Skip to main content

Sony admits user data was compromised in PSN security breach

sony-psn-playstation-networkYesterday, Sony announced it was unaware when the PlayStation Network would be up and running. While PlayStation Network is still down, the company is now starting to dissect the damage. In a blog post today, senior director of corporate communications and social media Patrick Seybold explained that there has been “a compromise of personal information as a result of an illegal intrusion on our systems.”

According to Sony’s research, between April 17 and 19 some PlayStation Network and Qriocity subscriber data was lost, and in an attempt to secure other users Sony shut down both services. The information likely stolen included users’ names, addresses, countries, email addresses, birthdates, password and login identification, and handles. Sony also admits it’s possible purchase histories, billing addresses, and PlayStation Network/Qriocity password security questions and answers were obtained by an alleged hacker or hackers. According to Sony “there is no evidence at this time that credit card data was taken, we cannot rule out the possibility.”

If you were a PlayStation Netowrk or Qriocity customer, Sony warns you to be particularly on the lookout for email, phone, and postal scams and says it will not be contacting you for any credit card, social security, or similar personal information.

It appears that the damage has a much wider reach than anyone originally thought. When the outage began on April 21, it was largely a huge frustration for gamers and Qriocity customers. As the down time reaches day five, it appears the worst-case scenario is a reality. If it’s any consolation, there is an end in sight: “We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week.” That is, if there are any customers left when they go back up.

Sony has notoriously fought the work of hackers, and after recently settling with the infamous George ‘GeoHot’ Hotz, was subjected to the work of Anonymous. The hacktivist group took down various Sony domains, including Store.PlayStation.com and PlayStation.com, but denies any involvement in Sony’s recent security trials.

Here is an excerpt from Sony’s statement:

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

Editors' Recommendations

Molly McHugh
Former Digital Trends Contributor
Before coming to Digital Trends, Molly worked as a freelance writer, occasional photographer, and general technical lackey…
New lawsuit hits Sony, says company ignored security warnings

Sony just can't catch a break. The company is being hit with another class action lawsuit over the Playstation Network breach in April.
The three men suing Sony say that the network problems centered around laid-off security employees. According to the documents, Sony knew that its security systems were ill-prepared for cyber attacks and this negligence led to the theft of customers' personal information as well as the month-long PSN blackout.
This new lawsuit was filed earlier this week in the San Diego US District Court and was brought forth by Jimmy Cortorreal, Felix Cortorreal and Jacques Daoud Jr. on behalf of themselves and others similarly situated v. Sony Corporation Inc. et al, No. 11-1369.
The suit, unearthed first by Reuters earlier today, says that Sony Online Entertainment laid off a substantial portion of the workforce just two weeks before the great PSN blackout. This included a bunch of employees in the Network Operations Center who are the ones responsible for resolving security breaches and keeping the security technology sharpened.
The three men also cite confidential witnesses who say that the customer data protection was inadequate. According to the documents, Sony was told repeatedly about security flaws and small-scale attacks before the big breach but the company chose to ignore these warnings.
The lawsuit casts Sony in quite a harsh light by saying, “Sony took numerous precautions and spent lavishly to secure its proprietary development server containing its own sensitive information … but recklessly declined to provide adequate protections for its Customers' Personal Information."
The lawsuit claims that after all these problems, there was little surprise when the security breach happened. The men are asking to be reimbursed for their consoles, network fees and more. The free downloads and apology don't seem to be enough.

Read more
Sony: Full restoration of Qriocity services starts Thursday

Electronics giant Sony has announced that on Thursday the company will fully restore all Qriocity services following a lengthy period of downtime which occurred as a result of a massive security breach back in April.
The restoration will see full functionality returning to Qriocity's Video On Demand and Music Unlimited services across all compatible devices.
In a statement released in Tokyo on Thursday, Sony said it will “fully restore all Qriocity services today June 9, 2011, in all serviced territories, excluding Japan.” It continued: “As a result, all PlayStation Network and Qriocity services which were shut down on April 20 will be available. In addition to full PlayStation Network services as well as “Music Unlimited powered by Qriocity” for PlayStation 3 (PS3), PSP (PlayStation Portable), VAIO and other PCs which have already resumed, full restoration of Qriocity services will include:

Full functionality on “Video On Demand powered by Qriocity" across all compatible devices

Read more
Nintendo hacked by LulzSec, no harm done
fail boat lulzsec

This is why we can't have nice things: Following an attack on on PBS.org, Sony and an affiliate group of the Federal Bureau of Investigation, hacker clan Lulz Security (LulzSec) has now breached the systems of Nintendo, reports the Wall Street Journal. This time, however, no user data has been released, the Wii maker said on Sunday.

"There were no third-party victims," said Ken Toyoda in a statement on the matter. "But it is a fact there was some kind of possible hacking attack."

Read more