Giant Bomb News

714 Comments

Good News: PSN Back (Maybe) Within a Week, Bad News: Everything Else [Updated]

Sony confirms personal information obtained by outside party. That's fantastic.


Update 3: Valve has just told me that anyone who connected their PlayStation Network account to Steam via Portal 2 should not be worried, either. 

"Steam has nothing to do with the PSN outage," said the company in the statement.

Update 2: Regarding rumors Sony may have notified banks days ahead of disclosing today's revelations to the public, I have since contacted customer service representatives at both Bank of America and Chase. I personally have accounts at both financial firms and the representatives claimed to have received no information from Sony about a mass breach of credit information.

Update:  For those who were asking, Sony has just confirmed to me there is currently no way to determine what password you were/are using on PSN. If you're worried at all, you should probably change your password used across the Internet.

Some users have suggested counting the number of "stars" in your saved password as a way to help determine what password you may have been using to access PSN. It's a start.

**

Sony has been frustratingly quiet about the problems afflicting PlayStation Network since the downtime started last week. Who caused the issue in the first place? When will the service be back online? More importantly, has the disruption opened up my personal information to the intruders?

One, Sony isn't talking specifics, with the latest update on the PlayStation Blog from senior director of corporate communications and social media Patrick Seybold only outlining that the company has identified "a compromise of personal information as a result of an illegal intrusion on our systems."

Two, probably within a week--at least for some parts of PSN. "We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week," said Seybold. "We’re working day and night to ensure it is done as quickly as possible."

Three, the answer is yes. Here's what was available to intruders: "name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID." It's also "possible" that "your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers" were included.

Unfortunately, credit card details remain a mystery. "While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility," added Seybold. "If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."

== TEASER ==The continued air of "possibility" regarding how severely PSN was compromised, several work days and a full weekend after PSN initially went down, is not a particularly reassuring concept. I'd implore you to read Sony's full statement on the matter at the PlayStation Blog, as the company has complete details on what companies to contact regarding credit card fraud, should you notice any errant activity.

"We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience," reads the end of the statement. "Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information."

Stay tuned as more developments unfold. If you notice your personal information was compromised, feel free to drop us an email or leave a comment below.
Patrick Klepek on Google+
714 Comments
Posted by Sabious

The whole being hacked thing isn't what bugs me, it could happen to anyone. But Sony really need to work on their PR as it's unacceptable to go nearly a week without telling users their information has been compromised.

Posted by benu302000

Not surprisingly, Sony has managed to alienate, specifically and in particular, each and every one of the customers that can't afford to lose. The ones that pay money for stuff.

Bravo Sony, you can't be certain as holy fucking hell that I won't be spending a thin dime on PSN if it ever comes back up.

Posted by N7

It's for the homebrew, guys.

Posted by Voxatron

oh great... majorly depressing. :(

Posted by fenixREVOLUTION
@JJGIANT: It'd be nice to be able to look at it like that, but it's been close to a week and odds are, if your customer's information was compromised, that would be one of the first things you would know, or I would imagine attempt to find out. But they've kept everyone in the dark up until this point and even then are being dancing around the subject, saying that it probably did, but maybe it didn't. 

Hell, who knows, you could be right, maybe the hackers just wanted to shut down the network and stick it to Sony, or maybe all of our information ends up on a spreadsheet on a torrent somewhere. But It's tough to defend Sony for their shoddy handling of this whole ordeal.
Posted by zakkro

I can't trust Sony or hackers anymore. What a world.

Posted by Spiritof

I just checked with my bank, the $25 dollars in my checking account is still safe...or is it?

Posted by rjayb89

Wow, seriously? WHAT THE FUCK.

Posted by yakov456
@Olivaw
I've just realized that this is a total disaster.

This is literally the worst possible situation that could ever occur to any online platform.

How the fuck did they let this happen, and furthermore, how can they handle in such a sloppy, uninformative way?
I have been repeating that last paragraph in my head all day. Especially the uninformative part. For that, there is no excuse other than spin control.
Posted by WinterSnowblind
@JJGIANT: No, this has never happened to me on my Xbox and I'd like to think most companies wouldn't sit around twiddling their thumbs while waiting to tell us that credit card details have been compromised.  Sure, it's not entirely they're fault and perhaps they only just discovered the extent of the problems, but if there was even the possibility, they should have told us ASAP.

I'm sure if anyone is the victim of identity theft now, they can relax knowing that Sony just didn't know.
Posted by proggykins

Sony really dropped the ball on this whole situation. It seems the company exists in spite of their consumers. And yet there are still the apologists who will never admit that Sony may have not handled the situation with grace.

Posted by Sarkhan

Q.1     When did you realise the system had been intruded? 

We discovered between April 17 and April 19 there was an illegal and unauthorized intrusion into our network. 

Q.2     How did you know that the system was intruded?

 

We watch for any issues that may be raised with respect to security and monitor for such issues both internally and externally. 

Q.3     What is the main reason to this problem?  Which parts of the system were vulnerable to the intrusion?

 

We are currently conducting a thorough investigation of the situation.  Since this is an overall security related issue, we will not comment further on this case. 

Q.4     What action did you take (are you taking)?  Is there any possibility of further unauthorized access?

 

As soon as we learned of this issue, 1) we temporarily turned off PlayStation Network and Qriocity services in order to conduct a thorough investigation and to verify the smooth and secure operation of our network services, 2) we have also engaged an outside, recognized security firm to conduct a full and complete investigation into what happened, and 3) quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.   

Q.5     How many were affected?  How many per each region? What is the latest status of PlayStation Network registered account/ operating countries.

 

Our investigation indicates that all PlayStation Network/ Qriocity accounts may have been affected. 

Q.6     Does that mean all users’ information was compromised?  Tell us more in details of what personal information leaked.

 

In terms of possibility, yes.  We believe that an unauthorized person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity password, login, password security answers, and handle/PSN online ID.  It is also possible that your profile data may have been obtained, including purchase history and billing address (city, state/province, zip or postal code).  If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. If you have provided your credit card data through PlayStation Network or Qriocity, it is possible that your credit card number (excluding security code) and expiration date may also have been obtained. 

Q.7     Have you notified those users?

 

We are sending out e-mails directly to these users to their e-mail address registered on the PS Network accounts.  Also, we have posted web notices, and additional necessary procedures have been followed by each region. 

Q.8     Have you received reports or claims that their PSN ID information/ credit card had been used improperly?

 

Not at this point in time. 

Q.9     I want to know if my account has been affected.

   

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your account statements and to monitor your credit reports.  Additionally, if you use the same user name or password for your PlayStation Network or Qriocity service account for other unrelated services or accounts, we strongly recommend that you change them.  When the PlayStation Network and Qriocity services are back on line, we also strongly recommend that you log on to change your password. 
For your security, we encourage you to be especially aware of email, telephone, postal mail or other scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking.   

Q.10     What should I do to prevent any unauthorized use of my (credit card) personal information?

   

For your security, we encourage you to be especially aware of email, telephone, postal mail or other scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking.  Additionally, if you use the same user name or password for your PlayStation Network or Qriocity service account for other unrelated services or accounts, we strongly recommend that you change them.  When the PlayStation Network and Qriocity services are back on line, we also strongly recommend that you log on to change your password. 
To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your account statements and to monitor your credit reports. 

Q.11     Since when have PSN/Qriocity become unavailable and in which region?

 

PSN/Qriocity services have not been available since April 20 (US time) in all regions. 

Q.12     How come it is taking so much time to resume the service?

 

We are taking the investigation seriously.  We decided to keep the service down to allow us to conduct a thorough investigation and verify smooth operation of our network services. 

Q.13     How serious is this?  Have the hackers broken the security on PSN/Qriocity?  Are you taking necessary measures to prevent such outage happening in the future?

 

Since this is an overall security related issue, we will not comment further on this case but we are working to restore and maintain the services, including countermeasures against future intrusions. 

Q.14     When will the service resume?

 

We are taking the investigation seriously.  We will keep the service down to allow us to conduct a thorough investigation and verify smooth operation of our network services but are working hard to resume the services as soon as we can be reasonably assured security concerns are addressed. 

Q.15     Seems like SOE service was also not available/ suffering outage.  Is this true?  Is this due to the same reason as the PSN/Qriocity outage?

 

SOE's service is available although a service interruption due to an external attack did occur. A thorough investigation is ongoing. 

Q.16     I want my money back (subscription fee, content) since the PSN/Qriocity was not available.

 

When the full services are restored and the length of the outage is known, we will assess the correct course of action. 

Q.17     There seems to be some games that cannot be played even offline?

 

Depending on the game titles, but mainly PSN games, some may require access to PSN for trophy sync, security check, etc.

Contact Details

CountryCustomer Support
Africasonycustomercare.mea@ap.sony.com
Australia1-300 365-911
Austria0820 44 45 40
Belgium011 516 406
Bulgariasupport@sbhbg.com
Croatiaplaystation.hr@arsvenatus.hr
Cyprus22352282
Czech Republic222 864 199
Denmark90137013
Estonia6543484
Finland600411911
France0820 31 32 33
Germany01805 766 977
Greece801 11 92000
Hungary1 814 4800
Iceland591- 5100
India1800-103-7799
Ireland0818 365065
Israel09-9711700
Italy199 116 266
Latvia67046049
Lithuania37338655
Luxembourg0820 31 32 33
Malta234 360 00
Middle East - Allsonycustomercare.mea@ap.sony.com
Netherlands0495 574 817
New Zealand09 415 2447
Norway82068322
Poland0 801 230 000
Portugal707 23 23 10
Romaniasupport@sbhbg.com
Russia8-800-200-76-67
Slovakia232 112 209
Slovenia1 510 31 30
South Africa0861 773783
Spain902 102 102
Sweden9002033075
Switzerland0848 84 00 85
Turkeybilgi@eu.sony.com
UK0844 736 0595
Posted by Little_Socrates

Thankfully never bought anything on PSN. This really is bullshit, though.


WAIT. Do you think they have access to your Steam info through Portal 2? If they do...goddammit.

Remind me to never, ever give Sony my info again.
Posted by Tesla

I have a feeling Sony will be feeling the effects of this for a long time.  I know they won't be getting any more online purchases from me.  

Posted by Jeffmoocow

What the fuck Sony?

Posted by Jazz

tch, very tough for Sony...not really their fault but they're gonna have to live with the consequences.

People seem to be over reacting rather, there's no confirmation that cc numbers have been taken. They're just being cautious.


Also all the 'fuck Sony' comments are hilarious. Microsoft have never screwed anyone over intentionally, let alone unintentionally..right? Right?
Posted by Magma_Pear


WTF has happend to Sony this generation?

 

I mean WTF?!

 

$599

PSN < XBL

3rd party titles on 360 > PS3

Exclusive Titles Bomb

GT5 < Forza 3

PSP Go Fail

Playstation Move = Wii HD

Kinect destroys Move

PS3 Hacked by GeoHot, Sony settles after damage done

Wii HD launching, Move Fail is now complete

PSN Hacked by the ghost of GeoHot / CFW

 

OMFG!!

 

What is going on?!?!?!??!?! Has the devil come back to accept payment or something? It seems some unstoppable evil force is intent on hurting Sony.

Posted by zacharai

Oh, good.  Glad I went the 360 route.


(at least, until they get compromized)
Posted by WhatTheDang

Man, PSN customers better be getting some good free stuff out of this


hahahaha just kidding we'll get nothing and like it. 
Posted by shenstra
@fillmoejoe said:
" This is some messed up sheet, bro. Did Sony know the extent of the hacker intrusion day one? If they did know, why in gods name did they wait so long to tell folks all their private info was compromised? Even if they didn't know they should've warned people to cancel their cards. Waiting so long to tell people is really inexcusable. "
They probably knew it was a possibility from day one, which would explain why they took all of PSN down. They didn't inform us about the possibility because they were hoping against all hope that the outside security firm would assure them that no data was stolen, thus allowing them to avoid a lot of bad press. Of course, letting this situation continue for nearly a week without any explanation generate just as much bad press and now they have to come clean and get still more bad press.
Posted by Pkshields

Glad I removed all my payment details a good while ago. Cant remember why I did it, but pretty ecstatic I did.

Posted by ZeroCast

Too little too late?

I appreciate Sony's effort in informing their users about this but security should be an essential part of any network, if they can't get people's accounts back, how do they think that'll make them feel?

This will obviously give their customers second thoughts and might leave major disbelieve in them unless they are willing to rebuttal the situation one way or the other and prove that they are worthy of being trusted.

Posted by benu302000
@WhatTheDang:

+1
Posted by shadowkilla1
@josty81: How is there breach of trust, Sony wouldn't have made an announcement over the weekend so.....
Posted by JesperC

 
"We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience,"

Are you fucking kidding me? Thats what we get when someone might just have gotten acces to my creditcard number through their fucking service.

Edited by JoeyRavn
@Leakster said:

" Suck Fony "

Is that a Wheatus reference? :D

Also, really smooth, Sony. You may have been hacked, but your response is fucking unacceptable.
Posted by MisterMouse

well that sucks.

Posted by JammyJesus

Wonder how damaging this is going to be for the future of Sony and there Playstation brand. 

Posted by BabyChooChoo

Best headline ever? Me thinks it is.

Posted by Battletoad

Well, this is only about 7 days too late (at least). I wonder how long ago Sony knew about this, and also how long ago the actual theft took place. Has my information been in the wrong hands for two weeks? A month?

 

Sony wouldn't comment when directly asked if credit card data was stolen for several days. They wouldn't admit any other data was comprimised, either. Now I am supposed to trust them that my CC number "probably" wasn't stolen alongside all my other information that they will only now admit WAS stolen?

 

Sony sure is quick to act when somebody tinkers with a $600 product that they paid for and supposedly own under consumer law, but when their customers put (false) trust in Sony by legetimately buying products via their credit card on their POS network, you would think that Sony would do more to keep it safe, and if a breach was made, would inform said customers that they should change/cancel any of that info because of their incompetance.

 

Hell Sony probably intentionally delayed this news until after they announced their shitty new tablet line. Anyone feel in the mood to pay another $600 dollars to Sony, and entrust their sensative information in Sony's hands for another round of overpriced PSOne ports ?

 

 

 

 

Posted by Sneakybadger

I guess i should just fax the hackers my gas bill so they have the full Monty of my identity.


Posted by Kartana

awww nooo!

Posted by MordeaniisChaos
@proggykins said:
" Sony really dropped the ball on this whole situation. It seems the company exists in spite of their consumers. And yet there are still the apologists who will never admit that Sony may have not handled the situation with grace. "
They just responded with a lot more caution then most would. A lot of other services would care more about the front end experience rather than making sure there was no potential for more issues to arise and make matters worse. I dunno about you, but I'd take this approach to having my credit card and personal information out for the taking for some random asshole.

I think we can all agree that the people who attacked the system are far more at fault than Sony is for this. Sony is big, and they are not holding back in their investigation or their countermeasures.

Also, maybe if people were willing to pay them for the service, they would have the money to more "gracefully" deal with the issue. It's the sacrifice you make when you get a free service like that.
Posted by hermes

I guess now I can be happy that Sony never supported my credit card and all things had to be bought via prepaid cards.

Posted by dvorak

My account was stolen about 3 months ago, and the password was way too insane for anyone to have stolen it. Plus it was unique to the service, and the only system it had been used on was mine.


They then used my stored card to charge up 100 bucks and buy shit with it, and lock me out.

I called Sony, and because "it's the weekend" they couldn't help me. I got my account back later in the week, and was refunded but it was totally compromised on their end, even at that point. I have to assume that they only at this point realized it, and perhaps took their system offline to do some kind of audit, although that is speculation on my part.

Since then I haven't entered my credit card info, or bought shit off of PSN, and I'm not going to.
Posted by Commisar123

Well this is fucked

Posted by Doctorchimp
@Little_Socrates said:
" Thankfully never bought anything on PSN. This really is bullshit, though.

WAIT. Do you think they have access to your Steam info through Portal 2? If they do...goddammit.

Remind me to never, ever give Sony my info again.
"
I just fucking went through and changed up all my Steam info because of this...

Now i have to go through all the websites I go to one by one? I'm in the boat with you, really left a bad taste in my mouth...Sony it was a good run.

This generation was not kind to them. Actually they acted like morons this entire generation.
Posted by megalowho

Aside from being pissed about having to change my passwords/CC/potential identity theft and fraud, I'm seriously amazed that Sony is using the Playstation Blog to relay information about this entire ordeal instead of sending out a detailed email to all PSN members. How is this not worth contacting your userbase directly? What are they waiting for?

Edited by SJSchmidt93

Could this go down in history and one of the biggest gaming fuck-ups of all time?

Posted by rusted3572

I guess you get what you pay for...

Edited by louiedog

There seem to be three major camps that Sony users fall into now.

1) Fuck Sony
2) It's not a big deal.
3) *hand wringing* I wonder what we'll get out of it?

Posted by Wikitoups
@SirOptimusPrime @SSully H
Posted by animateria

The new news is a bit reassuring. 


Hope they scrambled all the other stuff as well. Including the credit card info.
Posted by Doctorchimp
@zacharai said:
" Oh, good.  Glad I went the 360 route.

(at least, until they get compromized)
"
I'd be under the impression that Microsoft might know a thing or two about security...
Posted by Seppli

Guess I'll need to get the PC version of BF:BC 2 now. Hounding the official BF3 forums way too intensively lately. Need my BF:BC 2 fix.

Also - fuck them hackers messing with my entertainment. Somebody please find and punish the culprits of this incident.

Edited by phish09

Big time f'up Sony.  Big time.  Never again are they getting any of my personal information.  The next Playstation had better allow me to register without including any info about myself other than my name.  Shit, if this information gets compromised and anyone's info is actually stolen, Sony is going to be up to their ass in lawsuits.  This may be a huge huge step towards Sony Computer Entertainment becoming a thing of the past.

So can I even log into PSN to change my password and remove any information (CC, Address, etc) to prevent any further compromise?

Posted by Y2Ken

Hmm... I'll keep a close eye on my account for the next few days. But I'm not leaving card data with PSN after this service resumes. Gonna have to change my password too.

Posted by Xpgamer7

Luckily my PSN stuff is non-compromising. This news brings so much crap to so many people though.

Posted by Spiritof
@SJSchmidt93 said:
" Could this go down in history and one of the biggest gaming fuck-ups of all time? "
I don't know, Virtual Boy was pretty fucking stoopid.
Posted by JJWeatherman

This is bad news, but nice story, Patrick. Glad to have you on board for stuff like this.