Sony admits user data was compromised in PSN security breach

sony-psn-playstation-networkYesterday, Sony announced it was unaware when the PlayStation Network would be up and running. While PlayStation Network is still down, the company is now starting to dissect the damage. In a blog post today, senior director of corporate communications and social media Patrick Seybold explained that there has been “a compromise of personal information as a result of an illegal intrusion on our systems.”

According to Sony’s research, between April 17 and 19 some PlayStation Network and Qriocity subscriber data was lost, and in an attempt to secure other users Sony shut down both services. The information likely stolen included users’ names, addresses, countries, email addresses, birthdates, password and login identification, and handles. Sony also admits it’s possible purchase histories, billing addresses, and PlayStation Network/Qriocity password security questions and answers were obtained by an alleged hacker or hackers. According to Sony “there is no evidence at this time that credit card data was taken, we cannot rule out the possibility.”

If you were a PlayStation Netowrk or Qriocity customer, Sony warns you to be particularly on the lookout for email, phone, and postal scams and says it will not be contacting you for any credit card, social security, or similar personal information.

It appears that the damage has a much wider reach than anyone originally thought. When the outage began on April 21, it was largely a huge frustration for gamers and Qriocity customers. As the down time reaches day five, it appears the worst-case scenario is a reality. If it’s any consolation, there is an end in sight: “We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week.” That is, if there are any customers left when they go back up.

Sony has notoriously fought the work of hackers, and after recently settling with the infamous George ‘GeoHot’ Hotz, was subjected to the work of Anonymous. The hacktivist group took down various Sony domains, including and, but denies any involvement in Sony’s recent security trials.

Here is an excerpt from Sony’s statement:

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

Get our Top Stories delivered to your inbox: