Q&A #1 for PlayStation Network and Qriocity Services

352 1

First off, we want to again thank you for your patience. We know that the PlayStation Network and Qriocity outage has been frustrating for you. We know you are upset, and so we are taking steps to make our services safer and more secure than ever before. We sincerely regret any inconvenience or concern this outage has caused, and rest assured that we’re going to get the services back online as quickly as we can.

We received a number of questions and comments yesterday and early today relating to the criminal intrusion into our network. We’d like to address some of the most common questions today.

We are also going to continue to post updates to this blog with any additional information and insight that we can over the next few days.

We are reading your comments. We are listening to your suggestions. Please keep them coming.

Thank you.

Q: Are you working with law enforcement on this matter?
A: Yes, we are currently working with law enforcement on this matter as well as a recognized technology security firm to conduct a complete investigation. This malicious attack against our system and against our customers is a criminal act and we are proceeding aggressively to find those responsible.

Q: Was my personal data encrypted?
A: All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.

Q: Was my credit card data taken?
A: While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained. Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network or Qriocity, and is therefore not stored anywhere in our system. UPDATE: While we do ask for CSC codes, we do not store them in our database.

Q: What steps should I take at this point to help protect my personal data?
A: For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well. To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports.

Q: What if I don’t know which credit card I’ve got attached to my PlayStation Network account?
A: If you’ve added funds to your PlayStation Network wallet in the past, you should have received a confirmation email from “DoNotReply@ac.playstation.net” at the email address associated with your account. This email would have been sent to you immediately after you added the funds, and will contain the first 4 digits and last 4 digits of your credit card number. You can also check your previous credit card statements to determine which card was attached to your PlayStation Network or Qriocity accounts.

Q: When or how can I change my PlayStation Network password?
A: We are working on a new system software update that will require all users to change their password once PlayStation Network is restored. We will provide more details about the new update shortly.

Q: Have all PlayStation Network and Qriocity users been notified of the situation?
A: In addition to alerting the media and posting information about it on this blog, we have also been sending emails directly to all 77 million registered accounts. It takes a bit of time to send that many emails, and recognize that not every email will still be active, but this process has been underway since yesterday. At this time, the majority of emails have been sent and we anticipate that all registered accounts will have received notifications by April 28th. Consumers may also visit www.us.playstation.com/support and www.qriocity.com for notices regarding this issue. In addition, we have taken steps to disseminate information regarding this issue to media outlets so that consumers are informed.

Q: What steps is Sony taking to protect my personal data in the future?
A: We’ve taken several immediate steps to add protections for your personal data. First, we temporarily turned off PlayStation Network and Qriocity services and, second, we are enhancing security and strengthening our network infrastructure. Moving forward, we are initiating several measures that will significantly enhance all aspects of PlayStation Network’s security and your personal data, including moving our network infrastructure and data center to a new, more secure location, which is already underway. We will provide additional information on these measures shortly.

Q: Has Sony identified the party or parties responsible for the PlayStation Network hack and subsequent theft of personal information?
A: We are currently conducting a thorough investigation of the situation and are working closely with a recognized technology security firm and law enforcement in order to find those responsible for this criminal act no matter where in the world they might be located.

Q: When will the PlayStation Network and Qriocity be back online?
A: Our employees have been working day and night to restore operations as quickly as possible, and we expect to have some services up and running within a week from yesterday. However, we want to be very clear that we will only restore operations when we are confident that the network is secure.

Comments are closed.

352 Comments

1 Author Reply

  • Perhaps the more important issue at hand is how lax Sony’s security is that this was even possible. This kind of info should be stored at the highest level of encryption possible, which is absolutely was not, and while Sony has been focused on making sure their movies can’t be bootlegged and their games can’t be pirated, they forgot to protect their millions of consumers who trust them with their personal information.

    I do not condone the actions of these hackers in any form, but Sony absolutely kicked a hornets nest that should have been left well enough alone. All of this started over OtherOS? Seriously? I bet they wish they had just let that one go at this point.
    How bad is this going to get? I’m not sure, but when a company as huge as Sony issues a statement telling you to watch out for email and phone scams, and keep an eye on your credit card bill, that’s a PR disaster which is going to be hard to crawl back from. , Sony will dig itself out of this pit eventually and hopefully with a few lessons learned.
    Just telling it like it is people, just telling it like it is.

  • While you are at it make sure that this psn update requires a software update so you can get rid of all the jailbreakers. there must be a way to do this. and this would be a bigger payoff than something free at the ps store.

  • @200 – By far & wide I agree w/ what you’re saying; you do raise some good points. The 1 point where our opinions differ is over the OtherOS thing. It’s my understanding that OtherOS was diabled was due to the fact that Sony realised that hackers were getting close to the point, that if left unchecked, would be able to pirate software using OtherOS. Sony, or any other company for that matter, has an obligation to stop piracy (or @ least hamper it) whenever possible. Let’s face it – in terms of real numbers, very few ppl outside of the govt. & universities used OtherOS on the PS3 (& those groups used it due to the PS3’s sheer processing power). Of those who try to claim that they use OtherOS or mod their PS3s for homebrew, etc., they’re blowing smoke up everyone’s arses. The overwhelming majority of the so-called “homebrew” out there are simply apps to facilitate piracy. Don’t believe me? go ahead & look around.

  • If this does go global, the 17 percent it made in sales won’t compensate for for the total damages the cooperation will face in penalties and fines across the the communities and countries that the PSN serves.

    What we are witnessing is literally a “Super Volcano” in a breach of security “that has erupted” and it is causing severe global reactions from this eruption.
    It was only a matter of time. We seen it coming. Sony you were to busy protecting your selves you forgot to protect us. Well.. Sony has suffered many lawsuits in the past and they have 2 now, the other OS and Now a new one.
    I won’t even try to guess the out come. Needless to say, if Sony’s investors are stating that they have concerns and are using phrases like “Consumers and merchants have been exposed to what is one of the largest compromises of Internet security and the greatest potential for credit-card fraud to ever occur in U.S. history,” then There is going to be serious consequences.
    also the FTC is looking into this as well. Sony has gotten attention alright, but it is for all the wrong reasons.
    good luck and good day.

  • Oh and the other OS was proven to be removed for financial reasons not due to security issues

  • What about our Netflix information? I remember logging into my Netflix account, instead of using a code like on the 360 and Wii. Is that information at jeopardy?

  • Question: Are we going to be able to update other aspects of our profiles that we previously were not; i.e. security questions/answers?

    If these have been comprised then there is no point in changing my password, as someone could simple use my security questions/answers to reverse the process or take the acount away all together.

  • @204 datastorm98632
    “Oh and the other OS was proven to be removed for financial reasons not due to security issues”
    You are very ignorant to believe that.

  • @203/204 – my point still applies w/ regards to the whole “homebrew” thing & whatnot. a simple Google search can verfy that.

    @205 – your best bet is to follow the old “better to be safe than sorry” addage & assume that that info, too, was compromised. I suggest changing any Netflix login credentials as soon as you can and/or call Netflix & make them aware of the situation.

  • @Lopez9577 – You’re still here? From your posts a couple of days ago I thought you sold your PS3 and were moving down to a 360? What gives?

    + Lopez9577 on April 26th, 2011 at 1:02 pm said:

    ….. believe me I am now deleting/deactivating all my accounts selling this crap of a system and buying an xbox360.

    + Lopez9577 on April 26th, 2011 at 1:14 pm said:

    Everybody lets start a bonfire with our ps3s and go Buy 360′s

    + Lopez9577 on April 26th, 2011 at 4:38 pm said:

    For sale: 120 GB Slim PS3, 2 Dualshock 3 controllers 1 Sixas, HDMI Cable, Portal 2, Socom 4, & Black Ops. I also have Blu Rays

  • @198: Expectations (more like demands) and good gestures don’t go hand in hand. Consumers should have sat back to see what Sony does when left to their devices. If they do nothing, then we can see that they’re not willingly to ignore blame on the hackers and still do something for the inconvenience it caused their consumers. Which in this situation, I can’t blame them. I wouldn’t if I were part of a company that had this issue.

    Demanding them to do such is just that. Demanding. Even if they do something to appease us, then people will only say it’s because users were complaining about it. So now even if they do it, we’ll not know where it’s coming from. So it won’t be considered good will.

    These people don’t want good will. They want something for free. If they wanted good will, they’d have kept their mouth shut to see if Sony would do it on their own terms without any user input. It’s too late for that now. Just like how you can tell a company’s motives by their actions. You can tell a persons’ motives by their actions.

    People who want them to do right by the inconvenience despite it not being their fault wouldn’t be demanding compensation.

  • Many Parents here may well reconsider how safe our children are. I we parents decide that the PS3 is no longer safe for our families, Sony will have a bigger issue on its hand.I deleted my credit card information 2 months in advanced as there was talk about an attack on the PSN happening. I took that threat seriously. And removed the credit card data . I knew an attack was going to occur as there was a great deal of open talk about it.
    I was also angry at the removal of the “Other OS” and thus I was removing my account to Show Sony I will not support there case against this legal action by giving them money.
    Sony has been way to engrossed in its self and now here it is . this is what happens when a company becomes to concern about its own backside and fails to protect us the consumers.
    Private data means just that PRIVATE! Sony has far to long Lied to us about a great deal of things having to do with the PS3 and this is what happens when you continue to lie to people. Sony, You have lied to us long enough. and this one Lie takes the cake. You Never took our security seriously, you only took your security seriously.
    That Sony is a very big mistake.

  • @210 -I see what you’re getting at, & I agree with you. I may wanna add an observation that I’ve made if I can. Very rarely, especially in the gaming industry, do companies make any sort of gesture out of sheer good will. More often than not, they’re inclined to keep situations like this as hush-hush as possible & try to swwep situations under the proverbial rug for as long as possible & try to do we they deem necessary to maintain their stockprices & profits. giving things away for free (even virtual/downloadable items) would cut into their profits). The only thing that comes to mind that doesn’t fit this reasoning is when XBL gave away free copies of Undertow when there was an XBL outagge of nearly 2 weeks a few years back. Aside from said example, nothing else comes to mind.

  • @211: Do you not have anything better to do than consistently post your DOOOOOOOOOOOOOM crap? Go for a walk.

  • @211 – aside from the bit sbout OtherOS that you threw in there, I agree with you. I already threw out there where I stand in as far as OtherOS, so I won’t bother reposting it. Said stance still applies. Sony may not have outright lied, but they did withold pertinant information from us longer than necessary, but, for all intents & purposes, witholding information is basically the same as lying IMHO.

  • *yawn* These threads were much more interesting a few days ago. lol

  • @LilWayneSuckz

    because i’d like to know how well my data is protected. besides enryption shouldn’t rely on that the algorithm is unknown so it won’t hurt anyone.

  • Sony I love u just give me ghost recon future soldier early beta xess

  • @210 – Y’know, a thought just occurred to me. I think I see why so many ppl have been asking for stuff over the past few days. Considering that a sizable portion of PSN users may have out of pocket expenses relating to “cleaning up Sony’s mess” w/ regards to not properly securing personal data, then not being very forthcoming w/ information initially after the attack, some people have spoken up requesting stuff to essentially offset those expenses, or even to possibly (and essentiall) serve as “punitive damages”. Is Sony likwely to act on their own on this? It’s possible, but very likely. If I were a betting man, I’d say that, in order to get any relief in any way, shape, or form, a 3rd party would have to get involved & essentially force them to do so – be it that much talked about lawsuit, or even by way of that 1 senator from Conneticut(?) – what was his name? Blumenthal? Anyhoo, I digress…

  • Oops! there’s a typo in my last post.; It should read as: “it’s possible, but NOT very likely.” My bad.

  • I don’t really feel like I need any compensation since I already agreed that I’m not specifically owed any if the PSN becomes unavailable, even though I’m a PS+ subscriber. I’m still able to enjoy a lot of my PS+ benefits without PSN online. I can still play a lot of those free games I downloaded and enjoy the themes I downloaded. I didn’t do the math but at $50 a year, 2 weeks works out to just under $2. I laugh thinking about actually getting mad over $2. I can’t get the clip (the paperboy) of Better Off Dead out of my head. “TWO DOLLARS!!” lol

    I’ll be excited to get back to playing SSF4, Dead Nation, and Dungeon Hunter online once the PSN is back up.

    The main annoyance here (and honestly it is JUST an annoyance) is that I won’t trust PSN with my financial info, so I’ll have to resort to the PSN pre-paid cards. I haven’t checked, but can we buy a PSN card/code with amazon.com and get the code via email – then be able to cash it in on PSN? This way I can buy whatever I want without having to make a trip out to get a card late at night. I really got used to that instant gratification of shopping and purchasing with just a few clicks.

  • The point is Sony was entrusted with our data and they blundered miserably.
    How do we know that there were not additional Hacks that have taken place prior to this attack? Has the PSN been Breached before and we weren’t told? What is most intriguing is it wasn’t the US based server or uk based server, It was all accounts world wide that were compromised. that means an intrusion that allowed for ALL accounts world wide to be placed in jeopardy. I do not think that any one here has grasped that Idea. Its not that a certain city, state or Country that was compromised, It was the entire system that was breached that means everything to do with the PSN is a global issue.
    When will this sink in?
    Stage 1 comes Shock, people are not able to comprehend things.
    Second stage Comes Disbelief, oh it isn’t that serious,
    Third stage comes Anger.
    We are still in stages one and two and are now entering into stage 3. Were entering into the anger now.

  • this is how these threads work

    complaint
    threat
    complaint
    threat
    posative
    complaint
    posative
    posative
    posative
    complaint
    complaint

    you get the picture

  • I heard a report from Sony that the online will be back on May 3
    http://ps3.ign.com/articles/116/1164641p1.html

  • Thepsj staff need to block data storm fromtyping here he is just trolling and being very negative. Please do us all a favor and block lopez and data storm from typing here psm staff thank you

  • 1st of all I would like to thank you for your support.

    as far as suggestions go It would be nice to see an increase in the number of friends we can add on our PSN (at least double of what we have now), I can’t quite remember if the xmb had a “report cheater” function (but if not it would be nice to have) also something that is just obvious Cross game voice chat, this is something that the community has been asking for, for a long time.

    I understand that getting the PSN back online and protected is top priority (and I agree with that) But it would be nice to see these features if at all possible. I will continue to support SONY in any which way I can, I just hope you guys don’t get 2 much hate mail… (PS: good luck with that =P)

  • @ #209 Ratchet426:

    ROLMFAO! What A Troll!

  • 3 of my friends at school are soo afraid of their info being “used” that out of fear more than reasoning, they are selling their PSP’s and ps3’s for the XBOX. As far as I am concerned, they are all total ******* idiots.

    BTW, PSN going down could be classified as an alcholic going through withdrawl.

    I am getting sick and tired of constant complaints. Especially from people who have no fing idea what they are talking about.

  • Here’s what Modnation Racers has taught be about ‘report cheater’ type functionality. If you beat someone at a game, then you were cheating somehow. Waaaaay too many people like that. The system would be flooded with ‘sore loser’ reports …

  • As I have stated several times on older posts, I am not frayed by PSN being down, the hack of private info, or even the possible CC leak.

  • improved psn security people stop being trolls or no lifes and just wait for sony to bring it back up and play single player for now

  • @229

    I agree completely, well said

  • Good post, Can’t wait for the network to go back up. Because of the network being down, I went over to my friends house to try out the Gears of War 3 beta and you know what I thought about it? It made me reeeeeaallly wanna play Uncharted 3 since Uncharted 3 will be ten times better! As long as the network is up and ready to roll by the time the Uncharted 3 beta starts, I will be a happy man! Now and forever a fan, korgon117.

  • @Krogon117

    you played mass effect? just guessing from your tag because Krogon is a species in ME.

    anyways, wish I still had my origional UNCHARTED. Never got plat in that one, but got plat in UNCHARTED 2.

  • ..more questions:
    1. Are you going to stop fishing undeclared information from every ps3 after this, in “an abundance of caution” – or are you going to continue as before with the “secret” datamining?
    2. What are you doing to split personal information for users internally in useful ways?
    3. Are you going to split access to internal networks now for different types of user-levels?
    4. Internal encryption that doesn’t exclusively rely on parts of the platform never being breached.. a good idea?
    5. Completely centralized authentication schemes – bad idea?

  • PLAYSTATION NETWORK… TE QUEREMOS DE VUELTA… PRONTO

  • For all those people that are threatening to sell, throw away, give away or burn your PS3 to get a 360 can you send your PS3s to me, please, instead? I have plenty of family and friends that can use a good gaming/entertainment system.

  • So any update or ETA on PSN service restoration? Would love to get back online soon! And the weekend is approaching soon. Thanks!

  • I really hope Sony doesnt get screwed. The problem is taking to much time, so now goverments are demanding explanations. Sony needs to fix this soon before the sales of the system begin to drop. Right now the PS3 is the best selling consoles Worldwide, but I dont expect that to continue if the problem persists.

    I really hope you guys at Sony fix this by the weekend and have some prove that no credit card information was stolen. I know that what I am gonna say is not as important, but I would really like if my trophy information is still there :D.

    GO SONY!!!!
    KICK HACKER A$$!!!!

  • Due to this problem I have played again MGS4, GOW3, UC1 & 2 and Mooooooooooooortaaaaaal Kooooooooombaaaaaaaaaat (techno music lol XD) SO AWESOME!!!

  • words of GEOHOT(One of the things I was contemplating back in early January was a PSN alternative, a place for jailbroken consoles to download homebrew and game without messing up anyone else’s experience.)

  • Sony, thanks for the updates. Please keep ’em coming.

    The outage gave me a chance to clear out some old programming from my DVR, and put dents in some single-player campaign/story modes for some games. Just don’t let this happen again. :)

  • @ Elcik_

    I completely agree with you. I would even go as far to say that even if Sony gives everybody something for free, more than half of them would complain about whatever it is.

  • I’m a little relieved now. Make sure to post a huge blog article when the perps get caught.

  • @Verios44

    I played the full-game trial of the sequel, but never played either of them to much. The actual origin of my PSN is when I used to be a halo-addict, I always played as the alien and Korgon just sounded like an alien name lol. But no I haven’t played either of the Mass Effect games. I can’t really go by the full-game trial since that game seems like it takes a while to get good.

  • thanks sony for all this info and for the latest infos ;)…. Im sony user since 1996 and its not a problem like this in so many years that’ll make me change my mind about sony! SONY its SONY and nothing can compare to it…just make sure you get those b@5t@rd5 who attack our info! cause those @55 holes didnt attack sony…attacked all of us…customers of SONY!

    Keep us posted SONY!

    PS: Cut the fingers off of those called “h4ckers”…make sure they never programm/hack again!! xtreme measures its necessary :D

  • @ Elvick_,

    My apologies for misspelling your name in my last post.

  • I think I will go play MGS4 now until the network is back up. Can’t wait for more PSN online gaming and I am dying to play InFamous 2 when it comes out. WOOT Go Sony!

  • Yay! lol… hi people and bye.

  • did everyone hear that sony is being sued because of the breach of the breach of info?

Please enter your date of birth.

Date of birth fields