First off, we want to again thank you for your patience. We know that the PlayStation Network and Qriocity outage has been frustrating for you. We know you are upset, and so we are taking steps to make our services safer and more secure than ever before. We sincerely regret any inconvenience or concern this outage has caused, and rest assured that we’re going to get the services back online as quickly as we can.
We received a number of questions and comments yesterday and early today relating to the criminal intrusion into our network. We’d like to address some of the most common questions today.
We are also going to continue to post updates to this blog with any additional information and insight that we can over the next few days.
We are reading your comments. We are listening to your suggestions. Please keep them coming.
Thank you.
Q: Are you working with law enforcement on this matter?
A: Yes, we are currently working with law enforcement on this matter as well as a recognized technology security firm to conduct a complete investigation. This malicious attack against our system and against our customers is a criminal act and we are proceeding aggressively to find those responsible.Q: Was my personal data encrypted?
A: All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.Q: Was my credit card data taken?
A: While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network or Qriocity, and is therefore not stored anywhere in our system.UPDATE: While we do ask for CSC codes, we do not store them in our database.Q: What steps should I take at this point to help protect my personal data?
A: For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well. To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports.Q: What if I don’t know which credit card I’ve got attached to my PlayStation Network account?
A: If you’ve added funds to your PlayStation Network wallet in the past, you should have received a confirmation email from “DoNotReply@ac.playstation.net” at the email address associated with your account. This email would have been sent to you immediately after you added the funds, and will contain the first 4 digits and last 4 digits of your credit card number. You can also check your previous credit card statements to determine which card was attached to your PlayStation Network or Qriocity accounts.Q: When or how can I change my PlayStation Network password?
A: We are working on a new system software update that will require all users to change their password once PlayStation Network is restored. We will provide more details about the new update shortly.Q: Have all PlayStation Network and Qriocity users been notified of the situation?
A: In addition to alerting the media and posting information about it on this blog, we have also been sending emails directly to all 77 million registered accounts. It takes a bit of time to send that many emails, and recognize that not every email will still be active, but this process has been underway since yesterday. At this time, the majority of emails have been sent and we anticipate that all registered accounts will have received notifications by April 28th. Consumers may also visit www.us.playstation.com/support and www.qriocity.com for notices regarding this issue. In addition, we have taken steps to disseminate information regarding this issue to media outlets so that consumers are informed.Q: What steps is Sony taking to protect my personal data in the future?
A: We’ve taken several immediate steps to add protections for your personal data. First, we temporarily turned off PlayStation Network and Qriocity services and, second, we are enhancing security and strengthening our network infrastructure. Moving forward, we are initiating several measures that will significantly enhance all aspects of PlayStation Network’s security and your personal data, including moving our network infrastructure and data center to a new, more secure location, which is already underway. We will provide additional information on these measures shortly.Q: Has Sony identified the party or parties responsible for the PlayStation Network hack and subsequent theft of personal information?
A: We are currently conducting a thorough investigation of the situation and are working closely with a recognized technology security firm and law enforcement in order to find those responsible for this criminal act no matter where in the world they might be located.Q: When will the PlayStation Network and Qriocity be back online?
A: Our employees have been working day and night to restore operations as quickly as possible, and we expect to have some services up and running within a week from yesterday. However, we want to be very clear that we will only restore operations when we are confident that the network is secure.
No new update for today? Well that’s unfortunate…
:(
I WANT THE PSN BACK!
http://www.gameinformer.com/b/news/archive/2011/04/27/this-kevin-butler-parody-commercial-had-to-happen.aspx
ht*tp://ww*w.gameinformer.co*m/b/news/archive/2011/04/27/this-kevin-butler-parody-commercial-had-to-happen.aspx
man i hope the playstation network comes back on soon and tht everones account is safe and safe
Sparta?
@ FRANKMAN1
This is Madness!
:D
@CyB3r Hell yeah!
Now i know why the comments are dying… there is a cookie that let us comment… when that cookie expires we won´t be able to comment again until PSN is fixed :O
yeah i know, i read it on EU playstation blog this morning.
hope the PSN come back faster and stronger ^^
i just watched naruto shippuuden 209
Danzo is a sick bas tard lol
@302 FRANKMAN1
That’s true, I couldn’t sign in on the forms because of such problem but tomorrow Friday and they did say that the network will be ready during this week, right?
htt*p://ww*w.gameinformer.c*om/b/news/archive/2011/04/27/this-kevin-butler-parody-commercial-had-to-happen.aspx
remove *
@Bue2_222
expect to have some services up and running within a week from yesterday (26 april)
308 at you mean a week from tuesday? Yesterday was the 27th.
It says the cookie keeps you signed in for 1 week. I have been signed in for months without resigning in, how does that work. I am glad I didn’t delete my cookies the other day when I thought about it though. =D
B3YOND!!
I feel so alone; no one can comment. =(
Hello? HellOOOOOOO!
Apr
27
2011 Q&A #1 for PlayStation Network and Qriocity Services
Q: When will the PlayStation Network and Qriocity be back online?
A: Our employees have been working day and night to restore operations as quickly as possible, and we expect to have some services up and running within a week from yesterday. However, we want to be very clear that we will only restore operations when we are confident that the network is secure.
thet mean 1 week or maybe more…
Exactly, a week from tuesday. Not yesterday because it was posted yesterday.
Yeah the forums are controlled by the PSN. at any rate. Yes there is a lawsuit starting. and no I am not trolling nor being negative. the sad fact is that Sony really dropped the ball. Some people do not want to hear that and can not accept it.
We all have differing opinions , we all believe in a different way, we all are in the same boat. Heck there is even talk about this effecting lenders millions. This is a big Story It has effected every one every where. and you simply can not ignore it it has cost us all .
And here is part of the reason it costs everyone.
Each customer request to replace a credit card would cost lenders about $3 to $5 per card, several analysts told Reuters on Wednesday and Thursday. Those costs would include the new piece of plastic itself, postage, and various customer service costs. Plus other issues. I am not here to be a “negative influence”, But you need a reality check. this isn’t all that simple for Sony.
This is saddening though “However, we want to be very clear that we will only restore operations when we are confident that the network is secure.”
@317
Doesn’t mean that we won’t see it in a week. It has already been one week so I am sure they will be close. Can you blame them for making sure it is extra secure? Stinking hackers.
Sony, if you want an outside beta tester, shoot me a line! :-)
i bet if they turned on the network, 99% of the people would be happy again.
@datastorm
The lawsuit will/should fail. It is based on the fact that PSN didn’t have strong security because it was hacked. But, in the privacy policy you agreed to, it states
“We seek to maintain reasonable security measures in order to attempt to protect against the loss, misuse or alteration of the personally identifying information under our control. Unfortunately, there is no such thing as perfect security. As a result, although we strive to protect personally identifying information, we cannot ensure or warrant the security of any information transmitted to us through or in connection with our website, Sony Online Services or that we store on our systems or that is stored on our service providers’systems.”
@ 301
THIS IS SPARTA!!!!
@datastorm
The lawsuit will/should fail, because in the privacy policy you agreed to, it states they “seek to maintain reasonable security measures in order to attempt to protect against the loss, misuse or alteration of the personally identifying information under our control.” and “Unfortunately, there is no such thing as perfect security.”
Will my purchase history still be on my account?
@Capten If you check the support section (not here on the blog) they said that all your trophies, funds, friends and purchase history will be intact.
@zekececil14 that is your opinion, FTC , US Government and others have a differing view.
You see it makes no matter what a company places in the ToS, It has a greater responsibility under Us and other federal Mandates that the ToS can not even touch.Sony “failed to take reasonable care to protect, encrypt, and secure the private and sensitive data.”Sen. Richard Blumenthal, a Connecticut Democrat agrees.
Sony’s breach of its customers’ trust is staggering. Sony promised its customers that their information would be kept private. One would think that a large multinational corporation like Sony has strong protective measures in place to prevent the unauthorized disclosure of personal information, including credit card information. Apparently, Sony doesn’t,”
For any one to say such legal action shouldn’t be taken or should fail is not up to us to decide.
Everyone has the right to take legal action rather we like it or not. it is called Life. when shouldn’t be quick to criticize but instead have enough of an open mind to see where people are coming from.
Many said the same thing about the Other OS lawsuit and it is still going on to this day.
We all have much to learn from this.
this is so exciting, the new PSN launch is going to be an even bigger success than the PSPGo!!
Here are some figures for what has happened.
that the cost of this breach is in the billions–about $24.5 billion, which doesn’t take into account the loss of revenue from having PSN offline.
average cost of a criminal data breach at $318 for each record lost. At 77 million registered users, that makes for a hefty sum of just under $24.5 billion”.
Sony shares closed down 4.5 percent after falling more than 5 percent at one stage, while the broad market .N225 rose 1.6 percent. The stock has now lost more than 8 percent this week.”
The way i see it, is that we agreed that they would secure our information. The lawsuit was filed with no facts. There needs to be proof Sony didn’t secure it properly. They base it on the fact that is was hacked, so it wasn’t secured properly. They even said “Apparently, Sony doesn’t” Apparently means based on what you have read or heard, not fact.
Anything is hackable. Strength of security is based on how long it takes to hack the security.
btw, the EU blog says that we may not be able to log into the blog and comment for much longer. We are only able to stay logged in due to a cookie server that has a life of a week. For most of us, that time is coming up and there is no way to stop it.
from EU PS blog
“Countries: AE, AU, GB, IE, NZ
We are aware that you may no longer be able to log-in to the PlayStation.Blog and leave comments. This is because every time you log-in using your PlayStation Network ID, a cookie is created to keep you logged in for one week. These cookies have now started to expire and you will not be able to log back in until PSN has been restored.
However, you can still read the PlayStation.Blog without logging in and I will continue to post any news as soon as I hear of it.
In the meantime, please leave any questions or feedback on the following official PlayStation twitter feeds.
“
I too have only signed in to here like once awhile back and have never had to re-sign in again.
People think sony had bad security or something.
Hackers can get in anywhere. Your amazon account, your itunes account.. ANYTHING.
Why are you guys blaming sony, you should be blaming the hacker!
hopefully there is a update tomorrow
I am a ware of that cookie, so before I leave, I want to wish you all well.
And remember. its Not How one sees things, but how others sees things as well., We can not Say How I see it because in truth, its not about the me factor but about the We, us , they and them factor. And belive me… noe of this is of my opinion, it is what others are thinking, saying and feeling who are of higher precedence then the me factor. I just happen to keep enough wiggle room for error . All I am saying is that this is a mess. and when you have Authorities in the Stock Market and other fields that have even a greater Knowledge of how things run and operate, I am not going to say that they are wrong. We have a true fear and that is, where has all that data gone to?
You can’t just go and get Eggo Syrup and spread sweetness on this, This is as bitter as Gypsum Weed.( not sure why that came to mind) and the truth of it is there are things that we as consumers can not possibly understand.
Speaking of trophies, Madden 10 is the 2nd game (Flower being the other) that once I got a new trophy, the rest of my trophy list was erased and now I only have the one for that game. Uhhhh what the deuce?!?!? Anyone have a clue?
I am sort of running low on SP games to play, guess I can just brush up on my Street Fighter IV skills lol. Also heard we won’t be able to comment on the blog soon, so just wanna say you PSN guys and gals are a cool bunch mostly and can’t wait to see some of ya online. If you can’t wait for the Uncharted 3 beta to start feel free to add me on PSN when it returns stating you can’t wait for the Uncharted 3 beta and I will add you lol.
Who ever thought removal of the “Other OS ” would have lead to this? Not even I seen this coming.
I still think that Sony’s on mindedness with securing the console lft them wide open for this attack. Sony, In truth you took something that I enjoyed using. I was legit and you could have simply have patched it. But no you removed it.
You angered the consumers you didn’t care how we felt when you did this. Now a consumer with the knowledge and Know how came bursting through . Full of anger that he/she was cheated out of what they bought. and Now people have stopped focusing on the hacker. They no longer care who hacked you, they only care about the safety of there data that you so weakly protected. You have a responsibility to protect your consumers and you did not. You failed all of us. You are the ones to blame for the security breach, not a hacker. If you had updated your security none of this should have been an issue. But You Chose not to. Instead you chose to remove items from the PS3, your real weakness was not the PS3 , but your net work and it wasn’t even hacked by a PS3 it was hacked by an individual with a Computer.
The fastest the better. I hope we will be able to play on the PSN soon enough again!! At least for the online gaming, I mean, it’s not linked with credit card or anything for online play. PS: I’m finishing my single player games right now! lol
yeah, still have FF VII , Eh I think that is the 3 disk based game I have…Learning Materia all over again lol.
Defiantly won’t be updating nor using the PS3 online.. I truly No longer trust Sony with my data. Fool me once Shame on you fool me twice shame on me. So I am Not going to be fooled again.
Well , one things for sure.. people in the stock market are feeling a bit betrayed along with the rest of us… Investors??? Not Happy??? ouch.
Well, this is my final comment.
Sony, You have taken a great deal from us and now you have indeed been served your ” Dish of Crow.”
I hope you have learned your lesson in mistreating the Consumers. if Not, I am sure you will be taught yet another.
As i removing the other OS wasn’t an insult enough, now you fail to protect my security?
I have no Sympathy for you at all. You did this to your self.
@data; get over it. You were able to still use Other OS if you chose to. You just couldn’t log onto Playstation Network if that’s what you chose. The update stated this very clearly, that if you choose to update then you’ll lose Other OS and if you choose not to update you won’t have access to PSN.
You could have still used Other OS to your hearts content. Obviously it was not that important to you as you chose to update your console willingly. They did not break into your home and force an update onto your console. You agreed to the update, you took it away from yourself and the hackers are the reason you had to make that choice in the first place.
So perhaps you and all those other people should sue them instead of Sony, because they are the reason Sony removed it.
lokk up catch 22..And we already are suing them lol
Citation :
161. This statement is a fabrication. SCEA gave these reasons as a pretext so that it could attempt to argue that the Warranty, SSLA, and/or TOS allowed for the removal of the “Other OS” feature. In reality, SCEI and SCEA removed this feature because it was expensive to maintain (as they previously admitted when the feature was removed from the “slim” models – but which they conveniently removed from SCEA’s website); they were losing money on every PS3 unit sold (due to poor decisions in the planning and design of the Cell chip as noted above and given the PS3’s extra features); SCEA needed to promote and sell games to make their money back on the loss-leading PS3 consoles (and there was no profit in users utilizing the computer functions of the PS3); and IBM wanted to sell its expensive servers utilizing the Cell processor (users could cluster PS3s for the same purposes much less expensively).
SCEA’s purported Justifications for Removal were False.
This is what has lead to all this stuff happening.
“It is very unusual for Sony to completely rebuild a system after a security breach, rather than just stopping the bleeding and going back to some kind of restricted network,” said Mark Seiden, a longtime information security consultant. “The fact that two separate networks are involved in this security breach suggests –>>Sony discovered a major underlying problem that already existed.”<<<<
So my question is this, IF sony already new it existed why didn't they fix it? Could our Data have been Compromised at an earlier time as well?
This is why people are up set, Sony new about it and didn't care until now.
I would say that this cost Sony Dearly.
Sony Needs to become transparent. No more hiding anything, no more lying about reasons for removing features .
and the only reason why I am using my PS3 is because Xbox doesn't store my HD Videos.
My son was explaining that what the problem with the psn security model as it was was that the psn network was set to believe anything the console itself sent it. Once the ps3 was hacked the hacket had access to all sorts of other things and options. That made getting to the rest of Sony’s database pretty easy.
I’m sure he said that the passwords were stored in plain text. which means that if you were foolish enough to use the same password for everything all the hacker has to do is search for you nickname on Google try the password, chances are it will work. They may be able to get a bit more info from your personal details and be a few steps closer to stealing your identity.