Sony, after what has now been a full week of downtime for the PlayStation Network, has finally released the specifics about the attack. First and foremost, our fears have been confirmed – Sony is sending out emails en masse alerting PSN users that their account information has been compromised. PSN account holders are being urged to keep a vigilant track on their bank accounts, and have their phones at the ready if any suspicious transactions appear.
[Update: Check out Sony's official explanation for the delayed response to hacked PSN accounts here!]
It has been a week full of frustration for both affected parties – Sony and PS3 owners alike – with little information on exactly how all this came to pass to begin with. Sony will surely have more answers for the concerned PSN users regarding the future of security of the platform as well as how things got so out of hand.
Sony has hopefully taken advantage of this time to significantly tighten up security, preventing a sudden strike like this from ever happening again, whether the attack actually came from Anonymous or not. The following is what Sony had to say regarding the compromise of security last week in their most recent update:
“We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:
- Temporarily turned off PlayStation Network and Qriocity services;
- Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
- Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.”
Sony has a lot of explaining to do. The extended inFamous 2 beta will not mend the relationships that Sony has built with gamers whose personal information could be at risk and by allowing such a heinous attack to go unexplained for so long. Further down in the report, Sony outlines just how extensive the data mining might have been:
“Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.”
In other words, watch your back. Do not open any suspicious emails, take any suspicious phone calls, or let any suspicious transactions on your bank account go unreported. Sony has provided a variety of numbers and tips to keep PSN account holders as safe as possible on the PlayStation Blog.
They expect service to resume within a week.
The PlayStation Network is still offline. Do you think that the network will make it back online before the end of this week as Sony has assured us? Are you concerned about the amount of information Sony has given its loyal customers after such a potentially dangerous attack? Let us know your thoughts below.