Triangle Circle Shapes
Square Cross Shapes

Posted 6:07am

Clarifying a Few PSN Points

We wanted to take this opportunity to clarify a point and answer one of the most frequently asked questions today.

There’s a difference in timing between when we identified there was an intrusion and when we learned of consumers’ data being compromised. We learned there was an intrusion 19th April and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly yesterday evening.

For those who were looking there’s also an FAQ with some more on frequently asked questions

Thank you for your continued patience and support.

Update: Due to ongoing work to bring PSN back online there will be no scheduled content publish this week for PlayStation Store or PS Home. We will resume our scheduled publishing as we bring services online again.

Did you enjoy this?

Comments

100 Comments 7 Author replies
Show oldest first
KylieDog 27 April, 2011 @ 6:13 am   1

You dont seem to be replying to anything, but is it possible to get an ETA of when PSN will be working again?

Not specific, but days, a week, weeks and so forth, a rough estimate please.

Some of us have subscription services like Lovefilm that is used on PS3 and needs PSN signed in, if is going to be weeks before PSN is back may as well be cancelled for now, but if just some days or 1 week probably not worth cancelling.

    James Gallagher 27 April, 2011 @ 5:42 pm    

    I appreciate that we have not been as responsive as usual here on the blog and please accept my personal apologies for that. I don’t need to tell you of the sensitivity of this situation. However, I promise that we have been working around the clock and we have posted any new information as quickly as has been humanly possible. We are working towards getting things back to normal and that includes maintaining an open and accurate dialogue with our consumers.

niall077 27 April, 2011 @ 6:42 am   2

well a simple warning would have been nice.

Last week when this mess started and people where worried all you had to say was “hey we have no confirmation at this point if user data was compromised but since we haven’t ruled it out ether we recommend that worried users change there passwords and keep a eye on there credit card transactions until we have done a full investigation”

Now we find out a week later that yes user data was leaked but thats a week to late to if someone has spend £1000 pounds on your credit card or something.

Mr Head of Communications I hope you get sacked over your complete lack of common sense when dealing with this situation.

niall077 27 April, 2011 @ 6:44 am   3

so many miss slept words in my rant.

well its 6:45 am.. its understandable.

What makes Sony look so bad is the silent treatment you have been giving us from day one. Facts are you knew that your system was compromised, you did say a thing about till days later and even then didn’t tell us you suspected personal information might have been compromised.
Sony you dropped the ball big time on this, you should fire your PR department because they don’t have a [DELETED] clue what they are doing, and totally screwed you in this.

    James Gallagher 27 April, 2011 @ 5:50 pm    

    We’ve had daily blog posts since the PSN has been down and they have included everything we have known at that time. I know it is frustrating but it’s really important to give accurate information.

thanks for the continued updates, im sure things will be back to normal soon, ill just change my log on details and thats that taken care of :)

obriencfc 27 April, 2011 @ 7:29 am   6

hope you can get everything sorted soon sony. if you could give us a rough time on when the psn is back up that would be great. also can you give us info on whats going to happen with the store update? thank you. p.s. anyone moaning about how long it took sony to tell us about the safety of our info, they only found out two days ago that are info was not safe and they told us the next day which is fast enough for me. they knew they got hacked but only found out peoples info may have been stolen days later.

    James Gallagher 27 April, 2011 @ 5:51 pm    

    I know we keep saying the same thing and that can be frustrating but we can’t give out times until we know they are accurate. When they are, they will be here on the blog; that’s the one thing I can promise.

Exactly what I have been telling raging friends on twitter and kotaku.com.

It’s more than a little cynical to think Sony would attempt to cover this kind of information up. Obviously, the delay was due to the fact you can’t pull that kind of information out of the air, how exactly does one know if information has been downloaded in a hacker attack?

It’s pretty obvious the delay was due to an investigation.

Carnivius_Prime 27 April, 2011 @ 7:35 am   8

I can understand the frustrations but if anything it should be the hacker getting all the blame here. Why these guys can’t simply just leave things alone. I’m sure Microsoft and Nintendo would have reacted the same way as Sony if it had happened to their services. I hope the hackers are tracked down and jailed.

I don’t blame Sony for being hacked. But I do hold them accountable for being so close mouthed about everything.

Do-_One 27 April, 2011 @ 8:01 am   10

identity theft has been on the up for yrs in the past month or too here is just a few companies

Earlier this month, US firm Epsilon, which manages data for companies including Barclaycard, Citigroup and hotel chain Marriott, confirmed that millions of email addresses had been stolen in an attack on its servers. However, the data stolen in this case was limited only to email addresses.

In March, online retailer Play.com warned that customer emails and some personal information had been stolen, though the company stressed that credit card details were safe. In January, cosmetics firm Lush admitted that credit card details belonging to some of its customers had been stolen in the run-up to Christmas. The company advised customers to contact their bank.

Darkos87 27 April, 2011 @ 8:22 am   11

I think it would have been better hearing about this on email rather than reading it on the thesun this morning.

I’m a bit disappointed but it’s not like Sony just gave the hackers everyone’s number.

    James Gallagher 27 April, 2011 @ 5:56 pm    

    We are sending out emails to every PSN member, but sending that quantity is quite a big job so we decided to post it here and on playstation.com so that everyone has access to it at the same time, which was then reported on.

Microsoft probably won’t be saver considering they unbanned all banned console’s so it’s like a storm off hackers on Xbox live

Why didn’t you tell us that an extern team was looking at the breach when you put them on the case? Why didn’t you tell us then that our passwords & cc details might have been compromised (I mean, that was what this team was looking at, no?)? By now they might have already used our passwords & cc details.

Your PR is terrible.

As are your safety measures, especially when a group of hackers announces beforehand that they’ll try hacks (even when it wasn’t them now).

Hamusuta_SWE 27 April, 2011 @ 8:38 am   14

If the ps3′s own security where compromised then you guys should know that the psn wasn’t safe either, its just a common sense to check the psn’s own security threats.

Dante_Zero 27 April, 2011 @ 8:42 am   15

thanks for clearing up the misunderstanding some people have had over comunication.

keep up the hard work on restoring the network and implementing the new security features. We want to see the network up and running again and as a fan of gaming let alone Sony we hope this doesnt damage your reputation too much and that you continue to provide great eperience in great ways. If Sony fails the gaming industry as a whole will be a much poorer place.

As for people constantly hammering you guys, these people need to get to grips. Sony have advised the best course of action. instead of ranting over sackings and poor service blah blah blah, use your common sense, take their advice and wish PSN services a speedy recovery.

thanks

VitalogyPJ 27 April, 2011 @ 8:51 am   16

Lies, lies and more lies.

You knew from the beginning that our data was compromised because you knew how weak your security system was/is or whatever. This pseudo-statement it’s just you, sony, trying trying to apologize the way you did things and to avoid legal charges against for not warn us in time.

Sorry but, you will not avoid anything and you will always be found guilty in court. Should of thought in your consumers first.

spikkle 27 April, 2011 @ 8:59 am   17

I just wish you’d reply to the freking comments on this blog.

I loved this set up on psn and now I’m so [DELETED] off with what has happened I shall never trust sony again ever. looks like |’m going to be getting a [DELETED]box.

spikkle 27 April, 2011 @ 9:02 am   19

And im not being patient, so dont thank me for it.

Im not being supportive either cause right not I hate Sony. So dont thank me for that either cause you dont have my support. I just want someone tro answer the comments and for you guys to do your freaking jobs right from the beginning.

Chocobo115 27 April, 2011 @ 9:11 am   20

Meh I just want the hacker group to get caught and then they’ll get to pay us users for what they done. And don’t let them off the hook like you did with Hot<.
Imagine them getting caught, their lives will be totally smashed paying off their crimes for the rest of their lives.

quidditys_shore 27 April, 2011 @ 9:24 am   21

i’ll second that chocobo. REALLY want these criminals caught & made to pay for what they’ve done. its not sonys fault they did this & for all those that keep constantly complaining & cosntantly saying they are going to get an xbox then please go away & do so!

MasLegio 27 April, 2011 @ 9:29 am   22

here is discovery of how Sony extracts data from your PS3s. They DO NOT ENCRYPT your credit card information, and the following shows how anyone with access to the servers can see and use your credit information for fraud, hackers or sony employees alike.

creditCard.paymentMethodId=_”CC_COMPANY”_&
creditCard.holderName=EXAMPLENAME&
creditCard.cardNumber=_”1234567890123456″_&
creditCard.expireYear=2012&creditCard.expireMonth=_”2″_&
creditCard.securityCode=_”123″_&
creditCard.address.address1=_”EXAMPLESTREET”_%2024%20&creditCard.a-ddress.city=_”EXAMPLECITY_”%20&
creditCard.address.province=_”EXAMPLEREGION_”%20&
creditCard.address.postalCode=_”12345_”%20

Everything contained within _”example”_ in the reality is replaced with your actual information. It would be very easy to write this information down, and to exploit it for credit fraud on the internet. They also do not encrypt your PSN accounts.

serviceid=IV0001-NPXS01001_00&
loginid=example@mail.com&
password=examplepassword&
first=true&
consoleid=EXAMPLEID123

therefore they are also at risk.

link1983 27 April, 2011 @ 9:31 am   23

Hey PSN. I am hanging in there. I am going to admit it is getting tough. I am taking abuse daily from people who own 360′s. I am not going to defect, ever. I just hope this thing is resolved soon.Next week is the PS+ update so I can only assume you are aiming to have it fixed by then?

I’ll still have my PS3 until the thing dies!

Croopnick_PL 27 April, 2011 @ 9:35 am   24

FAQ should appear at last firday, not now.
Your PR sucks as much as your PSN security.

You do realise the hacking and the terrible way you have informed us are the main headline on every news site in the world.

How come you still haven’t learned from your PR mistakes?

Always the same attitude: if we don’t say anything, maybe it will go away?

Well, it didn’t.

You just damaged yourselves terribly; not only because of the apparently unsufficient security but also because of the way you chose to treat the whole case.

darrenj1 27 April, 2011 @ 9:58 am   27

im disappointed by all the spoilt and childish sounding people on here.

Well yeah except you didn’t shut it down until the night of the 20th and then didn’t tell us until just past 9am on the 21st via a tweet in which you informed us it was down for “maintenance”

I’d love to link to the tweet and blog entry that I’m quoting this from but can’t because you’ve deleted the tweet and modified the blog entry and subsequently erased that information.

Can we have a store update plz its Wednesday. Or am i asking a little to much ;o)

    James Gallagher 27 April, 2011 @ 5:58 pm    

    As it says in the post, there will be no Store or Home publishes this week.

Do-_One… tat was a joke right?

The PSN is OFFLINE> An update would not be reachable to us.

lmao of course it was a joke

they say change your password but don’t we lose everybody on the friends list and all our thropies

VitalogyPJ 27 April, 2011 @ 10:17 am   33

Get ready sony, PS3 timeframe is meeting its end and I don’t think a PS4 will save your arses.

Decades trying to get consumers trust all spoilled away in few days, this is a fall hard to survive.

VitalogyPJ 27 April, 2011 @ 10:18 am   34

@32 are you for real? How the heck would you loose FL and Trophies ONLY for changing your account password? LOL

It’s like when you change your debit/credit card pin, you don’t lose your money for doing it.

*laughs*

@VitalogyPJ

dude you probably have 2 change your user name 2 with a breach like this

I posted on the store update the 20th asking what was wrong with psn as I had been getting booted from both geonet (white knight chronicles server) and psn – the same thing was happening to a person I was playing with who lived in the states. Once I stopped playing an mp game I was able to stay on psn until midnight (then the 21st) when I left by choice

so they knew that somewhere between the 17th and 19th details had been compromised – that’s up to 4 days before turning off the psn- add on top of that the 6 days psn was down – before any statement about details, cc info being breached – that is nearly 2 weeks

whats even more serious isn’t the cc information which can be changed – it’s the possibility and likelihood of identity theft (and yes other companies have had info breached) but Play never had my birthday along with my other details and now I’m expected to pay for credit reports to insure my details aren’t used or is Sony going to be paying for that as it was their lousy security that enabled their customer details to be stolen

after reading the FAQ again – no my question has not many answered so I will ask again ARE THE FUNDS WE HAD IN OUR WALLETS SAFE?????

    James Gallagher 27 April, 2011 @ 6:04 pm    

    Yes, that’s a questions that should have been included in the FAQ and we are discovering new ones to update it with all the time. When PSN is restored, friends lists, trophies and wallet funds will all be exactly as they were before.

@35
you log in using your mail so you can just change your contact mail in account settings. done this before and you loose nothing. besides friend list and trophies are what concern you? you’re not bothered by the fact that your private informations are not private anymore (and your credit card information also)?

@Szamal

never used creditcard on psn for this type off reasons only PSN cards
personal information well there ain’t a damn thing we can do about that ourselves as long as their no banking info taken i’m not worried

-1 for not informing people through email.
Since PSN shutdown I did not get a single email about it!
Now it is even more important as CC info has been compromised.

so who wants 2 play a match with mortal kombat online? or portal 2 anyone?

@ Agriel
Well said. It baffles me that PR always fails to deliver, when worst case scenarios appear.
You could really get the impression that they have no idea, that open communication usually helps to brighten up negative events.

@ Tieske
Yeah, that also surprised me. You’d think it would be quit logical to directly contact and warn your customers. I guess Sony prefers to reach theirs via TV and newspapers?

Hopefully the next update will the hacker has been caught? And can you put PSN back on so I can clear out my things.

Bumblebee 27 April, 2011 @ 11:15 am   43

I’m happy enough playing them offline thanks, stirrer.

May I just say that EVERYTHING will be forgiven IF you get Zipper to ADD REGIONAL LOBBIES to SOCOM 4. We’ll all be too busy having fun playing with our peers to complain. Rather than a) not playing at all or b) playing for a bit then giving up because you’ve foolishly bunged UK players with US players. WE ARE NOT THE SAME. Bring back the COMMUNITY feel to SOCOM 4 and I’ll tattoo my credit card information onto Jack Tretton’s backside if he wants.

killzonexx 27 April, 2011 @ 11:16 am   44

jeez i really cant understand some people here

sony found a problem they shutted it down to prevent any more damage to them our there customers

and what do the customers do? crying and shouting for a few days long

jeeez do some of you really have nothing else to do then waiting for days till they can go online?

and i thought i had a [DELETED] life jeeez

@dgnfly
that’s wise. i believe i’m not really threatened either cause i use virtual credit card but it just pisses me off that those information are out there. if i wanted them public i’d post them on facebook but thanks to sony it’s not my decision anymore:) plus now i’ll have to change my password (i really liked my password)

and why is my comment awainting moderation? it doesn’t need moderation. oh sony i hate you! ;)

apparently according to my bank / credit card company – the cost of identity protection is £79.95 a year – so as our details have been compromised – breeched- stolen is Sony going to be implementing and covering the cost of said protection?

after having had my identity stolen once before (when my purse was stolen) – I one day awoke to find I was being audited because of suspicions of failing to pay tax for a job I never had after finding out I was supposedly a construction worker working on government contracts -in reality I was working at Tower Records in the mail order department – fortunately for me the man working on my case was able to see that a sknny little industrial caucasion female with shaved head and piercings was not exactly the kind of person who would be hired by the government to build anything – confirmation then came from the company who supposedly employed me – which I then found out – no I was not the skinny female who I had always known by my reflection in the mirror but was in fact a burly man of African descent – not all persons whose identity is stolen is so blatantly obvious to spot – so what is Sony going to do about protecting its customer base from idenity fraud?

VitalogyPJ 27 April, 2011 @ 11:31 am   48

When things were right they entered on comments with chest full and all arrogants, now at this critical times they cowardly hide.

Even little kids stand for what they do as a mistake.

VitalogyPJ 27 April, 2011 @ 11:33 am   49

By the way sony, you’re not clarifying anything, you’re just running away from your responsibilities.

Cowards!

@46:

I agree. When the blog post is about somethign GOOD Sony did, nearly evwery comment gets a bloody reply…

Load all