Giant Bomb News

714 Comments

Good News: PSN Back (Maybe) Within a Week, Bad News: Everything Else [Updated]

Sony confirms personal information obtained by outside party. That's fantastic.


Update 3: Valve has just told me that anyone who connected their PlayStation Network account to Steam via Portal 2 should not be worried, either. 

"Steam has nothing to do with the PSN outage," said the company in the statement.

Update 2: Regarding rumors Sony may have notified banks days ahead of disclosing today's revelations to the public, I have since contacted customer service representatives at both Bank of America and Chase. I personally have accounts at both financial firms and the representatives claimed to have received no information from Sony about a mass breach of credit information.

Update:  For those who were asking, Sony has just confirmed to me there is currently no way to determine what password you were/are using on PSN. If you're worried at all, you should probably change your password used across the Internet.

Some users have suggested counting the number of "stars" in your saved password as a way to help determine what password you may have been using to access PSN. It's a start.

**

Sony has been frustratingly quiet about the problems afflicting PlayStation Network since the downtime started last week. Who caused the issue in the first place? When will the service be back online? More importantly, has the disruption opened up my personal information to the intruders?

One, Sony isn't talking specifics, with the latest update on the PlayStation Blog from senior director of corporate communications and social media Patrick Seybold only outlining that the company has identified "a compromise of personal information as a result of an illegal intrusion on our systems."

Two, probably within a week--at least for some parts of PSN. "We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week," said Seybold. "We’re working day and night to ensure it is done as quickly as possible."

Three, the answer is yes. Here's what was available to intruders: "name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID." It's also "possible" that "your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers" were included.

Unfortunately, credit card details remain a mystery. "While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility," added Seybold. "If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."

== TEASER ==The continued air of "possibility" regarding how severely PSN was compromised, several work days and a full weekend after PSN initially went down, is not a particularly reassuring concept. I'd implore you to read Sony's full statement on the matter at the PlayStation Blog, as the company has complete details on what companies to contact regarding credit card fraud, should you notice any errant activity.

"We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience," reads the end of the statement. "Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information."

Stay tuned as more developments unfold. If you notice your personal information was compromised, feel free to drop us an email or leave a comment below.
Patrick Klepek on Google+
714 Comments
Posted by Hailinel

God damn it, Sony.  Thank you ever so much for being completely slack-assed in getting this news to us five days too late.

Posted by Crono
@ChrisInCali said:
" This is why I never give me CC info to Xbox or PS3, and always buy point cards at stores instead. "
Looks like that is what I will be doing now as well. Fuck, I can't even remember which card was connected to my account. Now I have to go look through a bunch of billing statements... Fffffffffffffffffffffff...
Posted by NissanSkyline

I heard someone won 100$ suing sony for disabling other OS , so how much for stolen private info?

Posted by Hichael

Thanks for the update Patrick. It's nice to have some sort of idea of whats happening.

Posted by allenibrahim
@LadyShayne: nope. I use prepaid cards, and I had no money on my account or a credit card. But still, they have your address, profile, and password.
Posted by brocool

I just want the online up and running again.

Posted by numberThirtyOne

Lol. I wish I remembered which password I used for PSN.

Posted by NickLott

Sony had to have known about the possibility of a user information breach a week ago and the fact that Sony didn't come out and say it as a courtesy of their users is fucking reprehensible. 

Posted by kerse

Wow fucking great, I wonder if I can get my card number changed.

Online
Posted by chilibean_3

Hahaha - oh fuck.  Sony is the worst.

Posted by Fira

This is so fucked, if I have to place a fraud alert on my credit then I can't even earn credit myself? Or I have to jump through an extra 10 hoops to do so?

Edited by gike987

 They waited five days before they told us that possible all of our personal data was stolen?! Fuck you Sony, I will never use PSN again.

Edited by louiedog

I don't have a PS3, but security is the reason I've never put credit card info on my Xbox Live account.

Posted by animathias

The dates on their blog mentioned this happening between 4/17 and 4/19... So... they waited 7 to 9 days to tell us that our passwords, security questions, addresses (at least city, state, zip code), and possibly credit card (and possibly more) information might be compromised? Wow... just.. wow. Even if there's a 1 in a million chance that information could be out there, I'd like to know as soon as possible, not a week and a half later.

Posted by RoyCampbell

Sony pullin' a Gawker.

Posted by FCKSNAP
@nissanskyline said:
" I heard someone won 100$ suing sony for disabling other OS , so how much for stolen private info? "
LOL no. It was someone in Europe that was compensated by Amazon for advertising OtherOS when they disabled it. No courts were involved.
Posted by DetectiveSpecial

Fiddlesticks.

Posted by Chop

Can't fucking believe this. 


Fuck you Sony. You should have told us our personal information was compromised on day fucking one. 
Posted by tracerace11

Wow, this is crazy.  I just told a guy yesterday that I did not believe that Sony had announced that CC info had been taken, and if so, Sony would have said something by now.  


I gave Sony too much credit apparently...
Posted by I_smell

IT ONLY
DOES
IDENTITY THEFT!

Posted by Spiritof

 Less concerned with having my identity stolen, more concerned with losing my Trine platinum trophy.

Posted by EmuLeader
@Snapstacle said:
" I'd still rather have my identity stolen than pay for XBL. Just sayin

Honestly I've had my credit card info stolen twice already from something as simple as giving the waitress my credit card at PF Chang's. It's really painless when you go through Bank of America.
"
Fanboyism meets Advertisement
" Xbox = bad, Bank of America = Good! Act now for exclusive offers and lower rates!"
Posted by NellyK

Just... wow...

Posted by nohthink

Thank God my credit card got expired before the catastrophe and I had not updated yet.

Posted by LadyShayne
@allenibrahim: Well that's somewhat a relief. I know faceless hackers having that kind of information is bad, but I'm struggling to find at least one morsel of goodness in a landfill of disaster.
Posted by Rrang

This will haunt Sony for a long time to come...

Posted by FCKSNAP
@EmuLeader said:
" @Snapstacle said:
" I'd still rather have my identity stolen than pay for XBL. Just sayin

Honestly I've had my credit card info stolen twice already from something as simple as giving the waitress my credit card at PF Chang's. It's really painless when you go through Bank of America.
"
Fanboyism meets Advertisement
" Xbox = bad, Bank of America = Good! Act now for exclusive offers and lower rates!"
"
I've had my credit card stolen before... that's advertisement? Fanboyism meets retard apparently.
Posted by Kombat
@Marcsman

This is bad
Infinitely insightful contribution.
Posted by sollum

Well..that's the last time I buy anything on PSN ever. Now I know I can't trust them to keep my personal and financial info safe. I should've just used those cards at retail stores.


Might be easier just to move to xbox instead.
Posted by Brenderous

I guess I should remove my credit card info when I get home.


Oh wait, I can't log in.

Great.
Posted by shenstra

At least they immediately recognized how ****ed they were. They shut the entire service down and hired a proper security company (presumably a reputable one) to do a full investigation. I also understand why they couldn't go into specifics. But why couldn't they have come out and said as much the day after PSN went down?


As for the (possibly) stolen data, I'm not that worried. Most of my personal information (and yours) is readily available to people who know how to search for it, my PSN password is unique to that account (as are nearly all my passwords), most of my purchase history is already available on Backloggery (and not all that interesting) and if they have my credit card details, my bank will handle that problem.
Posted by Vinny_Says

Here's a question: Will PS3 users be willing to pay (even the smallest amount) so Sony can hire better people/ make PSN more secure and avoid anything like this in the future?  (I expect a lot of no but GB is a vast ocean of opinions) Or what can Sony do to avoid this from happening?

**Yes this can happen to XBL or any other payed service but that's unrelated.

Posted by TheBlindChessman

Fucking hell Sony, you waited a week to tell us this? Even Kotaku were quicker than that.

Unforgivable.

Posted by Grissefar

Piece of shit. I don't know that it's going to hurt me but it sure it a piece of shit to have to be extra careful. At least give out a compensation. You know, like a game or something. Such as Split/Second or Prince of Persia Trilogy.

Posted by yakov456

Sigh, what a mess.

Posted by RIDEBIRD
Shit. I downloaded a demo on my account I created like a few years ago on a friends console. Am I screwed (don't remember the sign up process)? Not american. Didn't add credit card information, but passwords and such..

I feel very goddamn bad for those affected, and oh my god how can you be so terrible at this shit, Sony? Really fucking terrible all around: information, general security and the ambiguity - it took them a week to say like nothing.

Posted by SirOptimusPrime

This is insane. As someone who has above average knowledge of internal security measures and as a senior in high school, even I know how to at least use encryption and maintain encryption over time.


Learn to technology, Sony. I loved you, then you sat there like a mentally handicapped child. Fucking hell I can't believe how incompetent Sony is with how they're handling it. 
Posted by onimonkii

whatevs, i use psn cards, anyone could look up the rest of the info without hacking into psn, not a big deal at all really.

Posted by pekoe212

I just got a new credit card a month ago to replace one that may or may not have been compromised. I don't want to update everything AGAIN. Fucking internet. It's never really safe.

Posted by WinterSnowblind

I really didn't expect  the problems to be this bad and I'm honestly just stunned that they've taken this long to tell us what's happened..  It's shocking that they still haven't told us if card details have been compromised.


This has gone from being a minor inconvenience to a major worry and Sony have just guaranteed that I'll no longer be using the PSN for anything that requires any sort of personal information. 
Posted by Quacktastic

Remember when the PS3 was the most secure console and not the least?  Those were the days.

Posted by KickahaOta

I demand to see Kevin Butler publicly whipped and beaten.
Posted by heatDrive88

I'd be lying if I didn't say this is still pretty lol, guys.


But my heart still goes out to the people who need to hassle to make sure their account information is still intact, personal and CC info-wise. 
Posted by sgjackson

Just cancelled my debit card and I'm going to go around changing all my passwords to be safe.

Posted by InfiniteGeass

At least I never bought anything on PSN...

Edited by FiZi

"Unfortunately, credit card details remain a mystery."

Based on the list of details they already have lets all assume they've got our credit cards. It's always possible Sony stores CC info in a separate database from customer info (which would be a smart thing to do) but lets be honest, is it worth finding out they don't?

Call your CC company and get a new card.

Posted by Mikewrestler5

Sony better offer some compensation for not only the downtime, but the possibility of my personal data being exposed. It's fucking bullshit.

Posted by chickdigger802

Man this whole incident makes me really appreciate the whole Steam Shield thingy they introduced a few weeks back.

But like always you should only put debit cards on these services ;)

Posted by Warchief

wow.

Posted by astonish

Absolutely terrible. Makes me wish I never signed up for PSN. Other than downloading a demo I don't think I have ever used the system, so thankfully no CC stolen for me, but all that other personal information being stolen is annoying to say the least.