Gamasutra: The Art & Business of Making Gamesspacer
View All     RSS
September 2, 2014
arrowPress Releases
September 2, 2014
PR Newswire
View All





If you enjoy reading this site, you might also want to check out these UBM Tech sites:


PlayStation Network Accounts Compromised, Personal Information Stolen
PlayStation Network Accounts Compromised, Personal Information Stolen
April 26, 2011 | By Frank Cifaldi

April 26, 2011 | By Frank Cifaldi
Comments
    41 comments
More: Console/PC, Business/Marketing



Sony Computer Entertainment has released a statement finally explaining why its PlayStation Network service has been down most of the past week, saying that an illegal intrusion into its network has compromised its database of user account information.

In a PlayStation Blog statement by SCEA's Patrick Seybold, the company claims an unauthorized entry into both the PlayStation Network and Sony's music and video service Qriocity was made by an unnamed group that compromised "certain...user account information."

According to a letter currently being sent to all of Sony's registered account holders, the company believes that "an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID."

Other compromised information across the PlayStation Network includes "purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers."

Sony says that while there is no evidence of credit card info being stolen, the company "cannot rule out the possibility," and advises users who have connected a card to their accounts that credit card numbers and expiration dates (though not security codes) may have been obtained by a third party.

Sony's letter goes on to suggest actions an affected user should take, including being vigilant about communications that ask for personal information, changing any passwords shared with a user's PSN account, and contacting U.S. credit bureaus to issue a fraud alert.

Sony has clarified to Gamasutra that this information seems to apply to all accounts, with Seybold telling us "Our investigation indicates that all PlayStation Network/ Qriocity accounts may have been affected."

PlayStation Network services are expected to be resumed within a week, says Seybold, after its system undergoes a "re-building" to provide better protection.

[UPDATE: Sony has updated its support site with a FAQ about the attack.

In an official statement to Gamasutra, the company also said that it didn't wait nearly a week to alert users that their personal information was compromised -- that revelation only came on Monday, SCEA said.

"There's a difference in timing between when we identified there was an intrusion and when we learned of consumers' data being compromised," the company explained. "We learned there was an intrusion April 19th and subsequently shut the services down."

"We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident," the statement continued. "It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday [April 25] to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon [April 26]."]


Related Jobs

WB Games
WB Games — Kirkland, Washington, United States
[09.02.14]

Senior Software Engineer, Graphics
WB Games
WB Games — Chicago, Illinois, United States
[09.02.14]

Senior Artist, Cinematics
Wargaming.net
Wargaming.net — Chicago, Illinois, United States
[09.02.14]

QA Analyst - Web
YAGER Development GmbH
YAGER Development GmbH — Berlin, Germany
[09.02.14]

Visual FX Artist (f/m)










Comments


Brent Orford
profile image
>> unauthorized entry into both the PlayStation Network and Sony's music and video service Qriocity was made by an unnamed group



One might say... an "anonymous group"?

Eric Cartman
profile image
As far as I know, Anonymous heavily supports the right to privacy for individuals, hence the name Anonymous.



And they denied responsibility awhile ago.



But maybe.

Merc Hoffner
profile image
WHOA



Really, whoa. I bet Sony wish they hadn't been showing off how many 10's of millions of account holders they have now.

Kale Menges
profile image
Thanks, Sony. Appreciate it. You really do get what you pay for, huh? Think I'm done with my PS3. Now that blu-ray players are on the cheap, I don't need a superfluous console taking up more space...

Lamont Gilkey
profile image
Wanna sell it? I'll give you $100+ shipping.

Rodan Mistiff
profile image
I just called a friend on the inside with the know and he said Credit Card information was stolen.

Ben Lippincott
profile image
Well, at least they waited 5 days to tell anyone about this. Probably just to be sure the thieves could pocket enough money to make it worth their while.

Sean Currie
profile image
This. Does anyone know what the laws are for informing consumers of security breaches? I imagine it varies state to state but it sounds like Sony risks being in a mess of legal trouble.

Tom Baird
profile image
I guess it's a good time to secure up my current credit card information then.



This helps make some sense as to why Sony went after Hotz with such vigor. Hopefully in the future they won't put so many eggs in one basket with regards to security.

Sean Currie
profile image
What does this have to do with Hotz? We're talking about compromised account information.

Tom Baird
profile image
A couple weeks ago there was a method exposed with the Root Key crack to modify account information (passwords, trophies, friend's lists, PSN Ids) of other PSN users.



Call me crazy, but if you can change the information, how far is it going to be to get the information.



It's somewhat presumptuous, but it helps explain why releasing that Root Key was such a huge deal to Sony, they didn't really design the system around that ever being exposed.

Sean Currie
profile image
Yeah that's true. Whenever I hear about the root key crack my mind just defaults to piracy.

Maurício Gomes
profile image
That is pretty ironic, considering you can do ANYTHING BUT pirate games with the root key.

Aaron Eastburn
profile image
Weird, I didn't get an email but I haven't used my PS3 since before April 1st when they transferred accounts to "Sony Network Entertainment America Inc.". Anyone know if they know which accounts were hacked and are only sending emails to those people?

Jeremy mcKendricks
profile image
Playstation: It only does identity theft.

Rodan Mistiff
profile image
How many shares of Sony are on the market and how many accounts were stolen? Sounds like we will all be owners in the Sony company by the end of this. What will you do with your 10 shares?

[User Banned]
profile image
This user violated Gamasutra’s Comment Guidelines and has been banned.

Sean Currie
profile image
Looks like. All the Dev networks are down as well.

A W
profile image
**shakes head**

dan m
profile image
Just one more reason why paying $60 a year for real a service like Xbox Live is not a big deal, even though some folks (mostly kids who don't have $60) make it out to be a big deal.

The service is there for me when I want it, its never down. I can't recall how many times I have had problems with PSN or logging into PSN that I hardly use my PS3 for anything other than Bluray and Gran Turismo (the only things a PS3 is good for). Whenever I turn on my 360 Live is always working, Sony maybe needs to take some lessons from MS, a closed network would be a smart start...much like Live is.

Now to hop on Live and play some Black Ops.

Jakub Janovsky
profile image
Dont kid yourself - this can happen to MS. Nobody is 100% secure.

dan m
profile image
It has happened, in 2007, In a predictable way. Which is why having the service tied to things outside of the closed network is a dumb idea.

In 2007 people had their accounts Hijacked via Windows Live ID/Hotmail, if the passwords were not secure they got ganked. It was a bad idea for MS to allow people to tie-in their Live accounts to Windows Live ID/Hotmail accounts, that problem got fixed as I recall.

Amir Sharar
profile image
"Dont kid yourself - this can happen to MS. Nobody is 100% secure."



I agree. There seems to be an idea that since Live is a paid service, that more resources are allocated toward system security.



While that may be the case, it hasn't prevented hackers from doing this sort of things with other products that are heavily funded in terms of development (operating systems, business software, etc.).

A W
profile image
I shook my head because I really can't express how angry I am. But well... nothing is 100% secure.

Morgan Ramsay
profile image
This thread: "PSN was hacked, so Xbox Live MUST be impenetrable." Why? "Bad things happen to other people, so I MUST be invincible!" How do you jump to such inane conclusions?

Brandon Karratti
profile image
I agree. This fanboy stuff is just getting ridiculous.

Jeremy Reaban
profile image
Well, I do think MS takes Xbox Live far more seriously than Sony does PSN.



For one, store updates. They happen at regular times on XBLA. On PSN? Whenever they feel like it.



That shows a lack of professionalism, and it's not a big jump to think that extended to security as well.



Besides that, MS has run Xbox Live since the original Xbox. While I doubt it's impenetrable, I'm sure it's far more secure than PSN was.

Doug Poston
profile image
Live isn't impenetrable, but Microsoft has a lot more experience running secure networks then Sony does.

Morgan Ramsay
profile image
Doug, which Sony? Big companies are effectively comprised of many smaller companies.

dan m
profile image
Sony's flaws is no private servers like Live, Ability to play on PC servers, and a web browser. In my eyes that makes each console open to attack easily. Once you close the network and limit access, things look different.



Not really a fanboy but I like things that function, I own both units as I like both worlds, but my opinion is the PSN stinks in comparison due to the fact of the amounts of login problems and you name it. Having owned a 360 since launch, I recall only a handfull of times that I couldn't login, announced downtime normally. I hardly can recall a moment I was not able to sign in and play a game on Live which was not a routine downtime/maintenance.

Lyon Medina
profile image
I see this as a problem of rapid expansion of PSN. The service should have been simplified and built under a strong foundation.





Of course this is a tradgedy, I hope no ones Credit account info is stolen in this, and best of luck.

Evan Combs
profile image
I think this is kind of the difference between a software company and a hardware company. A software company is more likely to have more tricks up their sleeves when it comes to security than a hardware company would. I don't doubt that each network receives attacks all the time, and I wouldn't be surprised if both companies tried to attack each other, and I don't for one second suspect that Xbox Live is not impenetrable, but I would expect them to be better at keeping their network secure.



My only question is what is taking so long Sony?

Joe McGinn
profile image
http://img.photobucket.com/albums/v247/DrForester/SonyIsntGoodWit
hComputers.gif

Mark Barlow
profile image
I think I'll go and play some Call of Duty on Xbox Live!

Daniel Martinez
profile image
Up next, XBox Live?

Mark Harris
profile image
Regardless of the fact that Sony was hacked, it seems that even internally their security was woefully inadequate when it comes to Personally Identifiable Information and credit card info.



I want the hackers to be caught and prosecuted, but Sony is definitely on the hook here for not adequately protecting vital consumer information. If one is going to collect and store personal information from customers then one is subject to all of the laws detailing security requirements and the ramifications of insufficient protection of private information.

warren blyth
profile image
I'm nervous about the PR spin here.

Surprised it isn't being addressed (maybe I'm paranoid).



I was all wrapped up in the thrill of PSN connecting to Mac and PC world, through Portal2. I convinced 3 people to buy the PS3 version of the game (none of which were fast enough to unlock it on PC/Mac before PSN was closed).



A point was about to be made - that the future of gaming is NOT closed networks. But now all I read is "I'm sure glad I can pay Microsoft 60 bucks for their closed network."



This leaves me deeply depressed. And skeptical of the source of the attacks. not sure how crazy I'm being here, but the timing is incredible.

Mark Harris
profile image
It's not necessarily the open nature of the network, it is the absurdly insufficient amount of security given the open nature of the network.



A company with the resources at Sony's disposal should never have a breach of this breadth and magnitude. Breaches will happen, but if the security is set up correctly then the amount of data acquired before detection should be relatively low and any sensitive data should be encrypted to the point of being unusable by an outside intruder even if stolen.

Glenn Storm
profile image
Poor Kevin Butler.

R G
profile image
Exactly what I was thinking xD.



Too much bacon in the system?

R G
profile image
Another reason why I believe having a service tied to a console is damaging.


none
 
Comment: