Giant Bomb News

714 Comments

Good News: PSN Back (Maybe) Within a Week, Bad News: Everything Else [Updated]

Sony confirms personal information obtained by outside party. That's fantastic.


No Caption Provided
Update 3: Valve has just told me that anyone who connected their PlayStation Network account to Steam via Portal 2 should not be worried, either. 

"Steam has nothing to do with the PSN outage," said the company in the statement.

Update 2: Regarding rumors Sony may have notified banks days ahead of disclosing today's revelations to the public, I have since contacted customer service representatives at both Bank of America and Chase. I personally have accounts at both financial firms and the representatives claimed to have received no information from Sony about a mass breach of credit information.

Update:  For those who were asking, Sony has just confirmed to me there is currently no way to determine what password you were/are using on PSN. If you're worried at all, you should probably change your password used across the Internet.

Some users have suggested counting the number of "stars" in your saved password as a way to help determine what password you may have been using to access PSN. It's a start.

**

Sony has been frustratingly quiet about the problems afflicting PlayStation Network since the downtime started last week. Who caused the issue in the first place? When will the service be back online? More importantly, has the disruption opened up my personal information to the intruders?

One, Sony isn't talking specifics, with the latest update on the PlayStation Blog from senior director of corporate communications and social media Patrick Seybold only outlining that the company has identified "a compromise of personal information as a result of an illegal intrusion on our systems."

Two, probably within a week--at least for some parts of PSN. "We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week," said Seybold. "We’re working day and night to ensure it is done as quickly as possible."

Three, the answer is yes. Here's what was available to intruders: "name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID." It's also "possible" that "your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers" were included.

Unfortunately, credit card details remain a mystery. "While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility," added Seybold. "If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."

== TEASER ==The continued air of "possibility" regarding how severely PSN was compromised, several work days and a full weekend after PSN initially went down, is not a particularly reassuring concept. I'd implore you to read Sony's full statement on the matter at the PlayStation Blog, as the company has complete details on what companies to contact regarding credit card fraud, should you notice any errant activity.

"We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience," reads the end of the statement. "Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information."

Stay tuned as more developments unfold. If you notice your personal information was compromised, feel free to drop us an email or leave a comment below.
Patrick Klepek on Google+
714 CommentsRefresh
Avatar image for patrickklepek
Posted By patrickklepek

No Caption Provided
Update 3: Valve has just told me that anyone who connected their PlayStation Network account to Steam via Portal 2 should not be worried, either. 

"Steam has nothing to do with the PSN outage," said the company in the statement.

Update 2: Regarding rumors Sony may have notified banks days ahead of disclosing today's revelations to the public, I have since contacted customer service representatives at both Bank of America and Chase. I personally have accounts at both financial firms and the representatives claimed to have received no information from Sony about a mass breach of credit information.

Update:  For those who were asking, Sony has just confirmed to me there is currently no way to determine what password you were/are using on PSN. If you're worried at all, you should probably change your password used across the Internet.

Some users have suggested counting the number of "stars" in your saved password as a way to help determine what password you may have been using to access PSN. It's a start.

**

Sony has been frustratingly quiet about the problems afflicting PlayStation Network since the downtime started last week. Who caused the issue in the first place? When will the service be back online? More importantly, has the disruption opened up my personal information to the intruders?

One, Sony isn't talking specifics, with the latest update on the PlayStation Blog from senior director of corporate communications and social media Patrick Seybold only outlining that the company has identified "a compromise of personal information as a result of an illegal intrusion on our systems."

Two, probably within a week--at least for some parts of PSN. "We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week," said Seybold. "We’re working day and night to ensure it is done as quickly as possible."

Three, the answer is yes. Here's what was available to intruders: "name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID." It's also "possible" that "your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers" were included.

Unfortunately, credit card details remain a mystery. "While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility," added Seybold. "If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."

== TEASER ==The continued air of "possibility" regarding how severely PSN was compromised, several work days and a full weekend after PSN initially went down, is not a particularly reassuring concept. I'd implore you to read Sony's full statement on the matter at the PlayStation Blog, as the company has complete details on what companies to contact regarding credit card fraud, should you notice any errant activity.

"We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience," reads the end of the statement. "Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information."

Stay tuned as more developments unfold. If you notice your personal information was compromised, feel free to drop us an email or leave a comment below.
Avatar image for venatio
Posted By Venatio

Crap

Avatar image for roborobb
Posted By RoboRobb

uh oh..

Avatar image for ssully
Posted By SSully

Wow, this is amazing that sony let this happen. I hope to god none of my info was compromised. 

Avatar image for make_me_mad
Posted By Make_Me_Mad

So, is this going to affect only PS3 users, or do the people who bought things from the PSP's online store also need to worry?  If it goes that far, I'll be needing to give my brother a call shortly.

Avatar image for phatseejay
Posted By PhatSeeJay

Great...

Avatar image for fcksnap
Edited By FCKSNAP

[Removed]

Avatar image for cuevas
Posted By cuevas

Fucking assholes. (The hackers, not Sony)

Avatar image for slantedwindows
Posted By slantedwindows

sooo... how will sony be making reparations for this?

Avatar image for nissanskyline
Posted By NissanSkyline

Just when i got MK9 this shit happens, hope nothing serious was stolen

Avatar image for dck
Posted By dck

Well, fuck you Sony. XBL only purchases from now on.

Avatar image for jmartnwa
Posted By JMartNWA

Wow, it appears things are turning towards catastrophic level now.  A huge release week and no one able to play online was bad enough, but potential identity theft?  Let's just say that will not go over well.

Avatar image for johndudebro
Posted By JohnDudebro

This is fucking unacceptable.


How did Sony fuck up security so badly that this was possible in the first place?
Avatar image for phished0ne
Posted By Phished0ne

:(

Avatar image for mosdl
Posted By mosdl

Luckily, in the US at least, they will have to cover any legal costs should you get compromised.

Avatar image for dtat
Posted By Dtat

So do we all get compensated if our information was stolen and someone steals from us? Sounds like something Sony should do.

Avatar image for treythalomew
Posted By Treythalomew

This is crazy talk. If there was any indication that they could have gotten any personal info/CC then they should have said something day one or day two.

Avatar image for tennmuerti
Posted By Tennmuerti

Well this fucking sucks...

Avatar image for rockinkemosabe
Posted By rockinkemosabe

Shit. I knew I shouldn't of bought that fucking Dead Space 2 DLC.

Avatar image for animateria
Posted By animateria

Well, I guess I should change my password at the very least that's for sure.

Avatar image for chrisincali
Posted By ChrisInCali

This is why I never give me CC info to Xbox or PS3, and always buy point cards at stores instead.

Avatar image for choffy
Posted By Choffy

This is bullshit. Strongly considering leaving PSN if my information isn't safe. If it's happened once, why can't it happen again?

Avatar image for silvershadow
Posted By SilverShadow

I smell a class-action lawsuit! Who's with me?!
Avatar image for hackjob135
Posted By Hackjob135

ffffffffuck.

Avatar image for randominternetuser
Posted By RandomInternetUser

Jesus Christ. I see lawsuits headed their way.

Avatar image for rmanthorp
Posted By rmanthorp

LAWL

This sucks...
Moderator
Avatar image for darktravesty
Posted By DarkTravesty
@Make_Me_Mad:  the psp store is part of the playstation network. so to be safe i'd give him a call.
@Snapstacle:  and i'd rather pay $30-$40 for xbox live than have my identity stolen and credit rating ruined.
Avatar image for elcalavera
Posted By elcalavera

Well done, Sony.

Avatar image for blair
Posted By Blair

What a tremendous fuck-up.

Avatar image for mattyftm
Posted By MattyFTM

It might have been a smart move to let people know that their personal information, possibly including credit card info, had been stolen as soon as it happened. Waiting 5 days before telling anyone about it is amazingly dumb. 

Moderator
Avatar image for altairre
Posted By altairre

I was about to buy my first DLC via PSN. This would have been my first buy ever and now I am actually glad that PSN went down down before I could purchase this thin. Nevertheless this is a horrible thing for both, Sony and all the users.

Avatar image for kombat
Posted By Kombat

I don't understand how Sony's security measures could really be this atrocious. And it is absolutely disgusting that it has taken them this long to come out and say just how much personal information was compromised, which seems to read as "potentially all of it."

Avatar image for thebatmobile
Posted By thebatmobile

This is pretty insane.

Avatar image for ladyshayne
Posted By LadyShayne

I don't remember, but does PSN force you to provide credit card info during sign up regardless of if you're buying a game or not? Since I've only used PSN cards at least I could find solace in having that information safe.

Avatar image for thephilanthropist
Posted By ThePhilanthropist

Patrick you just officially made Giantbomb  the place to go for news as long as it doesn't get blocked by my work IT department.

Avatar image for zimbo
Posted By Zimbo

Well, that just fucking sucks. Good thing it was only my expired debit card tied to the account. Also, time to change email passwords!

Man, Sony is going to get hell for this I imagine.

Avatar image for admanb
Posted By admanb

Hahahaha what. Sony, there is this thing called "encryption" that you may want to look into. It stops you from storing plain text passwords for all of your customers!

Avatar image for marcsman
Posted By Marcsman

This is bad
Avatar image for sparklykiss
Posted By sparklykiss
@ChrisInCali said:
" This is why I never give me CC info to Xbox or PS3, and always buy point cards at stores instead. "
This! But as for the other news about any other information being stolen?

FFFFFFFFFFFFFFFFFFFFFU-
Avatar image for blipp18
Posted By BLipp18

thanks alot Anonymous. Even if they didnt do this themselves, they planted the idea in the stupid ******** hackers heads who did this. But no, its all worth it! take down sony b/c you couldnt install your precious "Other OS"! Screw everyone over b/c you wanted to protect your "rights" WHICH YOU DONT HAVE BECAUSE HACKING IS ILLEGAL!

Avatar image for fcksnap
Posted By FCKSNAP
@DarkTravesty said:
" @Snapstacle:  and i'd rather pay $30-$40 for xbox live than have my identity stolen and credit rating ruined. "
U MAD BRO?
Avatar image for general_d23
Posted By General_D23

Fucking HELL, Sony. Utterly ridiculous.

Avatar image for kombat
Posted By Kombat
@Make_Me_Mad I'm fairly certain that PSN and the PSP store use the same account information.
Avatar image for napalmtrees
Posted By napalmtrees

Great, two weeks after I get a PS3 and three weeks before I leave for Basic.  Thanks Sony!

Avatar image for fira
Posted By Fira

maybe it is time to switch to the xbox. how does sony keep fucking stuff up like this?

Avatar image for allenibrahim
Posted By allenibrahim

I can't believe this is happening. Sony is going to get smacked with the BIGGEST class action lawsuit they've ever seen. And the fact that they waited so long to update everyone about it is MESSED UP

Avatar image for neoepoch
Posted By neoepoch

Does this mean that if we linked our Steam Accounts with our PSN IDs that those passwords are now compromised? I guess I need to change all my passwords and get new bank cards.

Avatar image for themailtoad
Posted By TheMailToad

Well, looks like I'm never trusting Sony with any personal info again.

Avatar image for mjames70
Posted By MJames70

What will all those people who were saying yesterday that there was no chance of this, it was just some hackers getting goodies for free say now? Fortunately my exposure on PSN was limited in that the login/PW is not good on any other sites, but it is still alarming and frustrating....this is after being caught up in Kotaku's **** up info breach a few months back. Trust no one online seems to be the only recourse...

Avatar image for fritzdude
Posted By FritzDude

Crazy.