Last Wednesday Sony suspended their network and confused many its users with the message ‘be patient while we investigate an external intrusion’. Today one week later Sony has some very bad news to give to its subscribers. Whoever hacked into the Sony PlayStation network has stolen personal data possibly including credit card details meaning that Sony subscribers are now at risk.
The PlayStation blog yesterday posted an official statement about what had happened. Nick Caplin, head of communications for Europe, said “We have discovered that between April 17 and April 19 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorised intrusion into our network”.
Unfortunately for Sony PlayStation subscribers the unathorised entity has obtained following user details:
- Address (city, state/province, zip or postal code)
- E-mail address
- Date of birth
- PlayStation Network/Qriocoty passwords and login
- Handle/PSN online ID
The major scare comes in this sentence, “while there is no evidence that credit card data was taken at this time, we cannot rule out the possibility”. Sony subscribers are also being told that their purchase history, billing address and PlayStation Network/Qriocity password security answers may have been stolen too. PlayStation suspects that this information is going to be used in email, telephone or postal mail scams. Those at risk are being told that under no circumstances will Sony contact its customers asking for personal information, in the form of email, a telephone call or a postal letter.
You have to respect the openness of the PlayStation team in giving up so much information. It may be through transparency they are trying to regain some of their reputation, after losing so much due to poor security. This kind of hack should never have been able to happen, this really is a ‘big one’. The amount of data that the hackers were able to obtain, seriously puts at risk those whose data was taken. If it was me with that information I would be taking those email addresses and trying those passwords right now. PlayStation have been very open, but very slow too. Users are asking why it has taken a week for them to be informed about stolen data; analyses and damage measurement can take a long time, so it maybe that Sony have been working hard to find out exactly what has been stolen.
The PlayStation network remains down with no sign of when it will be restored.