It has now been confirmed that the several day downtime over at Playstation Network was actually workings of hackers which didn’t leave without gathering a large sum of users data.
Users have in several days not been able to reach Playstation Network and rumors ensued that hackers had been making a move which prompted Sony to quickly act in every possible way. As a result the network was forced to be taken down upon receiving the knowledge of an intrusion.
The rumors weren’t in any manners acknowledge by Sony as actual facts until recently were it finally was confirmed that Playstation Network got hacked by unknown hackers and as many as 75 million PSN users became affected by the intrusion. In an announcement from Sony even revealed that the hackers didn’t go empty handed, copying PSN data to every little details. This includes credit card information which has become the main worry for many of PSN users.
Announcement from Sony:
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided:
Name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID.
It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained.
If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained.
While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility.
If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information.
Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking.
When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password.
Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.
[Sony also provides details on how US residents can make it more difficult for criminals to fraudulently make credit cards in their name now hackers have all their personal info]
With an already broken entry into the network it would only suggest that Sony didn’t put much of an consideration into the security of their online service and as a result Sony has already become yet another attraction for aggressive law suits.
Whilst the main office in Japan not being questioned regarding their security failure, the US Senator Richard Blumenthal has come forth with demanding answer on why Sony choose to keep their customers in the dark regarding the sensitive data which had been confirmed to be stolen.
I am writing regarding a recent data breach of Sony’s PlayStation Network service. I am troubled by the failure of Sony to immediately notify affected customers of the breach and to extend adequate financial data security protections.
[...]
A breach of such a widely used service immediately raises concerns of data privacy, identity theft, and other misuse of sensitive personal and financial data, such as names, email addresses, and credit and debit card information.
[...]
I am concerned that PlayStation Network users’ personal and financial information may have been inappropriately accessed by a third party.
Compounding this concern is the troubling lack of notification from Sony about the nature of the data breach.
Although the breach occurred nearly a week ago, Sony has not notified customers of the intrusion, or provided information that is vital to allowing individuals to protect themselves from identity theft, such as informing users whether their personal or financial information may have been compromised. Nor has Sony specified how it intends to protect these consumers.
Sony’s handling of the breach may well have violated data protection laws in any number of countries, to say nothing of the lawsuits Sony can now expect, so this may be the tip of the iceberg – little wonder Sony stocks took a modest tumble after the announcement.
No such straight forward confrontation has been made by Japanese authorities or even politicians, but as expected gamers aren’t as keen as to overlook this one as big corporal interests are:
“What have they done!”
“They waited that long to announce it? They just wanted to hold it up till after they announced their tablet. What total scum.”
“Sony is finished!”
“I just had to cancel my card. Fuck you, Sony.”
“The PSN wasn’t just for consoles, it was the basis of their whole corporate strategy… the damage is really huge.”
“They wanted to merge all their products into the PSN… after this they’ll never manage it.”
“Waiting a week to reveal this is just inexcusable.”
“What kind of idiot would give them their card details in the first place?”
“Everyone does that!”
“And they were recording the security number too as I recall… we’re all screwed.”
“Thank god I used a point card instead!”
“Even if you didn’t lose your CC details, the fact that they leaked your whole purchase history is bad enough.”
“They can’t reissue your date of birth…”
“I cancelled my card. I’ll never register it with anyone again. You don’t know when this sort of thing could happen to them. Well, I hope the PS3 survives all the same.”
“Why are these companies so obsessively secretive?”
“After the quake, reactor leak and now the world’s worst data leak, just what is happening to Japan?”
“This is the online equivalent of the great quake.”
“Sony are complete imbeciles if they really let something like this happen.”
“Didn’t they at least encrypt the card details properly?”
“Frankly I thought it was getting stupid – compulsory net access and registering your credit card just for some game? Can’t we return to the SNES era?”
“So now I have to change all my passwords because I have been reusing them everywhere…”
“Any lawsuits are going to be punitive – they are done for.”
“The year’s two great leaks – radiation and personal data.”
“Don’t compare them to Tepco – they are just cute compared to them.”
“To think Sony would end like this…”
“The history of leaks:
2004 – Softbank – 4,500,000
2005 – Visa, Mastercard – 40,000,000
2006 – KDDI – 4,000,000 – AOL – 660,000
2009 – ALICO Japan – 130,000
2010 – AT&T 110,000 -
2011 – SONY – 77,000,000 – Messe Sanoh – 1405″“So who’s planning the class action suit? I want in.”
Sony has been wanting to take on the hacking community head on since Playstation 3 first became hacked, and as a counterfeit they pulled a certain amount of their resources to gain access to a hacker George Hotz’s computer, Playstation 3 and even paypal account through law suits in order to demonstrate a point. Due to this it has come to be widely speculated thought that there could be a relation to this “threat” Sony imposed and the recent PSN hack.
