just called my bank to get a new card.

blahism said,

Call your bank and let them know what is giong on and request a new credit card #

Err why? no one knows if they have them yet, then they don't have your security code and finally the banks will have all now been informed of it. Just keep a check on your account. Nothing like going over the top

Byron_Hinson said,

Err why? no one knows if they have them yet, then they don't have your security code and finally the banks will have all now been informed of it. Just keep a check on your account. Nothing like going over the top

Lack of a security code doesn't mean anything. Someone created a fake card using my number a while back and attempted to use it at a CVS. They didn't have my CVV code either.

There's literally no harm in getting a new card.

Byron_Hinson said,

Err why? no one knows if they have them yet, then they don't have your security code and finally the banks will have all now been informed of it. Just keep a check on your account. Nothing like going over the top


Err because common sense should kick in... This isn't a couple of hundred user names and favourite food lists, it's a deliberate blatant attack involving a lot of personal and financial data! It takes a few days to change your card and passwords. Nothing like being blasé is there?

Shadowzz said,

the superior design and official MS statement why Xbox is even in existance.
Sadly, neither of those were concrete reasons.

7 days of complete shutdown on a service that millions of people use is outrageous.


no matter how important the cause.


keeping the users in the dark with barely any updates... that is the main reason.
i would have certainly felt better, if they explained their reasoning.

its basic customer service really. cannot believe sony messed up that bad.
even a basic apology and explanation would have being better then nothing.
i did not even get the "maintenance" message until day 4. before that it was just a # error. wtf???

It's clear they had a serious problem, and they should be damn sure it's fixed before they put the service back online.

The damage is done, Sony needs to take this as an opportunity to make any changes, fixes, and general improvements to their service over all. All they can hope for is a good experience when it comes back online to start their recovery..

You mean, the same "Sony" who charges consumers billion$ for poor quality products, bad songs and really crappy movies didn't spend a little extra on hiring a developer to encrypt their database?

There should be a class action law suit against Sony for making such a rubbish "network".

not good questions will be asked at Sony Hq especially with database theft now becomin rife. tho mind u not as bad as government workers leavin DLA files unencrypted on a usb drive on a train

You know what's really annoying? I've had my PS3 for 3 years now, and last week was the first ever time I bought something from the PSN store. And now this happens ¬_¬

kraized said,
Ouch!

so glad I sold mine and switched to xbox! they are having not stop trouble these days.. (not to mention the earthquake hitting them at home as well)..

JTaylor69 said,
Reading comments on the blog; people are outraged and are wanting to sue Sony over this

Can understand this in part, but the main beef should be with the hacker/s - still Sony are certainly just as liable. It's a huge disaster all round, for gamers, for sony and for those who just wanted to enjoy the PS3 for what it was.

JTaylor69 said,
Reading comments on the blog; people are outraged and are wanting to sue Sony over this

They should be able to sue. The fallout from such a breach can hurt you financially and make you a larger credit risk through no fault of your own. Sony should be liable for any and ALL damages from their lack of security if this is indeed true about the data breach.

Byron_Hinson said,

Can understand this in part, but the main beef should be with the hacker/s - still Sony are certainly just as liable. It's a huge disaster all round, for gamers, for sony and for those who just wanted to enjoy the PS3 for what it was.


What has made it worse is the fact that it took Sony a while to let users know whether their details have been compromised.

JTaylor69 said,
What has made it worse is the fact that it took Sony a while to let users know whether their details have been compromised.

No joke.. I'm not a PSN user but I'd be pretty steaming mad over that fact.. instead of trying to save face that should have been the first thing checked and announced. Major companies get hacked, yes. But stalling and telling people about potential bank information theft days later? Coun't me in the "never buying a Sony product" category.

JTaylor69 said,

What has made it worse is the fact that it took Sony a while to let users know whether their details have been compromised.
Yep thats the worst part - they knew from the start that at least user names and passwords were out, they should have told everyone

Jen Smith said,

No joke.. I'm not a PSN user but I'd be pretty steaming mad over that fact.. instead of trying to save face that should have been the first thing checked and announced. Major companies get hacked, yes. But stalling and telling people about potential bank information theft days later? Coun't me in the "never buying a Sony product" category.

Apparently the details were unencrypted and were in plain text - which is even more worrying!
I feel really sorry for everyone who used the service.
I deactivated my brother's account last week due to selling his PSP, and am now glad that he had sold it before this had happened. Hopefully the details were not saved even after deletion.

Byron_Hinson said,
Yep thats the worst part - they knew from the start that at least user names and passwords were out, they should have told everyone

Agreed.

Byron_Hinson said,
Yep thats the worst part - they knew from the start that at least user names and passwords were out, they should have told everyone

Not always possible to know from day one what was viewed or taken, indeed might be impossible to tell what was taken ever.

Just shows again no matter how big you are, there is somebody who will gain access to your network.

JTaylor69 said,
Reading comments on the blog; people are outraged and are wanting to sue Sony over this

Hell yes! I will be speaking to my solicitor shortly regarding the matter!

JTaylor69 said,

Apparently the details were unencrypted and were in plain text - which is even more worrying!
I feel really sorry for everyone who used the service.

The rumour (started on a hacker blog shortly after the GeoHot thing started if I recall correctly) was dismissed when it was made apparent that such data is transferred in encrypted form.

Koffdrop said,

The rumour (started on a hacker blog shortly after the GeoHot thing started if I recall correctly) was dismissed when it was made apparent that such data is transferred in encrypted form.

The info is encrypted but once it reaches PSN it is decrypted for use. The accusation is that Sony stored it decrypted, never re-encrypting it. Based on how bad they were breached, how poorly they are handling it, I would not be surprised.

JTaylor69 said,

What has made it worse is the fact that it took Sony a while to let users know whether their details have been compromised.

yea 7 days ... i'm highly upset and will be watching my CC that i used on the PSN for any unknown charges etc etc