PlayStation.Blog
PS4-Infamous

An Important Message From Sony’s Chief Information Security Officer

Philip Reitinger's Avatar + Posted by Philip Reitinger on Oct 11, 2011 // SVP & Chief Information Security Officer, Sony Group

We want to let you know that we have detected attempts on Sony Entertainment Network, PlayStation Network and Sony Online Entertainment (“Networks”) services to test a massive set of sign-in IDs and passwords against our network database. These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources. In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks. We have taken steps to mitigate the activity.

Less than one tenth of one percent (0.1%) of our PSN, SEN and SOE audience may have been affected. There were approximately 93,000 accounts globally (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000) where the attempts succeeded in verifying those accounts’ valid sign-in IDs and passwords, and we have temporarily locked these accounts. Only a small fraction of these 93,000 accounts showed additional activity prior to being locked. We are currently reviewing those accounts for unauthorized access, and will provide more updates as we have them. Please note, if you have a credit card associated with your account, your credit card number is not at risk. We will work with any users whom we confirm have had unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet.

As a preventative measure, we are requiring secure password resets for those PSN/SEN accounts that had both a sign-in ID and password match through this attempt. If you are in the small group of PSN/SEN users who may have been affected, you will receive an email from us at the address associated with your account that will prompt you to reset your password.

Similarly, the SOE accounts that were matched have been temporarily turned off. If you are among the small group of affected SOE customers, you will receive an email from us at the address associated with your account that will advise you on next steps in order to validate your account credentials and have your account turned back on.

We want to take this opportunity to remind our consumers about the increasingly common threat of fraudulent activity online, as well as the importance of having a strong password and having a username/password combination that is not associated with other online services or sites. We encourage you to choose unique, hard-to-guess passwords and always look for unusual activity in your account.

//Add Your Own

267 Comments

PAGE 1 3 4 5 6

201

+ TUSTIN1 on October 12th, 2011 at 4:19 pm said:

@ Chrismon_1001

At least read the article before posting.


202

+ Amida-butsu on October 12th, 2011 at 4:33 pm said:

While I do appreciate the fact that they posted something about it right away, I would love to hear more information from Sony, seeing how I’m one of those locked out. Haven’t gotten the “change password” email yet and I’d like to be back on for the weekend.


203

+ Hyret on October 12th, 2011 at 4:51 pm said:

I will stay with sony and playstation till I dye.All the hackers are probably jeolous X-BOX owners that have to pay for good online service.I wasn’t affected and am glad.The Hackers are stupid @!#$%@!#$%*@# and deserve to be sued for EVERYTHING they HAVE.SONY ALL THE WAY BABY!YEAHHHHHHHHHHHHHHH!LOL


204

+ rapture22 on October 12th, 2011 at 5:06 pm said:

It’s been said and I will say it again. Great job Sony. This type of support gives me great confidence that my information is being protected to a higher level than any other site I provide my information to.


205

+ Firecrest on October 12th, 2011 at 5:07 pm said:

Hey guys, most of you tend to forget that because it’s an isolated incident, Sony doesn’t have to go global with this information. In fact, how are the fanboys certain that attempts like these haven’t been made your service of choice (ex: XBL) and aren’t simply swept under the rug for you to never know about? Hum.


206

+ Gokuhan_Z on October 12th, 2011 at 5:12 pm said:

Thank you for the prompt and upfront warnings.


207

+ sk8punker on October 12th, 2011 at 5:23 pm said:

now that you guys got hacked again we should get like 6 months free ps+ because if i remember right you guys said that you updated you security so that you couldnt get hacked again


208

+ Explosio5 on October 12th, 2011 at 5:31 pm said:

I’m glad you found this out before it got out of hand. Keep up the good work.


209

+ DarkOne_PR on October 12th, 2011 at 6:12 pm said:

SOny why dont u have a security system that immediately tracks the IP address and direction of unauthorized trespassing so that u can send a Hitman to these trash cans an make a favor to the world??


210

+ Seergoth on October 12th, 2011 at 6:26 pm said:

Thing is, Sony DID NOT get hacked again. Read the post… The account information that was tried came from other sites, accounts that had been compromised on other sites and then the people that got a hold of that information tried the emails and passwords on the PlayStation Network. This is about people trying to access PlayStation Network Accounts with compromised information obtained ELSEWHERE. All of you that are posting negative comments about Sony, the PlayStation Network, and the security in use need to reread the original post. Sony caught this because of their heightened security and did what was needed to make sure EVERYONE that uses the PlayStation Network is secure and their information is kept SAFE.


211

+ elscotty on October 12th, 2011 at 6:42 pm said:

Good to know. Glad you guys are working hard for our protection.


212

+ kiidout on October 12th, 2011 at 7:17 pm said:

im scare cause im getting call of duty elite but dont know if it will affect it anyways!!!!!!!!!


213

+ serrano786 on October 12th, 2011 at 7:21 pm said:

so is this why i can’t seem to connect to anything on my ps3? haven’t gotten an email about anything yet, but not sure what the time table is on that


214

+ Emby25 on October 12th, 2011 at 7:38 pm said:

@Seergoth,
I have read the statement that they posted and understand completely what they are saying. Let’s say these internet thieves did get a hold of passwords from “an outside source”. My logic in thinking is where did that website get the passwords from? You would think that if it was a big name in gaming news like say IGN or something like that Sony would tell us or at least the big gaming news site involved so that they could deal with that info accordingly. If it is a smaller gaming site that hardly anyone knows about I highly doubt that 94,000 SNE, SOE etc. accounts that were using the same password and e-mail were on that site. And as we all know this is the second time this year that there has been an attempt to gain unlawful access to accounts. I would not put it past a big corporation like SONY to distort or lie to us about the whole situation to save their company’s image. Do not take this as a personal attack on you, because it is not meant to be. I am just saying that because as I write this I am very frustrated with SONY. Phil we would all appreciate your input on our concerns and comments. We as a community do not like to be left in the dark like we did the last time!

Emby25 (Matt)


215

+ LordRaoh on October 12th, 2011 at 8:13 pm said:

I have a serious question.

I got my email and attempted to call to unlock my account. Simple enough right?

Wrong. How does an online service that hosts games that run 24 hours a day 7 days a week have phone support for normal business hours only?

Some of us have jobs and can only call when we get home.

That makes no sense. What is this 1997?

Sigh, I’ll try to make some time tomorrow or Friday, at work, if I remember during the time while i’m, you know, working.

Seriously, how do you not have 24 hour support for not just your company as a whole but for your online services like SOE.


216

+ CeroAoscuras on October 12th, 2011 at 8:41 pm said:

when will dmc 123 be released for ps3


217

+ BrianC6234 on October 12th, 2011 at 9:02 pm said:

I see the LA Times reported this as Sony being hacked. What horrible reporters we have now. The guy who wrote about it is supposed to be their tech guy too. Doesn’t look like he knows much about hacking. Maybe this hacker should try logging into accounts on the LA Times’ site. Will they like it to be reported that they were hacked?


218

+ bullshavickk on October 12th, 2011 at 9:11 pm said:

whoever made the Zombie moon map for Black ops, should be fired!!!!!!!!!! Im just saying……..


219

+ Light-and-magic on October 12th, 2011 at 9:46 pm said:

Haha, immediately as I read the article, I knew there were gonna be tons of little kids that didn’t bother reading it and assumed it was Sony that got hacked and demanded phr33 st0ff from Sony for the agony they’ve apparently been through. I wasn’t wrong. I really do wonder how these people are privileged enough to have a PS3 given their tiny brain power.


220

+ TempestBladesong on October 12th, 2011 at 9:54 pm said:

Has this been causing errors for those that STILL can log in? Cuz I’ve had an issue for a couple days now where I cannot maintain a connection to the PSN on my PS3 for long enough to even download a 2 MB file… which is extremely saddening.
And no, it’s not an error on my end of things… I plied all the normal tricks to no avail. Are there accounts not ‘banned’ but still being hindered and watched?


221

+ HeWhoHopes on October 12th, 2011 at 11:26 pm said:

Would this somehow be related as to why i cant play the Battlefield 3 Beta? its been like this for a couple of days.


222

+ N9nE-9 on October 13th, 2011 at 12:21 am said:

naw that’s not it my man, the beta ended on Monday (10/10) full-game is going to drop on the 25th


223

+ GEADLIESTWARRIOR on October 13th, 2011 at 1:53 am said:

thx for all the updates keep up tjhe great work Les


224

+ CRAZYGALLO2 on October 13th, 2011 at 3:28 am said:

i just tried logging in today and it says my console is banned or temporarily suspended? does it have to do anything with this?


225

+ DeathCubeK22 on October 13th, 2011 at 4:05 am said:

I’d really hate to give any more of my money to Bill Gates but, if these security breaches continue, I may be trading in my PS3 for an XBOX. But, I SO love Playstation…….. :( ???


226

+ Icestar10 on October 13th, 2011 at 7:53 am said:

Again? Don’t those people have anything else better to do? This is really ridiculous!


227

+ musclemutt on October 13th, 2011 at 8:27 am said:

#17 Emby25 (Matt)

The accounts and passwords hacked from other sources need not have originated with Sony servers. if people log in with the same user name and password on multiple accounts such as your PSN and, say Yahoo and Facebook, then it’s the users themselves who are the source of information for automated attempts at hacking into their Sony accounts and others.

In 15 years my only account ever hacked was Facebooks’s. Shortly afterward, Yahoo spotted the mail account associated with Facebook as also having been hacked.

Now, I’ve redone all my accounts using a porn-name generator site and adding leet substitutions to come up with complex user names as well as passwords. The ridiculous names that result are easy for me to remember.


228

+ Elvick_ on October 13th, 2011 at 9:11 am said:

READ THE FRIGGIN’ ARTICLE

If there was ever a time I wish I could cuss on this site, it would be now. This is beyond annoying.

SONY WAS NOT HACKED

Sheesh. Sony, I beg of you, next time people steal passwords from somewhere else and try to use them on your own service, put it in the title that you weren’t hacked. Otherwise you get this, a bunch of articles on the internet about how you were “Hacked Again” even though you weren’t and a ton of people too derpy to read what you took the time to write and jump on the “ZOMG U SUKKZZSDFA” bandwagon.


229

+ SalMoriarty on October 13th, 2011 at 10:09 am said:

Is this an “Only on PSN” feature? How about giving us the option to use PayPal?


230

+ mistermaddog on October 13th, 2011 at 11:09 am said:

Sony was not hacked if you believe everything you’ve told. Just saying…

Well it doesn’t really matter at this point because I really want to be up as soon as possible and I still didn’t get an email. A little bit more information on how and when you’ll be handling this little crisis. I had couple of purchases in that account. I really love PlayStation and Sony but these security issues have become a usual matter and I don’t feel like having these breaches every month. I don’t want to give up on Playstation. But I will go over to the dark side and buy a XBOX if I’m pushed to it.

Look, Sony, if you need some cash, just make the online services not free. Just put a number in. God damn it, we just want a quality service.


231

+ Elvick_ on October 13th, 2011 at 2:20 pm said:

Go buy a 360 then, people can steal your information from another site and use that to try and get into your XBL account too. Thus why you shouldn’t use the same password for everything. Sony’s protecting it’s consumers from themselves.

Enjoy. One less conspiracy theorist on the PSN and the PS Blog is a good thing.


232

+ Emby25 on October 13th, 2011 at 6:19 pm said:

I don’t know… 2 attempts, 1 year. That is too coincidental. Sony is obviously dropping the ball in someway even if the end user is in some way responsible. I understand that a lot of companies have come under attack this year but that is no excuse for 93,000 accounts to be compromised right after a MASSIVE breach that shut down online ops for weeks. In the future Phil please do not use statistics like (0.1%) to try to downplay how many accounts were compromised. It just makes you look desperate to show how “few” of the global users were affected. Also, I would hope that those that were affected would be told what website that they supposedly used the same password for so that they do not repeat the same behavior.

Again this is not meant to be bashing Sony it is just some tough love for SONY to take responsibility. (I’ll admit they have taken some action but I do not feel that they have done enough because of the fact that more accounts have been compromised)

Emby25 (Matt)


233

+ ruibing on October 13th, 2011 at 6:42 pm said:

Glad to see you guys being on top of it, but I still see the majority of news outlets (including the big ones) try to grab hits by misleading people to believe this is another hack attempt. I guess you can never satisfy the people with virtual megaphones.


234

+ Amida-butsu on October 13th, 2011 at 9:07 pm said:

Sony is good at stopping stuff before it gets bad. HOWEVER, they’re terrible at fixing these things. From the article, it just sounds like all they have to do to fix it is have all the accounts change their password. How much worse can it be if the accounts weren’t hacked?
I even called Sony earlier today and that “email” they were suppose to send out I won’t even get for another 6-8 days. Just let me change my password already so I can go back to playing.


235

+ mummiess1 on October 13th, 2011 at 10:16 pm said:

Fallout New Vegas is running bad ever since i downloaded the new Firmware.


236

+ colstripcapn on October 14th, 2011 at 4:12 am said:

“Similarly, the SOE accounts that were matched have been temporarily turned off. If you are among the small group of affected SOE customers, you will receive an email from us at the address associated with your account that will advise you on next steps in order to validate your account credentials and have your account turned back on. ”

Isn’t that exactly what phising attacks always look like? “Please click on this link and verify your account…” Those are exactly the emails you should avoid and never, ever click the links.

I hope you are not sending out e-mails like that…


237

+ bombon23 on October 14th, 2011 at 8:34 am said:

Hey ppl how r u, let me know something, the last days i been playing Black Ops, but many times i get disconnected from de PSN..i cant finish the matches…do u know about this?..this happened to me yesterday too..


238

+ kaleidoscopemynx on October 14th, 2011 at 2:05 pm said:

i wonder if it was the hackerazzi that hacked into all the celebrity accounts and posted comprimising photos of them online… by using the tabloid magazine website insecurities….hmmm well maybe the safest way to protect things is to have no passwords….. and keep it all transparent ….and no commerce ….and expect everyone to know everything… about everybody ….all the time…. instantly… i hope people understand not to use the same passwords on every website because in a way they are all connected…which means a strange idea of co-op when it comes to privacy and protection of consumers and companies… we are all collegues!!! perhaps changing you password often will help this too:)- thanks for trying to keep our info secure.


239

+ PacoTruchiaSecsi on October 14th, 2011 at 3:58 pm said:

Please I’d like to know something about the $60 promo. It says you need to spend $60, but most prices aren’t rounded up, for example, if I have $60 in my wallet I use $49.99 to become a PSPlus member and then $9.99 to download Chrono Trigger. That leaves me with 2 cents. Am I stil able to get the $10 bonus in november?

PLEASE Help me with this question.


240

+ biggunner7 on October 14th, 2011 at 4:59 pm said:

I’m happy I have a 7-11 only 3 to 4 mins away from me to buy my PSN cards


241

+ biggunner7 on October 14th, 2011 at 5:00 pm said:

Happy to see sony is on this


242

+ gameplayer1214 on October 15th, 2011 at 8:20 am said:

Here we go again PSN going down……


243

+ Wiether905 on October 15th, 2011 at 8:44 am said:

Sony you Really need to do something about this because im really getting annoyed when i try to go on my account and its saying it wont allow me to connect to Psn, so how about you guys try upping are security


244

+ Dont-have-name on October 15th, 2011 at 11:01 am said:

93,000 people had their passwords set as “password”


245

+ Gemmary on October 15th, 2011 at 1:36 pm said:

@Dont-have-name Exactly, yet people like Emby25 continue to insist this is somehow Sony’s fault.


246

+ Emby25 on October 16th, 2011 at 3:48 am said:

@Gemmary, I am not implying that Sony is entirely to blame. Nor should you be blaming this all on the people that had poor password security. I am just saying that it all just seems a bit too coincidental that yet another attempt to gain access to accounts was done and successful in such a short time after the PSN being down for a month. And another thing don’t you find it odd that we have heard nothing else on the matter? For example if everyone of the accounts that were compromised were sent e-mails? I for one would have loved to have gotten at least one more update on the compromised accounts.

Matt


247

+ RADIOxBYExBYE on October 16th, 2011 at 8:53 am said:

Thanks, that’s all good. We know you gonna handle the bad guyz!!!


248

+ jose213jose on October 16th, 2011 at 11:57 am said:

oh wow, lucky my account is good. I put to much work into it, if something happen to my account i would be so P.O right now. I guess any better would be P.O if something happen to their accounts.


249

+ Cubcub2000 on October 16th, 2011 at 1:02 pm said:

Come on. If it is not up by the time MW3 comes out I am getting an Xbox.


250

+ creepers230 on October 16th, 2011 at 3:36 pm said:

When will we be able to reset our passwords on the computer or psp without PS3?


PAGE 1 3 4 5 6
Comments are closed. We close the comments for posts after 30 days