PlayStation.Blog
Uncharted 4

An Important Message From Sony’s Chief Information Security Officer

Philip Reitinger's Avatar + Posted by Philip Reitinger on Oct 11, 2011 // SVP & Chief Information Security Officer, Sony Group

We want to let you know that we have detected attempts on Sony Entertainment Network, PlayStation Network and Sony Online Entertainment (“Networks”) services to test a massive set of sign-in IDs and passwords against our network database. These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources. In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks. We have taken steps to mitigate the activity.

Less than one tenth of one percent (0.1%) of our PSN, SEN and SOE audience may have been affected. There were approximately 93,000 accounts globally (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000) where the attempts succeeded in verifying those accounts’ valid sign-in IDs and passwords, and we have temporarily locked these accounts. Only a small fraction of these 93,000 accounts showed additional activity prior to being locked. We are currently reviewing those accounts for unauthorized access, and will provide more updates as we have them. Please note, if you have a credit card associated with your account, your credit card number is not at risk. We will work with any users whom we confirm have had unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet.

As a preventative measure, we are requiring secure password resets for those PSN/SEN accounts that had both a sign-in ID and password match through this attempt. If you are in the small group of PSN/SEN users who may have been affected, you will receive an email from us at the address associated with your account that will prompt you to reset your password.

Similarly, the SOE accounts that were matched have been temporarily turned off. If you are among the small group of affected SOE customers, you will receive an email from us at the address associated with your account that will advise you on next steps in order to validate your account credentials and have your account turned back on.

We want to take this opportunity to remind our consumers about the increasingly common threat of fraudulent activity online, as well as the importance of having a strong password and having a username/password combination that is not associated with other online services or sites. We encourage you to choose unique, hard-to-guess passwords and always look for unusual activity in your account.

//Add Your Own

267 Comments

PAGE 1 2 3 4 6

51

+ jamaicanTHUG on October 11th, 2011 at 8:20 pm said:

All my new psn passwords are in one place, my wallet.


52

+ Psicocrusher on October 11th, 2011 at 8:20 pm said:

Thanks for the data!


53

+ IPumpMyGun on October 11th, 2011 at 8:21 pm said:

Says in Yoda voice “Xbox 360 fanboys will troll….”


54

+ Fat_lazy_slug on October 11th, 2011 at 8:24 pm said:

Hey Phil, did you catch this before or after sony tried to take away my right to legal action?


55

+ IPumpMyGun on October 11th, 2011 at 8:24 pm said:

T_T


56

+ DMcgee627 on October 11th, 2011 at 8:28 pm said:

@Fat_lazy_slug I hope you opted out of that BS. I know I did, even though that kind of stuff Sony’s trying won’t hold up in court where I live


57

+ jeffsmither on October 11th, 2011 at 8:28 pm said:

Do we get the email now or soon?


58

+ jonny_boy103 on October 11th, 2011 at 8:35 pm said:

Im sick of these mother effing hackers being jerks. Let us play in peace! And thank you sony for posting this so quickly to. It is always nice to hear about it ASAP


59

+ ashtiany22 on October 11th, 2011 at 8:46 pm said:

Sony it not ur fault it just people think its funny to make psn look bad the best way to keep hacker from ruining sony step it up more an strength the network an do everything u can to keep hackers an jail breakers from bypassing the network just upgrade everything fix the firewall an scan the network to make sure nobody tries anything stupid like hacking


60

+ MagixAdept on October 11th, 2011 at 8:47 pm said:

Well that explains why I’ve been locked out of my account then…


61

+ OmegaJirachi on October 11th, 2011 at 8:48 pm said:

Even if things go wrong, I still have a bunch of PS2 games. :)


62

+ IPumpMyGun on October 11th, 2011 at 8:52 pm said:

Before all the retarded fanboys get in here I will explain what happened in non-lawyer gibberish (even though it is not that hard to understand in its current form). Someone stole a list of usernames/passwords from some other source (forum, website, service, ect.) they then used those usernames/passwords to try to get into PSN accounts that have those same usernames/passwords.

In this day and age you have to be crazy to use the same password on many sites. Your stuff will get hacked!


63

+ Painkiller360 on October 11th, 2011 at 8:54 pm said:

Banned those jailbreakers off socom confrontation !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


64

+ Sponge-worthy on October 11th, 2011 at 8:57 pm said:

Thanks for the update.


65

+ JaY_Ci_415 on October 11th, 2011 at 8:58 pm said:

I just ask why…


66

+ S-E-G on October 11th, 2011 at 9:03 pm said:

why is this still going on, and with all your Make.Believe Security upgrade, why haven’t you detected who these people are by now? i want these questions answered by Fony personally!


67

+ T67Killer on October 11th, 2011 at 9:06 pm said:

at lease sony is getting better


68

+ pitythefool852 on October 11th, 2011 at 9:08 pm said:

Best Sony security response ever.

People try to hack networks and online accounts – we know that, we understand that. (Well, some people might not understand, but they obviously don’t know how tough cyber-security is in the mordern age)

But, for me, knowing that Sony knows exactly what’s going on, and they have the balls to tell us clearly what happened and how they’ve fixed it gives me peace of mind.

Good job, Sony and Mr SVP & Chief Information Security Officer


69

+ SlayerTJB98 on October 11th, 2011 at 9:13 pm said:

C’mon people! I don’t like this. What do people think its fun to hack? I better not be one of the locked accounts. I’m not blaming sony. I am also glad that they didn’t wait a week to inform us. But please don’t shut psn down again this hacking stuff is getting old.


70

+ Amida-butsu on October 11th, 2011 at 9:18 pm said:

I am 1 of the 93,000. zzz. at least I have this 2nd account to play online with until this is all fixed


71

+ KidCommando on October 11th, 2011 at 9:22 pm said:

Thank you for informing us. Keep up the transparency with your customers!


72

+ Newhopes on October 11th, 2011 at 9:25 pm said:

This wasn’t a hack either Sony or who ever they sold/shared our info with screwed up and lost that Info, then who ever got hold of that info used it to try to brute force there way in.


73

+ pitythefool852 on October 11th, 2011 at 9:29 pm said:

@Newhopes

Or more likely someone stole a stack of emails and passwords from a gaming-related forum, and a small number of those emails and passwords matched with PSN accounts


74

+ MysticalOS on October 11th, 2011 at 9:31 pm said:

All you people saying “this needs to stop” or actually thinking this one is sony’s fault, reread the article, they are saying someone elses database was clearly compromised, and becomes SOME people use the same login/password on other sites, is why the compromised 3rd party credentials worked. However in most cases the credentials failed because they were NOT sony credentials that were compromised. Does this not make sense to all of you raging at sony for no reason on this one?

Translation, don’t sign up for bobs video game phpbb 2.0 board that hasn’t been updated sice 2006 using same email/pw and expect it to go well for you when his board is hacked and the hacker desides “well this was a video game board, i’m gonna try all these logins on the sony network”. Because that is exactly what happened here.


75

+ MythicFox on October 11th, 2011 at 9:36 pm said:

It’s got to be more than just using passwords from a game board. Because A: My psn account has an email address that I don’t use anywhere else. B: I’m not a member of ANY game boards. So yea, that’s not the case. So why is my account locked? It’s also not psn down because out of my 3 accounts, two work. Yet my PLUS account, which is my main, says password invalid. Really peeving me off now. I got kicked mid-game just to get a invalid password message. I can’t even log into these forums with that account. Nor have I got this supposid email from Sony.


76

+ LuVjHoNiSPINOY on October 11th, 2011 at 9:42 pm said:

I didn’t play today and this happened. Oh well at least i know what’s going on, unlike last time.
Thumbs up for Sony.


77

+ Xanzar on October 11th, 2011 at 9:44 pm said:

nice work looking into this Sony, not many companies actually would


78

+ pitythefool852 on October 11th, 2011 at 9:48 pm said:

I’m surprised that many people aren’t using different passwords for different sites… it is essential

Guys – always have a secondary email for sites that might seem less secure. You can use email forwarding if you want notifications to reach your primary account.

Always use different passwords for different sites.

It’s good to have a system for creating a password that contains letters and numbers, and would be unique to a particular site. That means that you’ll never forget a particular password, but people will find it hard to guess your other passwords even if they obtain one.


79

+ ThePirateLuffy on October 11th, 2011 at 9:51 pm said:

My main account RikkaHime has been affected! I can’t log into my account and I haven’t received any e-mails on the matter. Please help me Sony! Please send me an e-mail so I can change my password. Thank you.


80

+ BrianC6234 on October 11th, 2011 at 9:55 pm said:

What dumb hackers. I hope everyone changed their password for PSN to a password different than other passwords. Can the police at least track this idiot to an IP address and bust them?


81

+ shadysaiyanz on October 11th, 2011 at 9:56 pm said:

Thanks for updating us :D


82

+ JEC94 on October 11th, 2011 at 9:58 pm said:

bann those call of duty world at war hackes ASAP!


83

+ Sirynx77 on October 11th, 2011 at 9:58 pm said:

Philip Reitinger: I think it would be good for you as Sony’s Chief Information Officer to also recommend that users that it would be wise to change their passwords as frequent as possible. A good guideline is to do it every 2-3 months. However, this would be completely voluntary.

This is effective to use with other services that use passwords or pin numbers. It might be an inconvenience to all but its really is the best way to secure your info other than closing all accounts.


84

+ rockinjs864 on October 11th, 2011 at 10:02 pm said:

thanks for the update on the situation I’m just wondering if this would be followed by a new system update


85

+ masthamazza on October 11th, 2011 at 10:05 pm said:

ok so what if the email set to the account has been closed. is there a way to link the said account to a new email address


86

+ Adrance on October 11th, 2011 at 10:09 pm said:

In short, these people gathered the info from another site that is not very secure (email and password) and tried that info on the PSN authentication servers.

I know it’s a pain people but try to use different passwords with less secure sites.


87

+ LordRaoh on October 11th, 2011 at 10:15 pm said:

I got an email yesterday to change my password or that my password was changed.

I changed it, but I just tried to access it again and the password is not working. I can continue to change the password but can’t login as it says the username or password is not correct.

It’s like an endless loop of “username or password incorrect ” “create new password” “username or password incorrect “


88

+ Permafry_42 on October 11th, 2011 at 10:28 pm said:

finally PR learning from it’s mistakes…


89

+ comicfan007 on October 11th, 2011 at 10:38 pm said:

Thanks for the update.


90

+ KidNT9 on October 11th, 2011 at 10:50 pm said:

Thanks Sony for informing us about this, this is a very serious matter. Making it a quick to tell us was even better, these hackers need to be caught right away because I’m pretty sure no one wants another PSN Outrage incident like before. Sony make sure you keep us updated!


91

+ Firelogic on October 11th, 2011 at 10:59 pm said:

If after the first PSN breach, as well as numerous other breaches experienced just this year alone on various sites, you’re STILL using the same username and password on multiple sites, you deserve to have your account compromised.

How hard is it to have a unique password everywhere you have to register an ID? If it’s difficult for you, get a password manager!


92

+ perrandy on October 11th, 2011 at 11:00 pm said:

i agree with the sentiment of all people here.thank you sony for telling us and also for being alert!


93

+ Dessron on October 11th, 2011 at 11:20 pm said:

@17: They might have taken their ID/password combinaisons from another site’s database and tried them all to see if they worked on PSN since many of them didn’t work. It doesn’t mean there is a leak in Sony’s database…


94

+ DCS-Tekken on October 11th, 2011 at 11:20 pm said:

OK, so SONY’s been HACKED yet again… So what i want to know now is… Where are our FREE Games this time and how about 250 FREE Home item’s this time to make it all Better?

Well someone had to ask! And now we wait our FREE STUFF!

Come on SONY u Know we like FREE STUFF!

By: DCS


95

+ BrianC6234 on October 11th, 2011 at 11:24 pm said:

I hope you’re joking DCS-Tekken. This is no hack. It’s just an idiot or idiots trying to log into accounts from information they got from another site. I guess you could say someone else was hacked.


96

+ Kchow23 on October 11th, 2011 at 11:24 pm said:

You do understand that they took away your right to a CLASS ACTION SUIT, you are still able to sue them for whatever reason individually.


97

+ Deathspear666 on October 11th, 2011 at 11:41 pm said:

The Lulz Boat has sailed again!!! trollolololz…j/k people..I am sure all will be ok so no need to get your thongs in a twist lol


98

+ Deathspear666 on October 11th, 2011 at 11:44 pm said:

BTW it is 2:44 am here Sony not 11:44 pm like this post is going to say…smh lol


99

+ Type-F- on October 11th, 2011 at 11:45 pm said:

damn hackers better back off rawr!


100

+ Elvick_ on October 11th, 2011 at 11:58 pm said:

I love how this is being blown up as a “hack attempt” when it’s clearly not. It’s clearly an exploitation of the fact that many people online don’t use different passwords for their online accounts, and usually use the same handle across many different sites as well. Making it really easy for them to steal everything from you.

USE DIFFERENT PASSWORDS. I can’t remember half of mine, but at least if I lose one account I won’t lose it all.


PAGE 1 2 3 4 6
Comments are closed. We close the comments for posts after 30 days