Sony Confirm Personal Data Breach, Still Working on Bringing PSN Back Online
Visit our Live Report for the latest information on the PSN Downtime
After nearly seven days of PlayStation Network downtime, Sony has finally chirped up on the actual cause, confirming that a breach of personal data has occurred.
In a post on the official PlayStation Blog, Head of Communications, Nick Caplin, has said that personal information, including your name, address, email address and PSN passwords could have been compromised in a “malicious attack on [Sony's] servers”. While they noted there was “no evidence that credit card data had been taken”, they could not rule out the possibility. Full list of possible data stolen:
- Name
- Address (city, state/province, zip, postal code or country)
- Email address
- Birthdate
- PlayStation Network/Qriocity passwords and login, and handle/PSN online ID.
- Purchase history and billing address (city, state, zip)
- PlayStation Network/Qriocity password security answers
- Credit card details associated with your account (excluding the security code on the back)
Obviously, now is the time to be extra vigilant with your security around the web. It’s strongly suggested you change your passwords that match the Sony ones as well as keeping an eye-out on your bank account. It may even be worth informing your bank of the breach and getting them to take the necessary steps.
As for the status of the PSN? Well, Sony have said that they should have “some services” back up “within a week”. That could mean the Store, online play or any other service they offer so maybe don’t count on that just yet.
They haven’t yet detailed exactly what happened, but the latest theories (certainly looking pretty credible now) is that a group or individual managed to change their consoles to developers ones, allowing access to the PSN developer network. Here, due to them essentially ‘trusting’ consoles on the network, Sony didn’t secure it as heavily as the consumer network meaning that the hackers were able to access the servers where personal information is kept. All of this comes by way of a Reddit post where a moderator for PSX-Scene detailed much of it. While it’s worth noting that none of it’s official it certainly seems like the most likely story so far.
The question is now why Sony took so long to inform us that our personal information had been breached. This is a question that Connecticut Senator Richard Blumenthal is asking too, today writing to Sony CEO, Jack Tretton, noting the “troubling lack of notification from Sony about the nature of the data breach” asking why it took the company nearly a week to inform its customers. (You can read the Senator’s full letter here.)
These are all good questions and it’s clear that Sony are going to rightly grilled over the next few weeks and months.
It’s pretty terrible that this happened in the first place, but worse still that they waited this long to confirm the suspicions of many that there was likely a full scale data breach.
Yeah.. probably not going to buy much of anything on the Playstation store for a good few years, if ever. Live may be a bit of a rip off, but they haven’t had a breach like this.
When I first found out Nukezilla was “hacked” it took me at least a day to find out what actually happened before making a public statement. I think, with the PSN being so big, a delay like this with something so complex is sort-of understandable.
It’s important to first of all be transparent. And if you can’t do that, if you’re a giant corporation and the idea of transparency and honesty makes you vomit, then you need to be accurate.
I hope Sony come out with all the details at some point so we can all see precicly what went on. What this data actually downloaded, or simply might it have been? How slow were they to react etc.
I’ve lost confidence with PSN now. I will only be purchasing things from it with PSN cards from now on. This is such a massive breach of trust I wouldn’t be surprised if people got rid of their PS3′s over this.