PlayStation.Blog
PS4-Watch_Dogs

Update on PlayStation Network and Qriocity

Patrick Seybold's Avatar + Posted by Patrick Seybold on Apr 26, 2011 // Sr. Director, Corporate Communications & Social Media

Thank you for your patience while we work to resolve the current outage of PlayStation Network & Qriocity services. We are currently working to send a similar message to the one below via email to all of our registered account holders regarding a compromise of personal information as a result of an illegal intrusion on our systems. These malicious actions have also had an impact on your ability to enjoy the services provided by PlayStation Network and Qriocity including online gaming and online access to music, movies, sports and TV shows. We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week.

We’re working day and night to ensure it is done as quickly as possible. We appreciate your patience and feedback.

Valued PlayStation Network/Qriocity Customer:
We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:

  1. Temporarily turned off PlayStation Network and Qriocity services;
  2. Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
  3. Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it:

U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228.

We have also provided names and contact information for the three major U.S. credit bureaus below. At no charge, U.S. residents can have these credit bureaus place a “fraud alert” on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below.

Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790

You may wish to visit the web site of the U.S. Federal Trade Commission at www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania Avenue, NW, Washington, DC 20580 for further information about how to protect yourself from identity theft. Your state Attorney General may also have advice on preventing identity theft, and you should report instances of known or suspected identity theft to law enforcement, your State Attorney General, and the FTC. For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone (877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202; telephone: (888) 743-0023; or www.oag.state.md.us.

We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at 1-800-345-7669 should you have any additional questions.

Sincerely,
Sony Computer Entertainment and Sony Network Entertainment

The same information can be found at the following websites:

http://us.playstation.com/news/consumeralerts/#non-us

For those that live the United States, but not Massachusetts or Puerto Rico:
http://us.playstation.com/news/consumeralerts/#us

If you live in Massachusetts:
http://us.playstation.com/news/consumeralerts/#mass

If you live in Puerto Rico
http://us.playstation.com/news/consumeralerts/#pr

//Add Your Own

521 Comments

PAGE 1 4 5 6 7 8 11

251

+ erick_34 on April 26th, 2011 at 3:40 pm said:

I’m playing Socom 4… BRB


252

+ jqtaxpayer on April 26th, 2011 at 3:40 pm said:

And here come the lawyers. So much for you, Sony.


253

+ Rorek_IronBlood on April 26th, 2011 at 3:40 pm said:

The reason(s) Sony did not come out with any “official” statement regarding information pertaining to the inquire about the purposed leak of personal and private information is that they did “not” know at the time. It is politically correct for a corporation such as Sony to not make any statement at all. You do, not want to scare or cause hysteria among the users or the peoples without “warranted” cause or action. Especially if at the time you do, not have definitive proof or clause that it indeed may or may not have happened. Now that “officially” do, know that for a fact that the sum total of our basic personal information has been compromised they have released a statement. All that Sony has done thus far has been correct in terms of actions. As for our private credit and bank information that has still not been confirmed or denied. As I stated before. So, far no one has come forth with proof that this intrusion has been the cause of financial losses or idenity theft.


254

+ clupula668 on April 26th, 2011 at 3:41 pm said:

While I’m certainly not happy about waiting another week, I think people need to realize that Sony is not who we should be pissed at. All of this falls at the feet of George Hotz, who was the first person to use Other OS to hack the system. Sony removed it from the PS3 afterwards and we all know how it’s all gone downhill since then, especially when Hotz released the hack that got him sued. He released it in a manner that made it easy for people to figure out how to do things like this. If any of us should be putting together a class action case, it shouldn’t be against Sony, who were only doing what any company would do when their profit was threatened, it should be against the man who allowed all of this.


255

+ dragonwire on April 26th, 2011 at 3:42 pm said:

Come on guys. It really disturbs me to see people bashing Playstation over something like this. Communication was a little slow. but considering third parties involved and all the legalities. I am sure these things take time. Lets not blame Sony here. The blame should be directed to the losers who compromised Qriocity and Playstation security and our personal info. For those of you like me that are understanding my hats off to you and I look forward to playing online with you (on a totally free service) as soon as Sony has the issue resolved. Just know Sony there are those of us that stand behind you on this and will remain fans regardless of this mishap. I’m not even worried about any of it. I read some people mention trophies. If I loose all my trophies, It’ll just give me an excuse to play again. Isn’t that what a gamer does. Look forward to playing with you all soon.

Sincerely,

DragonWire


256

+ ajayghosal on April 26th, 2011 at 3:46 pm said:

goodbye ps3, had fun times. time to move to the green side. or master chief side


257

+ Budapesti on April 26th, 2011 at 3:47 pm said:

Hasn’t been a decent Sony PR disaster for a couple of years. Welcome back my old friend, we’ve missed you.

Seriously, you couldn’t have told us there was the possibility that our personal details were compromised..oh…six days ago?
Once again, Sony’s competence never begins to amaze me. :P


258

+ erick_34 on April 26th, 2011 at 3:51 pm said:

Yes, yes and Yay… I got the Platinum Trophy of Socom 4 U.S. NAVY SEALs

Yay… ^_^


259

+ Jedi_Jeff on April 26th, 2011 at 3:51 pm said:

This is what happens when you don’t prosecute hackers to the fullest extent of the law.


260

+ Permafry_42 on April 26th, 2011 at 3:56 pm said:

thank you for FINALLY providing more details on why you have shut down your entire online network for so long!


261

+ Vandaliser on April 26th, 2011 at 3:56 pm said:

right now nothing will satisfy me more than arrests and warrants for those responisble for this hacking.

heads at sony must roll for this. this is sheer incompetence. sony don’t even bother with E3 this year


262

+ TapDatApp on April 26th, 2011 at 3:59 pm said:

Hating on Sony is useless. I love PlayStation and the PS3 made me a die-hard fan of the brand. Everything is gonna have a moment of problems, because nothing is perfect and hopefully by the end of this, we will have a better, stronger, and possibly even faster PlayStation Network. However, what would be awesome is if due to the rebuilding of the infrastructure, they would be able to give fans the most requested feature for a long-time, cross-game voice chat as some sort of apology-like gift. That would for sure make everyone forget about this week without PSN. Regardless, I thank PlayStation for providing me with a lot of fun and lot of content throughout the years. Keep it up PS!


263

+ Budapesti on April 26th, 2011 at 3:59 pm said:

Another tip – in a couple of weeks, google your email address (don’t forget to put your full address in “speech marks”) because phished information often turns up on .txt files on Warez sites, along with your password.

If this turns out to be as huge a deal as it sounds, Sony should be looking at a huge lawsuit for not protecting personal information, and sitting on the details of the nature of this ‘intrusion’ for a full week before informing people. Just look up “Senator Richard Blumenthal” and “Sony” to see what I mean.


264

+ Shane_O on April 26th, 2011 at 3:59 pm said:

I can understand why people are upset about all of this but I can also see what a difficult and costly situation Sony must be in. All I can personally ask for as a PlayStation fan is that Sony gives us a reliable and secure network, which it seems that they are seriously working on right now. And maybe cross-game chat.


265

+ eyesofreality03 on April 26th, 2011 at 4:01 pm said:

Good job on the actions taken sony. taking time to identify the source and destroy it are the first steps. no get the service up so we can all get back to business.


266

+ CMARCONEE on April 26th, 2011 at 4:09 pm said:

Cross Game Voice Chat
is coming?


267

+ PennStateCivic on April 26th, 2011 at 4:09 pm said:

i just seriously hope whoever did this is being prosecuted to the fullest extent of the law!


268

+ DZORMAGEN on April 26th, 2011 at 4:11 pm said:

Can’t wait to see what we get for our Tuesday’s Store Upd….oh wait PSN is STILL DOWN!! Good job Sony, you let a teen beat you……….


269

+ kingotnw on April 26th, 2011 at 4:12 pm said:

I’m not hating on Sony for not giving me updates, however I am very upset that a company like Sony would place the burden of this at the feet of their users/customers. Maybe they have no other option, I don’t know. But their security was very weak indeed if the information on file wasn’t encrypted. I have had 6-8 major credit cards on file at one time or another with the PSN store. They are basically telling me I need to figure out which cards were used, and cancel them. Never-mind the fact that I can’t even do that because I can’t log into billing to see the last 4 digits of all the cards used because the entire network is still shut down.


270

+ kingotnw on April 26th, 2011 at 4:12 pm said:

I hope all of the people who were supporting releasing source code of the PS3 and Holtz, as well as other people like him, can now see the danger of things like this. I am 200% glad they removed other OS support, and hope to God that anyone else who does such things is prosecuted to the fullest extent of the law. You may technically own the box sitting in your living room, but you have no right to release information that compromises my personal/financial information. This is why EULAs exist, and breaking them should put you at the mercy of the law, whether you bought the hardware or not.


271

+ kingotnw on April 26th, 2011 at 4:13 pm said:

I would like to say again though that this is totally unacceptable on so many levels. People saying Sony has no blame here are just being cheerleaders. I am not saying I am going to stop being a PS customer, because I don’t think I would do that, its not like this was intentional. However… I do expect some sort of compensation for this at the very least.

I have gotten security breach emails before from companies, and never once has one of them put it all on me. Never have I been told to take points off of my credit score, or damage my chances of making a large purchase with my credit. The younger people aren’t going to be aware of it, but this is a huge frickin deal. Shame on Sony for not encrypting my information. I can’t believe this actually happened.


272

+ BRIT-KO on April 26th, 2011 at 4:16 pm said:

I have to say that this latest ‘update’ from Sony has shocked me, am i worried?, hell yes, do i need to be?, I just don’t know, but for now yes I am.

I’ll also say that I agree & disagree in pretty equal measure with the comments above me, some of you are just being childish, but at least the vast majority of you are being sensible.

Sony – Get this sorted & keep in touch with your consumers more.


273

+ TheAlbraskan on April 26th, 2011 at 4:16 pm said:

And to think taking off the Other OS setting leads up to this…


274

+ sped99 on April 26th, 2011 at 4:19 pm said:

yo shadow crazy go die


275

+ ex1a- on April 26th, 2011 at 4:20 pm said:

Nice going Sony… keep pissing hackers off it took you a week just to let us know that our info was stolen? right now i regret buying a 2nd PS3 system you guys suck seriously.


276

+ gamer_316 on April 26th, 2011 at 4:24 pm said:

they really should of notified us about this if they found it between the 17th & 19th, that way whoever uses a CC would of had time to remove their CC info, I personally only use PSN cards but still stuff like this should be let out as soon as possible. It may worry sum ppl but it would of been 4 the best


277

+ TheAlbraskan on April 26th, 2011 at 4:26 pm said:

I’ve learned a valuable lesson today, never save any kind of credit card info on a online profile, EVER!


278

+ fuzzyclutter on April 26th, 2011 at 4:28 pm said:

@xxnike629xx then go … please … that way you can go to the other console find a reason to be outraged and then go their forums and act like a baby there . don’t act like you didn’t know (as well as others ) the risks involved in having that info on a server . I’m not worried myself. i already have id theft protection through my bank . you drama queens like shadowcrazy NEED to just go .


279

+ ex1a- on April 26th, 2011 at 4:30 pm said:

@ TheAlbraskan … yeah i think we all learn from this experience :(


280

+ Hatchetforce on April 26th, 2011 at 4:33 pm said:

@kingotnw,

Three posts in a row. It’s time to keep your word about no longer being a Sony customer.


281

+ jazzyrider on April 26th, 2011 at 4:33 pm said:

Wow, this is not good! Not sure whether to blame Sony or the hackers. For one, Sony should have given us an earlier warning instead of a long delay!


282

+ Doc_Gerbil on April 26th, 2011 at 4:34 pm said:

For sale: 120 GB Slim PS3, 2 Dualshock 3 controllers, HDMI Cable, and a ton of games.

Thanks for taking an _entire week_ to tell us our credit card info was stolen Sony. What’s even more shocking are the people saying things like the following:

“Thanks for the update.
Hope you fix everythig)”

“ANOTHER UPDATE!!!!!!!”

or my favorite….
“Wow, this is alot of info. Thanks, this is very much appreciated by all of us PlayStation fans.”

No, it’s not appreciated because this IS a lot of info.


283

+ PatriotEyez27 on April 26th, 2011 at 4:35 pm said:

I have a question o.O

How are we able to post comments on the blog if we need to be signed in with a PSN log-in ID?


284

+ FeistFan on April 26th, 2011 at 4:36 pm said:

You don’t get points taken off your credit score for asking for your free annual review of your credit records. Anyone who says otherwise is trying to sell you something — probably the “free credit report” that’s really a $15/month credit monitoring service you don’t need. Stop making up damages that just aren’t real.

Don’t worry about hackers having your name and address — that’s widely available for next-to-free anyway. Your birth date is slightly harder to find, but not exactly difficult. There’s not a lot of data lost in this breach that’s worth worrying about.

The lessons to learn from this might be:

1. Don’t save your CC number in an online store (unless, perhaps, it’s a one-off number like many credit card companies will generate for free). This should go for Amazon and PayPal and everyone else like them, too.

2. Don’t use the same password on multiple sites.

That’s about it.


285

+ Kraikof on April 26th, 2011 at 4:37 pm said:

Why is everyone so bent out of shape? There were a bunch of SSN numbers stolen from a government agency a few years ago and nobody was this POed about it. Look, even Sony still has Humans, just like you and me, working for them, can’t expect everyone to be perfect can you?

If you answer yes to that answer, then you seriously need to take a trip to the white house and try and fix the world, don’t worry about security just walk up to the front door and knock. In doing so you will rid the world of your pathetic expectations, and I for one will feel that nothing of value has been lost.

I still trust Sony, and will continue to support, for the simple fact that Microsoft has been making the OS windows for how long now, 26 years? They still haven’t gotten that right, I don’t expect it to be, I’m a PC user, its just that ‘ve come to understand one simple truth…….Life sucks, get a helmet.


286

+ Lopez9577 on April 26th, 2011 at 4:38 pm said:

For sale: 120 GB Slim PS3, 2 Dualshock 3 controllers 1 Sixas, HDMI Cable, Portal 2, Socom 4, & Black Ops. I also have Blu Rays


287

+ fatjoe400 on April 26th, 2011 at 4:38 pm said:

@263

Muffin button


288

+ Lopez9577 on April 26th, 2011 at 4:39 pm said:

I just remembered I dont think i have my real name on psn lmao jokes on the hackers


289

+ Zinacef on April 26th, 2011 at 4:42 pm said:

Thanks for the update Sony. Nothing has changed with my stance – still a loyal fan!


290

+ Jaimzterr on April 26th, 2011 at 4:42 pm said:

This is gonna be talked about for YEARS…


291

+ fuzzyclutter on April 26th, 2011 at 4:43 pm said:

@+ kingotnw, Of course those other companies didnt tell you to initiate a plan of action , because they felt it wasnt necassary …WTF … why are people SOOOOOOOOO ignorant . ONLY YOU CAN INITIATE FRAUD /IDENTITY THEFT COUNTER MEASURES ON YOUR FINANCES otherwise giving other entities the ability to do so would UNDERMINE THE BENIFITS of taking such counter measures . ALSO how the heck did you manage to pull

“o take points off of my credit score, ” out of your (bleep) under no pretense did they suggest that whatsoever and THAT’s NOT WHAT HAPPENS WHEN THERES A FRAUD ALERT on your credit . Seriously though some people could use this time to hit the books


292

+ Budapesti on April 26th, 2011 at 4:44 pm said:

“When a data breach occurs, it is essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised. Compounding this concern is the troubling lack of notification from Sony about the nature of the data breach. Although the breach occurred nearly a week ago, Sony has not notified customers of the intrusion, or provided information that is vital to allowing individuals to protect themselves from identity theft, such as informing users whether their personal or financial information may have been compromised.”

– Senator Richard Blumenthal (CT)


293

+ angelspawn77 on April 26th, 2011 at 4:45 pm said:

It’s crazy how this has gone beyond just not being able to play online to worrying about our personal and Credit Card info. I hope to god nothing serious happened. I read an interesting comment on ign where someone said that if it was Anon that did this they supposedly claim to be the “good guys” and all they really wanted to do was screw over Sony and not the users, which they have said before. So if true then they would not want any of our info, they would basically just want Sony to say they messed up and therefore looking bad in the eyes of many people.


294

+ Vandaliser on April 26th, 2011 at 4:46 pm said:

i repeat sony. i want those responsible for this hacking to be prosecuted.


295

+ B-Real206 on April 26th, 2011 at 4:49 pm said:

3 games lopez, really, I’ll give $75 bucks for the playstation and the dualshocks, you can keep the sixas and the games. I also don’t need the hdmi.


296

+ OldKai on April 26th, 2011 at 4:49 pm said:

It’ll be nice to get the whiny kids off here when all of this is resolved, I thought most of them were on the Xbox playing Halo but I guess I was wrong.

There’s no such thing as a perfectly secure network, everything is hackable, sometimes it takes a while, but it’s possible, so if this was done to Amazon tomorrow, well…I’d expect the same people threaten to sue honestly. Because “there’s absolutely no excuse for this to happen.” But in a world where we all blame the victims, I’m not surprised. The odds if anyone actually suing are pretty small though since the same people threatened to sell their system and leave here and are still posting.

People who demanded info right away, that’s pretty good too. For one thing, they didn’t know everything right away. Another thing, a massive security problem, yeah, well’s just let everyone know everything. That’s completely safe. Yup.

I hope the [DELETED] responsible are pwned to the extreme. And by [DELETED], I mean hackers, not Sony, because I’m not stupid.


297

+ mcbuttz78 on April 26th, 2011 at 4:50 pm said:

the psn

legion commitee speaks:

This is more reason to stand up for the console and denouce unfiar playing ways and more sercurity for this console. One thing everyone should do Is go to the banks and close your bank accounts and open new ones at no cost to you or change your cc information and pin numbers. Do that asap. Also take off dictionary predict on the console before you make a new passwordor account, never auto save anything on the console.

Dont use any more cc# or account numbers on the console use psn cards> you dont have put your personal information onthe account .

Also we at the psn legionairre commitee would like to request sony to get rid of cc functions onthe console , let it use psn card only, give every member a personal password or pin number to use a psn card onthe console. cont>>


298

+ kingotnw on April 26th, 2011 at 4:50 pm said:

@260 At no point did I say I was going to leave Sony as a customer… However, they don’t want to lose me as a customer… I have bought 10 games in the past 2 weeks alone.. I have hundreds of PS3 games, it would not be a stretch to say I am one of their higher percentage customers. Probably why I have beta access to everything at all times. Me being upset about them not encrypting my personal information is completely separate from that.


299

+ kingotnw on April 26th, 2011 at 4:50 pm said:

What I meant by that last post is I highly doubt they want to lose me as a customer.


300

+ B-Real206 on April 26th, 2011 at 4:51 pm said:

The question is whether Sony broke any laws if it was aware of the data being taken and didn’t immediately warn consumers. Givens argues that the law is more complicated than that. “The data breach laws for the most part allow for some wiggle room in terms of notice. Six days, in comparison to other breaches, is not unheard of.” Still, it’s a troubling amount of time. “Once they were certain of the breach, and were certain of the types of data compromised, they should have told the affected individuals immediately.”
California’s disclosure law, for instance, doesn’t come into play as long the data is encrypted, or a law enforcement states that disclosing the breach could harm an investigation. That’s an easy loophole, however. “The law enforcement provision in these laws has been used to unnecessarily delay notice in many, many breaches,” Givens explained.
-from arstechnica


PAGE 1 4 5 6 7 8 11
Comments are closed. We close the comments for posts after 30 days