PlayStation Network Security Update

443 1

On Tuesday, April 26 we shared that some information that was compromised in connection with an illegal and unauthorized intrusion into our network. Once again, we’d like to apologize to the many users who were inconvenienced and worried about this situation.

We want to state this again given the increase in speculation about credit card information being used fraudulently. One report indicated that a group tried to sell millions of credit card numbers back to Sony. To my knowledge there is no truth to this report of a list, or that Sony was offered an opportunity to purchase the list.

One other point to clarify is from this weekend’s press conference. While the passwords that were stored were not “encrypted,” they were transformed using a cryptographic hash function. There is a difference between these two types of security measures which is why we said the passwords had not been encrypted. But I want to be very clear that the passwords were not stored in our database in cleartext form. For a description of the difference between encryption and hashing, follow this link.

To reiterate a few other security measures for your information: Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well. To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports.

We continue to work with law enforcement and forensic experts to identify the criminals behind the attack. Once again, we apologize for causing users concern over this matter.

Our objective is to increase security so our customers can safely and confidently play games and use our network and media services. We will continue to provide updates as we have them.

Comments are closed.

443 Comments

1 Author Reply

  • IN another news… OSAMA BIN LADEN IS DEAD! i am starting to hate this joke(i have seen this ´´joke´´ over and over in Tweets) >Amazing what Americans can do when the PSN is down! hahaha lol xD! the other joke>Osama Bin Laden shouldn´t have logged in in his PSN.. l0l xD!!

  • hey when ppl gonna respond smthing bout another dude put better the username ´cause i am starting to get confused if yazter´s talking to me! haha lol yea it says 293 comments and correctt me if im wrong but am i the only one who sees they are 298 comments?? damn!

  • i bet that is what they are planning turning it on last minute Saturday 11:59 and if they do it pacific then they lied to the people on the east

  • starfox_6456303

    do a barrel roll

  • GOD DAMMIT!!!!!!!!!!!!!! WHERES IS MY PSN…………..im so tierd.

  • I guess Sony is a historically-accurate giant enemy crab, ’cause these hackers hit ’em in their weak spot for MASSIVEDAMAGE! Riiiidge Racer!

  • @296 is that dart from legend ?

  • Dear Sony, did you guys know that a lot of people really hate your guts now? “TURN THE DAMN PSN BACK ON ALREADY!!!”

    Thanks,

  • guess ill watch movies til it comes back on.

  • @ the rate things are going, PSN won’t come back online until roughly the same time Skynet becomes self-aware.

  • Sony I will make it easy for you so all you have to do is fill in the blank:

    “Dear valued customers, thank you for your patience. You can expect the PlayStation Network to return on-line May ____ 2011. Sorry for the inconvenience.”

  • and when May _____ 2011 passes and it’s not ready, what should they do?

  • cmon!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

  • Or better “Dear valued customers, thank you for your patience. You can expect the PlayStation Network to return on-line SOMETIME in 2011. Sorry for the inconvenience.” Since SONY likes to leave everyone in the dark anyways…

  • lol there should be a blank in the month and year spot, cause as it seems now they dont know when its coming back on.

  • I’m sort of getting annoyed by the outage as well, I’m this [ ] close to renewing my Live membership. Not that it matters. With that said, please, please, please never change the XMB! It is so much easier to get around without being bombarded by ads! I’ve been a long time Playstation supporter and I will continue to do so in the future…..I just hope that future is soon. very soon =)

  • starfox_6456303

    @302

    Dear valued customers, thank you for your patience. You can expect the PlayStation Network to return on-line when hell freezes over. Sorry for the inconvenience

  • just got my Playstation Rewards tee on SAT……….. and now all i need is my Playstation Network

  • O sweet I know when sony will put PSN back online!

    “Dear valued customers, thank you for your patience. You can expect the PlayStation Network to return on-line month (fill in the blank) day (fill in the blank) year (fill in the blank). Sorry for the inconvenience.”

    nvm….

  • haul ass god damn it. turn it on already!!!!

  • I have no idea how I am still able to post on this site, but whatever. Im not that concerned about the gaming outage, as I actually took advantage of the time the PSN was down to revisit an old game and finish up the necessary tasks to get the Fallout:New Vegas Platinum. As for my personal information being comprimised….Im pretty pissed about that. I am already a paying PS+ member, and giving me a lousy extra month of a service I never use is pointless.

  • ……….. PSN better never ever go down again…….

  • + SOOPERGOOMAN187 on May 3rd, 2011 at 4:25 pm said:
    “Good Bye Playstation, Good Bye Sony, Good Bye you have lost me as a customer. I HAVE SOLD IT ALL!!!! Now I have enough for a retainer for my lawyer.”

    You do understand that as a litigant in a lawsuit you are advised not to communicate with the other party without a lawyer present? Very likely not. I am sure you will be posting here for a while.

  • WOW THIS IS SOME PILE OF BULL CRAP WHEN ARE YOU COMING BACK ONLINE!

  • I thought PSN coming up today :(

  • you and alot of other people thought to as well…

  • starfox_6456303

    new post on europe blog

  • Ha! I’d saved $500 for the NGP (wanted to err on the side of caution, but was holding out hope for a $300 price point… with Sony one must expect overpricing) but have been tempted by the 3DS. Thanks for making the decision an easy one. Pilotwings and Kid Icarus, here I come…

  • I believe they are sincerely giving us all that they know, they are merely publicists of this blog, and I imagine they have little communication with the technical staff. However, I suspect another updated post soon.

  • *sigh* Thought maybe later EST would be an update per “usual” for the blog, but nope, we’re still out of access.

    How many people do you have working around the clock? 2?

    And more pathetic customer service practices in midst of a PR disaster for Sony, not exactly the brightest move I would say. Already losing long time Sony customers, yet not even considerate enough to give us at least a daily update or…get this….answer a reasonable question from time to time.

  • I find I always work better when multiple people are asking me “are you done yet? No, how about now?”

  • Post on EU blog is about the SOE hack we heard about a few days ago (not from Sony of course. We have to rely on other parties for information regarding our personal information being stolen. Makes perfect sense really…)

    I guess this is the final nail in the coffin of DCUO, then? This hack and the ‘superservers’… no wonder The Agency was canceled!

  • @321 i_like_toast
    I agree. lol

  • starfox_6456303

    Who’s the leader of the club that’s made for you and me?
    M-I-C, K-E-Y, M-O-U-S-E!
    Hey there, hi there, ho there, you’re as welcome as can be.
    M-I-C, K-E-Y, M-O-U-S-E!
    Mickey Mouse! (Donald Duck!) Mickey Mouse! (Donald Duck!)
    Forever let us hold his banner high, high, HIGH, HIGH!!
    Come along and sing the song and join the jamboree.
    M-I-C, K-E-Y, M-O-U-S-E!

  • OMG SERIOUSLY STILL NO UPDATE ON WHEN THE PSN WILL BE BACK UP?!

    IT’S BEEN ALMOST 2 WEEKS NOW, HURRY UP!

  • SONY DOWNTREND CALL: STOCK PRICE DOWN 16.8%
    Japanese newspaper the Nikkei is reporting (subscription required) that Sony has suffered a second major cyberattack, this time to the Sony Online Entertainment servers in Japan. Up to 12,700 credit cards have supposedly been taken. Sony has offered a limited statement (pictured above) and promises more information today.

    There is Confirmation of a second attack, So it has been attacked 2x.
    A person at Aaron’s has openly commented on how his PS3 Was hacked was made to think he had
    “Stolen it”. Because of that his PS3 has been rendered useless as was his Sony Viao TV. He returned Both Units back to Sony. He lost every thing on his PS3. Aaron’s Did not Correct the employee. Nor did They rebuke him. He is one angry ex Sony Consumer. So what did Sony Do For Him, Nothing. I am wondering how many more will begine to feel this sting? What if , The hackers can trick the Company into thinking that our Consoles were stolen, with the Stolen data?

    Aaron’s employees been pretty fair to me.

  • Sony Should promise a software update that would respect user opt-outs and Should cease backing up the location information on their computers.

    “This information, which was discovered by engineers and security consultants reviewing SOE systems, showed that personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007”?
    Additionally, an outdated database from 2007 containing approximately 12,791 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,740 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain were obtained. However, there is no evidence that our main credit card database was compromised. It is in a completely separate and secure environment.

  • The database that was compromised consisted of 24.6 million account records containing one or more of the following: name, address, email address, birthdate, gender, phone number, login name, and hashed password, to the extent provided. Approximately 8.8 million of these are non-U.S and of these approximately 185,000 were Japanese.
    We are currently investigating why the outdated database [was] on the system, as this was just discovered yesterday(May 2, 2011) and therefore we do not have any more specifics.
    Does this mean that any one that purchased devices and other goods got Compromised as well?

  • @ datastorm98632
    you know what it’s mean,
    time to invest into Sony’s product.

  • And Sony Does know the Answers there just giving what they want to the news media… We have to hunt for it.

  • Thanks for the updates and I can wait until comes back on.

  • maybe it’s more like they dont wanna announce it due to the fact that they don’t know who is responsible for the hacks yet… saying a date will not only attract it’s loyal customers to log in but also the people responsible for the hacks in attempts to hack the new service… thats just me though… all i care is that this never happens again and hopefully they find out who is responsible! Thanks in advance Sony for taking your time in making it right the 1st go so it can be safer for us to enjoy your online goodness :)

  • I won’t be investing any more in to Sony.
    Sony has Done broke my trust and they have broke a great deal of trust with a great deal of people. Possibly enough to shake them down.
    and For all those that are wanting Sony to Hury things up, Have you thought that Sony maybe still under attack? and is awaiting for it to cease? these people that hacked the system were pro’s. They are unable to be tracked and had one heck of a get away plan.Basically they used the equivalent of Dynamite, Diamond Tip Drills ,and Semis to Break through the system, and to haul it out and then had the ways and means to sell it. If You think I don’t have a clue as to what I am speaking of then you know nothing.

  • Cybersecurity specialists are asking pointed questions about the way Sony manages customers’ sensitive information, based on new details about its massive data breach.
    “So you’re going, ‘Oh, the main database was well protected — this was just an old one that was laying around,'” Wisniewksi said. “Why is decommissioned personal information, and especially financial information, just on the network?”
    Sony made no mention of whether the database, which affects customers outside the U.S., was encrypted, implying that it was not, Wisniewski suggested.

    Avner Levin, director of the Privacy and Cyber Crime Institute at Ryerson University in Toronto questioned why the database exists at all.
    So Sony?

    The database also contained direct debit records listing bank account numbers of more than 10,000 customers in Germany, Austria, Netherlands and Spain.

  • a word about hashing that may or may not do a good job of protecting user passwords depending on the type of hashing used. I will liken it to a lock on a door: “Did you put in a deadbolt or just a cheap little doorknob one can buy at a five and dime ?”

  • i agree with datastorm98632 sony may still be under attack by them for all we know

  • Moooooooooooooooooooortaaaaaaaaaaaal Koooooooooooooooombaaaaaaaaaaaaaaaaat!! (with Kratos :D, and techo music lol).

    GO SONY!!

  • @332 – datastorm98632
    I hope your far from the truth. But I do believe that Sony would inform us if that were the case, so far they have given every indication that things are improving and will be up soon.

  • “Whether Sony’s bad practices are an act of hubris or simply gross incompetence is hard to discern,”
    “It is just unfortunate that Sony had not taken a few preventative measures to be sure our information was safe.”

    Sony, You had to call for out Side help with regards to your Security issues?
    You Should have Done that a long time ago. It is like you know very little about security.
    So,Protecting the RSX Chip from running full video mode in Linux was more Important then protecting Our data?
    So you removed “Other OS due to financial reasons? and just used “Security threat” as smoke and mirrors?
    This leads me to believe that all the security updates for the PS3 were unnecessary. I say this because it was not the PS3, but your net work that was the issue .

  • @SGAShepp at the hashing or what area? here is the link.
    http://www.cbc.ca/news/technology/story/2011/05/03/sony-data-breach-playstation.html

Please enter your date of birth.

Date of birth fields