PlayStation.Blog
PS4-The Order

An Important Message From Sony’s Chief Information Security Officer

Philip Reitinger's Avatar + Posted by Philip Reitinger on Oct 11, 2011 // SVP & Chief Information Security Officer, Sony Group

We want to let you know that we have detected attempts on Sony Entertainment Network, PlayStation Network and Sony Online Entertainment (“Networks”) services to test a massive set of sign-in IDs and passwords against our network database. These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources. In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks. We have taken steps to mitigate the activity.

Less than one tenth of one percent (0.1%) of our PSN, SEN and SOE audience may have been affected. There were approximately 93,000 accounts globally (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000) where the attempts succeeded in verifying those accounts’ valid sign-in IDs and passwords, and we have temporarily locked these accounts. Only a small fraction of these 93,000 accounts showed additional activity prior to being locked. We are currently reviewing those accounts for unauthorized access, and will provide more updates as we have them. Please note, if you have a credit card associated with your account, your credit card number is not at risk. We will work with any users whom we confirm have had unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet.

As a preventative measure, we are requiring secure password resets for those PSN/SEN accounts that had both a sign-in ID and password match through this attempt. If you are in the small group of PSN/SEN users who may have been affected, you will receive an email from us at the address associated with your account that will prompt you to reset your password.

Similarly, the SOE accounts that were matched have been temporarily turned off. If you are among the small group of affected SOE customers, you will receive an email from us at the address associated with your account that will advise you on next steps in order to validate your account credentials and have your account turned back on.

We want to take this opportunity to remind our consumers about the increasingly common threat of fraudulent activity online, as well as the importance of having a strong password and having a username/password combination that is not associated with other online services or sites. We encourage you to choose unique, hard-to-guess passwords and always look for unusual activity in your account.

//Add Your Own

267 Comments

101

+ Budapesti on October 12th, 2011 at 12:09 am said:

Sudden feeling of deja vu….


102

+ Kchow23 on October 12th, 2011 at 12:18 am said:

@97 Agreed! people should learn how to make safe passwords
@95 It is 11:44 pm PST, which is the time that they use cause they are from the West Coast.


103

+ Sirynx77 on October 12th, 2011 at 12:44 am said:

To all that think that it was a hack on the PSN, you are mistaken and clearly did not read the entire notice. It clearly says that someone(or some group) tried to use a list of user ID and passwords that were listed on some source that is not tied in to Sony’s own network. But they just happened to be user ID and password pairs.

So. like some had said, if you are using the same user ID and password on other sites as you do on PSN, you are basically asking for trouble. Also, when the PSN was brought back online in May all of us had to use a different password due to the mandatory password reset. If you happened to change that password back to the password that you used before the compromise, then you are really dumb and deserved it.

Like some have said, use password managers. There are freeware utilities for both Windows and Mac to help you get this organized. You don’t have to memorize if but it does help a lot.


104

+ ConquerorTMNT on October 12th, 2011 at 12:55 am said:

Thanks for letting us know. But I really hope PSN does not go down again…please no do something Sony come on. Battlefield 3 comes out in 2 weeks. If PSN goes down when that game comes out I think I will lose my mind.


105

+ IM-ON-YO-AZZ on October 12th, 2011 at 1:15 am said:

IM SO SICK OF THIS B.S.!!! I MEAN, GLAD YOU ALL ARE PUTTING EFFORT INTO TRYING TO CATCH THE VILLAINS BUT DAMN!!!! EVERTIME I TURN AROUND I HAVE INTERRUPTED GAME PLAY BECAUSE OF SOME B.S. AND THEN IT TAKES FOREVER BEFORE ITS FIXED!!! NOW YOU SAY IT WILL BE A EMAIL SENT OUT ABOUT CHANGING THE PASSWORD BUT JUST HOW FREAKIN LONG WILL IT BE BEFORE THAT EMAIL IS SENT OUT??? DAMN NEAR A MONTH?? THIS IS TOTALLY GETTING RIDICULOUS… I HOPE I GET MY EMAIL VERY SOON!!! #MR VERY IRRITATED GUY FEE REALLL!!


106

+ lisatsunami on October 12th, 2011 at 1:31 am said:

Huh! Look what happened while I was finishing ICO!

I echo the sentiments of the majority here, but how do you know it was a quick response? Did I miss the part of the post where he said that?

My account is fine, was downloading stuff for hours today, signing in & out on my 2 PS3’s. I made sure last time that my PSN password is unique among all my various online accts since some jack*sses are targeting Sony.

Shouldn’t these people be wearing their V for Vendetta masks @ their local Occupy sites & leave us harmless gamers alone?


107

+ angelspawn77 on October 12th, 2011 at 1:48 am said:

Thanks for the info, great that you guys are keeping us informed about potential threats. I’m confident in my PW for my psn account, I use that PW only on psn and nowhere else.


108

+ SHINSPIKES on October 12th, 2011 at 1:54 am said:

PSN fails again. It can’t do everything.


109

+ NeoPhantome on October 12th, 2011 at 1:58 am said:

It’s when i see posts like this that i’m proud to be a Sony customer. By keeping us informed, you prove that you care about your customers. Thank you.

As for people that got hacked (or not), using a secondary email to register/log in to less secure sites like forums and having different password for each website/services is the best way to avoid this kind of hack. Sometimes only a little variant in your password (ex.: password , pa55w0rd, pass_word001, etc) help you remember it and still avoid those hacking attempts. Hope this helps :)

Neo


110

+ DrPhiill on October 12th, 2011 at 2:03 am said:

Thanks for the fast update and to be straight with us! you win so much by doing that! and i dont get why people are so dumb and keep doing this, get a real job and stop making other peoples life sad, they prolly hate Sony like a mother”%”#@ but come on!


111

+ iTofuMan on October 12th, 2011 at 2:16 am said:

I gotta admit while this did happen again. I’m at least happy they us know from the get go and not wait or keep us in the dark about every little detail. it would be nice to know who got hack to know if we need to change any/all our info. Plus i think now would be a great time to be able to change our things like Psn ID/e-mail, etc. so that we are able to lower the risk of hackers against us.


112

+ WhightCrow on October 12th, 2011 at 2:19 am said:

Maybe find out where the information was stolen from? Nearly 100,000 accounts compromised is not a small thing.


113

+ Verlante on October 12th, 2011 at 2:31 am said:

SEE when they know what happens there is no problem. :3 Only when it comes out no where and effects every account is there a problem.


114

+ carmel6359 on October 12th, 2011 at 2:34 am said:

WE GOTTA GO THRU THIS MESS AGAIN.YALL CAN GIVE US PLAYSTATION CREDIT POINTS AND FREE GAMES DOWNLOADS AND 250 FREE STUFF INPLAYSTATION NETWORK AS WELL AS A FREE YR OF PLATSTATION PLUS . WE DESERVE IT FOR BEING LOYAL FAN AND STANDING BY YALL SIDE THRU THIS SITUTATION


115

+ tango219 on October 12th, 2011 at 2:57 am said:

Thank you for the update. Greatly appreciated :)


116

+ Arcadian_Rebel on October 12th, 2011 at 3:03 am said:

Oooh. :O Thanks for the update!


117

+ station3fever on October 12th, 2011 at 3:04 am said:

Thanks Sony.
I think I’m gonna change my password again, just to be save ;)


118

+ CrAzYDaVe0209 on October 12th, 2011 at 3:27 am said:

thank you Sony for letting us know this time. Keep up the good work.


119

+ Carl-G on October 12th, 2011 at 3:39 am said:

You would think the hackers would be to busy playing Gears of War 3 & Forza 4 on their Xbox 360’s to have time to hack PSN :D


120

+ Lugoves on October 12th, 2011 at 3:59 am said:

Thanks for the update. Most understand brute force attempts to hack people’s account in this way are un preventable. Best bet is a good PW. Is it possible to have a 3 party [like 1Password] encrypt our passwords?


121

+ Link01 on October 12th, 2011 at 4:16 am said:

Awesome that you guys are updating us.


122

+ smokieGameTime on October 12th, 2011 at 4:30 am said:

sony why do u keep breaking my heart ?


123

+ KILLZONE79 on October 12th, 2011 at 4:31 am said:

good job on for adding a early detection system when psn came back online. so good job sony for letting us know


124

+ Pariah_Dark on October 12th, 2011 at 4:36 am said:

@91 DCS-Tekken

Why don’t you learn to read. Read that first paragraph.

It BLATANTLY tells you they tried and FAILED to hack them. Sony is just letting you know they stopped any of the accounts the ATTEMPTS were coming from. All you ever seem to do is whine and moan. And NO, you’re not entitled to ANYTHING FREE just because they TOLD you they stopped a hack attempt.


125

+ crashfan789 on October 12th, 2011 at 4:46 am said:

I don’t get it! Oh well, If the PSN gets shut down again I can just play my PS2 just like the old days.


126

+ Mrkillhappy756 on October 12th, 2011 at 5:39 am said:

Great work this is much better letting us know quickly that a breach has happened. Thank you.


127

+ Soufian-93 on October 12th, 2011 at 5:46 am said:

Cool ! Thank You For The Update :D


128

+ plantek6 on October 12th, 2011 at 5:48 am said:

Keep up the good work Sony…


129

+ joveNR10 on October 12th, 2011 at 6:01 am said:

This may have something to do with it. 2 days ago as I was browsing through my message box I noticed 2 new messages that I haven’t seen B4.

1. An invitation from a PSN user w/ a PSN Logo asking me to join them on a new PS Home Beta. It has an attachment that said “PSN Home Beta”.

2. A message asking me to pass on a their message to other Friends & by doing so We will receive a code for a $50.00 PSN wallet credit. On the bottom of the message was a code entitled “$50.00 PSN wallet credit”

I have since deleted those messages.
C’mon those kinda messages stink of dead fish.

If any of you receive those kinda messages don’t open them, don’t use them, reply, or entertain them. Delete them from your Inbox.
Read the forums on the Playstation Blogs that’s the real deal (Moderators R on hand to filter truth from lies & Deals from Scams)


130

+ Rabid_Moocow on October 12th, 2011 at 6:08 am said:

@ Emby25

The list is not Sony’s. It is likely a list of usernames and passwords stolen from another website that the hackers took a chance on. They fed them into a bot and hoped that people were using the same username and password on the PSN network as they did on that website.

The lesson: Vary your usernames and passwords. Otherwise, if one website you use is compromised, then, at least for you, every website you use is compromised.


131

+ Enforcer_X on October 12th, 2011 at 6:10 am said:

May I suggest a 2 step sign in procedure such as Google offers?


132

+ Mister-Nep on October 12th, 2011 at 6:16 am said:

Gonna be checking my accounts then. I have 4 of them so I’ll manually check each one.


133

+ BpPomerleau on October 12th, 2011 at 6:16 am said:

when they catch these Pr1cks im gonna get my .35 caliber revolver out and pop a cap in their knee caps


134

+ Telkeus on October 12th, 2011 at 6:20 am said:

So I noticed something fishy going on with my account last night about 11:00 EST. It kept saying my password wasn’t correct and wouldn’t let me sign in, so I went and reset my password immediately. Would you say I should still reset it again?


135

+ BAD-KID_ on October 12th, 2011 at 6:23 am said:

Sony needs to be careful with Activision and Microsoft.
They have an agreement that goes far beyond the Call of Duty DLC.
I Love Playstation :)


136

+ Leemco on October 12th, 2011 at 7:04 am said:

thank for the info, sad that hackers would try and abuse a free network . can’t see why they think hacking a free network is cool to do .


137

+ JonJonXD on October 12th, 2011 at 7:07 am said:

Glad to see that you guys learned from last time.

Thanks for the info


138

+ Y2jHotaru on October 12th, 2011 at 7:09 am said:

Thanks guys for the info. Please keep working hard to maintain the security on PSN. This year the hackers activity increased in a manner nobody expected. All the major sites in the world have had intrussions and attempts to steal information. Even accounts from people from the pentagon was compromised recently. So far, most people didn’t pay attention to keep good security measures in their accounts (email, eshops, forums, social networks, etc.) because they still think internet is just a addon to their real life. The same way you try keep your physical credit card out of unknown or suspicious people or not letting just any stranger let to know where you live if he/she ask you at the street, you must do the same in internet, setting strong passwords, and even changing those passwords regularly and be aware of the security/privacy options of your forum, social network, email or any site you have an account at. Sounds kind of paranoic, but these days is what we have.


139

+ EliteBoricua on October 12th, 2011 at 7:14 am said:

wow


140

+ DeathGazer on October 12th, 2011 at 7:29 am said:

Hope these idiots get caught.

Thanks for the heads up.


141

+ planetvortex on October 12th, 2011 at 7:39 am said:

You’ve heard it before (last time this happened), thanks for the updates and fight the good fight.


142

+ JoyPainEndSorrow on October 12th, 2011 at 7:59 am said:

Please keep us all posted on further developments and if anyone else should have cause for concern.


143

+ XPIayStationGodX on October 12th, 2011 at 8:01 am said:

man what a drag. i have to fix all of my accounts >.> really don’t need to lose this one like the last one loool


144

+ XPIayStationGodX on October 12th, 2011 at 8:01 am said:

Sony do your best to repair the issues :D


145

+ Ratchet426 on October 12th, 2011 at 8:12 am said:

Mr. Reitinger – Thank you for the notification and for being on top of this! Much appreciated and a job well done.


146

+ TwinDad on October 12th, 2011 at 8:28 am said:

While it’s bad that this did happen, it’s good to read that Sony is actively monitoring their networks for security breaches. Thank You Mr. Reitinger for informing us of the situation and how Sony is going to handle the issue.

Refreshing Honesty. Sony did learn.


147

+ mrbiggbrain on October 12th, 2011 at 8:32 am said:

Password mining is a real threat these days. Take your bank which is very secure at sending data and somewhere you do not want others getting into. over 75% of peoples Facebook/MySpace, Email and bank passwords are the exact same username and password.

Even if your Banks username and password is different if your email is not then the attacker can easily reset said password.

As for protections like place of birth or mothers maiden name 75% of people use the 3 easiest to find per site. A simple visit to the users compromised Facebook page and you have access to a pre-tagged list of all their relatives, pets, hometowns, schools, colleges, foods, likes, and any other information you might need. And even access to their friends and family members information.

There are even programs that can automate this task for you and organize all said information into a life dump including all the major sites you know passwords too.


148

+ ICEJACKEL on October 12th, 2011 at 8:52 am said:

Thanks for the head-ups!


149

+ zombie9 on October 12th, 2011 at 8:58 am said:

i’m going to start Resetting my password every day from now on 365 passwords a year hack that Stupid hackers.


150

+ heinekenblack on October 12th, 2011 at 9:02 am said:

DESPUES QUE NO INTERFIERAN CON EL LANZAMIENTO DE UNCHARTED Y MW3.


Comments are closed. We close the comments for posts after 30 days