Posted 8:59pm

PSN/Qriocity Service Update

Thank you for your patience while we work to resolve the current outage of PlayStation Network & Qriocity services. We don’t have an exact date to share at this moment as to when we will have the services turned on, but are working day and night to ensure it is as quickly as possible. We are currently working to send the following message via email to all of our registered account holders regarding a compromise of personal information as a result of this malicious attack on our servers, so please look for this information via email as well. Please note that we are as upset as you are regarding this attack and are going to proceed aggressively to track down those that are responsible.

Valued PlayStation Network/Qriocity Customer,

We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:

1) Temporarily turned off PlayStation Network and Qriocity services;

2) Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and

3) Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity passwords and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence that credit card data was taken at this time, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, to be on the safe side we are advising you that your credit card number (excluding security code) and expiration date may also have been obtained.

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security, tax identification or similar number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your account statements and to monitor your credit or similar types of reports.

We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please check www.eu.playstation.com/psnoutage should you have any additional questions.

Sincerely,

Sony Network Entertainment and Sony Computer Entertainment Teams
Sony Network Entertainment Europe Limited (formerly known as PlayStation Network Europe Limited) is a subsidiary of Sony Computer Entertainment Europe Limited the data controller for PlayStation Network/Qriocity personal data.

Follow us on Twitter @PlayStationEU for live updates and read the FAQ at eu.playstation.com/psnoutage for further information.

Thank you for your patience.

Did you enjoy this?

Comments

144 Comments 0 Author replies
Show oldest first  
 
DJbruce92 26 April, 2011 @ 9:00 pm   1

Great so my debit card details may have been stolen. I don’t have a credit card so I’m basically screwed. Thanks sony…

ChemicalBacon90 26 April, 2011 @ 9:03 pm   2

What a disgrace.

j-a-y-888 26 April, 2011 @ 9:03 pm   3

This can’t be good…

 
Pacman_Ownage 26 April, 2011 @ 9:04 pm   4

*is it appropriate to post my twitter feed here*

..No..

So, like…

Lesson learnt, don’t play with the big boys.

Dear oh dear oh dear.

 

OH MY GOD!!!!! This is the hack of the decade!!!

Static-Xv2 26 April, 2011 @ 9:06 pm   7

When somebody logs into your account from a different system your card details gets deleted right?

Boffin101 26 April, 2011 @ 9:06 pm   8

At least you let us know what is going on now, being in the dark since Wednesday was very unpleasant.

 
almighty-slayer 26 April, 2011 @ 9:06 pm   9

Not cool, sony

williamp123 26 April, 2011 @ 9:07 pm   10

This is totally unacceptable

 

Oh dear, think I will stick to using PSN cards in the future.
Hoped it would not be as serious as this.

 

A solid statement at last. This intrusion and its effects certainly do not encourage me to purchase future Sony product to satisfy my gaming needs.

 
Murphy2k8 26 April, 2011 @ 9:10 pm   13

Can see quite a few people going to sue Sony.

 
fisknoll 26 April, 2011 @ 9:11 pm   14

Wonderful. How I wish I hadn’t used my debit card with you now.
Please, add Paypal as an option in the future, Sony.

 
Roxas598 26 April, 2011 @ 9:12 pm   15

so ugh yeah what’s going on the store tomorrow?

seriously if Ross doesn’t get FFVI on there i’m moving to xbox :|*

*this post isn’t serious, have to say this cause some people would prob think it is :\

 
Martingutten 26 April, 2011 @ 9:12 pm   16

[DELETED]? You have broken the law SONY!
You have known for A WEEK that security have been breached, and maybe even our credit-card info been stolen have you haven’t told us about it. By LAW (a word you often seem to lack in your vocabulary) you are ordered to inform everybody that might be affected if something of this sort happens.
Us, your loyal and now abused, customers are sadly now in right to take up a class action lawsuit again your firm. It would also be the duty of many states, and the EU, to take you to court for violation of the law in many states!

 
Martingutten 26 April, 2011 @ 9:14 pm   17

It is sad that we should not expect to get any comments from anyone in sony here in the comments… Get some new comunication-staff SCEE/SCE/SONY

fanpages 26 April, 2011 @ 9:15 pm   18

Thank you for your efforts & your continued communication as you & your colleagues attempt to resolve the issue, Mr Caplin.

Instead of returning service as soon as possible, I would like to think you can now take the time making PlayStation Network robust & resilient to keep away those using cheats & hacks in online games, stopping those that think it is their given right to effectively take income away from the developers & publishers, & ceasing the activities of those that just wish to impact everybody else with denying access to a large part of the public’s gaming arena.

To establish the extent of the impact of the loss of personal & financial information, will the investigation into the intrusion highlight which PlayStation Network and Qriocity service user accounts were compromised between 17 April & 19 April 2011?

BFN,

fp.

waypoetic 26 April, 2011 @ 9:17 pm   19

Wow. The PSN was coded by, what, apes? This is a disgrace.

 
Handige_Harry 26 April, 2011 @ 9:20 pm   20

Thankx for this update!

 
CozMick 26 April, 2011 @ 9:21 pm   21

You have got to be kidding me?

7 days to give us this info!!!!

This sorta breach gives me no choice but to sell my PS3, seriously, how safe can PSN now be with this sorta info floating about on the net.

God damn you Sony

 
Carnivius_Prime 26 April, 2011 @ 9:24 pm   22

Damn hackers… bloody scourge of the internet. Keep doing what you’re doing, Sony people. Problem is no system tends to be that safe. Hackers will get through near enough anything if they want to. It’s pretty much what their whole thing is…

RobbySpry 26 April, 2011 @ 9:29 pm   23

The more i read about this, the more it confirms my theories that this was done by people who hates Sony and who want their customers to leave them to turn to for example Xbox instead. I’d like to call them Xbox fans jealous of the free services of PSN, but who knows if we’ll ever find out the truth.

In other words, those who feel like they are at cross-roads right now; don’t let these bastards win! Stay with Sony and show them that things like these won’t make us forget all the good that Sony has given us in the past.

 

This is [DELETED] awful.

TheBrokenMachine 26 April, 2011 @ 9:32 pm   25

Oh dear.

 
marcindpol 26 April, 2011 @ 9:34 pm   26

just GREAT!…

 

Why not tell us a week ago?

 
spikkle 26 April, 2011 @ 9:35 pm   28

Damn.. Sony if my bank details are stolen, you’ll be hearing more from me.

 
Ravenblade86 26 April, 2011 @ 9:38 pm   29

Thanks for the update Sony, and thanks for the effort being put into restoring PSN and making it more secure.

It’s disappointing that this happened, but PSN isn’t the only place that has been hacked to steal personal data. It’s something that is becoming far to common on the internet.

jurgen_fool 26 April, 2011 @ 9:40 pm   30

Cheers Sony, you’ve been really helpful through this whole ordeal. And you still are. ;)

So, because of your incompetence, 70+ million of users will not only have to cancel their credit cards and change their passwords, but also move addresses?

Again – cheers.

 
PenguinGlen 26 April, 2011 @ 9:40 pm   31

Not the best news I’ve heard all day, but I do appreciate you informing us Sony. First thing I’m doing as soon as PSN is back online is changing my password and removing my financial information. Guess I’ve learned the hard way to just stick to PSN vouchers from now on.

I’ll continue to support you Sony and I’m not going to give you as hard of as a time as most people are. I imagine you are just as surprised and upset at the situation as we are and I hope whoever is responsible is tracked down and justice is delivered. I’m disappointed with the situation, but not angry. Thanks Sony and take as much time as you need to make the system as secure as possible. :)

@22: Exactly. Unfortunately nothing is impossible to hack these days and it happens to even the best. It’s just a shame in the technology-centered world we live in today. :(

 
smokeypsd 26 April, 2011 @ 9:43 pm   32

As much as no big thing right now for PSN to be down, this statement needed to get out of the gate sooner. You needed to control the message Sony.
from all accounts it is holding that the financial side of things has not been compromised, lets hope that holds. This time of no interaction with the base will not be looked positively on.

 
hayzink 26 April, 2011 @ 9:48 pm   33

cue everyone now wanting something for nothing and blaming the wrong people.
sony was the one that was hacked not the hackers. people are already talking about suing whats up with that!!

if you are worried about your card details then call your bank and cancel your card for god sake then that problem is solved right away.

no one has your bank details as you have not given them to sony, your card details are not your bank details, god!

change your log on email and password when the network is back online and there should not be any big issues.

sony keep up the good work and i for one will not be jumping ship :)

 
Huono_peleis 26 April, 2011 @ 9:51 pm   34

In a way Sony had it coming. In many ways actually.

The fact that it took them almost a full week to admit what has happened shows their arrogance which finally lead to their failure.

btw. Gamestop isn’t buying used PS3′s anymore in NA.

R.I.P Playstation

 
lardteamaker 26 April, 2011 @ 9:54 pm   35

@13 yeah 75 million users have that feeling.

@14 I don’t trust Paypal either, i had no end of phishing attempts when i had an account

Here’s how i’m feeling on this………………i’m actually very annoyed. All because of an arrogance saying “the ps3 is unhackable”……………..well thats been proved completely WRONG hasn’t it? While i’ve taken steps to begin with to cover my debit card and account this morning putting my bank on notice………getting my D.O.B. address, name covered if i get sent an e-mail saying my details were gone is frankly hassle/stress i and in fact all your customers could do without. Because while some ways them trying to get credit in my name is covered some online companies will do it regardless. What makes this more annoying is recently your customer service made me jump through hoops to prove i had broken ps3′s so my psn i.d. was taken off them.

Very unimpressed with this.

*Is going to be very busy making up passwords and applying them..*

RAGEEEEEEEEEEEEEEEEEEEEEEEEEEEE!

 

that’s great. i’m selling my ps3 tomorrow and i’ll buy xbox. i can live without uncharted. and forza is way better than gt anyway.

 

What happens if they’ve already changed account passwords ?… presumably Sony will offer genuine users a method reseting them, otherwise we’ll lose access to our download history, friends lists, trophy collections etc etc.

SmoggyPhil 26 April, 2011 @ 10:16 pm   39

Despite being the village pessimist in these parts, I’d think that anyone without any surprise withdrawals of money or bills to their cards is safe..After all, it’s been 7 days, and a hacker (Slime of the earth) would more than likely go nuts on a spending spree, so…Glimmer of hope, maybe.

Of course, what isn’t a glimmer of hope is that the PSN is basically down indefinitely, people with PS+ are basically paying for air (As are people with online-only games such as MAG, Warhawk and DCUO) and Sonys reputation is taking a major hit. Also, it took a week..A WEEK TO POST THIS. I’m sure Sony isn’t made up of one department, and i’m sure they didn’t move all those departments to fix the servers, so what was the hold-up in posting this message? Disgraceful.

My guess is that Sony are haemorrhaging money right now thanks to this. The good thing is that it hits Sony where it hurts: Their wallets. Maybe now they can cut out the arrogance of “PS3 IS UNHACKABLE” and do something about it.

 
somethingatt 26 April, 2011 @ 10:18 pm   40

Big corporations will get attacked, do get attacked. But there is a reason why so many sites that hold our key info exists and hardly any of them get breached on the level PSN did: They care about our security.

Say what you will, this is simply incompetence and ignorance on Sony’s part.
This is one of the biggest security fails of all time.

Good luck convincing me to purchase from PSN again Sony.

 

@31 It’s not that the system could be hacked it’s that Sony appears to have stored this information in the clear!

There is absolutely no excuse for passwords to be stored in plain text. Only hashes should be stored. There should be absolutely no reason at all that any usable information can be gained from attacking a system which is connected to the internet if basic encryption and / or hashing is used in order to obfuscate the data.

It will be interesting to know under which legal jurisdiction that data was held, as many data protection authorities around the world take a very dim view of companies not providing sufficient protection for personal data.

For example ACS:Law is under investigation by the UK Information Commissioners Office after a hack of their servers allowed unencrypted personal information to be leaked. They could face a hefty fine because of their insufficient protection measures.

In Sony’s case, they are the custodian of 70 million people’s personal data, including credit card details. In order to safeguard such an attractive target, they should have banking level protections in place. It would appear that they did not.

 

if you guys ever get any info on who’s accounts were hacked and stolen will you guys contact those ppl via psn if it’s back online or any other way or do we now all have 2 wonder if our accounts might be hacked?

P:S
you guys suck in communication you guys should be fired. 6 days for info that gaming sites been saying for days and you guys ignoring us when we ask for information we needed 2 know from the start

 
AshKorsair 26 April, 2011 @ 10:23 pm   43

what would hackers gain by doing this if they havent gotten there rotten hands on the cradit card data?
why would they mess with our accounts? spite? ‘fun’?
ah well, whatever happens, sony just learn at least one thing….
make your custumor service better. by a lot.
the drips of info u have been releasing did nothing to make us feel better and after a week u come with this.
not so classy

 
spatsnaz 26 April, 2011 @ 10:23 pm   44

What an utter mess. Contemplating getting completely out of console gaming after this.

 
SuperJag86 26 April, 2011 @ 10:28 pm   45

Guys, what could Sony have done??
This is a risk we as consumers face with any online service such as PSN, XBL or Steam. Anytime you share your details with an online retailer it’s the same risk there too.
It totally sucks and we’ve all got to be extra vigilant now but any hate you’ve got has to be directed to the thieves that have done this not Sony.

 
Chocobo115 26 April, 2011 @ 10:29 pm   46

Go and get the hackers and let them pay hell. This is annoying, now I’ll be hestitant to buy anything more on PSN…

A bit of a shock, but not unexpected. I had the foresight to remove my card details from the system when Anonymous first hit the network, and address details aren’t a problem seeing as LOTS of companies already have that information.

I’m actually starting to think the Anonymous DDoS attack (which mainly consisted of prepubescent AnonySheep) was just a diversion, or a way to push the network into a condition that would make a proper hack easier to pull off.

But whatever, Sony isn’t the first company to be hit by something like this, and they won’t be the last. If people want to ensure their personal details remain secure, they shouldn’t submit them to any cloud based services.

 
addyjones1234 26 April, 2011 @ 10:31 pm   48

http://forums.sarcasticgamer.com/showpost.php?p=645846&postcount=734

People should be reading this before jumping to conclusions.

A bit of a shock, but not unexpected. I had the foresight to remove my card details from the system when Anonymous first hit the network, and address details aren’t a problem seeing as LOTS of companies already have that information.

I’m actually starting to think the Anonymous DDoS attack (which mainly consisted of AnonySheep) was just a diversion, or a way to push the network into a condition that would make a proper hack easier to pull off.

But whatever, Sony isn’t the first company to be hit by something like this, and they won’t be the last. If people want to ensure their personal details remain secure, they shouldn’t submit them to any cloud based services.

 

It’s a good time that I didn’t purchase or log on PSN between the 17-19th. Purchased a PSN game on the 20th, but if this information is correct Sony managed to get hold of the situation by then :)
I almost feel sorry for this hacker. Based on all the information (s)he has stolen (s)he will probably start crying when he figures out the consequences.

Load all