First off, we want to again thank you for your patience. We know that the PlayStation Network and Qriocity outage has been frustrating for you. We know you are upset, and so we are taking steps to make our services safer and more secure than ever before. We sincerely regret any inconvenience or concern this outage has caused, and rest assured that we’re going to get the services back online as quickly as we can.
We received a number of questions and comments yesterday and early today relating to the criminal intrusion into our network. We’d like to address some of the most common questions today.
We are also going to continue to post updates to this blog with any additional information and insight that we can over the next few days.
We are reading your comments. We are listening to your suggestions. Please keep them coming.
Thank you.
Q: Are you working with law enforcement on this matter?
A: Yes, we are currently working with law enforcement on this matter as well as a recognized technology security firm to conduct a complete investigation. This malicious attack against our system and against our customers is a criminal act and we are proceeding aggressively to find those responsible.Q: Was my personal data encrypted?
A: All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.Q: Was my credit card data taken?
A: While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network or Qriocity, and is therefore not stored anywhere in our system.UPDATE: While we do ask for CSC codes, we do not store them in our database.Q: What steps should I take at this point to help protect my personal data?
A: For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well. To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports.Q: What if I don’t know which credit card I’ve got attached to my PlayStation Network account?
A: If you’ve added funds to your PlayStation Network wallet in the past, you should have received a confirmation email from “DoNotReply@ac.playstation.net” at the email address associated with your account. This email would have been sent to you immediately after you added the funds, and will contain the first 4 digits and last 4 digits of your credit card number. You can also check your previous credit card statements to determine which card was attached to your PlayStation Network or Qriocity accounts.Q: When or how can I change my PlayStation Network password?
A: We are working on a new system software update that will require all users to change their password once PlayStation Network is restored. We will provide more details about the new update shortly.Q: Have all PlayStation Network and Qriocity users been notified of the situation?
A: In addition to alerting the media and posting information about it on this blog, we have also been sending emails directly to all 77 million registered accounts. It takes a bit of time to send that many emails, and recognize that not every email will still be active, but this process has been underway since yesterday. At this time, the majority of emails have been sent and we anticipate that all registered accounts will have received notifications by April 28th. Consumers may also visit www.us.playstation.com/support and www.qriocity.com for notices regarding this issue. In addition, we have taken steps to disseminate information regarding this issue to media outlets so that consumers are informed.Q: What steps is Sony taking to protect my personal data in the future?
A: We’ve taken several immediate steps to add protections for your personal data. First, we temporarily turned off PlayStation Network and Qriocity services and, second, we are enhancing security and strengthening our network infrastructure. Moving forward, we are initiating several measures that will significantly enhance all aspects of PlayStation Network’s security and your personal data, including moving our network infrastructure and data center to a new, more secure location, which is already underway. We will provide additional information on these measures shortly.Q: Has Sony identified the party or parties responsible for the PlayStation Network hack and subsequent theft of personal information?
A: We are currently conducting a thorough investigation of the situation and are working closely with a recognized technology security firm and law enforcement in order to find those responsible for this criminal act no matter where in the world they might be located.Q: When will the PlayStation Network and Qriocity be back online?
A: Our employees have been working day and night to restore operations as quickly as possible, and we expect to have some services up and running within a week from yesterday. However, we want to be very clear that we will only restore operations when we are confident that the network is secure.
@ adolson
i dont hear anybody saying they want a free 10 dollar game, i believe that people want something more along with a personal guarantee of safety from them for the future. i have seen people on here saying they want reimbursement and the like, and sony in my opinion does owe the majority of its constituency a modest payback, especially for those who have to pay to play. for the remainder of us who purchase games on a regular basis, if my information has been hacked and my wallet drained i expect that money back, and then some to boot.
why does everyone keep posting about “i’m getting a 360” “why isnt it up faster” etc …
they got attacked, they are fixing it, it’ll be more secure when they are done, and setting up something to support 70+ million accounts is a HUGE DEAL that takes time to do properly. if your ENTIRE life is playing online games, your life must be pretty sad. and if you’re going on about xbox, why are you on a playstation website in the first place? if you like xbox so much, go away and leave us alone to enjoy our consoles. xbox was hacked in the past and down for a couple weeks too so don’t think they are above and beyond the ability of some malicious idiot to ruin it all.
Patiently waiting and still playing my PS3 while I wait. Hope you get it all ironed out and back up and solid to keep the morons away.
and to the extra set of QQers about “compensation” … for what? You don’t have to pay for PSN access because Sony awesomely gives us that access for free … what do you have to be compensated for? Probably did you a little good to get off your butt instead of playing COD all hours of the night.
@fuzzy Try contacting Sony. But i think only you can change the password with that update they are releasing. Something to do with system activation and main account maybe?
“behind a very sophisticated security system that was breached in a malicious attack.”
hahaha guess it wasn’t too sophisticated. You should hire that hacker to fix your security problems Sony! XD Have fun trying to undo the PR disaster this has become.
Will the PSN continue being a free service after it returns online? I will keep buying your products, but I will never pay for online gaming… And I’m sure a big majority of your costumers are wondering about this same matter…
@yazter… [DELETED]… i have a 360 too its fun for the first month then ull see how lame it really is
and thank you sony for the info
i REALLY hope you find the jerks that did this
52, you obviously have nothing productive to bring to the comments section, gtfo troll
“We received a number of questions and comments yesterday and early today relating to the criminal intrusion into our network.”
— Hm. If I recall, people have been asking questions since Day 1.
“We are working on a new system software update that will require all users to change their password once PlayStation Network is restored. We will provide more details about the new update shortly. ”
— So a new firmware update for the PS3 is finally coming. It’s about time Sony. The heck have you guys been doing?
“Our employees have been working day and night to restore operations as quickly as possible, and we expect to have some services up and running within a week from yesterday. However, we want to be very clear that we will only restore operations when we are confident that the network is secure. ”
— So you guys are “working around the clock”, eh? LOL Come on Sony. Stop trolling us. Anyway, you’re saying everything should be done & fixed by May 03, 2011.
MARK THIS DATE EVERYONE! MAY 03, 2011 IS WHEN THE PSN WILL COME BACK ON AT THE LATEST!!!!!!!
…Anyway, it looks like Sony is finally doing something tot towards making progress. It only took them 8 days to give us some information. But even still a lot of this is just repeat from the last big PS Blog.
Thank you for keeping us updated on this situation. While I admit I’m still worried by a potential leak of personal information, it’s a bit of a relief to see some of my concerns addressed here. I hope that you’ll soon be able to elaborate further on whatever measures Sony will be taking to protect personal data in the future. A lot of users are on edge right now, so some additional information is needed in order to restore confidence.
50
“Accuractif my information has been hacked and my wallet drained i expect that money back, and then some to boot.”
They aren’t responsible, see Terms of Service “SNEA has no obligation to reverse or refund unauthorized charges made on your credit or debit card.” “Except as otherwise permitted by applicable law or as expressly provided in this Agreement, funds added to the wallet are non-refundable and non-transferable. Wallet funds have no value outside Sony Online Services and can only be used to purchase access to content from SNEA through Sony Online Services. Subject to applicable law, wallet funds that are deemed abandoned or unused by law will not be returned or restored.”
Thanks Sony. I hope u find those responsible for this.
58, ignore the Accuract. It randomly popped up.
“The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.”
As a computer network engineer, this is very unacceptable. If you have such a massive list of user information and data, it should be encrypted, period. Just because it’s behind “security” doesn’t mean it shouldn’t be encrypted. Sony, you failed your user on a worldwide scale in regard to protecting their personal information.
Thanks for the update. hopefully this will shut up those fools at kotaku, IGN, FOX and all the others running off at the mouth on baseless information
What Things Will Be Available in a Week Please Get More Specific.
I love free psn. but weve been waiting to long.
to all the people who keep saying im going to play xbox go no 1s stoping you go pay 60$ for a year im going to play god of war 3 killzone sp mode and many more psn is down for a few days better then paying 60 a year
61, as a computer network engineer, please explain to me how much space it would take up, how har2d it would be, and how long it would take to encrypt the email, pass, birth, address………of 77 million accounts. As opposed to putting them behind a very sophisticated security system. Serious question.
Sony should leave the PSN switched off, it’s probably the best security they’ll ever come up with!
i’m with #9 will the download history be effected?
trophies?
friends list?
what compensation will the plus users see for missed time?
what about those who pay for DCU online and Free realms?
Glad to finally see a thread of mostly support in the comments this time. It seems people are quick to forget that something similar happened to XBox a few years ago, and at least one major US company has this happen a year (Kroger’s customer database was compromised last year, and a “LifeLock”-type security company had all of their information accessed, too). I’m glad to see Sony giving us a bit more information about what’s going on, and look forward to having PSN back up and stronger than ever.
66, TROLL ALERT, seriously dude, it’s really not funny anymore
This Q&A really makes me feel better.
Could you please answer if our credit card info is somehow still on the servers even if we manually delete it from the pre-filled forum after a purchase?
i feel some relieve, thanks to clarify this question:
Q: When or how can I change my PlayStation Network password?
A: We are working on a new system software update that will require all users to change their password once PlayStation Network is restored. We will provide more details about the new update shortly.
Holy crap a week is a long time!
thanks for the update keep them coming
I say we lynch the nerd who raged his way into the PS network
I think we should be given a minimum of 50 dollars in our PSN wallet since our information wasn’t even encrypted.
and please make sure our information is encrypted in the future. ALL information is important.
Can we please get a free avatar for our profile and PS home t-shirt that says “I survived the PSN shutdown of 2011” or something like that?
I’d also like to thank you for making me go cold turkey on video games. Now I have ample motivation to focus on applying for grad school.
Thank you for all the Q&A’s helps soothing minds like myself.
I have a recommendation for our PS3’s security.
I like to see a firmware update to add more security if possible to be added to the PS3 along with adding more features to the PS3.
Please add more features to the PS3 that we all requested on Share.Blog #1 request is Cross Game Chat.
Adding other features such as Voice messages would be nice.
Over all my #1 feature request besides cross game chat is to add a Better over all “Private Party Chat Voice System” to allow other PSN friend gamer to join in a “Private Party Voice Chat System” and all jump into a game at once and even if the person doesn’t have the game the person can still be in the “Private Voice Chat System”
Thanks for reading :) Skater_Ricky,
Hope it’s back up soon and better than ever…. I doubt I’ll be buying anything else from the PSN store though. Sure I could get a PSN card, but looks what my money has done so far… I enjoy multiplayer, that’s what I want the system to do.
Most people will wait out the year until their PS+ is up then head over to Xbox is my guess. Maybe there will be a new console out by then to?
thanks sony
Sony, you don’t “owe” us ANYTHING simply because some little pimply, jobless turds think it’s funny to do what they did! I say THANK YOU for all your hard work and I truly hope you can find those responsible, charge them with as many offenses as you can and send them to “Federal pound me in the @$$ jail” for as long as legally possible.
Ignore the haters. Us true PlayStation fans have not lost any love for you guys and what you do.
Thank you :)
I wasn’t asking for compensation in #75 if some of you took it that way. I just think it would be an awesome avatar.
Good to see info slowly coming in. Thank you, and keep us updated as you are able.
Question: how will “moving our network infrastructure and data center to a new, more secure location,” actually make it more secure.
Q) What about the class action lawsuit that has been filed in Northern California (Kristopher Johns et. al. Vs Sony Corporation)???
A) No Comment
Q)Will Sony provide some kind of reimbursement for those who have paid for the Playstation Not-Work, either through PSN+ or the five people who subscribe to Qriocity???
A)No Comment
Q)These updates are all well and good, but aren’t you going to apologize? I mean, can’t we have Kaz Hirai, or even Kevin Butler, crying in public on NHK or CNN?
A)No Comment
etc. etc.
@83 They’re moving the servers to a boat moored off the coast of Norway, right next to the one owned by The Pirate Bay.
Yay! I pre-ordered Uncharted 3 and Mass Effect 3 for the PS3 when I read this.
Now these are the answers I would have liked to have heard yesterday. Thank you regardless.
A BACKGROUND THAT SAYS “I survived the PSN shutdown of 2011” YEA!
@7 Yes that would be beyond epic.
@51
Sony should reset the PS3 registration for each account and give everyone a fresh start with the new update. Also, to further reduce similar risks, they should add an option where you can buy stuff from the Playstation Store and send it to a friend (similar to how Nintendo has the Gift option on the Wii Shop Channel.)
@81
Somewhere with better servers that can withstand hacker attacks?…
@85
Where did you hear that, and how is that more secure?
@zekececil14
The amount time and space would depend on the size of the file and which encryption software being used. What encryption algorithm is being used…AES 128 or AES 256. There is just too much variables to give you any kind of accurate estimate.
@85, wait, I can’t belive I fell for that -_- facepalm, its late.
92 Thanks anyway.
Note about 89 (My previous comment):
I mean setting the number of registered PS3s for each account back to 0. Also, they might want to make it so people can deactivate systems by logging into the Playstation from one. It’s no good having broken PS3s on your registered system list.