First off, we want to again thank you for your patience. We know that the PlayStation Network and Qriocity outage has been frustrating for you. We know you are upset, and so we are taking steps to make our services safer and more secure than ever before. We sincerely regret any inconvenience or concern this outage has caused, and rest assured that we’re going to get the services back online as quickly as we can.
We received a number of questions and comments yesterday and early today relating to the criminal intrusion into our network. We’d like to address some of the most common questions today.
We are also going to continue to post updates to this blog with any additional information and insight that we can over the next few days.
We are reading your comments. We are listening to your suggestions. Please keep them coming.
Thank you.
Q: Are you working with law enforcement on this matter?
A: Yes, we are currently working with law enforcement on this matter as well as a recognized technology security firm to conduct a complete investigation. This malicious attack against our system and against our customers is a criminal act and we are proceeding aggressively to find those responsible.Q: Was my personal data encrypted?
A: All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.Q: Was my credit card data taken?
A: While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network or Qriocity, and is therefore not stored anywhere in our system.UPDATE: While we do ask for CSC codes, we do not store them in our database.Q: What steps should I take at this point to help protect my personal data?
A: For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well. To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports.Q: What if I don’t know which credit card I’ve got attached to my PlayStation Network account?
A: If you’ve added funds to your PlayStation Network wallet in the past, you should have received a confirmation email from “DoNotReply@ac.playstation.net” at the email address associated with your account. This email would have been sent to you immediately after you added the funds, and will contain the first 4 digits and last 4 digits of your credit card number. You can also check your previous credit card statements to determine which card was attached to your PlayStation Network or Qriocity accounts.Q: When or how can I change my PlayStation Network password?
A: We are working on a new system software update that will require all users to change their password once PlayStation Network is restored. We will provide more details about the new update shortly.Q: Have all PlayStation Network and Qriocity users been notified of the situation?
A: In addition to alerting the media and posting information about it on this blog, we have also been sending emails directly to all 77 million registered accounts. It takes a bit of time to send that many emails, and recognize that not every email will still be active, but this process has been underway since yesterday. At this time, the majority of emails have been sent and we anticipate that all registered accounts will have received notifications by April 28th. Consumers may also visit www.us.playstation.com/support and www.qriocity.com for notices regarding this issue. In addition, we have taken steps to disseminate information regarding this issue to media outlets so that consumers are informed.Q: What steps is Sony taking to protect my personal data in the future?
A: We’ve taken several immediate steps to add protections for your personal data. First, we temporarily turned off PlayStation Network and Qriocity services and, second, we are enhancing security and strengthening our network infrastructure. Moving forward, we are initiating several measures that will significantly enhance all aspects of PlayStation Network’s security and your personal data, including moving our network infrastructure and data center to a new, more secure location, which is already underway. We will provide additional information on these measures shortly.Q: Has Sony identified the party or parties responsible for the PlayStation Network hack and subsequent theft of personal information?
A: We are currently conducting a thorough investigation of the situation and are working closely with a recognized technology security firm and law enforcement in order to find those responsible for this criminal act no matter where in the world they might be located.Q: When will the PlayStation Network and Qriocity be back online?
A: Our employees have been working day and night to restore operations as quickly as possible, and we expect to have some services up and running within a week from yesterday. However, we want to be very clear that we will only restore operations when we are confident that the network is secure.
People should have never assumed things like credit card info is safe anyway. That’s why they say to check your account online on a regular basis. Plus they said it looks like we’re in the clear. I’m not quite sure why people are getting so upset over this. Was one week of no online gaming really that bad? There is something called the “outdoors” where people interact with other people to pass the time.
I have one question if all countries were to sue Sony what would happen?
these include Ireland, Uk, Australia, US, and the Netherlands.
Sony can not lurk in the shadows no more. I shutter to say in how many will jump on the lawsuit wagon.
“This is the straw that broke the “Camels Back”
A world wide lawsuit How the heck does that work?
Oh, and I love the fact that people are suing over this to try to get reimbursed for a free service.
Thank You for updating us on the specifics it is a good thing to have regular updates.
To the mods of this Blog can you check why my blog posts sometimes take hours or days to post all the while saying “Your comment is awaiting moderation” or is this normal?
Are other users seeing there posts instantly without the above tag underneath?
@143 – Yeah – no matter what kind of calamity happens there will always be some greedy person or lawyer trying to take advantage of it. What a shame.
Cosmos…you are without a doubt the biggest tool/troll i’ve ever encountered, please, go back to the darkened depths of the internet from which you came and stay there.
I want to give Sony a thumbs up for taking the necessary precautions for the consumers to be cautious for any out of the ordinary activity from emails to credit cards. I think Sony is overreacting, not saying its a bad thing but just trying to point it out that from 6 days of progress and no credit card information being breached, is a good sign Sony is not taking any chances even if their is no credit card information stolen. Also I’m a PS+ subscriber and i don’t expect to get any gifts for this fault in the system, but I think Sony is going to be so greedy to put this issue under the carpet without trying to resolve in some manner. Also for those that are trading in ps3’s for xbox’s should stop overacting and think is this the only reason that Sony has screwed them over if not then your just overacting. Anyways I will be continueing to watch netflix on my ps3 till the store is open to purchase some games with PSN cards. ( Check out Moribito for anime, Hey Arnold for cartoons, Undisputed for cool fights, and Ip man 2 for good drama: action)
@145, totally agree, by now most people’s PS Plus subs should have paid for themselves with all the free games, and discounted stuff, i personally don’t feel cheated out of anything at all. Getting Wipeout HD for free was amazing.
Idiots like Verios44 are lucky they dont know me. Jeez dude is your life that sad that you have to attack people on the internet just to make you feel better? does witty baby verios need a hug? awww come here baby daddy will make it feel better. Want an ice cream cone from the ice cream truck
Thank you for finally being clear on the situation
I just cant wait to play portal co op, anyone with a mic who hasnt played it yet? add me
On 1 hand, I’m glad i only use PSn cards on my 2 PSN accounts (this 1, obviously, for buying videos from PSN) instead of using credit/debit cards. I’m also glad that I only have under $1 in available funds in each wallet. What troubles me, if anything, is 2 things: 1) what info of mine that the hackers may or may not have could possibly harm me in the long-run, & 2) I’m somewhat worried that, in theory, the hackers may possibly change my PSN passwords before I get the chance to do so myself one PSN comes back online. I hoping that I’m worrying over nothing, but I’m worried nonetheless.
Sony jail this person for hacking psn: http://www.reddit.com/r/PS3/comments/gxw0v/here_is_a_video_of_the_rebug_psn_hack_in_action/
READ THE COMMENTS
People are out to try and make a quick and easy buck. America!
I hope the playstation brand will be able to survive this. Which I’m sure it will, I would just hate to see you go the way of sega. My only option the would be to go to nintendo.
Anyways thanks for the update, looking forward to all this being over.
@ Movie_Profile said:
“in theory, the hackers may possibly change my PSN passwords before I get the chance to do so myself one PSN comes back online.”
this is very scary
Thank You for this update, well seems like the info they got is nothing more then hacking an e-mail or facebook account so that is good, the Credit Card data like usual is on a different server and all that.
The reset or change password once the network back is the best option and from the rumors it sounds like the firmware to come with the new update will carry some new add-ons I hope to see :). Well been here since the start and I am not going anywhere soon, I just hope the network is back on by Friday so me and my friends can get some Black Ops going on
Thank You for the info
don’t get your news from rumors … thus far they’ve only said the software update will require a change of password .
Sony, I used the “Delete billing info” option on my PS3 under account settings to erase my credit card information before this PSN breach took place. Did Sony still have a record of my CC info after I deleted the info or was it totally gone from your database once I took that action? Thanks!
Thanks for the daily updates, but wow can you guys just say you’re sorry? It’s not like this was our fault or anything, YOU’RE the company that was in charge of keeping our info safe and it was not. I think a sorry is deserved, not like it’s gonna change anything, but it’s still nice to hear.
One thing I want to know, does the PSN server will still have a record of the credit cards we used for purchase before or is the data removed once we deleted the info from PS3?
@+ angelspawn77
” we regret any inconvenience. ”
it’s the samething .now get off your high horse and stop thinking they have to sacrifice small animals for the sake of your EGO .
if anyone has a 360 i feel sorry for you i’ve been on playstation sense the 90’s and i love all they offer. from high deff games on BLU-RAY not hd dvd’s like the xbox. we have way better and longer titles over here and microsoft couldnt pay me to own their load of junk because it crashes too easy and they have no security on it trust me my other family members have owned one and i still laugh at them for owning it.
thank you sony for being the best for going on 16 long fun filled years i hope there are more to come. for what it’s worth i think sevice being down for as long as it has and will be may actualy wake people up from the dream land and get the masses back to the reall world at least for a few days.
Man a lot of you people need to grow up with the console hate man. I dont own a 360 but I sure as hell wish I could play all the Halos & Gears of War & Especially LEFT 4 DEAD on the PS3 and im sure people on the 360 wish they could play 360 eexclusives. But know a lot of you rant on about how it sucks. I bet half of you havent even given the chance. And before you go crying but we have to pay to play only. its 60 dollars a YEAR!!! not month not week. If you do the math you are paying 5 dollars a month which equals about 1.27 per week. are you really that dirt poor that you cant afford 1.27 per week come on now. Both systems have pros and cons but stop acting so childish about other systems. And like i said I dont own a 360 just wish people would stop babbling that Sony is sooooo great
SONY I know that you are working hard to create some serious new security feature which I am glad of. But in the process I would like to have for the sake of everyone at least three to four of these five features later implemented into the PS3/PSN
1.PS3 price drop later this year.
2.Backwards Compatibility Add-on ($10-15)
3.PS2 downloadable games/ Imports on PSN
4.Cross Game Chat,voice Chat for PSN users
5. More downloadable import games like Malicious for PSN
OUt of these five features it would be awesome for everyone to later in the year have a price drop, Backwards compatibility add on($10-15) per user, PS2 downloadable games/Imports on PSN, and more downloadable PSN exclusives like MALICIOUS on PSN.
Nice comments Sony, im getting in some well deserved single player on games i never finished so im ok bout all this.
Awesome. Well Sony keep the good work. I want to know who was responsible to this and please bring the to justice. Trow the key of the jail room after they are caught!
What about updated features i heard a comment on engadget that cross game audio/video chat may now be possible?
I think we should all start hounding the federal government or if you live outside the US your government. This kind of problem shouldn’t be happening. We need to get tough on hackers. I read that the FBI can find hackers like these creeps but most of them are outside the US and their governments don’t care. We need to create new laws just for the Internet. We need an Internet protection department made up of specialists from all over the world. They should be given special powers that allow them to cross borders and make arrests. If we don’t put an end to hackers now this is going to really get bad.
#9: So true. God bless the single player game.
Can we justget PSN back today! PLEASE! And y Am I signed into the US Blog and able to comment despite NEVER VISITING this site before being a European. WTF!
@8
to answer 1 2 3. I’m pretty sure nothing will change since none of your information was deleted otherwise they would have said it right away!
nice to hear guys but annother week i dinnae know if i can hang on that long captian…… and im in uk and cant log into blog but i come here and it stays logged in awsome thanks anyway guys hope the new building has only 1 ethernet line into it lol
The internet haters must be loving this :-/ Oh well
good to know that data was encrypted but i have questions to that:
what about your private keys? are they safe or were they stolen too? could you tell us more about it like what algorithm did you use?
This is almost like a classic case of withdrawl. I was only partialy addicted to PSn and I say this because I oly play on weekends. If I played every day, I bet I would be just as hooked. But, to all those who are desiring PSN now, simply find something else to do. Get those SP trophies you have been ignoring. Spend time with your girl friend, family, or kids. Enjoy nature. Read a book. Just keep your self occoupied for a few more days until sony announces PSN is back up.
@169
remember, this blog is not secure. anyone could be reading it. For all we know, the hacker could be someone typing on a PS blog right now.
@Verios. That’s what I’ve been saying…
@Verios44
yeah right
Good mornin’ everyone. :)
How goes the single player trophy hunt?
*continues playing the waiting game*
only have 6 trophies left for killzone 3 SP trophy set
Good mornin VIetnam!
The only thing that would be worth giving to you would be an extra month of DC Universe Online or FreeRealms if you have a subscription. This outage, obviously, has disrupted THAT particular paid service. However, Netflix is a standalone thing, which you can actually access without PSN. Maybe SONY should put that on a blog post so everyone knows that. The PS3 can connect to the internet, therefore you can use the Browser and Netfix, which don’t use the PlayStation Network, without a problem. Netflix can also be used on a computer, Wii or Xbox 360.
The only thing I would like from Sony is the improved PSN. All around! I don’t want a game, or anything like that. I bought a lifetime subscription to Free Realms, so I’m not losing time really. Enhanced security is a good start to improving PSN. Faster, improved performance would be nice. And cross-game chat would be fantastic! We all want it, so when there’s free time after this mess, maybe you oughta figure that one out? ;)
Thanks for keeping us updated, even if it’s only a little more each time, great to know you’re not keeping things from us!
@Szamal
Why on Earth would they tell you “the algorithm they used?” People are not trustworthy. People wanna gang up on Sony and say that they’re a greedy, evil corporation for letting this happen but there are a lot more evil people out there looking to steal credit cards, personal info and games.
Telling us HOW they did it would only allow these people to find another loophole, thanks to George Hotz and Failoverflow they already gave these horrible people the means to hack into PSN in the first place.
Sony is telling PlayStation users that it had encrypted the credit card data that hackers may have stolen, reducing the chances that thieves could have used the information.
Sony Corp. says that while it had no direct evidence the data were even taken, it cannot rule out the possibility. It did not say how strong the encryption was, and it’s possible for hackers to decipher files that are weakly encrypted.
Goooooooooooooooooooooooooooooooooooooood Morning VietNNAAAAAAAAAAAAAAAAAAAAM!
Ahhh classic Robin Williams. Hiya Cyber….you better be working on DH:A for co-op. :) My mage is lvl 46 now, and legend mode….so catch up so we can defeat the game on legend together. I need a tank protector! I keep messing with the builds, since you’re allowed to do a bit more in legend mode so least it given me time to try out other things….and I noticed the mage CAN carry more potions, guess I didn’t read thru all the abilities enough. Pfft.
Speaking of which, time for some local co-op mode. Kid home today from school “professional development day” … mind you, they just had 6 school days off, back for 2, then off today and back tomorrow then the weekend. *rolls eyes* At least PSN is down when he is home, since I get to use it less when others are here as it is hooked up to the main TV. Ugh a need a real TV in the bedroom so I can hide from everyone and play, at times anyways. :)
@191 – you’re correct, to a point. the 1 key thing that you were incorrect about is that, in order to use Netflix’s streaming service (on the PS3, that is), you must use the app on the XMB under Video. You *CANNOT* use the PS3’s web browser for that purpose.
As a side note, I don’t foresee Sony giving anything away, either for compinsation or as a token of good will, unless the much talked-about class-action lawsuit or someone within the government basically forces them to do so, either forcing them by court order or other forms of proverbial arm twisting. Don’t get me wrong here – I love Sony & I’ve been supporting their games/systems ever since getting the PSone in ’97, but we just gotta face certain likelihoods.
And telling people to “go outside” isn’t the right thing to say in this situation…
The Playstation 3 is not unplayable and you can still play single player games (Mass Effect 2, Arkham Asylum, Bioshock, Fallout 3/New Vegas, etc.) and as much as the media is dragging this on, 77 million people have not inserted their credit card information on the PSN, I’m sure only about 20 to 30% of that amount actually had their info on the network, a big number but not as intense as people are making it out to be.
People talking about compensation, unless it’s through a legal course of action (which means don’t talk about it on here), quit asking for things you do not deserve and did not earn. And I’m sure I speak for others when I say this, shut the french toast up already. You are doing nothing but showing that you are a person who wants/expects something for nothing.
If anything, Sony should have a ***store wide PSN sale**** as a token of their appreciation for their customers patience during this unfortunate time. I think it would go a long ways, esp. to those who buy alot of PSN games, to boost PR after the store gets back online and is fully functional.
@197
If they extend their goodwill to their consumers than they will appear fairly appreciative. They NEED people to have faith in their online service so developers will still feel it is viable to put their games on it.
1 to 3 months of free a Free PSN+ subscription I do believe would be worthwhile for everyone (and a free retail game as well for PSN+ subscribers)
People will scoff at the gesture but the fact that they would be willing to do so even though they are a free service shows people they care about what happened
@196 – I’m suspecting that you’re not not fully grasping the severity of this situation here. I won’t claim to know what percentage of PSN users have Credit/debit cards associated w/ their account(s), simply because I dont have access to that data to verify that, so any figure that I’d state would be a guess. the same logic would apply to you. The only people that would know is Sony.
At any rate, even if one didn’t have any cards associated w/ their account(s), what other info about them that the hacker(s) may or may not have gotten access to may prove to bite them in the arse in the long run, one way or another. No one can say for sure 1 way or another yet, as it is too early to tell &, obviously, no one is psychic.