Status update on PlayStation Network and Qriocity

Bram Hengeveld

Website Founder
OverTake
Premium
As most of you PlayStation 3 users will know by now the PlayStation Network & Qriocity services have been hacked this week. There is a big chance that personal data of registered account holders have been obtained by these malicious actions. The services should be (partly) resumed within a week from now according to the official PlayStation Blog.
psn.jpg
The following statement has been addressed to all PSN and Qriocity users:

Valued PlayStation Network/Qriocity Customer:
We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:

1. Temporarily turned off PlayStation Network and Qriocity services;
2. Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
3. Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it:

U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228.

We have also provided names and contact information for the three major U.S. credit bureaus below. At no charge, U.S. residents can have these credit bureaus place a “fraud alert” on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below.

Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790

You may wish to visit the web site of the U.S. Federal Trade Commission at www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania Avenue, NW, Washington, DC 20580 for further information about how to protect yourself from identity theft. Your state Attorney General may also have advice on preventing identity theft, and you should report instances of known or suspected identity theft to law enforcement, your State Attorney General, and the FTC. For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone (877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202; telephone: (888) 743-0023; or www.oag.state.md.us.

We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at 1-800-345-7669 should you have any additional questions.

Sincerely,
Sony Computer Entertainment and Sony Network Entertainment
On the fly updates can be expected via the PlayStation blog here
 
possible huge fine for Sony because of data protection failure, there was something in the news not long ago about some anti piracy law firm who got hacked and then fined for not securing their data correctly.
i think 77 million accounts is a bit of a big deal to slip under the radar.
 
I contacted my bank today who along with many others are in contact with Sony about this issue. My bank even has a team now set up for customers like me ringing in asking for advice. They told me I didn't need to cancel my card unless I really felt compelled to do so and that as my details were not leaked by me but a third party that any fraudulent activity would be covered by them. Sony also confirmed that the 3 digit security number on the back of credit and debit cards was not accessible to the hackers so for the purposes of fraud it would be difficult without that number.

Its still a very worrying breach of security but Sony has made itself a target for its stance on hacking its Playstation 3 console and if hackers can get into NASA then they will break into systems like the Playstation network.

I'm not going to makes excuses for Sony, its a huge breach of their security but I'm not going to go into an hysterical overflow like some of the media outlets seem to do with an attitude along the lines of:

"ZOMG! SONY LOST YOUR DETAILS AND NOW SOME HACKER CAN STEAL ALL YOUR MONEY, WIPE OUT YOUR ENTIRE FAMILY WITHOUT EVER LEAVING HIS HOUSE AND BTW THE INTERNET IS EVIL COS I ONCE HEARD A STORY THAT A DOG WENT ON THE INTERNET AND HE DOWNLOADED RABIES AND IT MADE HIM EVIL AND HE KILLED EVERYONE"
 
It's a service that's been attacked Paul just as any service you use could be such as your mobile phone provider, internet provider, gas, electricity suppliers etc. Sony dont ask for anything more than those services ask for.
 
Kevin Watts;806180 said:
It's a service that's been attacked Paul just as any service you use could be such as your mobile phone provider, internet provider, gas, electricity suppliers etc. Sony dont ask for anything more than those services ask for.

Haha you just made me laugh so hard milk just came out my nose!
 
The service was only hacked because the ps3 itself was hacked. It allowed people to access functions within the ps3 that are normally limited to development use. The network was open to attack due to this, as anything on the development network is trusted (at least it was until the PS3 was hacked). It's dubious if Sony are liable for any losses as it's not like any previous examples.
 
Imo those hackers should go to jail for 4 life times (100 years) because this is the same as stealing a 1 billion boat. Imagen just how much money this hackers can steal with all this bank account informations (if they now have all needed numbers).

I know internet is an evil place worse then the real world but I just won't accept that people want to ruin my time (or even your time) to play video games online with my (or your) friends. This goes also with hacking games to cheat because then there is no point in using a PS3, Xbox, PC, etc. to play games.

I hope PSN will find this hackers (if it really is hackers and not some media trick to draw attention) with alot of evidence to put them in jail.
 
Robert Walker;806222 said:
The service was only hacked because the ps3 itself was hacked. It allowed people to access functions within the ps3 that are normally limited to development use. The network was open to attack due to this, as anything on the development network is trusted (at least it was until the PS3 was hacked). It's dubious if Sony are liable for any losses as it's not like any previous examples.

Hi Rob,
they are liable, as the hack could only have been accomplished because Sony had left a way into their system. If they had the brains they were born with, they would have made the PS3 a drone machine. In otherwords, all the things you can access via the PS3 (because it is all onboard) would have been at their end only (Cloud system).

Here's a prediction; Sony will bend over backwards denying any wrong doing......remember the rootkit fiasco?
And the EU will drop the hammer on them for not encrypting users information. As they have with UK councils. This they won't be able to get out of. As they have already admitted to it.....allegedly!
 
Tony Crabb;806435 said:
Hi Rob,
they are liable, as the hack could only have been accomplished because Sony had left a way into their system. If they had the brains they were born with, they would have made the PS3 a drone machine. In otherwords, all the things you can access via the PS3 (because it is all onboard) would have been at their end only (Cloud system).

Here's a prediction; Sony will bend over backwards denying any wrong doing......remember the rootkit fiasco?
And the EU will drop the hammer on them for not encrypting users information. As they have with UK councils. This they won't be able to get out of. As they have already admitted to it.....allegedly!

Exactly my point, well put Tony. :)
 
Tony Crabb;806435 said:
Hi Rob,
they are liable, as the hack could only have been accomplished because Sony had left a way into their system. If they had the brains they were born with, they would have made the PS3 a drone machine. In otherwords, all the things you can access via the PS3 (because it is all onboard) would have been at their end only (Cloud system).

Here's a prediction; Sony will bend over backwards denying any wrong doing......remember the rootkit fiasco?
And the EU will drop the hammer on them for not encrypting users information. As they have with UK councils. This they won't be able to get out of. As they have already admitted to it.....allegedly!

There is always a way into every system. There is only so much you can do to stop such scenarios. Unfortunately for Sony, a scenario that should have been impossible was made possible. I Know it's a totally different scale, but if the server that hosts the Race Department site was accessed. The chances of some people using the same email and password for paypal accounts are surprisingly high. Would race department be held responsible? Or the hosting company? Previous incidents where companies have been fined were due to major wrong doings and negligence to data protection standards. Sony will have done everything by the letter. Their biggest issue is that they knew for a long time that the PS3 had been compromised. They either didn't realise the implications, or did nothing. That's where they can be held liable, and it's not black and white.
 
Kevin Watts;806126 said:
Sony also confirmed that the 3 digit security number on the back of credit and debit cards was not accessible to the hackers so for the purposes of fraud it would be difficult without that number.
3 digits gives a change of 1 out of 1000.
So, if out of 70 million users 20 million shared their Creditcard with Sony, and they'll use code 765 on every card there's a change they can use something like 20,000 credit cards with that code..
And if they try another time but now with code 439 they'll get another 20,000 cards..

Which is 40,000 cards. Rip off $1500 from each = $60 million in the pocket..

And if you have 3 tries with inserting that code you got 60,000 cards and $90 million in the pocket..

Georgios Davakos;806223 said:
Imo those hackers should go to jail for 4 life times (100 years)

??
A life time is a life time sentence in my country. No possibility for parole..
So if you get it when you're 20, you'll leave prison when you're dead..
 
Johan Top;806843 said:
A life time is a life time sentence in my country. No possibility for parole..
So if you get it when you're 20, you'll leave prison when you're dead..

Sounds excellent to me :thumb:

FYI: only a handful of convicted people have such a sentence in The Netherlands.

Normally the punishments here are a joke. If you shoot somebody you just say "sorry" to the judge and make a drawing of him and you are free to go :)
 
ive got doubts: where are this hackers from? how did they entered into the system of psn? why they did it?(for money, i know... but i need other reason) will the gt academy make a replace on the limit of time? can the ppl of psn make it never happen again???
 

Latest News

Do you prefer licensed hardware?

  • Yes for me it is vital

  • Yes, but only if it's a manufacturer I like

  • Yes, but only if the price is right

  • No, a generic wheel is fine

  • No, I would be ok with a replica


Results are only viewable after voting.
Back
Top