PlayStation.Blog
PS4 - Transistor

Clarifying a Few PSN Points

Patrick Seybold's Avatar + Posted by Patrick Seybold on Apr 26, 2011 // Sr. Director, Corporate Communications & Social Media

I wanted to take this opportunity to clarify a point and answer one of the most frequently asked questions today.

There’s a difference in timing between when we identified there was an intrusion and when we learned of consumers’ data being compromised. We learned there was an intrusion April 19th and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon.

For those who were looking there’s also an FAQ with some more frequently asked questions

Thank you for your continued patience and support.

//Add Your Own

393 Comments

PAGE 1 6 7 8

351

+ Cyb3rfr34k-iso on April 27th, 2011 at 4:46 pm said:

imagine the guy make a bot for “activate” all users account and steal everything you buy on the PSN
and change your password & e-mail at the same time and you cant never log into your account.
right when the PSN get back online.


352

+ zekececil14 on April 27th, 2011 at 4:46 pm said:

331, actually, you are required to agree to that Privacy Policy in order to make a PSN account.


353

+ zekececil14 on April 27th, 2011 at 4:50 pm said:

332, legal precedent would be nice, but by the agreement made in the Privacy Policy (the one most everyone scrolled down a little and hit accept) they shouldn’t win.


354

+ zekececil14 on April 27th, 2011 at 4:54 pm said:

Im going to get the first part of “Accuracy and Security” to post. It wouldn’t for some reason.


355

+ mcbuttz78 on April 27th, 2011 at 4:54 pm said:

@335 your 100% right


356

+ Movie_Profile on April 27th, 2011 at 4:56 pm said:

@338 – Well, as I pointed out earlier, I’m no law expert, so I dunno if the lawsuit will succeed or not. It may, it may not. Regardless, it’s pointless to debate on here whether or not it’ll succeed. My onlyc reason for posting on here @ this point is to relay what info that comes to me.


357

+ KillerTomato on April 27th, 2011 at 4:57 pm said:

I truyly hope Sony will let us know, well ahead of time, exactly when we can expect to be able to log in so we can promptly change our passwords. I also wonder if there will be additional problems logging in since so many people are so anxious to get online after this mess.


358

+ zekececil14 on April 27th, 2011 at 4:58 pm said:

Nope, it won’t. I even broke it into sections. Heres a try with the very beginning.

We seek to maintain reasonable security measures in order to attempt to protect against the loss, misuse or alteration of the personally identifying information under our control. Unfortunately, there is no such thing as perfect security.


359

+ zekececil14 on April 27th, 2011 at 5:00 pm said:

we cannot ensure or warrant the security of any information transmitted to us through or in connection with our website, Sony Online Services or that we store on our systems or that is stored on our service providers’systems.


360

+ Heisem on April 27th, 2011 at 5:01 pm said:

correct me if i’m wrong, but if the security answer, birthdate and email are compromised, they can change our password whenever they want…there is no password reset via email when you attempt to change your password with those 3 pieces of data…PSN doesn’t allow us to change our birthdate nor the security answer..although we can change our email…i don’t wanna do that


361

+ zekececil14 on April 27th, 2011 at 5:01 pm said:

Does ANYONE see what i’m saying?


362

+ xxnike629xx on April 27th, 2011 at 5:03 pm said:

People know what you’re saying. That’s all the fine print stuff most of us skipped over assuming Sony would have a competent online system and a safety in case something like this occurs.

From what we are given & told which isn’t much at all, it appears that such fail-safe system doesn’t exist, and the fact that Sony has been ridiculously slow to even admit that they screwed up and our info might be compromised is what I think more people are now furious about.


363

+ zekececil14 on April 27th, 2011 at 5:04 pm said:

345
You can change your security question and answer.


364

+ fuzzyclutter on April 27th, 2011 at 5:04 pm said:

unfornatly + zekececil14 Sony is no more immune to hackers than any other online entity , and while they can AND have promised TO MAKE EFFORTS to protect personal info , they never promised that it would NEVER happen . that’s where individual responsibility comes . if you can’t deal with the risks(which exists with all online merchant’s ) then dont conduct business electronically , but if you do put controls and checks on your end and don’t just depend on the security of the sites themselves . I myself used my credit and debit card many times on the PSN and will continue to do so , iI’m not all that worried about that aspect because i already had security measures in place before hand (liability protection /fraud protection ) .it’s a responsibility thatoo many people place too much emphasis on the websites themselves . like i said I’m not worried about it because i have enough security measures on MY BUSINESS END to protect me . i AM however worried about getting to my PSN account before theives do .


365

+ xxnike629xx on April 27th, 2011 at 5:05 pm said:

For such a big brand name company that makes millions or billions a year, it’s a bit uncalled for that they would put so little development into the security system of the PS3 console and even worse, the PlayStation Network.

They should have gotten a clue when they were hacked by Anonymous but they didn’t do anything and simply wait for Anonymous to remove their DDoS attack on Sony.That’s pretty stupid.


366

+ Heisem on April 27th, 2011 at 5:05 pm said:

@348 really? i didn’t know that…


367

+ Cyb3rfr34k-iso on April 27th, 2011 at 5:06 pm said:

@ zekececil14
you better think about the security of your account
CC info is easy to secure (cancel the card)
but your account is really more at RISK right now
if you brought many games at many DLC + you are a PS+ users
if they steal your account SAY GOOD BYE to everything you paid for.
SONY will NEVER give you back your account if somebody else change your email and passwords.


368

+ xxnike629xx on April 27th, 2011 at 5:07 pm said:

Well we better hope that our PSN accounts are safe and our passwords haven’t been changed without us knowing it.

Just in case though, I went berserk and…

a. canceled my debit card that i had on my PS3 and asked the bank to send me a new one with new numbers
b. changed my email, psn, and other places with a longer and more complex password (but easy enough still for me to remember)
c. i’ve reported this incident to my bank and requested for them to keep an eye out on my account in case i do get frauded


369

+ Heisem on April 27th, 2011 at 5:08 pm said:

@352 i think they would have to make some exceptions this time…


370

+ xxnike629xx on April 27th, 2011 at 5:09 pm said:

@Cyb3rfr34k-iso
I hope that’s not the case here. Because if the PSN goes back up online and then you find out your email & password was changed without you knowing it, well then we’ll see another round of lawsuits thrown at Sony.

I mean if it does happen though, I hope Sony does something to help us recover our accounts.


371

+ zekececil14 on April 27th, 2011 at 5:10 pm said:

347, at least you do. The thing is we agreed to all of that. We agreed that they have a fail-safe system. If you have a problem with it, you shouldn’t have agreed. People don’t get it. Even if they had a fail-safe system, that doesn’t mean it’s unhackable. They said in the agreement “Unfortunately, there is no such thing as perfect security.”


372

+ xxnike629xx on April 27th, 2011 at 5:10 pm said:

@Heisem
Hahah! You “think” they would have to make some exceptions? I think they definitely have to after all the crap they’ve been getting here and with the government agencies & politicians & news studios going after Sony all over the world.

Can you imagine how Sony must be feeling right now?

75+ million of their PSN users are all furious at them. I “think” it would be wise for Sony to do everything they can and offer freebies and services to gain back our trust.


373

+ fuzzyclutter on April 27th, 2011 at 5:11 pm said:

oops .. which as i stated before … theyneed to temporarily disable the ability to assosciate an already created account to another PS3 .


374

+ xxnike629xx on April 27th, 2011 at 5:11 pm said:

@zekececil14
That’s “play the victim” mentality instead of taking charge & responsibility over this incident.


375

+ Autoxfool on April 27th, 2011 at 5:11 pm said:

Hi everyone. Aren’t we having an interesting debate this evening. :)


376

+ xxnike629xx on April 27th, 2011 at 5:12 pm said:

@fuzzyclutter
No.

If they do that and your PS3 breaks you lose all your trophy data, DLC, game downloads, and you won’t have access to your game saves.


377

+ xxnike629xx on April 27th, 2011 at 5:12 pm said:

@Autoxfool
Uh. If you’re not going to contribute to the debate, then don’t post. Simple.


378

+ Cyb3rfr34k-iso on April 27th, 2011 at 5:12 pm said:

yeah, people here should already make a new email account to be ready for when the PSN get back online.
so you change your account settings to be sure nobody had your new email (ID) & password on a .txt


379

+ FRANKMAN1 on April 27th, 2011 at 5:15 pm said:

@nike right now we can´t do anything with our accounts the same with the hackers. If you never received a mail telling you that your password/mail have been changed then don´t be alarmed, just start making a password and when psn is back online change it, same with the mail if you can.


380

+ s1mpl3______j4ck on April 27th, 2011 at 5:16 pm said:

335 is right,, and wrong.
name and address is enough to sell to companies (scammers) who can register you and say you willingly signed up for services and can attempt to extract funds from you.


381

+ zekececil14 on April 27th, 2011 at 5:16 pm said:

352
If you change your security question and pass first you’ll be fine. They CANT change anything now, PSN is down. Heres what they need to do, the hackers don’t have your email, so, Sony should email you a preset security question and pass. Then you change it at your own discretion.


382

+ datastorm98632 on April 27th, 2011 at 5:19 pm said:

Well many of us are taking precautions and we are not going to trust sony ever again. this is our choice it is neither right nor wrong it is our choice. If we chose to sue then we chose to sue, that is the right of the person.
the company maybe worth 7 trillion but there are other means and avenues it can lose major. just because a company has a great deal of Money does not mean it can not fail.

Again I will reemphasize, it makes no difference at the capitol of a company, it can be brought down . I am not saying that this will or will not occur, it is just food for thought .


383

+ zekececil14 on April 27th, 2011 at 5:20 pm said:

Autoxfool, won’t you join us. The great thing is, we are debating. There hasn’t been a whining comment in a while.


384

+ Cyb3rfr34k-iso on April 27th, 2011 at 5:22 pm said:

if someone from sony is reading this post,
Please advise people like 24h before going online,
so everyone will be ready to connect + change email+password.
thanks in advance.


385

+ zekececil14 on April 27th, 2011 at 5:27 pm said:

369, or (nothing against your idea) advise us on the blog that we will receive an email. In that email there will be a preset security question, answer, and a password. Then you use that password and question the hackers don’t know about, and change it to what you prefer.


386

+ SSJStarwind16 on April 27th, 2011 at 5:31 pm said:

It is (sadly) an inherent and understood risk that this might happen when you sign up for these services.
So it happens.
If you don’t want the possibility of being hacked then what you need to do is disconnect your computer from the power, and internet put it in your closet and NEVER USE IT AGAIN! (PROTIP: for extra safety line the closet with aluminum foil)
Even that isn’t fool proof because many CCs now (as well as passports and licenses) are using RFID (radio frequency identification) and that broadcasts a signal from the card that people can snatch info from.
If you use the Postal service to receive bank statements or bills someone who beats you to the mailbox in the morning can take your identity.
If you go paperless (receive billing and bank statements via e-mail) most people don’t realize that the answers to their security questions and password resets are on their FACEBOOK or WIKIPEDIA (ask Sarah “Don’tcha Know?” Pailin about that one)
The worlds best safes are rated on how long it TAKES TO BREAK IN. The longer it takes the better it’s rated.
Long story short, you should have known what you were signing up for and nothing is fool proof.


387

+ FRANKMAN1 on April 27th, 2011 at 5:32 pm said:

@370 Hope they do that. I don´t feel secure with my security question… way too simple


388

+ fuzzyclutter on April 27th, 2011 at 5:35 pm said:

@+ xxnike629xx Why do you tell obvious BS

1. you cant change account numbers by phone .

2. you need to be able to login to ps3 to change psn info .

let’s face it , your just trolling here and no disabiling the ability to associate an id to another ps3 temporarily has nothing to to do with trophies . why don’t you go make yourself look like the backside of a mule on the 360 forums .


389

+ zekececil14 on April 27th, 2011 at 5:56 pm said:

New blog post everyone.


390

+ xxnike629xx on April 27th, 2011 at 5:59 pm said:

@fuzzyclutter
What the heck are you talking about? When was I referring to the PSN? I was talking about changing my debit card information at the bank. I’m getting my new card with new numbers tomorrow.

>_>

Please learn to read.


391

+ K1773r37f on April 27th, 2011 at 9:22 pm said:

@Rene_Led #146

Mel Gibson comes to mind. I think maybe “Ransom”


392

+ K1773r37f on April 27th, 2011 at 10:57 pm said:

@Rene_Led #146

Nevermind. I just googled it. Not Mel Gibson or Ransom. No cookies for me.

Everybody else. I knew from the start that my personal data *may* have been compromised. I immediately activated fraud alert on my CC number on file with PSN. I am not that worried about personal information getting out. It is out there anyways. Like other have said, any body can reach into you mail box and get you name and address. They don’t even have to open the envelope or even take the mail with them. You’ll never know it.

There are sites on the internet where you can get any public information (Address, Phone Number, even last known employer) of anyone. Many of them the first search is even free.

So, put a fraud alert on you CC until you can get to your bank to request a new one. And check you account activity at least once or twice a day. I have mine set up to text me whenever a transaction is made.


393

+ NotoriousGamer on May 15th, 2011 at 10:41 am said:

I dont believe you Sony.

Fire your current useless engineers whose job was to protect PSN and User data. Hire real engineers.


PAGE 1 6 7 8
Comments are closed. We close the comments for posts after 30 days