Earlier this week, Sony took their PlayStation Network offline on suspicion of hacking. Turns out those suspicions were true and the PSN and Qriocity accounts hacked of customer’s personal information. Credit card data, email addresses, names, birth dates, and addresses may have all been compromised due to the breach. Josh Shaul who is chief technology officer for Application Security Inc., said, “Simply put, one of the worst breaches we’ve seen in several years.” He also stated, “They indicated that they’re worried about it, which is probably a very strong indication that everything was stolen.”The breach is being considered malicious and Sony has hired an security firm to investigate. Greater protections are being implemented for personal user information. “Our teams are working around the clock on this, and services will be restored as soon as possible,” said Sony Tuesday.
Sony’s press release:
“ Valued PlayStation Network/Qriocity Customer:
We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:
- Temporarily turned off PlayStation Network and Qriocity services;
- Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
- Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.
We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country,email address, birth date, PlayStation Network/Qriocity password and log in, and handle/PSN online ID.It is also possible that your profile data, including purchase history and billing address (city, state, zip),and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in anyway, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well. To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports.”
Along with hoping their identity hasn’t been stolen, Sony Qriocity and PSN users also hope that due to this breach they will receive some compensation for lost membership time.