In association with heise online

27 April 2011, 10:50

PSN hack: Personal data of millions of customers stolen

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Sony Logo

About a week after Sony switched off its PlayStation Network and Qriocity video and music service, the electronics giant released a statement about the incident on the official PlayStation blog on Tuesday night (26 April). Having initially only talked about an "external intrusion", the company has now said that it was discovered that user account information – including user names, addresses, dates of birth and log-in as well as password information – was compromised in connection with an "illegal and unauthorised intrusion" into its networks between 17 April and 19 April, 2011. According to Sony, it is also possible that users' profile data, including their purchase history and billing address as well as their password security answers, may have been obtained by the intruders.

As if that were not enough, Sony also said that users' credit card information may have been stolen. The blog continued: "If you have provided your credit card data through PlayStation Network or Qriocity, to be on the safe side we are advising you that your credit card number and expiration date may also have been obtained." What apparently wasn't compromised was the CCV security code that can be found on the back of a credit card and is usually required when making a purchase. "To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your account statements and to monitor your credit or similar types of reports", the vendor wrote in its statement.

On Saturday, Anonymous activists had distanced themselves from the latest attacks on the PlayStation Network: "It wasn't us", they said in a statement. In early April, Anonymous had declared war against the Japanese corporation because of its harsh action against PlayStation 3 hackers. However, the group endeavoured to limit the damage shortly afterwards, as various PSN gamers had been angry about the online network being unavailable. Anonymous apparently doesn't want to have anything to do with the latest attacks and the potential theft of credit card data.

Sony says that 77 million customers in 59 countries, including about 32 million in Europe, use the PlayStation Network. Experts have already called the latest attack one of the most serious cases of data theft in the past few years and estimate that the PSN hack could cost as much as $24 billion. Sony has released an FAQ that answers the most urgent questions about the hack. The FAQ also contains a telephone number for Sony's customer service in a variety of countries, including the UK. However, why this is an 0844 number is somewhat difficult to understand as, for instance, affected customers in the US can dial a free 0800 number.

Even if no credit card information has been stolen, effects on customers could be very unpleasant. Experts think that fraudulent activities where criminals attempt to make clever use of the harvested personal data will be particularly likely. Sony has also recommended that users change their passwords when the PSN and Qriocity come back online – however, no concrete date and time have been mentioned. Customers who use their PSN or Qriocity user name or password for other services or accounts should also change their passwords for these accounts as soon as possible.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit