PlayStation Network Downtime Live Report
- The PlayStation network is now online again after a month of downtime.
- On April 20th the PlayStation Network was turned off by Sony after 77 million peoples’ personal data was obtained by hackers.
- A further 24.6 million peoples’ data was leaked from Sony’s gaming wing, Sony Online Entertainment.
- Sony have published two Q&A articles (#1 #2) to help explain the situation.
- A media briefing was held by Sony. You can read our full report here.
Sunday, 15th May
6:12am EST / 11:12am GMT: The PlayStation Network is now online, after a month of downtime. There’s a mandatory update which forces you to reset your password.
Friday, 6th May
4:37am EST / 9:37am GMT: In a separate post on the official PlayStation Blog, social media director Patrick Seybold has noted some progress in PSN restoration:
Today our global network and security teams at Sony Network Entertainment and Sony Computer Entertainment began the final stages of internal testing of the new system, an important step towards restoring PlayStation Network and Qriocity services.
4:31am EST / 9:31am GMT: This morning, Sony boss Howard Stringer has penned a letter on the PlayStation Blog. Highlights below:
To date, there is no confirmed evidence any credit card or personal information has been misused, and we continue to monitor the situation closely. We are also moving ahead with plans to help protect our customers from identity theft around the world. A program for U.S. PlayStation Network and Qriocity customers that includes a $1 million identity theft insurance policy per user was launched earlier today and announcements for other regions will be coming soon.
As a result of what we discovered we notified you of the breach. Our investigation is ongoing, and we are upgrading our security so that if attacks like this happen again, our defenses will be even stronger.
In the last few months, Sony has faced a terrible earthquake and tsunami in Japan. But now we are facing a very man-made event – a criminal attack on us — and on you — and we are working with the FBI and other law enforcement agencies around the world to apprehend those responsible.
There’s still not date or time for the PSN’s glorious return, but he does note:
In the coming days, we will restore service to the networks and welcome you back to the fun.
You can read the full letter here.
Thursday, 5th May
5:00pm EST / 10:00pm GMT: Sony’s Community Team Leader, MusterBuster, on their official forums has noted (via: PSLifestyle) that while he’s got no new information, the some features of the PSN are still set to go up this week:
I would love to be able to give you new information, and right now there isn’t any available.
I’m asking lots of questions but at the moment all I’m being told is that the “last update still stands” eg - Some PlayStation Network services will be restored this week.
The very second I hear anything new, it will be passed on to you. I’m also keeping a note of your feedback throughout this outage, so keep posting it.
1:35pm EST / 6:35pm GMT: Edge has posted a useful timeline of the PSN attacks.
1:30pm EST / 6:30pm GMT: THQ and EA execs have downplayed the impact Sony’s PSN outage has caused them.
1:25pm EST / 6:25pm GMT: Sigh, still no PSN. News is getting a little light, but we’ll keep adding to this until it comes back online. That could be a thousand years at this rate, but hey. Today’s news so far:
After Sony implicated internet activist group Anonymous yesterday, the group has responded. In a statement to the Guardian, the group said:
Public support is not gained by stealing credit card info and personal identities, we are trying to fight criminal activities by corporations and governments, not steal credit cards.
You can read the full statement here.
Wednesday, 4th May
3:12pm EST / 8:12pm GMT: If you’re a DC Universe Online player then your compensation for this fiasco is 30 day’s worth of online play plus a “Batman-inspired” mask for your in-game character. Woo?
2:03pm EST / 7:03pm GMT: And the plot thickens. In a letter responding to the US House of Representative’s request of questions from Sony (see below), Kazuo Hirai has said that a file named “Anonymous” was planted on the server, with the words “We are Legion” in the file.
Anonymous have already denied involvement and a file placed there doesn’t mean they actually did it – anyone could have put it there. It does bring up some interesting questions, however.
6:12am EST / 11:12am GMT: A Canadian man, Natasha Maksimovic, is joining the litigants against Sony, asking for C$1 billion worth of damages. In a statement, Maksimovic offered this sterling peice of wisdom:
If you can’t trust a huge multi-national corporation like Sony to protect your private information, who can you trust?
Which makes loads of sense.
6:03am EST / 11:03pm GMT: Welcome to day 10,657 of the PSN being down. Will it return today in a dramatic, confetti-filled explosion? Will the universe continue its ever expanding course until it folds in on itself? We can only hope.
Tuesday, 3rd May
3:30pm EST / 8:30pm GMT: Sony has noted which bits of the PSN will be coming back first. No surprise (and thankfully) online gaming, including friend lists, chat and, err, PlayStation Home will be at the front of the queue.
There’s still no date, although it was supposed to be sometime today. Tomorrow looks likely so just keep checking, although I’m sure it will be a staggered roll out.
7:20am EST / 12:20pm GMT: GamesIndusry.biz has a report detailing the various governmental actions happened around the globe. In America, a House of Representatives subcommittee has sent 13 questions to Sony’s Kazuo Hirai (.pdf of letter here). In Australia, it has been estimated that 1,560,791 accounts were affected and that the government is looking to enact a law which would force companies to disclose security breaches.
6:10am EST / 11:10am GMT: Today was set to be the day the PSN comes back online. The latest leak (see below) may change that, but keep an eye-out on the PSN.
6:05am EST / 11:05am GMT: Sony today announced that a further 24.6 million peoples’ data has been breached from Sony’s online gaming wing, Sony Online Entertainment. This includes 12,700 non-US credit cards and 10,700 European debit cards. You can read our full report here.
Sunday, 1st May
5:25pm EST / 10:25pm GMT: Joystiq picked up on a tweet by Mark MacDonald (Executive Director at 8-4.jp) showing a hand-out from the press conference which details the total number of accounts (and as such the total number of accounts compromised) on the PSN. Click the image (right) for the full-sized version.
2:15am EST / 7:15am GMT: Sony suggests the digital goods compensation may be approximately $15 to $20 in value, without getting anymore specific. They don’t clarify whether they intend to offer the value in the form of a fixed piece of content, a selection from a variety of content or simply a dollar amount placed into PSN users’ “wallets.”
1:50am EST / 6:50am GMT: The CIO admits that the web service level of the intrusion was allowed due to a known vulnerability, however they claim this wasn’t clear to their own network group and that they will be working to establish a network security officer. That should fix everything! Kaz mentions that the new firmware will require users to create a new password upon attempting to log into PSN for the first time following the update. Someone asks a zinger about the password table being/not being encrypted and that their ability to access the password table might suggest the credit card table was also easily decrypted. Sony didn’t have a clear response to this other than a “we’re not sure” response.
1:43am EST / 6:43am GMT: Kaz mentions in certain regions, they will pay for any fees charged by banks for reissuing credit cards and possibly covering the charge for identity theft insurance (I didn’t even know that was a real thing). Also, he did get a tough question about their apparent delay in reporting the facts to consumers, but his responses were evasive and he paired each phase of their disclosure to phases of their own internal and external investigations. I don’t think anyone buys that one, Kaz.
1:28am EST / 6:28am GMT: Kaz acknowledges he received questions from the US Congress, but that it wasn’t delivered to him personally; rather they had to “download” the questions. This is a very cultural response, but in Japanese business culture, all of these kinds of correspondences (especially legal ones) are delivered as a hard, original copy with a real signature. He’s mentioned it may be as long (or longer) than a full week from now when the PSN/Qriocity services will be back online.
1:25am EST / 6:25am GMT: They’re opening the floor to Q&A. Man, I wish this was being held here in the US. I bet most of these questions will be softballs. The first guy is asking for exact numbers of credit cards registered on the system and if there’s a chance the service will go back online soon.
1:20am EST / 6:20am GMT: At about 10 minutes in the stream has become nearly unwatchable most likely due to the high volume of clients all trying to connect to the measly Windows Media stream. Kaz Hirai gave an overview of the timeline of events without revealing any new information in the process. Their CIO revealed they will change physical locations from their previous site to San Diego, California and that users should be vigilent regarding their credit card accounts to prevent potential fraud, should the account information prove to be successfully decrypted and distributed. He also recommends users change their online passwords if any of them match that which was used for the PSN service. I’m getting Gawker goosebumps right now. Still, nothing new is being reported thus far and the feed is only viewable in small sound bites. I’m looking for a more stable feed, if available.
1:04am EST / 6:04am GMT: Joystiq is reporting they received an overview of what will be offered to PSN consumers as an apology: 30 days of free Plus and Qriocity service and a free download of some kind. As the conference is now streaming, we’ll update the blog with a verification of this offer and all other relevant details.
12:39am EST / 5:39am GMT: The Sony press conference apparently will be broadcast here in less than 20 minutes. We’ll update the live blog with the juicy bits and post a summary article on the main page of the site. Keep your fingers crossed for something magical, just don’t hold your breath.
Saturday, 30th April
10:20am EST / 3:20pm GMT: Kazuo Hirai, Executive Deputy President of Sony, will be giving a media briefing on Sunday at 2pm Tokyo time (1am EST, 6am GMT, click here for other time zones). This will be the first time a senior executive has made any kind of statement on the security trouble. (Reuters, MCV)
10:14am EST / 3:14pm GMT: Wired‘s Threat Level blog tracked down some of those chatting in the logs that have been circulating and have a very interesting article about it. It does seem those logs are somewhat unconnected to this security breach.
Friday, 29th April
10:25pm EST/3:25am GMT: Gamasutra continue their excellent coverage of PSN-Gate with an editorial that examines the potential brand damage Sony have wrought. Highlights include a plea for a new Kevin Butler campaign to put a human face on the bumbling mega corporation. Might I suggest David Brent instead?
8:50pm EST/ 1:50am GMT: Gamasutra reported today that the US Department of Homeland Security’s (DHS) Computer Emergency Readiness Team (CERT) is investigating and assisting Sony with their investigation into the security breach. This is of course, great news. Aside from a time-honored love of abbreviated titles and capitol letters what could they possibly bring to the table at this point in time? Though everyone knows when DHS gets their hands dirty, shit be going down! I’d hate to be on the receiving end of their bureaucratic muscle and flabby love handles. Honestly, wouldn’t we all be better served by Inspector Gadget at this point?
6:01pm EST /11:01pm GMT: Keith Stuart over at the Guardian has written-up an interesting piece collecting various opinions, reactions and theories surrounding the PSN hack. Some interesting perspectives from various industry figures.
11:20am EST / 3:20pm GMT: Spurious and fake-sounding rumours of just how much data the hacker’s obtained has been sloshing around the net for the past couple of days. The New York Times spoke with a couple of security companies who both report seeing apparent comments hackers left detailing their actions. The chat logs, which haven’t been verified, claim the hackers gained access to the database which stores the credit card information and were aiming to sell the data.
1:45am EST/ 6:45am GMT: In a Q&A session on the US PS blog, Sony has confirmed it’s looking into ways to make up to PlayStation subscribers for the downtown. Also, Kotaku is reporting on a rumor that says the credit card details of up to 2.2 million PSN users are up for grabs on the black market. So, there’s that!
Thursday, 28th April
4:09pm EST / 9:09pm GMT: Game Informer is reporting that the Office of Canada’s Privacy Commision will be investigating the PSN breach. Current Privacy Commissioner, Jennifer Stoddart will personally lead the investigation and notes that while Sony did not inform her office of the breach in PSN’s security, there is no law that requires them to.
3:23 EST / 8:23pm GMT: Joystiq is noting that the comments system on the PlayStation Blog is linked to the PSN. This means that unless you signed in before the PSN went down, you won’t be able to log in and comment. The cookies only last a week though, so a lot of people will find their avenues for complaining turning off very soon.
10:22am EST / 3:22pm GMT: Kotaku reports on George “GeoHot” Hotz releasing a statement on his blog claiming he has nothing to do with the breaching of PSN. Hotz also uses the update to gives general commentary on the event laying the blame on executives and “Sony’s arrogance and misunderstanding of ownership”.
3:54am EST / 8:54am GMT: Sony’s shares have fallen by 5% in Tokyo bringing their total change this week to an 8% drop, a Reuters report says.
Wednesday, 27th April
10:49pm EST / 3:49am GMT: Giant Bomb covers the latest update to the US Playstation Blog where a new Q&A section have been added to address customers’ concerns. Sony discloses their involvement with a third party data security firm along with their engagement with law enforcement. They claim all credit card information was encrypted, but there remains a possibility this information has been compromised (I (Brett) for one have cancelled my PSN registered debit card as a precautionary measure). There are no concrete solutions to changing your PSN password or an ETA of when the service will be restored.
5:37pm EST / 10:37pm GMT: A law firm in California has started a class action lawsuit against Sony. Even though little information is known about what’s happened or even what information has leaked, the firm is saying that “Sony’s breach of its customers’ trust is staggering”. As well as financial gain, the company suggests it’s filing the suit to “learn the full extent of Sony PlayStation Network data security practices”.
1:46pm EST / 6:46pm GMT: Edge spoke with security company Sophos who advise that people cancel credit cards, just in case, as well as recommending everyone change their passwords.
Sony can’t rule out that credit card details have also been stolen [...] This is a huge amount of personal information, which is why it’s important that affected parties act now and change their passwords. Over 40 per cent of people use the same password and usernames on all their online sites. This means that if these are stolen, your Paypal, Ebay and bank accounts are all at potential risk.
If you’re not sure if you’ve ever entered your card details into your PS3, search in your email inbox for the words “Funds Wallet Playstation” or the phrase “Thank you for funding your PlayStation(R)Network wallet”. If you’ve given them money, they email you a receipt with these in.
1:33pm EST / 6:33pm GMT: Rob Fahey has penned an interesting opinion piece on the long and short-term effects of this lapse in security, especially relating to Sony’s buisiness. Worth a read.
1:22pm EST / 6:22pm GMT: It’s important to preface this next update by saying that this is totally unconfirmed information. According to VG365, they’ve received emails from PSN users claiming to have lost considerable amounts of money from their bank accounts. One claims $300 went missing on Saturday, with his bank allegedly confirming it was fraudulent. Again, this is most likely faked or coincidence, but it’s worth keeping an eye on. Thanks to Jake Clarke for emailing this in!
11:30am EST / 4:30pm GMT: Edge have been speaking with the Information Commissioners Office mentioned earlier. The ICO noted that if a breach were found, the company involved would have to bring about certain improvements to prevent further damages.
In the most extreme case, a company can be fined £500,000, as long as it is shown that “the organisation had no awareness of its security obligations or, despite having awareness, failed to act on them. It must also be shown to have caused distress to a large number of individuals.”
It’s important to stress that there’s no evidence that Sony has been so neglectful, but it’s worth understanding the procedure.
10:20am EST / 3:20pm GMT: If you prefer your PSN news with a touch more parody, we recommend following @PSNGate on twitter. They posted the below image with the caption “Shit, someone’s found Kaz Hirai’s computer. Now we’re fucked.”
9:30am EST / 2:30pm GMT: Talking to New Scientist a senior security researcher at Kaspersky Lab, David Emm, said “I can’t recall a similar incident where such a range of data was accessed” adding that the “last thing you want is somebody to have picked up information from other sources and try the password for your corporate login or Amazon account”. Though he also added that with the information we have now, there’s no need to cancel any credit cards just yet.
7:22am EST / 12:22pm GMT: An anonymous PSN developer has spoken to Develop, complaining that they have had “absolutely no revenues” for a week. They claim to have lost thousands of pounds and are unsure whether people will feel as confident shopping on the PSN in the future.
6:45am EST / 11:45am GMT: MCV has recieved a statement from Visa: “Concerned cardholders should keep a close eye on their accounts and report any unusual or unexpected activity to their issuing bank.”
6:35am EST / 11:35am GMT: Benjamin Cohen, technology reporter for the UK’s Channel 4 News, tweeted this:
Sources at Sony seem to be confirming no/ low encryption on personal data. V worrying
1:10am EST / 8:10am GMT: In the UK, games advocacy group Gamers’ Voice has asked that the Information Commissioner Office to investigate the hack, saying “the response by Sony to this situation is at best disappointing and at worse dangerous.”
The ICO have responded to Eurogamer confirming that they will be “making further enquiries to establish the precise nature of the incident before deciding what action, if any, needs to be taken by this office”.
7:00pm EST / 12:00am GMT: Yesterday Sony admitted that a massive breach of users’ personal data occurred. You can read up on that here. This morning, Sony has made a clarification, claiming that only yesterday did they realise that personal data had been leaked, after “several days of forensic analysis”.
Tuesday, 26th April
5:03pm EST / 10:03pm GMT: US Senator, Richard Blumenthal, has started questioning the delay in telling users about the leak and has sent an official letter to Sony.
No updates found.