Sony admit PSN data was stolen

[Dark Drakan]

Sony have finally admitted that customer data has been stolen from PSN. Why its taken so long to let people know when they realised this 10 days ago and how many out of the 77 million users worldwide have lost data is still unknown. Data stolen includes names, addresses, email addresses, passwords & credit card details. Here is the full statement...​

Thank you for your patience while we work to resolve the current outage of PlayStation Network & Qriocity services. We are currently working to send a similar message to the one below via email to all of our registered account holders regarding a compromise of personal information as a result of an illegal intrusion on our systems. These malicious actions have also had an impact on your ability to enjoy the services provided by PlayStation Network and Qriocity including online gaming and online access to music, movies, sports and TV shows. We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week.

​

We're working day and night to ensure it is done as quickly as possible. We appreciate your patience and feedback.​

Valued PlayStation Network/Qriocity Customer:​

We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:​

1. Temporarily turned off PlayStation Network and Qriocity services;​

2. Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and​

3. Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.​

We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.​

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.​

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.​

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it:​

U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228.​

 

[Dark Drakan]

We have also provided names and contact information for the three major U.S. credit bureaus below. At no charge, U.S. residents can have these credit bureaus place a "fraud alert" on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below.

​

Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013​

Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241​

TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790​

You may wish to visit the web site of the U.S. Federal Trade ​

Commission at www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania Avenue, NW, Washington, DC 20580 for further information about how to protect yourself from identity theft. Your state Attorney General may also have advice on preventing identity theft, and you should report instances of known or suspected identity theft to law enforcement, your State Attorney General, and the FTC. For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone (877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202; telephone: (888) 743-0023; or www.oag.state.md.us.​

Sincerely​

SCE and SNE​

​

​

Heres a Q&A with Sony giving some more details on the risks of the hack.​

PSN Failure/Fraud Q&A​

 

[Ebony]

Wonder how They let this happen? I don't use the PSN network very often, but im sure we have a credit card linked to the account. Also that's nice for people who live in the US. What about the rest of the world?! Thanks for the info DD.

 

[aka958]

Wonder how They let this happen? I don't use the PSN network very often, but im sure we have a credit card linked to the account. Also that's nice for people who live in the US. What about the rest of the world?! Thanks for the info DD.

They didn't let it happen. They got hacked. It happens. :/

 

[Ebony]

Lol. Ok wrong use of words on my part. I guess I was thinking that to me Sony seem to be a bit lazy with things these days, that's why I hardly ever use my PS3. Plus it's taken them 10 days to let people know?!

 

[Darth Angelo]

While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility

lolz

As far as I am aware at this point not a SINGLE PS user has come forward saying that their credit card info has been compromised. If sombody is aware of such a case at the moment feel free to prove me wrong because I am about to go off on one.

My credit card is linked to my currently inactive PSN account atm and you know what? I am not the least bit worried about my money being stolen. Assuming Anonymus are the ones they are referring to I call major BS on Sony's part. If Anonymus wanted to steal peoples money

1. They would have picked a better target than a bunch of Playstation gamers.
2. Our money would probably be gone already, these people dont mess about.

On the news earlier I heard a statement from Sony saying along the lines of "We advise PS users to not yet go to such drastic lengths as canceling their account/credit info" Why? Because they want you to be scared, nothing more just be scared and remember that we are the good guys and the scary hackers are picking on us all

Anonymus don't want our money and never did, they have explained time and again this is about peoples right of ownership over their console and their freedom, not to hack and cheat and ruin everybody elses fun but to simply protest when something they paid good money for is taken away with a half-assed reason and when somebody has the balls to try and get it back they try and destroy him for it. Then they threaten anyone who so much as glanced at his website or youtube account with "WE HAVE YOUR IP! WE WILL BRING YOU DOWN DON'T F WITH US!"

Take a look at this list of Activities and then tell me these people are scary criminals out to destroy the little guy.
http://en.wikipedia.org/wiki/Anonymous_(group)
The ones you should be scared of are Sony because (and I hate to sound like a brooding conspiracy theorist here) they are using fear to keep you in line. All they have done is used their money to get the word out to mainstream media that you should be afraid of these big scary hackers because they are relentless villains who want to steal all your money and ruin your future. This is nothing but propeganda and scaremongering and I can see right though it. Remember there is nothing to fear but fear itself.

Thanks btw DD

 

[Dark Drakan]

Take a look at this list of Activities and then tell me these people are scary criminals out to destroy the little guy.
http://en.wikipedia.org/wiki/Anonymous_(group)
The ones you should be scared of are Sony because (and I hate to sound like a brooding conspiracy theorist here) they are using fear to keep you in line. All they have done is used their money to get the word out to mainstream media that you should be afraid of these big scary hackers because they are relentless villains who want to steal all your money and ruin your future. This is nothing but propeganda and scaremongering and I can see right though it. Remember there is nothing to fear but fear itself.

Thanks btw DD

Although Anonymous denied the hack was them Gamers in a weird way would be better off if it was because as you say they dont want peoples data and dont have any use for it. They merely wanted to screw things up for Sony and Sony have been trying to blame things on them to make them look like the bad guys and make gamers turn support away from them. Its a weird situation for both Gamers and Sony as both are currently suffering and if Anonymous were behind it then what are they hoping to achieve by doing it? I bet Sony themselves are freaking out as they dont have answers on who it was who did it or why and they cant reassure people without knowing.

 

[Esura]

Actually, I just posted this news on this other message board and was going to posted here but got beaten out by the Drakan.

At first I was freaking out, then I started subtly falling into a mindset similar to Darth Angelo. I be damn if I'm going to go a week or two without my debit card. Now I don't mind changing emails and passwords and stuff, like I did here, but I'm not going through the process of changing debit cards...especially with the bank I'm with.

 

[V]

Well I'm glad I don't use the PS3 for anything but Blu Rays. I just got done being frauded via the internet, thanks.

 

[Dark Drakan]

Not only gamers that have suffered either with PSN being down as a UK development team who want to remain Anonymous (ironic) have suffered losses that go into the thousands.

What we're concerned about is how many people are going to come back after the PlayStation Network comes back online. There may be a lot of people who won't want to spend their money through PlayStation Network now. We're expecting a 5-10 per cent drop in business.

People will be a bit more wary about using their credit card on PSN, so obviously we're nervous about sales. For the last week we've lost a lot of money from the PlayStation Network being down, This will likely be a two-week period where we literally have no money coming in. Zero revenues over a two-week period is definitely an issue for us. We've lost [£] thousands. Hopefully Sony will try to ensure this never happens again. We're certainly hoping we'll get something back from Sony. Perhaps they'll cut their royalties a little bit for a short period, to make up for the losses.​

​

 

[Vergil'sBitch]

Its times like these I'm glad that I don't have full internet.

 

[Richtofen]

I'm still kinda freaking out since I actually used the PSN a fair amount. But like Darth said there shouldn't be much to worry about...

 

[Dark Drakan]

[UPDATE]​

Now it seems they are totally backtracking on previous statements and press releases and saying no data was lost to outside parties...​

From SOE's director of global community relations, Linda Carlson​

We wanted to update you on the status of our examination of the SOE system intrusion we announced last week. We have been conducting a thorough investigation and, to the best of our knowledge, no customer personal information got out to any unauthorized person or persons.

We are continuing that investigation and monitoring the situation carefully; should the situation change, we will -- of course - promptly notify you.

This was after Sony had announced that PSN terms and conditions suggest the company isn't liable for the loss of customers' personal information anyway.​

We exclude all liability for loss of data or unauthorised access to your data, Sony Online Network account or Sony Online Network wallet and for damage caused to your software or hardware as a result of using or accessing Sony Online Network.

Terms can be read here.​

 

[Vergil'sBitch]

*slowly claps hands at sony* very good. personally, it is sony's fault, and they do know this. I'm pretty sure, they've said this so they can't be taken to court or have any legal action taken against them.
If that's only just been the case since the hacking has taken place, then i highly doubt that clause would stand (especially in a court or by someone who is higher than sony and can tell them what to do).

It just proves that a future console that is download media only will never work, especially if things like these can happen.

 

[Dark Drakan]

*slowly claps hands at sony* very good. personally, it is sony's fault, and they do know this. I'm pretty sure, they've said this so they can't be taken to court or have any legal action taken against them.
If that's only just been the case since the hacking has taken place, then i highly doubt that clause would stand (especially in a court or by someone who is higher than sony and can tell them what to do).

It just proves that a future console that is download media only will never work, especially if things like these can happen.

People in the UK would likely be protected by the Information Commissioners Office as they had said:

While we are unable to say where the data is being stored at present, if it was in the UK, this clause would not free them [Sony] from their obligations under the UK Data Protection Act. If we found a breach, one of the actions we could take would be to issue an undertaking, which is an agreement between the ICO and the company that if they are handling personal information they have to bring about set improvements in order for them to be compliant with the act.

If the company is not compliant with the act within a certain time limit, further action would be taken and we might consider an enforcement notice or issue a monetary penalty. For serious breaches of the act, we can issue a monetary penalty up to £500,000.

 

[Vergil'sBitch]

I hope it did happen in the UK. But, that penalty wouldn't dent sony's wallet. why couldn't a major company like sony forsee something happening like this? i know hindsight is very handy, but, surely they could've been better prepared.

 

[Dark Drakan]

I hope it did happen in the UK. But, that penalty wouldn't dent sony's wallet. why couldn't a major company like sony forsee something happening like this? i know hindsight is very handy, but, surely they could've been better prepared.

Thing that bugs me is the uncertainty of the whole thing and lack of information. I mean one minute data has been lost and they have known for 10 days, then they only claim to have found out the cause today, then they claim no data was lost. So what exactly has happened people are at the moment none the wiser and PSN could be down for another week yet...

 

[Esura]

This was after Sony had announced that PSN terms and conditions suggest the company isn't liable for the loss of customers' personal information anyway.​

Doesn't stop people filling class action lawsuits against them right now. Sony will settle out of court most likely.

 

[Richtofen]

Just wow, I can't believe that...

 

[DreadnoughtDT]

Sony's beating around the bush a bit, aren't they? Classic big corporate scheme. They instigate a scare to make everyone follow like sheep, then assure them everything is okay. It never seems to work, always blowing up in their face.