Gamasutra is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Gamasutra: The Art & Business of Making Gamesspacer
arrowPress Releases
If you enjoy reading this site, you might also want to check out these UBM Tech sites:

PlayStation Network Accounts Compromised, Personal Information Stolen

PlayStation Network Accounts Compromised, Personal Information Stolen

April 26, 2011 | By Frank Cifaldi

Sony Computer Entertainment has released a statement finally explaining why its PlayStation Network service has been down most of the past week, saying that an illegal intrusion into its network has compromised its database of user account information.

In a PlayStation Blog statement by SCEA's Patrick Seybold, the company claims an unauthorized entry into both the PlayStation Network and Sony's music and video service Qriocity was made by an unnamed group that compromised "certain...user account information."

According to a letter currently being sent to all of Sony's registered account holders, the company believes that "an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID."

Other compromised information across the PlayStation Network includes "purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers."

Sony says that while there is no evidence of credit card info being stolen, the company "cannot rule out the possibility," and advises users who have connected a card to their accounts that credit card numbers and expiration dates (though not security codes) may have been obtained by a third party.

Sony's letter goes on to suggest actions an affected user should take, including being vigilant about communications that ask for personal information, changing any passwords shared with a user's PSN account, and contacting U.S. credit bureaus to issue a fraud alert.

Sony has clarified to Gamasutra that this information seems to apply to all accounts, with Seybold telling us "Our investigation indicates that all PlayStation Network/ Qriocity accounts may have been affected."

PlayStation Network services are expected to be resumed within a week, says Seybold, after its system undergoes a "re-building" to provide better protection.

[UPDATE: Sony has updated its support site with a FAQ about the attack.

In an official statement to Gamasutra, the company also said that it didn't wait nearly a week to alert users that their personal information was compromised -- that revelation only came on Monday, SCEA said.

"There's a difference in timing between when we identified there was an intrusion and when we learned of consumers' data being compromised," the company explained. "We learned there was an intrusion April 19th and subsequently shut the services down."

"We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident," the statement continued. "It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday [April 25] to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon [April 26]."]

Related Jobs

Champlain College
Champlain College — Burlington, Vermont, United States

Assistant Professor of Game Art
JDRF — San Francisco, California, United States

JDRF Game2Give Community Manager
Disbelief — Cambridge, Massachusetts, United States

Disbelief — Chicago, Illinois, United States

Senior Producer

Loading Comments

loader image