Giant Bomb News

714 Comments

Good News: PSN Back (Maybe) Within a Week, Bad News: Everything Else [Updated]

Sony confirms personal information obtained by outside party. That's fantastic.


Update 3: Valve has just told me that anyone who connected their PlayStation Network account to Steam via Portal 2 should not be worried, either. 

"Steam has nothing to do with the PSN outage," said the company in the statement.

Update 2: Regarding rumors Sony may have notified banks days ahead of disclosing today's revelations to the public, I have since contacted customer service representatives at both Bank of America and Chase. I personally have accounts at both financial firms and the representatives claimed to have received no information from Sony about a mass breach of credit information.

Update:  For those who were asking, Sony has just confirmed to me there is currently no way to determine what password you were/are using on PSN. If you're worried at all, you should probably change your password used across the Internet.

Some users have suggested counting the number of "stars" in your saved password as a way to help determine what password you may have been using to access PSN. It's a start.

**

Sony has been frustratingly quiet about the problems afflicting PlayStation Network since the downtime started last week. Who caused the issue in the first place? When will the service be back online? More importantly, has the disruption opened up my personal information to the intruders?

One, Sony isn't talking specifics, with the latest update on the PlayStation Blog from senior director of corporate communications and social media Patrick Seybold only outlining that the company has identified "a compromise of personal information as a result of an illegal intrusion on our systems."

Two, probably within a week--at least for some parts of PSN. "We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week," said Seybold. "We’re working day and night to ensure it is done as quickly as possible."

Three, the answer is yes. Here's what was available to intruders: "name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID." It's also "possible" that "your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers" were included.

Unfortunately, credit card details remain a mystery. "While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility," added Seybold. "If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."

== TEASER ==The continued air of "possibility" regarding how severely PSN was compromised, several work days and a full weekend after PSN initially went down, is not a particularly reassuring concept. I'd implore you to read Sony's full statement on the matter at the PlayStation Blog, as the company has complete details on what companies to contact regarding credit card fraud, should you notice any errant activity.

"We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience," reads the end of the statement. "Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information."

Stay tuned as more developments unfold. If you notice your personal information was compromised, feel free to drop us an email or leave a comment below.
Patrick Klepek on Google+
714 Comments
Posted by Spiritof
@numberThirtyOne said:
" Lol. I wish I remembered which password I used for PSN. "
Shoot GeoHotz an email. Dude's probably got it on his thumb drive.
Posted by OmegaPirate

Watching the journalists scream like children over twitter like they scold their commenters for is the one funny thing about all this    

Posted by Darkerkamikaze

Great.

Posted by pwnmachine

Wow, good thing I don't make any purchases or play online with my PS3.

Posted by Psy_Phi

Eh.  This is why I have it on a crap credit card I don't care about with a limit sub $1k.  I make 90% of my online purchases with that thing.  Still sucks.  Sony still doesn't know exactly what was compromised, and that in and of itself smacks of a terribly inept computer security team responsible for it.  If you can't avoid the problem, you should at least know how to find out WHAT was compromised.

Sony needs to hire some capable people.  I wonder where the breach happened.  Is PSN down world-wide or just in the U.S.?  I haven't kept up too much on the story and was not interested enough to care until I read here that personal info may have been compromised.

Posted by SpanxMcFranks

I am done. I barely used my PS3 and this is it, I am finished with PSN. This is sad too, because I was really looking forward to Infamous 2.

Posted by CarpetRemnant

Suck Fony

Posted by Zabant

is this big enough to bring sonys gaming division down?

Posted by AndyPhifer

Maybe the Sony Defense Force can get a SWAT team in to get them back?

Posted by HonoredSamurai

Condolences to my ps3 amigos. I feel like Sony's shitstorm is going to go Supernova now. Bust out the umbrellas!

Posted by animathias
@shenstra:
As far as the information goes, I'm more worried about the security questions than say my address or birthdate. I don't even remember what the PSN wanted for my security question, but if I had to guess, the name of my first pet or my first best friend's name isn't public information on the Internet. :(
Posted by m0rdr3d

This is so unbelievable.  Guess this means I won't be buying another thing from PSN.  Sorry I ever did.  Wow.

Posted by JMitch

I hate Sony if it wasn't for MLB the show I'd throw it out my freaking window

Posted by Brake

Glad I didn't update my credit card info to PSN yet. Now I'm gonna think long and hard if I ever will. I mean it's not like there's anything super essential that I need to buy from there.

Edited by EgoCheck616

Awesome job, Sony. On that note, I look forward to seeing what Nintendo's new console is like.

Excuse me while I play some Portal 2 coop on Steam.
Posted by Deathpooky

Time to update passwords everyone!

Posted by shenstra
@blacklabeldomm said:
" Here's a question: Will PS3 users be willing to pay (even the smallest amount) so Sony can hire better people/ make PSN more secure and avoid anything like this in the future?  (I expect a lot of no but GB is a vast ocean of opinions) Or what can Sony do to avoid this from happening?**Yes this can happen to XBL or any other payed service but that's unrelated. "
I would be, if I knew the money actually went towards security and infrastructure. But Sony isn't exactly the most transparent company out there. I think a more realistic solution would be to just keep making PS+ more attractive, get better content on PSN and rake in more money. Then they can take some of that profit (they do make a profit on PSN by now, I'd hope) and put it towards security.
Posted by fisk0

Wow, great. Don't they have any security staff at all? The intrusion was PS3's using custom firmware to masquerade as debug systems. Why the hell is this kind of data accessible to anybody? All this stuff, even the most basic personal data, should be individually encrypted several times over and really shouldn't even be visible for the guys who built the network. That a system masquerading as a debug PS3 is allowed full access - with what seems like no safeguarding - to all this stuff is ridiculous.

Posted by NissanSkyline

1000+ replies for sure

Posted by KaosAngel

I feel safe.  Luckily I'm in USA, the federal courts will cover everything to the consumers.

Posted by 617_jbug

Next Sony console will not have free online.

Posted by Zatoichi

So... any chance all those hackers who devoted time to hacking into PSN/PS3 are going to change their tune about it all being harmless and just so they can run their own software on PS3? Sony have been in a running battle with hackers to protect their platform, and the legitimate consumers amongst us continue to pay the price. I doubt Sony will release the details of how they hacked in, but I'd be willing to bet whatever the hacker leaves in my bank account that the exploit they used was enabled by this custom firmware that gave them access to the developers PSN.

Posted by gbrading

In the past, this kind of security intrusion has been enough to bring down lesser corporations.

Posted by bkbroiler

Wow, that really sucks. Good luck everyone!

Posted by fillmoejoe

This is some messed up sheet, bro. Did Sony know the extent of the hacker intrusion day one? If they did know, why in gods name did they wait so long to tell folks all their private info was compromised? Even if they didn't know they should've warned people to cancel their cards. Waiting so long to tell people is really inexcusable.

Posted by Fallen189
@MattyFTM: It was the Easter break, mind you. I'm sure they didn't do it on purpose
Posted by fenixREVOLUTION

Sony can't just come out and say they have our CC info? Odds are if it was right there, it's gone.

Posted by MikkaQ

Man, I don't have time to be changing all my damn passwords and get a new CC, fuck all of these hackers. 

Posted by EnduranceFun

Well, that sucks. I'm fairly sure the password for my PSN wasn't unique, but it was a fairly unimportant one. Worrying about the CC details. Good job, Sony, lol. 

Posted by Olivaw

I've just realized that this is a total disaster.

This is literally the worst possible situation that could ever occur to any online platform.

How the fuck did they let this happen, and furthermore, how can they handle in such a sloppy, uninformative way?

Posted by CyleMoore
@XII_Sniper: I agree with you, fuck them all!  
Posted by Soap

So I will be changing my passwords for everything as well as visiting the bank tomorrow to change my credit card. Thanks Sony! :D

Posted by Frobitz

Wow, has there ever been data loss on this scale before? Pretty incredible. Just moved the money that was in my account tied to the card i used on PSN into another account to be on safe side, think I'll be getting the bank to cancel that card tomorrow.


Xbox Live for online and downloads from now on then, I'll keep the PS3 for single player exclusives. Won't trust these incompetents again :-/
Posted by CyleMoore

Well this hacker can go to hell. I hope they find him or her bragging about that shit cause they always brag.

Posted by Siphillis

Anon: clearly working in the interest of the consumer.

Posted by Zatoichi

I declare it: Punch A Hacker In The Balls Day! If you know a hacker, any hacker, make sure and punch them in the balls.

Posted by Grilledcheez

FUCK

Posted by Jost1

1: Fuck you Sony
2: cancelled my credit card to be safe
3: Probably selling my PS3 and never buying Sony again. This is a breach of trust that I can't live with.

Posted by Spiritof

Maybe my dreams of Steam being the default UI on PS3 is one step closer?

Posted by JJGIANT

People need to take a step back for a second and stop heaping all the blame on Sony. Obviously it's bad we weren't informed earlier but there must be a reason for that maybe they only just found out themselves, who knows!


More anger should be focused towards the perpetrators. Obviously they are faceless criminals right now but it's something to keep in mind. I keep seeing hilarious comments like "Oh back to my 360" or "This never happens to Microsoft"

Posted by Codeacious

At first, I tried to think of any other company information crisis, to see if they overcame it. Then I realized I couldn't think of any.


Sony, ya done goofed.
Posted by Chris2KLee

This is a real mess, only made worse by the wall of silence Sony is producing. The Penny-Arcade guys got it right this Monday when they said Sony needs a strong PR person who knows how to talk to the audience. No offense to Mr.Seybold, but wait and see is not gonna cut it.

Posted by ShaneDev

My CC info isn't on the PSN thank goodness but this is such a huge mess its unbelievable. I cant believe they waited this long to tell people. I wonder what the fallout from this will be.

Posted by deathstroke75

that could possibly explain the oddball 9.99 charge from PSN on the 19th, seeing as how i didn't purchase anything or have any reoccurring things setup on my PSN account.

Posted by ImperiousRix

Wow... just wow.
I always buy points cards and physical subscriptions from these online services, but I figured that was me being overly paranoid.  Now this sorta thing happens.
I'm going to go change my PSN password now...  I really can't even make a joke about any of this.

Posted by JohnDudebro

I can't wait to see Kevin Butler: VP of Desperate Apologies.

Posted by PXAbstraction

If you aren't yet, go download and start using LastPass from www.lastpass.com. It's a 100% free (unless you need mobile access) password management and generation program. I've been using it for a while and it's generated random passwords for every site I use so I'm much less at risk from this attack. It's bulletproof security wise and works wonders. I'm not any kind of spokesman for them, this is just a really good and free solution to shield yourself from things like this.

Posted by Mijati

Well, back to just two consoles next generation then.

Posted by StriderNo9

This is really insane now, I can't believe this actually happened wow.

Posted by Pop

They should of mentioned the credit card thing on day one, so people can take precautions or maybe they didn't know either.