AusGamers took Far Cry 4 for a hands-on spin last week. Read on for our full thoughts...
Far Cry 4 Hands-On Preview
We take a look at all the local talent Australia has to offer for the gaming scene
Indie Friday: A Look at Australian Gaming
Joaby Gilroy takes The Sims 4 for a spin on PC and finds out just what the life simulator has to offer.
The Sims 4 Reviewed
We took the five winged, five week challenge with Hearthstone's first campaign and walked away less deathrattled than you might think.
Hearthstone: Naxxramas' Cursed Review
Post by trog @ 09:25am 27/04/11 | 54 Comments
Sony have posted more details to the official PlayStation blog, confirming that the recent PlayStation Network downtime is the result of a malicious attack, and also providing the bad news that the account information of, well, everyone on PSN has probably been compromised - possibly including credit card data:
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID.

It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
There is a FAQ on the UK version of the site as well (conspicuously missing from the US version for some reason.

Users are encouraged to change passwords on other services if they've used the same username and/or password immediately. You will apparently also be notified by email if you're a PSN user at some point. The service continues to remain offline while further investigations continue.



playstation networkpsnplaystationsonysecurity





Latest Comments
`ViPER`
Posted 09:33am 27/4/11
Wonder if they still think "Anonymous" did it?

No wonder they are taking so long to bring the network back online, they obviously have no idea the extent to which they were compromised, or they do know and dont know how to stop them just coming straight back in if they turn the network back on.
Bikkies
Posted 09:39am 27/4/11
Well i know its bad but Sony if only you could take it back and put Other OS back in. Then you could be excellent to each other but it's too late now.

Annoyed personal data has been compromised but not surprised because of the people out to get the company based on their decisions lately.
teq
Posted 10:04am 27/4/11
serves them right, 0 sympathy for evil corporations having s*** put back on them
jack40k
Posted 10:07am 27/4/11
@ Viper: No Anonymous denied responsibility http://www.platformnation.com/2011/04/22/sony-is-investigating-network-shutdown-anonymous-denies-responsibility/

Mind you I don't know if that means they think they did it. However Sony says that "we believe that an unauthorized person has obtained the following information" (http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/). That is 'one person'. Anonymous is a group..
Midda
Posted 10:20am 27/4/11
I just tried to sign in on their website to change my password, and it's telling me that I can't sign in, since PSN is down.

Great job, Sony.
scuzzy
Posted 10:26am 27/4/11
It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained.
Sure lots of unknowns there.

Also this post was interesting http://www.reddit.com/r/gaming/comments/gx6o4/im_a_moderator_over_at_psxscenecom_the_real/
copuis
Posted 10:25am 27/4/11
so, those poor poor poor bastards that haven't yet managed to play portal (or any other games that require it)

i wonder if there is grounds for some sort of "we f***ed up" rebate
Eorl
Posted 10:29am 27/4/11
Haha hilarious. And I will sit here and enoy pure internet bliss on my computer.
thermite
Posted 10:30am 27/4/11
haha I've never understood why people buy things like playstations. Never been interested. Those things are like from before computers were invented. I used to have a master system, then someone told me about computers, and I switched to that instead. Buying playstations then causes problems like mortal kombat not being released for PC. You may as well be a mac user.
So anything to punish these consumers is a good thing. Also sick of people saying s*** like "dual shock" and expecting me to know wtf they're on about. Who cares.
scuzzy
Posted 10:34am 27/4/11
You may as well be a mac user.
consoles offer far less smug.
Pinky
Posted 10:45am 27/4/11
I can understand why people buy consoles, I think they are awesome with a few beers and some mates - but I will NEVER understand subscriptions for games (e.g., WoW).

I don't exactly know what PSN is - is it just a distribution service like Steam?
eski
Posted 11:17am 27/4/11
Well f***

edit - I'm stupid, it sounds like they actually meant that there was no way for US to determine which password we had used given that we can't login. Shiiit, back to changing passwords.
Midda
Posted 10:49am 27/4/11
PSN is PlayStation Network. It's their online network. It's how you play games online on the PS3.
Mephz
Posted 10:53am 27/4/11
So what's the go? Those of us who have made a purchase over the PSN network should get our Credit Cards re-issued from our banks?
I do believe any purchase made the CC information is retained from my one and only buy over the PSN.

A pain in the ass as it is, that FAQ does seem to suggest that Sony can't guarantee those details weren't taken.
We can bet that even if they knew they were definitely stolen, they probably wouldn't put out a blanket recommendation that people cancel/re-issue cards because I imagine that would open some some easy legal doors)

arp - edited to fix some glaring mistakes, darn graveyard shift sorry.
Pinky
Posted 10:53am 27/4/11
PSN is PlayStation Network. It's their online network. It's how you play games online on the PS3.

Yeah right. Damn annoying, seems pretty innocent. I wonder how many of these security failures the world has to go through before it becomes illegal to store CC information.

Also, who came up with the term 'security compromise'? Haha, genius. 'Comprimise' may be a little bit light on IMO.
eski
Posted 11:40am 27/4/11
The longer I think about this the funnier it seems.

How long must the hacker have been on their network to download 77 million user accounts? How much will this affect their stock? How will they ever regain my trust!?

http://www.reuters.com/finance/stocks/chart?symbol=SNE.N

Just told my housemate and he said he would never sign up for an account with Sony after hearing that.
skythra
Posted 11:06am 27/4/11
haha I've never understood why people buy things like playstations.
Pretty close minded then hey. Must think that everyone is exactly like you.
@ Viper: No Anonymous denied responsibility

That isn't what he said, he was wondering if sony still BLAMED anon for it. Not what the anon group was claiming.
serves them right, 0 sympathy for evil corporations having s*** put back on them

Perhaps some epathy for the mothers and fathers who have had their details stolen just because they had kids which bought things through the PSN? At least because it wasn't the xbox network, there's less people's details in there because most of the basic uses are free.
I can understand why people buy consoles, I think they are awesome with a few beers and some mates - but I will NEVER understand subscriptions for games (e.g., WoW).
Yet you'd buy fuel for your car if you felt it was worth driving somewhere? Same s*** really. It's literally "is it worth paying more to keep using". Not a big leap to understand. Just not worthwhile for a lot of people, but obviously for others it is. Hell I pay for the gym and I haven't used it for the last month thanks to a busy workload. Other people wouldn't understand that because they'd prefer to do their exercise in the real world.
consoles offer far less smug.
I'm not sure, do you remember when the 360 vs ps3 wars were going on? Couldn't find smugger people in the middle of a 3 story apple store wearing blue shirts and name tags.

I've got a reply for just about everyone :D
Pinky
Posted 11:08am 27/4/11
Timmeh
Posted 01:19pm 27/4/11
good. 1 down, 1 to go.
Fixah
Posted 04:51pm 27/4/11


RIP Sony.
Outlaw
Posted 04:31pm 27/4/11
Playstation is wtfpwn even if you just used it for PSM wireless streaming & transcoding. You need to educate yourself about the playstation if you don't realise why people buy them.

agree with teq's post.

suck s*** sony!
seriously missing PSN though. sadface
crazymorton
Posted 05:20pm 27/4/11
is this the biggest hack, wrt to compromising personal data, in history?
Mr.Bumpy
Posted 05:22pm 27/4/11
Still waiting to activate my PS3 Portal 2 redeem code on Steam for PC *grumble*
Can't believe my PSN password and credit card details have possibly been compromised. Stupid Sony.
Whoop
Posted 06:11pm 27/4/11
serves them right, 0 sympathy for evil corporations having s*** put back on them

Maybe no sympathy for the company but what about the people whose data has been stolen as a result? You've got to feel sorry for them, especially if those details are used to commit fraud.
dranged
Posted 06:19pm 27/4/11
Hearing the Sony response to me it seems to be all about Covering ones Ass to Retain Employment and nothing about the 77m who had all their personal deets pinched.

One has to ask if nuking all 77m CC account details is a better security first principle than 'we strongly strongly strongly advise you to change your password'.
`ViPER`
Posted 06:27pm 27/4/11
Makes you think about what would happen if Steam went offline for a similar amount of time and lost the same amount of Personal Data.

I trust Valve a lot more than Sony, just because they genuinely seem like a good company, but who really knows.

There isn't much you can do to avoid things like this these days those, were a single company has so much control.

It would be hard to play PC games these days without steam, especially online.

I guess you make the choice to do it in the first place, but when one company has total control of a certain market, your choice becomes use the services of the company or stop doing whatever ever it is.
Twisted
Posted 06:41pm 27/4/11
Maybe no sympathy for the company but what about the people whose data has been stolen as a result? You've got to feel sorry for them, especially if those details are used to commit fraud.
They made their bed by dealing with Sony. They fail by association with the epic fail of Sony.
teq
Posted 07:55pm 27/4/11
Maybe no sympathy for the company but what about the people whose data has been stolen as a result? You've got to feel sorry for them, especially if those details are used to commit fraud.


my statement doesn't exclude those people, Sony are going to be at fault for those fraud claims and they will suffer as a direct result
I am one of those 70 odd million customers whose data has potentially been stolen and I couldn't care less, simply because Visa have always been all over any perceived fraudulent activity on my cards
Whoop
Posted 08:38pm 27/4/11
But how does sony paying get your bad credit rating removed when 50 debt collectors come knocking at your door for stuff you didn't buy because someone has stolen your identity and created a bunch of fake credit card accounts? I'm guessing, while possible, getting that bad rating removed will probably cost a lot of time and even more money.

I'm sure sony's lawyers will make sure they don't have to pay one cent to anyone affected.
Outlaw
Posted 08:56pm 27/4/11
This is why I buy PSN moneys from Jb HiFi
BassMan
Posted 10:16am 28/4/11
teq
Posted 10:53am 28/4/11
But how does sony paying get your bad credit rating removed when 50 debt collectors come knocking at your door for stuff you didn't buy because someone has stolen your identity and created a bunch of fake credit card accounts? I'm guessing, while possible, getting that bad rating removed will probably cost a lot of time and even more money.

I'm sure sony's lawyers will make sure they don't have to pay one cent to anyone affected.


it would never get to a credit rating, you just ring your bank and say the charges were fraudulent, they put them on hold for you and you get your money back
it really is that simple
DM
Posted 11:13am 28/4/11
They reckon it'll cost sony about 26.5 billion this attack, not counting law suits that will no doubt happen.

Bet they wished they had left in linux support now huh?
eski
Posted 11:52am 28/4/11
Sounds like the adelaide thing was a coincidence, but kotaku are just so keen to break any story they'll publish any old s***.

I wonder if it will make devs think twice about putting their games on the PSN. It's definitely got to suck for whoever was due to release stuff while the network has been down, and surely it'll make people hesitate to buy stuff when it goes back up.
Scooter
Posted 11:59am 28/4/11
Who is 'they' DM? I would like to see a cost breakdown on how they reached that 26.5 billion figure.

Thats a lot of coke and hookers.
DM
Posted 12:13pm 28/4/11
Forbes.

The Ponemon Institute, a data-security research firm, estimated that the cost of a data breach involving a malicious or criminal act averaged $318 per compromised record in 2010, up 48 percent from the year earlier.


$300 x 77 000 000 is a lot of money.
skythra
Posted 12:41pm 28/4/11
The pheonom institute in 2009 said the average cost of each data record was 202 dollars. Given it's 2011 now, and the cost was 300 dollars in 2010, the cost could be well above 400, not to mention that the cost for a company like sony where their data each has more than 300 dollars worth of info (credit cards eg would be worse than just an address and name).

For reference you can check “The Ponemon Institute's Cost of a Data Breach study”.

Just to back up DM.
Scooter
Posted 12:43pm 28/4/11
Wow, that is a lot of coke and hookers!
Mignun
Posted 12:49pm 28/4/11
find this on youtube a few min. ago. It discusses the issues about the hack.

http://www.youtube.com/watch?v=N6HJImywLZY
skythra
Posted 12:51pm 28/4/11
find this on youtube a few min. ago.

http://www.youtube.com/watch?v=N6HJImywLZY


Sure you didn't upload that? Lol. Apparently it thinks i was viewer #2. I couldn't watch it all though, mostly because it bored me to death, is there a highlight in that spiel which is worth listening to?
trillion
Posted 12:57pm 28/4/11
So basically whoever is walking around with this most recent hack is worth 85million dollars?

let's start a hacker hunt, easter eggs were too easy
FaceMan
Posted 02:07pm 28/4/11
LateLine had an interview with a guy that has had his card compromised.
(the kokatu link)
At first there was some tiny purchases under $20 then a couple of days later a two thousand.

http://www.abc.net.au/lateline/

He says hes never had a problem with any card before so its likely hes one of the first.

lateral
Posted 02:12pm 28/4/11
scary...

here is the email i got from Sony

Valued PlayStation Network/Qriocity Customer:

We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:

* Temporarily turned off PlayStation Network and Qriocity services;
* Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
* Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence that credit card data was taken at this time, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, to be on the safe side we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security, tax identification or similar number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your account statements and to monitor your credit or similar types of reports.

We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at au.playstation.com/psnoutage should you have any additional questions.

Sincerely,
Sony Network Entertainment and Sony Computer Entertainment Teams



Sony Network Entertainment Europe Limited (formerly known as PlayStation Network Europe Limited) is a subsidiary of Sony Computer Entertainment Europe Limited the data controller for PlayStation Network/Qriocity personal data
deadlyf
Posted 02:29pm 28/4/11
The Ponemon Institute, a data-security research firm, estimated that the cost of a data breach involving a malicious or criminal act averaged $318 per compromised record in 2010, up 48 percent from the year earlier.
Is that to the company or the customer who's information was actually taken though?

Getting compensation for damages resulting in losses from identity theft wouldn't be easy, if it's just your credit card then sure you could simply report it stolen but losing your email account or other accounts which may be compromised based on information that could be accessed from your PSN info, most people are just going to have to suck it up.
FaceMan
Posted 02:31pm 28/4/11
I might pick up a PS3 after this blows over because Im sure the price is going to be cut in a BIG way.
skythra
Posted 02:44pm 28/4/11
Is that to the company or the customer who's information was actually taken though?
That's the cost to the companies who lost the data. That is, it cost them in legal fee's and whatever man hours to sort it out and other things too. Makes you wonder about the share prices but I'm not curious enough to bother looking.

Each record lost cost them when averaged, 203 dollars. That is, in a action which a breach or a loss of information (lost iphone/laptop) in public relations, changes in policy and suits adds up to hundreds of thousands very quickly. Then they take that and divide it by the number of records lost.

Obviously a breach which lost 10 000 records is going to cost a whole lot less than one which loses 1 000 000, largely because more people are going to be affected and therefore care, meaning the actions taken have to be a whole lot more. I'd be curious to know how much the cost is of implementation of solutions versus cost of public relations versus the loss of trade. I bet the biggest cost would be probably all the media they have to deal with and the lawsuits they'll settle before courts.

I might pick up a PS3 after this blows over because Im sure the price is going to be cut in a BIG way.

Buy it now, just don't buy s*** online. Well, when the price dips to the biggest.. i guess hope that there's more bad news first.
Scooter
Posted 02:59pm 28/4/11
It might make it cheaper per point of data loss though. I know that the cost for me to pick up 50 points of data compared to 10 is negligable. The setup and control needed for those initial points is the real cost, then points past that are only a tiny fraction of the time (and cost.) So the work created for 7 million records accessed might not be significantly higher then say 700,000.

Not my field though, there might be just as much work needed to fix the 700th account as there was to fix the 7th or first.
Pinky
Posted 05:33pm 28/4/11
DM
Posted 05:36pm 28/4/11
$318 per compromised record in 2010, up 48 percent from the year earlier.

If the cost per record is $400 now, that's an extra 7 billion lost. Lol.
Midda
Posted 06:11pm 28/4/11
Supposedly PSN hackers iRC chat log

That doesn't look like it's related to this particular PSN hack. They were joking about firmware update 3.60 removing PSN, when 3.60 came out months ago.
teq
Posted 07:00pm 28/4/11
Whoop
Posted 07:47pm 28/4/11
I might pick up a PS3 after this blows over because Im sure the price is going to be cut in a BIG way.

I've played my mates ps3, controllers make my hands go numb after a while. Xbox controllers are far superior
Outlaw
Posted 08:02pm 28/4/11
xbox controller has a battery box under it that cramps your fingers
Commenting has been locked for this item.
54 Comments
Show
Close