Update To Sony’s Playstation Network and Qriocity Penetrated and Personal Data Stolen

Published on April 27, 2011 By DrJBHL In Personal Computing

I’ve been watching this story evolve over the past week, and decided to warn our gamer friends about this as a Community service. I don’t know if many or, for that matter any of you folks have been impacted by this, but safe is better than sorry, and “Thou shalt not stand idly by.” seem to apply here.

Sony confirmed this penetration on Tuesday.

If you are part of Playstation Network and/or Qriocity, you should be receiving an email from Sony confirming the penetration.

"The email will tell subscribers that Sony has turned off the PlayStation Network and Qriocity cloud-music service, engaged an outside security firm and "taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information", per Mark Hachman at PC Magazine.

"Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained," the email states. "If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained.

While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained." – Sony Spokesman

This is important:

1. Disregard any email purporting to be from Sony or any agent of Sony asking for personal or financial details.

2. You might want to set up a new identity in your email account and inform your friends of it, and shut down the old account.

3. You might want to change your Credit/Debit Card number and a simple explanation to the Credit/Debit Card Company as to why should suffice and they should be glad to help you do this. They are as interested as you in preventing fraud and abuse.

I hope you aren’t victimized by all this, but there are positive steps you can take to prevent tremendous damage to your finances and Identity.

Hope this helps!

Comments (Page 3)

CharlesCS

on May 03, 2011

OK, so I'm not a Sony PS3 owner and don't have an account on PSN so I am a bit lost on this. Has the service been restored or are the servers still down? Also are people still able to play games or are they stuck kinda like how some of us are when Blizzard goes down and we can't even play single player on Starcraft II?

DrJBHL

on May 03, 2011

Restoring it in stages. I think anyone wanting to use it had better think twice (or more).

Gwenio1

on May 03, 2011

It appears the free credit card protection will be handled through the three credit bureaus for people inside the US. They have been informed who was affected and you only need to contact them (you do not give info to Sony). This is for those interested in how it will be done, as people that were affected are being informed by email.

DaveRI

on May 03, 2011

Interesting sidenote:

I just got an "important email" from "Sony". I have no idea what it said, as I just deleted it without reading it just like I do with all "important" emails. You see, I don't have any PlayStations or such, haven't happened to buy any Sony stuff in years, and there's no way Sony has my current email address. I have to think it was generated from another source. So there you go, not particularly surprising.

pacov

on May 03, 2011

Here's one of the emails:

Dear Valued Sony Online Entertainment Customer:

Our ongoing investigation of illegal intrusions into Sony Online Entertainment systems has discovered that hackers may have obtained personal customer information from SOE systems. We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyber-attack. Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password.

Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained and we will be notifying each of those customers promptly.

There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment.

We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1st we concluded that SOE account information may have been stolen and we are notifying you as soon as possible.

We apologize for the inconvenience caused by the attack and as a result, we have:

1.	Temporarily turned off all SOE game services;
2.	Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
3.	Quickly taken steps to enhance security and strengthen our network infrastructure to provide you with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When SOE™'s services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your Station or SOE game account name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it:

U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228.
We have also provided names and contact information for the three major U.S. credit bureaus below. At no charge, U.S. residents can have these credit bureaus place a "fraud alert" on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below.

Experian:	888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013

Equifax:	800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241

TransUnion:	800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790

You may wish to visit the web site of the U.S. Federal Trade Commission at www.consumer.gov/idtheft or reach the FTC at (877) 382-4357 or 600 Pennsylvania Avenue, NW, Washington, DC 20580 for further information about how to protect yourself from identity theft. Your state Attorney General may also have advice on preventing identity theft, and you should report instances of known or suspected identity theft to law enforcement, your State Attorney General, and the FTC. For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone (877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202; telephone: (888) 743-0023; or www.oag.state.md.us.

We are committed to helping our customers protect their personal data and we will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs. The implementation will be at a local level and further details will be made available shortly in regions in which such programs are commonly utilized.

We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at (866) 436-6698 should you have any additional questions.

Himmelweiss

on May 04, 2011

I'm actually happy that this happened to Sony. (Note: i feel sorry for those affected!)

However, my account was hacked about 1 year ago, quite a few others were hit at the same time as well.
Everyone called Sony Support, and they always just said "The PSN can't be hacked!", yeah right... *bullshit* was all i was thinking...

I just shutted down my account, since then i didn't create a new one.

So, yeah... i'm glad that some smart hackers finally teached Sony...

DrJBHL

on May 04, 2011

I've come to believe there should be legislation enacted requiring all payment method information (credit card, etc.) be destroyed by the seller within 24 hrs. to protect the buyer. Not encrypted and stored. Destroyed. Name and email address and what was purchased and length of licensing could be 256 bit encrypted and saved.

Unfortunately, most corps are multinational and would find a way around it, unless the penalties were so severe and the law encompass the problem from the consumer's point of view, ie. "No American citizen's data may be stored anywhere beyond 24 hrs.". However, how could it be proven? Subpoenas are limited.

I've simply come to the conclusion that secure data is/will be a myth for the forseeable future.

myfist0

on May 04, 2011

A proposed class action suit in excess of $1 billion has been launched in Toronto on behalf of about one million Canadians against Sony Corporation and its PlayStation and Qriocity networks for breach of privacy and negligence

http://www.thestar.com/news/article/984932--playstation-users-plan-class-action-suit-for-hacking?bn=1

can you say hari-kari children

unacomn

on May 04, 2011

I really hope they get this sorted out and everything ends well. One of my favorite MMOs, Pirates of the Burning Sea uses the SOE authentication servers, and has been down ever since this debacle started. That's just not fair. I was going to raise money to buy a duck with a hat to follow me around while I swashbuckle.

It's stuff like this that really makes me lose faith that big publishers will stop treating costumers like potential criminals. The paranoia levels are going to go trough the roof.

On a deranged conspiracy note: Boy, Microsoft sure had a lot to gain from this.

Hankers

on May 04, 2011

In case anyone is interested, Sony is looking for a Security Analyst - http://www.careerbuilder.com/JobSeeker/Jobs/JobDetails.aspx?job_did=J3F4GV6PLHHGXQC9WWF

pacov

on May 04, 2011

Hankers

reply 40

In case anyone is interested, Sony is looking for a Security Analyst - http://www.careerbuilder.com/JobSeeker/Jobs/JobDetails.aspx?job_did=J3F4GV6PLHHGXQC9WWF

hehe... doesn't sound like a job many would want. A bit of a mess to inherit, no?

Anyway, at the very least, all of this is prompting me to go to a much more diverse system for password generation, etc. Odds are I'll end up with many, many passwords for multiple sites now. Not completely desirable, but it certainly beats having to change passwords all over the place when we learn that trusted institutions aren't so trusted.

Dr Guy

on May 04, 2011

Hankers

reply 40

In case anyone is interested, Sony is looking for a Security Analyst - http://www.careerbuilder.com/JobSeeker/Jobs/JobDetails.aspx?job_did=J3F4GV6PLHHGXQC9WWF

A little late for that!

Hankers

on May 04, 2011

OMG_pacov

reply 41

Anyway, at the very least, all of this is prompting me to go to a much more diverse system for password generation, etc. Odds are I'll end up with many, many passwords for multiple sites now.

Use LastPass to generate passwords andremember them - http://lastpass.com/

The free version works well.

RedneckDude

on May 04, 2011

Hankers

reply 40

In case anyone is interested, Sony is looking for a Security Analyst - http://www.careerbuilder.com/JobSeeker/Jobs/JobDetails.aspx?job_did=J3F4GV6PLHHGXQC9WWF

I didn't know you did stand up, Hank!!! You're good too....

kona0197

on May 04, 2011

I'm just waiting for the PSN to come back online. I want to download Final Fantasy 7 (best game ever made) to my PSP.

Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:

Richer content, access to many features that are disabled for guests like commenting on the forums.
Access to a great community, with a massive database of many, many areas of interest.
Access to contests & subscription offers like exclusive emails.
It's simple, and FREE!