Sony have posted more details to the official PlayStation blog
, confirming that the recent PlayStation Network downtime is the result of a malicious attack, and also providing the bad news that the account information of, well, everyone on PSN has probably been compromised - possibly including credit card data:
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID.
It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
There is a FAQ
on the UK version of the site as well (conspicuously missing from the US version for some reason.
Users are encouraged to change passwords on other services if they've used the same username and/or password immediately. You will apparently also be notified by email if you're a PSN user at some point. The service continues to remain offline while further investigations continue.
Posted 09:33am 27/4/11
No wonder they are taking so long to bring the network back online, they obviously have no idea the extent to which they were compromised, or they do know and dont know how to stop them just coming straight back in if they turn the network back on.
Posted 09:39am 27/4/11
Annoyed personal data has been compromised but not surprised because of the people out to get the company based on their decisions lately.
Posted 10:04am 27/4/11
Posted 10:07am 27/4/11
Mind you I don't know if that means they think they did it. However Sony says that "we believe that an unauthorized person has obtained the following information" (http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/). That is 'one person'. Anonymous is a group..
Posted 10:20am 27/4/11
Great job, Sony.
Posted 10:26am 27/4/11
Also this post was interesting http://www.reddit.com/r/gaming/comments/gx6o4/im_a_moderator_over_at_psxscenecom_the_real/
Posted 10:25am 27/4/11
i wonder if there is grounds for some sort of "we f***ed up" rebate
Posted 10:29am 27/4/11
Posted 10:30am 27/4/11
So anything to punish these consumers is a good thing. Also sick of people saying s*** like "dual shock" and expecting me to know wtf they're on about. Who cares.
Posted 10:34am 27/4/11
Posted 10:45am 27/4/11
I don't exactly know what PSN is - is it just a distribution service like Steam?
Posted 11:17am 27/4/11
edit - I'm stupid, it sounds like they actually meant that there was no way for US to determine which password we had used given that we can't login. Shiiit, back to changing passwords.
Posted 10:49am 27/4/11
Posted 10:53am 27/4/11
I do believe any purchase made the CC information is retained from my one and only buy over the PSN.
A pain in the ass as it is, that FAQ does seem to suggest that Sony can't guarantee those details weren't taken.
We can bet that even if they knew they were definitely stolen, they probably wouldn't put out a blanket recommendation that people cancel/re-issue cards because I imagine that would open some some easy legal doors)
arp - edited to fix some glaring mistakes, darn graveyard shift sorry.
Posted 10:53am 27/4/11
Yeah right. Damn annoying, seems pretty innocent. I wonder how many of these security failures the world has to go through before it becomes illegal to store CC information.
Also, who came up with the term 'security compromise'? Haha, genius. 'Comprimise' may be a little bit light on IMO.
Posted 11:40am 27/4/11
How long must the hacker have been on their network to download 77 million user accounts? How much will this affect their stock? How will they ever regain my trust!?
Just told my housemate and he said he would never sign up for an account with Sony after hearing that.
Posted 11:06am 27/4/11
That isn't what he said, he was wondering if sony still BLAMED anon for it. Not what the anon group was claiming.
Perhaps some epathy for the mothers and fathers who have had their details stolen just because they had kids which bought things through the PSN? At least because it wasn't the xbox network, there's less people's details in there because most of the basic uses are free.
Yet you'd buy fuel for your car if you felt it was worth driving somewhere? Same s*** really. It's literally "is it worth paying more to keep using". Not a big leap to understand. Just not worthwhile for a lot of people, but obviously for others it is. Hell I pay for the gym and I haven't used it for the last month thanks to a busy workload. Other people wouldn't understand that because they'd prefer to do their exercise in the real world.
I'm not sure, do you remember when the 360 vs ps3 wars were going on? Couldn't find smugger people in the middle of a 3 story apple store wearing blue shirts and name tags.
I've got a reply for just about everyone :D
Posted 11:08am 27/4/11
Posted 01:19pm 27/4/11
Posted 04:51pm 27/4/11
Posted 04:31pm 27/4/11
agree with teq's post.
suck s*** sony!
seriously missing PSN though. sadface
Posted 05:20pm 27/4/11
Posted 05:22pm 27/4/11
Can't believe my PSN password and credit card details have possibly been compromised. Stupid Sony.
Posted 06:11pm 27/4/11
Maybe no sympathy for the company but what about the people whose data has been stolen as a result? You've got to feel sorry for them, especially if those details are used to commit fraud.
Posted 06:19pm 27/4/11
One has to ask if nuking all 77m CC account details is a better security first principle than 'we strongly strongly strongly advise you to change your password'.
Posted 06:27pm 27/4/11
I trust Valve a lot more than Sony, just because they genuinely seem like a good company, but who really knows.
There isn't much you can do to avoid things like this these days those, were a single company has so much control.
It would be hard to play PC games these days without steam, especially online.
I guess you make the choice to do it in the first place, but when one company has total control of a certain market, your choice becomes use the services of the company or stop doing whatever ever it is.
Posted 06:41pm 27/4/11
Posted 07:55pm 27/4/11
my statement doesn't exclude those people, Sony are going to be at fault for those fraud claims and they will suffer as a direct result
I am one of those 70 odd million customers whose data has potentially been stolen and I couldn't care less, simply because Visa have always been all over any perceived fraudulent activity on my cards
Posted 08:38pm 27/4/11
I'm sure sony's lawyers will make sure they don't have to pay one cent to anyone affected.
Posted 08:56pm 27/4/11
Posted 10:13am 28/4/11
Posted 10:16am 28/4/11
Posted 10:53am 28/4/11
it would never get to a credit rating, you just ring your bank and say the charges were fraudulent, they put them on hold for you and you get your money back
it really is that simple
Posted 11:13am 28/4/11
Bet they wished they had left in linux support now huh?
Posted 11:52am 28/4/11
I wonder if it will make devs think twice about putting their games on the PSN. It's definitely got to suck for whoever was due to release stuff while the network has been down, and surely it'll make people hesitate to buy stuff when it goes back up.
Posted 11:59am 28/4/11
Thats a lot of coke and hookers.
Posted 12:13pm 28/4/11
$300 x 77 000 000 is a lot of money.
Posted 12:41pm 28/4/11
For reference you can check “The Ponemon Institute's Cost of a Data Breach study”.
Just to back up DM.
Posted 12:43pm 28/4/11
Posted 12:49pm 28/4/11
Posted 12:51pm 28/4/11
Sure you didn't upload that? Lol. Apparently it thinks i was viewer #2. I couldn't watch it all though, mostly because it bored me to death, is there a highlight in that spiel which is worth listening to?
Posted 12:57pm 28/4/11
let's start a hacker hunt, easter eggs were too easy
Posted 02:07pm 28/4/11
(the kokatu link)
At first there was some tiny purchases under $20 then a couple of days later a two thousand.
He says hes never had a problem with any card before so its likely hes one of the first.
Posted 02:12pm 28/4/11
here is the email i got from Sony
Posted 02:29pm 28/4/11
Getting compensation for damages resulting in losses from identity theft wouldn't be easy, if it's just your credit card then sure you could simply report it stolen but losing your email account or other accounts which may be compromised based on information that could be accessed from your PSN info, most people are just going to have to suck it up.
Posted 02:31pm 28/4/11
Posted 02:44pm 28/4/11
Each record lost cost them when averaged, 203 dollars. That is, in a action which a breach or a loss of information (lost iphone/laptop) in public relations, changes in policy and suits adds up to hundreds of thousands very quickly. Then they take that and divide it by the number of records lost.
Obviously a breach which lost 10 000 records is going to cost a whole lot less than one which loses 1 000 000, largely because more people are going to be affected and therefore care, meaning the actions taken have to be a whole lot more. I'd be curious to know how much the cost is of implementation of solutions versus cost of public relations versus the loss of trade. I bet the biggest cost would be probably all the media they have to deal with and the lawsuits they'll settle before courts.
Buy it now, just don't buy s*** online. Well, when the price dips to the biggest.. i guess hope that there's more bad news first.
Posted 02:59pm 28/4/11
Not my field though, there might be just as much work needed to fix the 700th account as there was to fix the 7th or first.
Posted 05:33pm 28/4/11
Posted 05:36pm 28/4/11
If the cost per record is $400 now, that's an extra 7 billion lost. Lol.
Posted 06:11pm 28/4/11
That doesn't look like it's related to this particular PSN hack. They were joking about firmware update 3.60 removing PSN, when 3.60 came out months ago.
Posted 07:00pm 28/4/11
Posted 07:47pm 28/4/11
I've played my mates ps3, controllers make my hands go numb after a while. Xbox controllers are far superior
Posted 08:02pm 28/4/11