Jump to content


Photo

Playstation Network, and Playstation Plus

PSN Vita PS4 PS3 Playstation

  • Please log in to reply
141 replies to this topic

#1 plopboy

plopboy

    I'm from the, uh, Confidential Committee on Moral Abuses

  • Admin
  • 3,497 posts
  • Steam Profile

Posted 27 April 2011 - 09:02 AM

Sony in a whole world of pain.

QUOTE
Q.1 When did you realise the system had been intruded?

We discovered between April 17 and April 19 there was an illegal and unauthorized intrusion into our network.

Q.2 How did you know that the system was intruded?

We watch for any issues that may be raised with respect to security and monitor for such issues both internally and externally.

Q.3 What is the main reason to this problem? Which parts of the system were vulnerable to the intrusion?

We are currently conducting a thorough investigation of the situation. Since this is an overall security related issue, we will not comment further on this case.

Q.4 What action did you take (are you taking)? Is there any possibility of further unauthorized access?

As soon as we learned of this issue, 1) we temporarily turned off PlayStation Network and Qriocity services in order to conduct a thorough investigation and to verify the smooth and secure operation of our network services, 2) we have also engaged an outside, recognized security firm to conduct a full and complete investigation into what happened, and 3) quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.

Q.5 How many were affected? How many per each region? What is the latest status of PlayStation Network registered account/ operating countries.

Our investigation indicates that all PlayStation Network/ Qriocity accounts may have been affected.

Q.6 Does that mean all users’ information was compromised? Tell us more in details of what personal information leaked.

In terms of possibility, yes. We believe that an unauthorized person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity password, login, password security answers, and handle/PSN online ID. It is also possible that your profile data may have been obtained, including purchase history and billing address (city, state/province, zip or postal code). If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. If you have provided your credit card data through PlayStation Network or Qriocity, it is possible that your credit card number (excluding security code) and expiration date may also have been obtained.

Q.7 Have you notified those users?

We are sending out e-mails directly to these users to their e-mail address registered on the PS Network accounts. Also, we have posted web notices, and additional necessary procedures have been followed by each region.

Q.8 Have you received reports or claims that their PSN ID information/ credit card had been used improperly?

Not at this point in time.

Q.9 I want to know if my account has been affected.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your account statements and to monitor your credit reports. Additionally, if you use the same user name or password for your PlayStation Network or Qriocity service account for other unrelated services or accounts, we strongly recommend that you change them. When the PlayStation Network and Qriocity services are back on line, we also strongly recommend that you log on to change your password.
For your security, we encourage you to be especially aware of email, telephone, postal mail or other scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking.

Q.10 What should I do to prevent any unauthorized use of my (credit card) personal information?

For your security, we encourage you to be especially aware of email, telephone, postal mail or other scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. Additionally, if you use the same user name or password for your PlayStation Network or Qriocity service account for other unrelated services or accounts, we strongly recommend that you change them. When the PlayStation Network and Qriocity services are back on line, we also strongly recommend that you log on to change your password.
To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your account statements and to monitor your credit reports.

Q.11 Since when have PSN/Qriocity become unavailable and in which region?

PSN/Qriocity services have not been available since April 20 (US time) in all regions.

Q.12 How come it is taking so much time to resume the service?

We are taking the investigation seriously. We decided to keep the service down to allow us to conduct a thorough investigation and verify smooth operation of our network services.

Q.13 How serious is this? Have the hackers broken the security on PSN/Qriocity? Are you taking necessary measures to prevent such outage happening in the future?

Since this is an overall security related issue, we will not comment further on this case but we are working to restore and maintain the services, including countermeasures against future intrusions.

Q.14 When will the service resume?

We are taking the investigation seriously. We will keep the service down to allow us to conduct a thorough investigation and verify smooth operation of our network services but are working hard to resume the services as soon as we can be reasonably assured security concerns are addressed.

Q.15 Seems like SOE service was also not available/ suffering outage. Is this true? Is this due to the same reason as the PSN/Qriocity outage?

SOE's service is available although a service interruption due to an external attack did occur. A thorough investigation is ongoing.

Q.16 I want my money back (subscription fee, content) since the PSN/Qriocity was not available.

When the full services are restored and the length of the outage is known, we will assess the correct course of action.

Q.17 There seems to be some games that cannot be played even offline?

Depending on the game titles, but mainly PSN games, some may require access to PSN for trophy sync, security check, etc.



http://faq.en.playst...GB&p_faqid=5593

QUOTE
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.


http://blog.us.plays...k-and-qriocity/


So then has anybody had an email? Does anybody care? and have Sony made an almighty cock up? stay tuned to the same bat channel to see if PSN is back up next week.

Shamlessly stolen from Muks, but then that is kind of fitting.



#2 Willei

Willei

    This is what I think of games

  • Founding Member
  • 2,299 posts

Posted 27 April 2011 - 09:39 AM

One of my three PSN accounts got an email about it so far. The email is pretty much just the info Sony have up on their blog.

#3 E. Randy Dupre

E. Randy Dupre

    Just as you suspected, everything I have told you is gibberish

  • Admin
  • 8,859 posts
  • Steam Profile

Posted 27 April 2011 - 09:39 AM

First I've heard about this (not switched my PS3 on for ages and don't tend to visit other gaming sites, other than through links provided here).

Towards the end of that FAQ, though, it sounds as though this has only affected US accounts, not European ones. If that the case?

Fair dos to Sony. They've not managed to get anything right with online this generation. In some respects, even Nintendo have been less embarrassing.

#4 plopboy

plopboy

    I'm from the, uh, Confidential Committee on Moral Abuses

  • Admin
  • 3,497 posts
  • Steam Profile

Posted 27 April 2011 - 09:46 AM

I think SOE did get attacked if point 15 is how I read it.

Microsoft must be pissing them selves at this, not only do they charge for online gaming, they had easter all to them selves and I also saw this on muks

Attached File  psndown.jpg   82.24KB   4 downloads


Edited by plopboy, 27 April 2011 - 09:50 AM.


#5 TheShend

TheShend

    You know it is, it really is!

  • Founding Member
  • 4,086 posts

Posted 27 April 2011 - 09:47 AM

Crumbs. How many here are affected? I take it's going to mean the cancellation of associated CC's etc.

I heard the PSN downtime is in the Metro, I wonder what the hysterical press will make of the compromised security and data loss.

Seriously bad PR for Sony.

Edited by TheShend, 27 April 2011 - 09:48 AM.


#6 plopboy

plopboy

    I'm from the, uh, Confidential Committee on Moral Abuses

  • Admin
  • 3,497 posts
  • Steam Profile

Posted 27 April 2011 - 10:05 AM

The great thing is I can't log onto my account to delete my CC details (I know horse bolted and all that) and so do I now cancel my card as I haven't had an email from Sony or do I wait and check my statement mad.gif

Luckily I've only ever used points cards on my Wii and 360 and would have done on the PS3 but they where so slack in getting them sorted out I used my CC with them instead.

It sound like a lot of people are cancelling there cards which will make the banks not best pleased with having to issue new cards.



#7 SniperDave

SniperDave

    The Pokémon Prof

  • Founding Member
  • 3,901 posts

Posted 27 April 2011 - 10:17 AM

Really? I'm sure they'd be happier issuing new cards now than paying out tonnes in fraud claims later.

#8 E. Randy Dupre

E. Randy Dupre

    Just as you suspected, everything I have told you is gibberish

  • Admin
  • 8,859 posts
  • Steam Profile

Posted 27 April 2011 - 10:23 AM

http://www.guardian....twork-hack-sony

QUOTE
But the revelation that details have been stolen indicates that Sony was storing them in unencrypted form – which is a major security error that even small websites avoid.


I'll bet there's some panicking going on within depts at Microsoft and Nintendo now, to make sure that they've got this shit covered.

#9 plopboy

plopboy

    I'm from the, uh, Confidential Committee on Moral Abuses

  • Admin
  • 3,497 posts
  • Steam Profile

Posted 27 April 2011 - 10:37 AM

QUOTE(SniperDave @ Apr 27 2011, 11:17 AM) <{POST_SNAPBACK}>
Really? I'm sure they'd be happier issuing new cards now than paying out tonnes in fraud claims later.

True but they shouldn't have to be doing it in the first place to be fair.

If they were storing the details unencrypted them that is a massive cock up of stupid McStupid and the stupid family.

#10 plopboy

plopboy

    I'm from the, uh, Confidential Committee on Moral Abuses

  • Admin
  • 3,497 posts
  • Steam Profile

Posted 27 April 2011 - 10:40 AM

QUOTE(E. Randy Dupre @ Apr 27 2011, 11:23 AM) <{POST_SNAPBACK}>


Taken from the same source

QUOTE
Elsewhere, the website VG247 said it had obtained a log of a hacker conversation from February in which two hackers said that it was easy to break into the PSN and defeat its encryption. "Sony is the biggest spy ever – they collect so much data," one hacker comments in the log. "All connected devices return values sent to Sony servers. it collects when I had a USB device attached. So if they ever sue someone for PSN stuff, they will be sued themselves as most of the data they collect is just not legal."


This could really blow up in their faces if this is true and somebody competent goes for the jugular as it where.

#11 TheShend

TheShend

    You know it is, it really is!

  • Founding Member
  • 4,086 posts

Posted 27 April 2011 - 11:05 AM

Private Ryan is going to be doing a radio interview about the PSN thing on BBC Radio Hull in half an hour, which I assume is: http://www.bbc.co.uk...and/humberside/

#12 plopboy

plopboy

    I'm from the, uh, Confidential Committee on Moral Abuses

  • Admin
  • 3,497 posts
  • Steam Profile

Posted 27 April 2011 - 11:18 AM

I hope he is going to mention the outrage on gamings number one forum GHZ smile.gif

#13 TheShend

TheShend

    You know it is, it really is!

  • Founding Member
  • 4,086 posts

Posted 27 April 2011 - 11:32 AM

Ofc!

Should be on after the next song.

#14 Willei

Willei

    This is what I think of games

  • Founding Member
  • 2,299 posts

Posted 27 April 2011 - 11:41 AM

QUOTE(E. Randy Dupre @ Apr 27 2011, 11:23 AM) <{POST_SNAPBACK}>
http://www.guardian....twork-hack-sony
I'll bet there's some panicking going on within depts at Microsoft and Nintendo now, to make sure that they've got this shit covered.

Nintendo don't seem to store your credit card info, so they should be fine. Microsoft aren't immune to hacking by any means, but you can be damn sure they know about basic security principals these days. Not encrypting personal information of users is just a huge WTF if that turns out to be true. Wouldn't that be a major violation of the Data Protection Act too? Either way I can see why people might not want to trust them with sensitive information ever again, this is orders of magnitude worse than the Gawker compromise last year.

Personally I'll have to think about it. I've got three PSN accounts and I don't know the password used to each one, so I've got to change everything pretty much.

#15 plopboy

plopboy

    I'm from the, uh, Confidential Committee on Moral Abuses

  • Admin
  • 3,497 posts
  • Steam Profile

Posted 27 April 2011 - 11:44 AM

Twas a nice balanced piece, but I wanted more outrage arrrrrgh!





Also tagged with one or more of these keywords: PSN, Vita, PS4, PS3, Playstation

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users