PlayStation Network users may have credit card details stolen due to breach

For a week now, Neowin has been actively reporting on Sony’s PlayStation Network as many gamers find that they’re unable to connect. As reported by Sony themselves, the reason for the downtime was because of an ‘external intrusion’ which caused Sony to take PSN offline and start to rebuild the system.

Although gamers everywhere were sad to see they couldn’t access the service, today Sony reported what has to be the biggest issue with the external intrusion. In a blog post on their website Sony claim that between April 17 and April 19, the account information of some PSN and Qriocity service users was compromised due to the intrusion.

As well as temporarily shutting down PSN and Qriocity services they have contacted a security firm so that they can conduct a full investigation into the matter. As previously reported by Neowin they also added that they have begun to rebuild their system in an attempt to enhance their security so that they don’t encounter a problem alike anywhere in the near future.

Unfortunately for its users, practically all of the information they have personally entered is at risk including name, address, country, email, birthdate, PSN/Qriocity login and password, PSN online ID and even a chance that your purchase history, billing address, password security answers and credit card number - along with expiration date may have been taken too.

Sony urges its users to be aware of any email, telephone and postal mail scams that may ask you for sensitive information as they will likely be a scam. Sony will not contact you in anyway in relation to the incident. Once PSN and Qriocity services are back online it would be a smart idea to change your account password in addition to any other websites that may have the same login/password.

The company stated that its users can expect to see some of the services back online within a week.

Image credit: Gaming Target

Report a problem with article
Previous Story

Verizon launches Incredible 2

Next Story

Microsoft lets slip new features in Windows Phone 7.5

149 Comments

View more comments

mehta708 said,
Hopefully tons of people will sue Sony for what happened. I love this kind of drama.

So it cost everyone more money? Great idea!

Nashy said,
My Live account is still working.... ;-)

...Working on your /second/ xbox after the first one failed from RROD? ;-)

The hackers got access to users passwords?? So basically Sony is so stupid they saved passwords in plain text? Really? How can a big company as Sony with details for so many users completely disregard such a basic security measure?!

So, me being lazy and never actually having updated my credit card information on my PSN since my credit card was replaced last year paid off... being lazy pays off too frequently.

Here is a novel idea to prevent your company from being sued: provide all the PSN-registered credit card accounts temporary credit card fraud protection offered from the credit card companies. I am sure the credit card companies would be willing to give Sony a discount considering the massive amount of card numbers Sony would need to purchase insurance for.

If you actually look into the technicalities of what's happened here, you will see it's a massive Sony blunder rather than fault of the hackers.

Those people saying "oh, it's not a big deal - get over it" clearly haven't been a victim of identity fraud. It's not just a case of keeping your money safe. There's more to it than just cancelling your credit card...

Just rang my bank to cancel my Debit Card. They asked if its lost or stolen. I said neither but I am taking preventive measures due to the Sony PSN issue. Oddly enough he said a lot of people have rang to do the same thing.

Whilst I wouldn't normally bother I feel this is somewhat concerning. A major company taking their systems off-line for a week! I know Sony haven't confirmed the plain text concern but really they need to and advise people change passwords and card details etc.

Thanks a lot Sony! Damn it all. Just called my bank and cancelled my credit card. The person asked me if it was in regards to the PlayStation security breach. Yup!

I just got off the phone with my bank to have my current credit card terminated and issued a new one. I am not taking any risks and I advise you all to do the same. This is the last Sony product I will ever purchase. The way they are handling this situation and the inadequate security that PSN had plus the half-assed way of storing highly critical customer data in plain text shows exactly the kind of company that Sony is, a complete and utter joke. They are nothing more than a bunch of posers with overpriced products that don't give a flying turd about the very people that keep them in business. I hope people sue them for everything they've got, they deserve to go down for this. I feel sorry for all of us who have stuck by them throughout the years knowing the bomb of a company that Sony is. learn more at http://www.creditcardshelplines.com/

Giving/advertising the option for OtherOS was the major flaw on Sony's part. They made such a secure system only to give it a loophole for installing linux etc. That and the fact they have plain text personal info and a non secure internal dev network. Personally I'm not worried since the info stolen has to be sifted through 75-77 million users. Simple way to fix this is call up bank and get a new replacement card number. Funny how everyone just wants something free or money out of this whole ordeal when it was clearly hackers doing the harm and Sony's ignorance/negligence for not protecting 75-77 million users info after they learnt the firmware was moddable and that keys were obtainable.

Also, http://vgn365.com/2011/04/26/p...f-dollars-stolen-from-them/

The one thing this tragedy does is expose those people who are totally blind Sony Fanboys

Seriously if after this complete and total mess you are still trying to somehow defend Sony you have officially been lobotomized.

Their is no defense for Sony's lack of actions in the last week or their total lack of security which caused this to happen.

No excuses, no one should be trying to sugar coat this or try and give Sony any benefit of the doubt for this issue.

This problem has no comparisons to anything Xbox or Nintendo have ever done so their is NO point in dragging them down with Sony.

RROD never caused tens of millions of users PII to be leaked.

Got this BS eMail where Sony admitted to not encrypting my data in their database:

Valued PlayStation(R)Network/Qriocity Customer:

We have discovered that between April 17 and April 19, 2011,
certain PlayStation Network and Qriocity service user account
information was compromised in connection with an illegal and
unauthorized intrusion into our network. In response to this
intrusion, we have:

1) Temporarily turned off PlayStation Network and Qriocity services;

2) Engaged an outside, recognized security firm to conduct a full
and complete investigation into what happened; and

3) Quickly taken steps to enhance security and strengthen our
network infrastructure by rebuilding our system to provide you
with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill
as we do whatever it takes to resolve these issues as quickly and
efficiently as practicable.

Although we are still investigating the details of this incident,
we believe that an unauthorized person has obtained the following
information that you provided: name, address (city, state, zip), country,
email address, birthdate, PlayStation Network/Qriocity password and login,
and handle/PSN online ID. It is also possible that your profile data,
including purchase history and billing address (city, state, zip),
and your PlayStation Network/Qriocity password security answers may
have been obtained. If you have authorized a sub-account for your
dependent, the same data with respect to your dependent may have
been obtained. While there is no evidence at this time that credit
card data was taken, we cannot rule out the possibility. If you have
provided your credit card data through PlayStation Network or Qriocity,
out of an abundance of caution we are advising you that your credit
card number (excluding security code) and expiration date may have
been obtained.

For your security, we encourage you to be especially aware of email,
telephone and postal mail scams that ask for personal or sensitive
information. Sony will not contact you in any way, including by email,
asking for your credit card number, social security number or other
personally identifiable information. If you are asked for this information,
you can be confident Sony is not the entity asking. When the PlayStation
Network and Qriocity services are fully restored, we strongly recommend that
you log on and change your password. Additionally, if you use your PlayStation
Network or Qriocity user name or password for other unrelated services or
accounts, we strongly recommend that you change them as well.

To protect against possible identity theft or other financial loss, we
encourage you to remain vigilant, to review your account statements and
to monitor your credit reports. We are providing the following information
for those who wish to consider it:
- U.S. residents are entitled under U.S. law to one free credit report annually
from each of the three major credit bureaus. To order your free credit report,
visit http://www.annualcreditreport.com or call toll-free (877) 322-8228.

- We have also provided names and contact information for the three major U.S.
credit bureaus below. At no charge, U.S. residents can have these credit bureaus
place a "fraud alert" on your file that alerts creditors to take additional steps
to verify your identity prior to granting credit in your name. This service can
make it more difficult for someone to get credit in your name. Note, however,
that because it tells creditors to follow certain procedures to protect you,
it also may delay your ability to obtain credit while the agency verifies your
identity. As soon as one credit bureau confirms your fraud alert, the others
are notified to place fraud alerts on your file. Should you wish to place a
fraud alert, or should you have any questions regarding your credit report,
please contact any one of the agencies listed below:

Experian: 888-397-3742; http://www.experian.com; P.O. Box 9532, Allen, TX 75013
Equifax: 800-525-6285; http://www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
TransUnion: 800-680-7289; http://www.transunion.com; Fraud Victim Assistance Division,
P.O. Box 6790, Fullerton, CA 92834-6790

- You may wish to visit the website of the U.S. Federal Trade Commission at
http://www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania
Avenue, NW, Washington, DC 20580 for further information about how to protect
yourself from identity theft. Your state Attorney General may also have advice
on preventing identity theft, and you should report instances of known or
suspected identity theft to law enforcement, your State Attorney General,
and the FTC. For North Carolina residents, the Attorney General can be
contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone
(877) 566-7226; or http://www.ncdoj.gov. For Maryland residents, the Attorney
General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202;
telephone: (888) 743-0023; or http://www.oag.state.md.us.

We thank you for your patience as we complete our investigation of this
incident, and we regret any inconvenience. Our teams are working around the
clock on this, and services will be restored as soon as possible. Sony takes
information protection very seriously and will continue to work to ensure that
additional measures are taken to protect personally identifiable information.
Providing quality and secure entertainment services to our customers is
our utmost priority. Please contact us at 1-800-345-7669 should you have any
additional questions.

Sincerely,

Sony Computer Entertainment and Sony Network Entertainment

Well I just cancelled my credit card. I'm going on holidays in 2 weeks, so while I'm away I wont have access to my bank statements so I thought it might be best to get a new card.

I wonder if and how Sony will try and make this up to the using of the PSN?? Free games?? Free subscription to PSN Plus??

Why was my post deleted explaining that it was old credit card data and the security code wasnt used + there are other firms being hacked like XFACTOR so doesnt matter how big u are, they will get u

and people cancling there credit card, are you stupid? it was data from 2007. your card would ofr un out before now , and you would of had a new card anyway!

Commenting is disabled on this article.