So perhaps you PS3 users out there have been thinking: “PSN has been down for almost a week now. How could this get worse?”
It’s worse.
From the official Sony press release:
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained.
In other words, Sony’s security systems totally failed and all your account details are now in the hands of hackers. I know some people still don’t trust me after the “I’m leaving” joke, but this is real.
ArsTechnica goes on to say:
Sony is still unsure about whether your credit card data is safe. [...] There is still no update on when service will be restored, but that is the least of your concerns if you have a PlayStation Network account. It’s time to change your passwords, at the very least, and if you’re like to be completely safe it’s not a bad idea to cancel your credit or debit cards and request replacements.
Category: 
Tags: 
I am quite worried about this, I just want to be able to change my password and remove my information from my account but because Sony has shut it down I can’t.
A bit of advice, change and passwords you have stored on your PS3 too as sub system info was also accessed, for example Netflix, Lovefilm, Qriocity etc. I have changed my Lovefilm password already.
Oh and why has it taken a week for Sony to inform its customers of this problem?7
This is serious. I really hope all you PS3ers get through this unscathed.
I hat to think what will happen to sony if money starts being bled from users bank accounts.
I wonder if all the PSN Plus subscribers will get compensated for loss of service?
Looks like U.S. Senator Blumenthal (D-CT) has some words for Sony: http://goo.gl/bl9Gf . I haven’t always been his biggest fan (I’m a CT resident), but this has me cheering for him.
What a disaster for Sony. What an covert victory for the 360!
As a PS3 owner, I am disgusted with the way in which Sony have handled this matter: seemingly withholding information until they ‘had’ to release it, and then issuing a rather arrogant statement, without any form of apologia for those inconvenienced.
Last night, I cancelled my credit card as a precaution. I already have identity theft protection on my accounts, so no worry there.
As for Sentinal’s point; if personal details ARE used, this could be a catastrophic financial disaster for Sony. Possibly terminal. Maybe I exaggerate and add pathos where none is needed.
As regular VGs will know, I am a staunch supporter of the PS3 and the Sony vision, but the way in which this has been handed displays, if not a complete indifference to their customers, then at least a crass unprofessionalism.
On a more humorous note:
I too have cancelled my credit cards as a precaution
Sony’s attitide towards this is dreadful. They should have been up front last week.
I’ll try not to sound like one of those forum experts here…but I work for a very large database software company and work in technical support area.
I am by no means a security expert…but I do see customer’s setups on a day to day basis.
I’ve dealt with hundreds of customers that store their customer’s personal, user and credit card data stored in databases.
1 – You should never put the personal and credit card / financial information on the same system / database
i.e.
Personal data on System 1 and Credit card on System 2 and have an enctypted link between the 2 systems so you application reads both system 1 and system 2 but there is no unencrypted link between the different data…therefore no obvious link between the 2 sets of data (other than via you application….in this case when you log into PSN and make a payment)
2 – All passwords and card numbers should be stored as obfuscated data (meaning you cannot read the data in plain text but your application / database can convert it when needed but to the hacker this is a load of numbers and letters they cannot do anything with)
Sony said that our passwords have been taken…and can be used.
“PlayStation Network/Qriocity passwords and login, and handle/PSN online ID”
If this is the case – then they stored this information in plain text in their database.
This is a MASSIVE NO NO….and something you should never EVER do.
This means anyone with access to PSN internally (employees) could access your account (including password) and credit card details….so not just hackers that can use your details – which is some ways is just as frightening as the hackers getting access to the system.
I do wonder if Sony will apolgise for having such a non secure system for its 70 millions customer accounts
This could be one of the most embarrassing security breaches worldwide.
Will the PSN survive ?
I’m also amazed by the fanboys on the Sony Blog saying things like -
“Thanks for all the hard work and keeping us up to date, we know its not your faults…its the hackers”
What ??? – Are you on drugs and don’t care your personal details are available to anyone that pays the hacker enough for them.
Its like a bank leaving the door to the safe open and then you saying to the bank(when they can’t give you your money back) “its not your faults…its the nasty robbers fault…don’t worry about my money”
Do they think if you left your keys in your car ignition and the car was stolen that your insurance company would say – “Its not your fault its that nasty man / woman that took your car – here is a new car for you !!”
I hate stupid internet people…I really do.
Sony and the their Fanboys.
I am just hoping / praying that this was done by some hacker that’s intelligent to know how to hack the system but doesn’t really know what to do with the data or has no intention to pass it on but wants to prove a point…..but I am probably being a little naive
On the positive side, when the PSN does return, it will probably be one of the most secure around.
They will probably have hidden our card details in a small box, reading ‘card details’. On the side of the road.
Still, the size of the humble pie that Sony will have to eat will be immense.
If we users get no apology, and the usual Sony arrogance, I for one will be abandoning the system, and trading all of my PS3 games for the 360 equivalents. Extreme? Perhaps, but as a customer, I refuse to be treated with contempt by the company that failed ME, not I them.
As for unencrypted personal data…unforgiveable and egregious. I have no wish to see Sony dragged through the streets, but an example DOES need to be made.
Duke, I am not disputing this but can you source at least where the bit from Sony came from? I would like to have that for reference since this has already become second-hand information. I just created a PSN account recently…
As solely an Xbox360 user this Sony debacle hasn’t affected me directly, even so i cant help thinking, will Microsofts Xbox be next? Are their security systems any better protected against hackers?
I have my dedit card linked to my Xbox live account but seriously considering removing it. Better to close the gate before the horse bolts or so the saying suggests.
I feel for you guys having to change bank details, nightmare.
What I wouldn’t give to have been a fly on the wall when the ‘Pull it, pull it now!’ order was given. Whoever had the balls to make that call should be driving the recovery.
The spin doctors are now involved and the truth whatever it is will go with out the window now.
Maybe Geohot should have been offered a job?
They may even put our details on a laptop and leave it on a train…
From my Lunchtime Surf….found this new saying –
“Better safe than Sony”
last one from me….
I thought this was funny (the irony of it)
I just went to the Sony EU blog site – http://blog.eu.playstation.com/
and pressed the Sign in link on the far right…just to see what would happen
I get this message (standard certificate message)
Untrusted Connection:
This Connection is Untrusted
You have asked Firefox to connect securely to store.playstation.com, but we can’t confirm that your connection is secure.
Too bloody right I can’t !
really really bad, i received an email from Sony this am regarding this which i have posted on here aswell as our buddies on other communities. I have posted it in forums if anyone wants to have a look.
http://www.veterangamers.co.uk/forum/viewtopic.php?f=5&t=862
the above is the topic on forums where i left the copy of email i received.
the simpson bully comes along.. Nelson??? HA HAA
Quanrian: See where it says in the original post “From the official Sony press release:”? See those red letters? They indicate a link. If you click that link, you will find yourself at blog.us.playstation.com .. I believe Sony itself owns and operates that site.
This piece from PC Magazine is worth a look.
“Networks and servers are increasingly complex things and during attacks it is often difficult to pinpoint the issue or exactly what’s happening during an attack. Even so, Sony must’ve suspected, and yet it said nothing. Sure, it kept customers up to date on its progress, but did not alert them to the possibility of a data breach until almost a week into the attack. At that point, customer data has likely been passed along to malefactors—data that might include a credit card number, email, and billing address; time in which someone might have been using that information for credit fraud or identity theft.”
@Duke There are nicer ways to put that but thanks.
Just to make things even better! (sarcasm) The Sony T&C’s protect them:
“We exclude all liability for loss of data or unauthorised access to your data, Sony Online Network account or Sony Online Network wallet and for damage caused to your software or hardware as a result of using or accessing Sony Online Network.”
Well spotted by Edge online, thanks for nothing Sony!
Let the lawsuits begin!
nothing more to add to the interesting stuff above other than this. As a PS3 owner i have gone from ambivilance to outrage. Waiting a week to tell users what has happened is an outrage.
I havent had so much as an emial from sony which means ive got all this info from other sources.
I will not be purchasing SCE products in the future. What if you owned a PSP GO. Useless. Has Experia been hacked? SCE (or whom ever it is exactly) cant be trusted
woody i got my email this am, just spoke with a couple of friends in UK and they just got an email maybe 20-30 mins ago saying basically same thing.
No email for me yet so I may be in the clear fingers crossed
I got my email about 6pm
Lucky i only have a 360! Many freinds at school are majorly scared of their details. But one good thing about this was this joke;
I wish my girlfreind would go down for as long as the ps network
http://www.g4tv.com/thefeed/blog/post/712190/psn-class-action-lawsuit-filed/
there it is lawsuit is a go.
http://www.gamingfortheelderly.com/MGalleryItem.php?id=177
http://www.gamingfortheelderly.com/MGalleryItem.php?id=178
Not sure if those image links work, its Sonys new advertising campaign
markanix it didnt i dont see anything
I got my Sony email about 6pm this evening and have now changed the passwords on every site I can think of that has personal data and/or where I might have used that credit card. Haven’t actually cancelled the card though, I’m just keeping an eye on the statements. I’m more concerned about some scumbag applying for loans etc in my name, and no amount of card cancelling is going to stop that.
Also: This. (And in case you don’t understand.. this.)
A bit of good news? Credit card data was apparently encrypted.
Sorry to be a Soothsayer but if the PSN username and password were not encrypted then if the hacker has this there is nothing to stop them logging in as a hacked account and getting the credit card details
(of course that was before they brought the system down but we don’t really know when this started…)