Sony have finally come clean about why they had to switch off and are rebuilding the PlayStation Network. What is now a PR disaster for the company, they say they discovered the “illegal and unauthorized intrusion” between April 17th and April 19th. However this first consumers knew of the breach was on Thursday 21st when PSN went offline.
Sony say:
As soon as we learned of this issue, 1) we temporarily turned off PlayStation Network and Qriocity services in order to conduct a thorough investigation and to verify the smooth and secure operation of our network services
But that just isn’t the case, we know there were multiple days in between. With almost a week where the PSN was compromised, what information did the hackers obtain ? Cue the bad news..
How many were effected ?
Our investigation indicates that all PlayStation Network/ Qriocity accounts may have been affected.
Does that mean all users’ information was compromised?
In terms of possibility, yes. We believe that an unauthorized person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity password, login, password security answers, and handle/PSN online ID. It is also possible that your profile data may have been obtained, including purchase history and billing address (city, state/province, zip or postal code). If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. If you have provided your credit card data through PlayStation Network or Qriocity, it is possible that your credit card number (excluding security code) and expiration date may also have been obtained.
When will the service resume?
We will keep the service down to allow us to conduct a thorough investigation and verify smooth operation of our network services but are working hard to resume the services as soon as we can be reasonably assured security concerns are addressed.
Wow. Just wow. When PSN’s multi-day outage worsened, many jumped to point out Xbox Live suffered an extended outage during Christmas 2007, but its clear that outage was more of technical one, the PSN compromise is much more serious.
This downtime just turned into a serious breach of trust and personal data, worse yet is the time it took Sony to come clean about it.
What you should do now
The best thing to do now is check your credit card account for any unauthorised transactions, then keep checking, once compromised, there’s no telling when the info will be used. As for email and physical spam to your home addresses, we’re all used to dealing with that.
What we’re not in a position to protect against is identity fraud. PSN owners trusted Sony with the most important data, after all they are Sony. There was a level of security and trust implicit with a company of that size and reputation. That has now been irrevocably broken.
Once PSN is back online, will you trust it ?
