Posted 1:19am

An Important Message From Sony’s Chief Information Security Officer

We want to let you know that we have detected attempts on Sony Entertainment Network, PlayStation Network and Sony Online Entertainment (“Networks”) services to test a massive set of sign-in IDs and passwords against our network database. These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources. In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks. We have taken steps to mitigate the activity.

Less than one tenth of one percent (0.1%) of our PSN, SEN and SOE audience may have been affected. There were approximately 93,000 accounts globally (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000) where the attempts succeeded in verifying those accounts’ valid sign-in IDs and passwords, and we have temporarily locked these accounts. Only a small fraction of these 93,000 accounts showed additional activity prior to being locked. We are currently reviewing those accounts for unauthorized access, and will provide more updates as we have them. Please note, if you have a credit card associated with your account, your credit card number is not at risk. We will work with any users whom we confirm have had unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet.

As a preventative measure, we are requiring secure password resets for those PSN/SEN accounts that had both a sign-in ID and password match through this attempt. If you are in the small group of PSN/SEN users who may have been affected, you will receive an email from us at the address associated with your account that will prompt you to reset your password.

Similarly, the SOE accounts that were matched have been temporarily turned off. If you are among the small group of affected SOE customers, you will receive an email from us at the address associated with your account that will advise you on next steps in order to validate your account credentials and have your account turned back on.

We want to take this opportunity to remind our consumers about the increasingly common threat of fraudulent activity online, as well as the importance of having a strong password and having a username/password combination that is not associated with other online services or sites. We encourage you to choose unique, hard-to-guess passwords and always look for unusual activity in your account.

Did you enjoy this?

Comments

107 Comments 0 Author replies
Show oldest first  
AaronSOLDIER 12 October, 2011 @ 3:24 am   1

OH NOEZ!

 
bitbydeath 12 October, 2011 @ 3:28 am   2

Thanks for letting us know Sony.

…Now about that Starhawk Beta, do we get it with Uncharted 3 as well?

Aaron_champion 12 October, 2011 @ 3:32 am   3

Is PSN going to go offline

 
DEATHWISH2478 12 October, 2011 @ 3:41 am   4

if it was going to go offline for this incedient i think the psn would have been turned off by now and the CISO would have told us this too and why that had happened. so i would assume for now we will be online psn still

 
REHCTUB3000 12 October, 2011 @ 4:06 am   5

atleast they told us straight away this time

 
Stonesthrow 12 October, 2011 @ 4:31 am   6

Who does this kind of stuff? :s

Offtopic, I’ve had this problem several times by now, that the included codes to redeem don’t seem to work.. Most recently the Ico/Sotc collection’s dynamic themes.. Sometimes the codes work later but mostly not at all.. I’ve been wondering whether to contact my local gamestore about this or Sony itself..

 
street_spirit_1 12 October, 2011 @ 4:59 am   7

Thank you Sony for telling us. Any another company would of tried to hide this.

 

AN IMPORTANT MESSAGE FROM ME:
DON’T USE YOUR PSN ACCOUNT TO XXX SITES

 
Darkliquid 12 October, 2011 @ 5:32 am   9

Who wants to bet that all the gaming news websites blow this completely out of proportion and at least one will use the title “PSN Hacked again”

In any case it’s good to see Sony seem to be on top of things and have updated us. Good job guys and girls.

If not from Sony, where’d they get the PSN logins from in the first place? I’m guessing from Trophy sites? they have huge lists of PSN login names..

 
Darkliquid 12 October, 2011 @ 5:54 am   11

@supvic
Doesn’t even have to have been a gaming website at all. Any website could of been compromised and then the login\passwords used to attempt to access the PSN.

Some people use the same login/password combination for multiple websites. It only takes one to be hacked and then all their accounts are at risk.

 
Arkeologen 12 October, 2011 @ 5:58 am   12

Just because the hacking “failed” doesn’t mean the info came from other sites.
Maybe they used lists with passwords and logins from the last big hack-attempt on Sony?
Which could explain why so few succeeded since many changed their info.

 
Darkliquid 12 October, 2011 @ 6:09 am   13

@arkeologon
Everyone had to change their password after the last hack to access PSN again and accounts without a new password remain inactive I believe.

Therefore unless the peoples accounts in question used the same password when rejoining the PSN and it was allowed which I can’t remember if it was or not(silly if was) and people setup the same password (even more silly) then that shouldn’t be the case.

LiLSaMoAn267 12 October, 2011 @ 6:44 am   14

LOL i cant be botherd reading, what are they trynna say?? are they shutting it down again?

 
JonnyPauz 12 October, 2011 @ 6:49 am   15

good to hear it from you guys first this time sony, lets hope that were not in that small number of people effected :)

 

Dammit hackers… go hack a online adult store and leave Sony alone!

Thanks for keeping us informed, good to hear that you on it.

keep up the good work, pity u can’t find the people trying to access the accounts :(

OK, so SONY’s been HACKED again! What i like to know now is?

Where are our FREE GAMES Sony? And how about 250 FREE HOME item’s this time?

U Know we like FREE Stuff…

Come on SONY we u can do it!

By: DCS

 
Ultima-Genesis 12 October, 2011 @ 7:35 am   19

@DCS-UK1

*sigh* no they havent been hacked, it was most likely someone using info from the last hack to try and access accounts, a hack wouldnt have been flagged as an unauthorised account access it would be flagged as a server breach, my guess is they gathered a bunch of passwords and usernames and launched a brute-force attack, using a program to enter them all one at a time and logging each successful login. Meaning the most they can do is buy stuff on your account which sony will refund

PippiHelmer 12 October, 2011 @ 7:44 am   20

Kudos for informing us instead of trying to keep us in the dark!

 
kool-chris93 12 October, 2011 @ 7:48 am   21

God I wish these hackers would get a life… So pathetic

 

Hackers are like taggers — under the illusion that what they’re doing makes them cool.

Hmm this would explain the
E-Mail I got that said I bought membership to dcuo eventhougt i didint buy anything

Immortal-Wolf- 12 October, 2011 @ 8:04 am   24

well well i guess anonymous are trying to hack PSN again!!!!!!
so im just gonna change my password again for my own safety.

 
maddogarchie64 12 October, 2011 @ 8:07 am   25

might as well change password even if your not effected

 
Ultima-Genesis 12 October, 2011 @ 8:08 am   26

anon did not hack sony ever

 
Skookie30 12 October, 2011 @ 8:11 am   27

I‘m so worry & confuse.

is this a Failed hack (Doss) attempt, as i read the words companies so you telling me we can’t use our browser to shop online or vist [DELETED].

& game mag sites (1up, EG, thesixithaxis etc) that actually use our Email address as part of to sign in or buy stuff.

this is very worrying is it the later, next you be getting rid of the browser let hope not.

as for the hackers you got alot of spare time to try and attempt another attack if this in deed you’re doing, need to get a proper job.

 
Skookie30 12 October, 2011 @ 8:17 am   28

I‘m so worry & confuse.

is this a Failed hack (Doss) attempt, as i read the words companies so you telling me we can’t use our browser to shop online.

& game mag sites (1up, EG, thesixithaxis etc) that actually use our Email address as part of to sign in or buy stuff.

this is very worrying is it the later, next you be getting rid of the browser let hope not.

as for the hackers you got alot of spare time to try and attempt another attack if this in deed you’re doing, need to get a proper job.

*i had to edited & rewrite my post*

 
Skookie30 12 October, 2011 @ 8:18 am   29

*latter

 
timewarp87 12 October, 2011 @ 8:23 am   30

i usef ps3trophiespro on android and there were comments in the app rating box about accounts being hijacked after using that app.

 
timewarp87 12 October, 2011 @ 8:26 am   31

sony told me ico codes being activated on 10th as some stores didnt activate properly or at all

Time for a new firmware?

While you’re at it, include new (non google) webbrowser…

 
ManicMitch1 12 October, 2011 @ 8:56 am   33

Good job Sony thanks for letting us know

 
Skookie30 12 October, 2011 @ 9:01 am   34

@ Sp4reNL

if you are are worry about goggle spying it already happen i know about if you put your real name and PSN id in the search engine you be shocked.

like i was i told me mum she got a lappy she wasn’t please so yes non goggle.

google tracks your activity on the blog, the forums, youtube, twitter i‘m 100% sure google is breaking UK law under the data protection act.

 

Thanks for letting us know and it’s good that the security has held up. One would have thought that other companies would have beefed up their security after the example of PSN.

 

And so it begins again. Round two laides and gentlemen.

 
kingofscotland 12 October, 2011 @ 9:15 am   37

These are not hackers just opportunists who have probably bought a list of login details from external website and tried using same details for Psn knowing alot of people use same password for everything. Question is have they tried Xbox live, paypal, eBay etc too but we don’t know about it yet??

Or is that still to come??

Make sure you don’t have same passwords, at least make them work for it rather than just giving them the keys to all your accounts.

Good job Sony for keeping on top of it and letting us know ASAP.

 
Megagold5 12 October, 2011 @ 9:16 am   38

Funny how a load of security issues will change a company. When unauthorised access was gained to my account last year, £100 was spent and I was told that I could either loose the whole account or let them keep the money. Anyone might think I was still bitter. >.>

 
Skookie30 12 October, 2011 @ 9:26 am   39

this is like a War sony fighting…

let me say say this…

“We shall fight them on the beaches, we shall fight them on the landing grounds, in the airfields, in the streets but we shall Never surrender”

*chews on big cigar puts 2 fingers up*

go Sony, sony FTW

HeyMan-HRU 12 October, 2011 @ 9:30 am   40

Good sony stopped it this time.

 
Catkiller1 12 October, 2011 @ 9:32 am   41

I’m going to be realistic here & not whinge like all the other members that have no clue!

Unfortunatley these things happen. Hackers & little nerds in their bedrooms conjuring up viruses, will always happen. It’s just a matter of keeping on top of it, which obviously SONY are, so thanks for that!

Technology eh? Who would have thought that it would never be safe! ;)

 

This is sad news, I’ve changed my password again as a precaution.

the_core44 12 October, 2011 @ 10:04 am   43

@23 Ridiculous statement!

 
timewarp87 12 October, 2011 @ 10:09 am   44

what can get through any male network security ? havent you watched dukes of hazard? wolf whistle means its a wolf

 
bennyrafal 12 October, 2011 @ 10:10 am   45

They only using some standard passwords and logins on PSN and they hope some of them may work… if you use same pass and login in paypayl ebay etc u are in danger, if not – sleep well

 

Please DON’T make the hackers & haters win SONY + i bet you when things happen to the Xbox 360′s Xbox LIVE, MicroSoft wouldn’t tell anyone LoL

 
carmel6359 12 October, 2011 @ 10:27 am   47

WE GOTTA GO THRU THIS MESS AGAIN.YALL CAN GIVE US PLAYSTATION CREDIT POINTS AND FREE GAMES DOWNLOADS AND 250 FREE STUFF INPLAYSTATION NETWORK AS WELL AS A FREE YR OF PLATSTATION PLUS . WE DESERVE IT FOR BEING LOYAL FAN AND STANDING BY YALL SIDE THRU THIS SITUTATION

 

On the ball Sony, your network rebuild seems to be working and you are watching out and reacting quickly. Well done :)

 

I just hacked Philip Reitinger’s hair. Take that Sony!

but… seriously, the internet is already sensationalising this, IGN will be reporting that Godzilla demolished the PSN with his fire breath by the end of the day

Weasel-Dave 12 October, 2011 @ 10:58 am   50

Please people, remember The Hitch-Hikers Guide to the Galaxy and DON’T PANIC!! If you have not received an e-mail from the Sony security people and you can still sign into PSN then you have no problem. Knee-jerk reactionary antics will help none of us, if you are that worried just keep your PS3 off-line for the time being.

 
Catkiller1 12 October, 2011 @ 11:00 am   51

Off Topic:

Please can we have a “Heads Up” update at a decent time today?

Also will we receive Arc The Lad in English this month? If not please could we have a different title to make up for it?

Fingers crossed that Mortal Kombat Arcade Kollection is released today & Sideway: New York!

Any chance of PLUS discounts on Rochard & Eufloria like the US got?

Kind Regards :)

trutenprower 12 October, 2011 @ 11:06 am   52

Hahaha dumb idiots. Well done Sony you have done a really good job informing us and stopping these losers from getting into people’s accounts. Good job.

@ Catkiller1

We don’t have a date yet for the English version of Arc the Lad yet. They will announce it when it is ready. It wasn’t Sony’s fault, the publisher sent them the wrong version.

 
Bovrillor 12 October, 2011 @ 11:16 am   53

This is why you use different Passwords for every account you have – usually these things occur when you use your e-mail password for other stuff.

I have a different password for every account I have (various stores mostly) – and a little black book in my desk with them all written down. Better safe than sorry.

Huono_peleis 12 October, 2011 @ 11:33 am   54

Better safe than Sony.

Romansiii 12 October, 2011 @ 11:45 am   55

Highly suspicious this attack right when Sony release’s 2 new exclusives and the Uncharted 3 multiplayer is happening. Perhaps Microsoft fan boys are disliking Sony’s new success.

 
Catkiller1 12 October, 2011 @ 11:46 am   56

@ trutenprower

Thanks I guess??!!

I already knew that, as it has been stated within the “Set Your Import Sights On Arcade Hits: Shienryu” post ;)

I asked, as SONY are working on it & it would be good if they could hint at this month! I’m aware of the problems as I check the Blog on a regular basis.

Thanks for being kind enough to reply, but you shouldn’t have bothered i’m afraid ;)

 
Carnivius_Prime 12 October, 2011 @ 11:48 am   57

Cheers for the heads up. Just occurs to me I can’t even remember what my password is since I changed it after the big ol’ hack attack earlier in the year.

starboy18x_x 12 October, 2011 @ 12:03 pm   58

thanks for the update i keep getting request from people saying hi this is there name and where there from its weird how i keep getting people i dont know keep on saying it could you please check into it and my account was banned on the 8th dan_gray for 7 days but it says the 17th going to be unbanned that is 9days could you rechange it or send me another email explainning the solution thanks

 

it’s a shame some peoples accounts have been compromised again – but if people are going to continue to use the same password – at least pick variants of it

here are some examples

iamstupid
14ms7up1d
I1mstup84

this way you can remember it is really stupid to use the same password for everything or if you don’t want to be constantly reminded of such inadequacies – buy a little book to write all the different logins in and never allow your browser to save passwords for you

Krisp1989 12 October, 2011 @ 12:23 pm   60

It’s great to see you reacting so quickly and informing the users right away. Good job Sony! Seems like you have learned a lot from the hackers in April.

 
Pamperdamps 12 October, 2011 @ 12:26 pm   61

Appreciate the heads up. What might be useful is naming the places that these “lists” of PSN accounts was gathered from. That way we can stop new registrations on these suspect sites/services.

Also hope this doesn’t affect PSN, enjoying Uncharted 3 MP to much.

 
PenguinGlen 12 October, 2011 @ 12:32 pm   62

Well I must admit I did have panic a bit at first as I assumed the PSN was offlien again. Thankfully it’s not. :P

I do greatly appreciate you informnig us about this Sony and hope you continue these excellent customer relations in the future. Kudos! :)

 
Skookie30 12 October, 2011 @ 12:36 pm   63

I like the new way of telling us a early heads up it means you are on the ball sony. i wouldn’t know what to look for as my download is nearly 900 items & done by me & me only.

 

@63

didn’t realise anyone would actually admit to being that lazy and stupid especially stating on a public blog that they actually save their passwords in their browser

so I wonder who the other 92,999 are then?

 
Catkiller1 12 October, 2011 @ 12:58 pm   65

@ POST NUMBER 63

WOW, JUST SIMPLY WOW!!!!!

 
jakster123x 12 October, 2011 @ 12:58 pm   66

Oh.

 
UIUoOoUIU 12 October, 2011 @ 1:02 pm   67

PlayStation Store Update ?

 
born2destroy 12 October, 2011 @ 1:06 pm   68

HAHA failed much attempt? Thanks for the update sony and thanks for increasing your defenses they worked better this time :D

 
born2destroy 12 October, 2011 @ 1:09 pm   69

***Also i forgot to add that considering the person who attacked it last time was caught what makes this person think they will get away. Some people are really stupid

 
Demonized 12 October, 2011 @ 1:13 pm   70

I’m going to go ahead here and say a very big well done to Sony.

Although the PSN hack should never have happened it did and taught Sony a very valuable lesson.

A major criticism back then was Sony’s communication to consumers over the whole affair and it obviously caused a huge breach of trust among customers.

I think that this goes a fair way to restoring some of that trust because Sony have basically said here is “Oh hey guys we’ve been attacked again but we’ve caught it, we’ve blocked accounts so that the ones that were compromised have no losses and we’ll get it up and running when you use the link we email you to reset your password, oh and by the way wise up and stop using the same username/password for everything in your life”.

This has also been done in a very timely fashion and imo has been very well communicated and the numers of effected accounts etc. broken down well too.

Thanks for letting us know Sony and again, well done. Even though it should always have been this way things happen, I can forgive people their mistakes so long as they learn from them and I believe that you have done.

 
Nightmare966 12 October, 2011 @ 1:14 pm   71

I’d like to note a few things: No one’s hacked anyone. There have been attempts to log into accounts, which translates as: I got this e-mails/passwords from a forum and I’ll try to use them as PSN log in details, surely someone’s using the same!

Anyways good job at SCEE/SOE for the quick report and action taken :)

 
Michelasso 12 October, 2011 @ 1:14 pm   72

I wonder how the hackers could successfully sign in if we were all forced to change password using one that was different from the previous one.

 
Carnivius_Prime 12 October, 2011 @ 1:50 pm   73

@61 I hear ya. Loving Uncharted 3 Multiplayer. Can’t wait for the full game. My most wanted purchase of the year by light years…

 

Just last week I put my cc information on the PSS. Guess what I´m doing right now…

corncannon 12 October, 2011 @ 3:11 pm   75

just my two cents.from my experience with this..I got an e-mail to reset my account.
Here are some differences from what I am seeing.
I bought my ps3 in sept. So last time I Didn’t have an account.
This is the first time I’ve ever logged into anything with the id/pass other than the psn.
Never checked my trophies/nor do I have an android.
I have never purchased anything from psn nor is my CC info there.
The only thing I use ps3 for is the gaming,no facebook etc…
again just my two cents,maybe this can help narrow things down a bit.

 

Good to know you guys have it under control. :)

 

what do you do if the hackers uses your account. I recently toped up £10 in my wallet. What do I do if they have spent it. I was saving for Deus ex HR dlc!

DAYDANNY666 12 October, 2011 @ 5:01 pm   79

Skookie30 you TWONK what you on about?

Suhail3728 12 October, 2011 @ 5:09 pm   80

Not Again. But not all are affected by this. So it may not be as big as the last one. But what about the strong Security that they adopted after the last crash?

 

Thanks for keeping us in the loop this time guys…

nfcribeiro 12 October, 2011 @ 5:49 pm   82

I just cancelled my credit card as I had an email from Amazon informing that an account with the same credit card details as my own, was created today. This was roughly at the same time these news started pouring out everywhere.

I fully checked and confirmed that the email is genuine, no question.

So regarding credit card details being safe… That’s just bs Sony, sorry.

 

thank you for leting us know so quick this time sony

nfcribeiro 12 October, 2011 @ 5:54 pm   84

Sony if you are reading this, I am fully available to provide all the details related to the situation describe a couple of posts above and the be of all the help I can be.

 

i only use one pasword on ps3
one one facebook both i change a lot

end one for gamessites
fast reply en fast action = good work !!!!

 

82@ = noting to do from sony site = them very correct now
only pers. using same pas on every internet site
also on ps3 – facebook ext.
facebook = not very trustful .

 
Skookie30 12 October, 2011 @ 6:02 pm   87

before you call 1 a TWONK you should read my post again.

i like a quick response, that‘s a early heads up.

he said always look for unusual activity, & i said how when i have nearly 900 items in my download list all buy & downloaded by me get it NOW.

got demo & betas to make up that number. :/

please dont shut down the network again you guys (Sony) move like old laddies at a nursing home and i will go crazy if it takes more then a month to fix again

 
liquidharker 12 October, 2011 @ 7:20 pm   89

well i was affected :/ password has been changed yet i didn’t receive an email. i usually get an email about everything psn does so Im baffled. had to ring up to be told ill be sorted within 48 hours and if there were any problems the network team would get in touch. seems a long time to simply reset my password and security questions. id have happily scanned my drivers licence or passport as proof ;(

oh and for some reason my birthday has changed which i didn’t think was possible.

 
manutreble 12 October, 2011 @ 10:03 pm   90

This hacking this really getting to annoyed me NOW Hackers get a Life……… good job Sony for posting this info

 

Please let it just blow away unlike the last time !

 
Ivan_Krazy 13 October, 2011 @ 12:57 am   92

My PS3 HDD is corrupted and cannot be fixed…… so a complete restore for me. The crap I am getting from Sony and hearing is just going beyond me. Thank you and adios!

 
stargateheaven 13 October, 2011 @ 1:41 am   93

your “change password” for PSN page has been down for months now.
FIX IT.

 

o NOOOO not again these hackers have no lifes

jacko_gfreak 13 October, 2011 @ 6:22 am   95

If the psn gets hacked and shuts down when MW3 comes out i will die

<3 Yay for open communication!

Hello everyone . I’ve got a ” little ” problem. I had to sign in to this account ( my american account) because my main account got hacked and i still didn’t recieve an email from sony , is it normal ? =/

 

Ah, thanks for keeping us informed this time around Sony. Please do not take PSN offline for months again. At least this time you acted quickly before any real damage was done, and hopefully you’ll keep your customers in the loop in the future.

 

why is it that i can’t aways sign into playstation blog?

 
scottsymons1985 13 October, 2011 @ 6:54 pm   100

@73 michelasso

because after the ‘Big Outage’ some people didn’t renew their accounts and change their passwords. They simply traded their PS3 and bought an XBOX 3[DELETED].

You cant please everyone.

p.s. Great work Sony! you have our FULL support. ;)

ive been banned and just wondering if it because of this :/

Well guess what ? I called sony because my account got hacked and the guy was a jerk . First he said it was impossible that sony got hacked and i told him that it was on the internet then he replied : well can’t believe evrything on the internet . After that he demands my ID and birthday , and he says my birthday is incorrect . I told him that maybe they changed my birthday somehow . Well to end the story right here , i still can’t go on-line cause i don’t have a password , no email from sony AND no birthday to use the ” forgot your password” option . So yeah that was my day -_-

Berserker1of9 13 October, 2011 @ 11:51 pm   103

Die!!! PSN HAHAHAHA

 
MR_BOSS_MAN12345 14 October, 2011 @ 12:49 am   104

so when will this happen

 

If you find a hacker, kill them :)

h3nr1_97 17 October, 2011 @ 11:07 pm   106

@106 yea lol ‘KILL THEM’ or show the hackers to the whole world and get them humilated and put in jail. sony TRy to find out who’s hacking OUR WONDERFUL WORLD OF Playstation network and thnx 4 telin us, i feel sorry 4 da people who have had their accounts locked and must change their passwords :( thou N PEACE PEEPS CYA on mw3 or lbp

 
chrisandsheva 18 October, 2011 @ 1:07 am   107

kill hackers …lol….. i know what you meant to say, but hackers/hacking is not illegal in fact without some hackers,..who are now employed as top think tank or programmers by big companies we’d be a few years behind where we are today, technically,.. the word hacker or to hack is, or Was made to describe ordinary people who make a device do stuff it wasn’t originally intended to do, and has helped the industry to make things better or even smaller than they otherwise would of been, i know it’s only a bit of trivia etc but it’s a pet hate of mine that the scumbags who do wrong things with technology are all just labelled hackers,… i mean i’m clueless with computers and that but when i was a kid i used to love taking radios, clocks and other stuff apart, just to see how it worked, or if i could make it work better,.. so yeah i defo agree with ‘punishing’..lol… the scums who mess others lives up etc,but not all ‘Hackers’ = scum….. i’m sure that you/anyone is bothered by this tidbit… but,?