Please see below for an official statement from Sony on the situation regarding the PSN. This has been copied in whole as to not miss out any important information.
“Thank you for your patience while we work to resolve the current outage of PlayStation Network & Qriocity services. We are currently working to send a similar message to the one below via email to all of our registered account holders regarding a compromise of personal information as a result of an illegal intrusion on our systems. These malicious actions have also had an impact on your ability to enjoy the services provided by PlayStation Network and Qriocity including online gaming and online access to music, movies, sports and TV shows. We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week.
We’re working day and night to ensure it is done as quickly as possible. We appreciate your patience and feedback.
Valued PlayStation Network/Qriocity Customer:
We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:
- Temporarily turned off PlayStation Network and Qriocity services;
- Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
- Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.
We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.
To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it:
U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228.
We have also provided names and contact information for the three major U.S. credit bureaus below. At no charge, U.S. residents can have these credit bureaus place a “fraud alert” on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below.
Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790You may wish to visit the web site of the U.S. Federal Trade Commission at www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania Avenue, NW, Washington, DC 20580 for further information about how to protect yourself from identity theft. Your state Attorney General may also have advice on preventing identity theft, and you should report instances of known or suspected identity theft to law enforcement, your State Attorney General, and the FTC. For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone (877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202; telephone: (888) 743-0023; orwww.oag.state.md.us.
We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at 1-800-345-7669 should you have any additional questions.
Sincerely,
Sony Computer Entertainment and Sony Network Entertainment”
Source: US PS Blog
Yahavage
Pretty bad news. But seriously what’s with all the hate? Everyone knows the risks involved with anything online. I’ve changed my cards, and the few passwords I was lazy with and had the same as PSN. Now I’ll get on with life. It could have just as easy been your bank, your ISP, it could have been amazon (who almost got breached recently iirc) or it could have been the fucking government leaving your details on a train somewhere. Seriously people it took me like 2 minutes to cancel the card. I’ll get my new ones in 2 working days. Hardly the worst thing that’s ever happened.
And for everyone who is saying wahwahwah Sony I’m suing wahwahwah your security was setup by monkeys seriously just s.t.f.u. 1)you won’t sue a company who can pay their legal teams more than most of us will see in our working lifetime so please just stop typing now please I hate you people most of all because your ignorance is just like o_o 2)seriously, don’t even pretend you can BEGIN to comprehend how this attack has happened, how easy/simple/hard it was. It COULD be that Sony was complacent and made a booboo… but it could also be that someone has seriously gone out of their way to make this happen. End of the day all this downtime is lost money for Sony, so it’s not in their interests to have poor security is it? So yeah stop being a bunch of dicks. /end rant (sorry I had to get that off my chest lol!)
To everyone else – let’s hope this get’s fixed soon, I want to sync my hard-earned trophies :)
cc_star
Card fraud is generally small change compared to ID fraud, where your name, address & DoB can be enough to cause havoc for years… especially as they may have security questions like mothers maiden name, honeymoon destination, & first pets name etc
Yahavage
Well, I could sit and worry about my id being stolen… but to be fair if I was that bothered I’d go remove my details from every site I’ve ever signed up with. I work in a call centre, and I’ve security breaches like yu wouldn’t believe. Just a few weeks ago, one of my team mates was caught on call asking for d.o.b, sort code and account numbers, which we don’t need to ask for, and she was entering straight into her googlemail account, blatant as you like. Guess what. She didn’t even get sacked. This was working for a reasonably reputable company too. Apple, you may have heard of them? Do these things called iphones. Anyway my point is as soon as you hand your details over you are running this risk of having them lost. If you don’t like it, don’t hand your details over. It’s the only way you’ll be 100% safe.
cc_star
Yeah deffo
But handing them over to a trusted source is different to knowing they’re in the hands of underhand types
but its not like you do anything about ID fraud until it happens, well not without shelling out £6.99/month to Experian anyway
Mick939
cc, name age dob, can be got from anywhere, your generally being ridiculous, the card details are the most worrying. Any one would think you work for the sun.
cc_star
You obviously have less than no clue about ID Fraud & the years it sticks with you.
It’s easy to spot card fraud, you just watch your account (you can even do it daily online) & tell your bank when something appears you didn’t buy, bank then covers the amount. Simples.
ID Fraud sits with you for years & is usually far more costly… Here’s one example of how ID Fraud could cost you either thousands of pounds or a shit ton of hassle that can leave you in financial paralysis for years:
– Someone has your details and and rents a property in your name, paying cash to an unscrupulous landlord (there are many).
– They then arrange for the utilities to be connected at the address, obviously in your name. you will never know as the bills go to the new rented address, when they have the bills, they then have ID proofs.
– They then use these ID proofs to take out contracts, hire purchases, loans & any form of credit right up to and including mortgages.
People will have long forgotten about the PSN hack by the time stuff like this happens.
Will you have to pay for these things in the long term? No of course you won’t, but it takes an impossible amount of your time for months sorting it out and proving to the companies involved that it wasn’t you who obtained all the goods and services, and as financial records stick on your credit report for 6 years it could mean you can’t obtain credit or contracts until your record is expunged.
DrNate86
The attack isn’t the annoying thing, these things happen. It’s the silence since, when Sony suspected our details had been compromised but concealed it. If someone had stolen my card from my wallet, I wouldn’t want to ignore it for a week before I did anything.
And that’s before we even get to concerns about identity theft, as others have said.
sesameseed
Huzzah! Common sense prevails! Oh, and “kupo-po!”
Sympozium
Bad times Kupo, bad times
a inferior race
Even when I’m annoyed as I am right now. Your little bit of Moogle speak made me smile.
Thanks
E8_BALL_
Kupo? enlighten me.
Origami Killer
I know i shouldnt be joking about this but im quite intrigued by how much my indentity will sell for on the black market :p
other than that im not bothered, i have accounts on over 100 websites, many cases of hacks before, my card will not be cancelled and as soon as its back up im using my card to add a few bob to my wallet on psn and im getting myself my new plus renewal ready for june, i still trust sony and btw i just want to say thats the spirit
colmshan1990
I hope somebody gets caught trying to use the info from my US or Japanese accounts.
In other words, my complete and utter bullshit. :P
cc_star
On Sony’s FAQ webpage http://eu.playstation.com/psnoutage
“Q.1 When did you realise the system had been intruded?
We discovered between April 17 and April 19 there was an illegal and unauthorized intrusion into our network.
Q.2 How did you know that the system was intruded?
We watch for any issues that may be raised with respect to security and monitor for such issues both internally and externally.
So they only watch for issues no more than once every 3 days then? Wonder if that’s industry standard.
On top of that, I’d be pretty sure it should take a long time to hack the network before the intrusion actually occurred, what was your ‘security’ doing during this time?
G1GAHURTZ
$ony had to go poke the hornet’s nest. You know who to blame.
Pitcher-T
Have you got your ‘S’ and ‘$’ keys the wrong way on your keyboard or something?
Cort
Get lost.
Cort
Sorry, that was meant for the troll.
sesameseed
G1GAHURTZ… sounds kinda like geoh… never mind… O_O
gideon1451
Hahaha.
Sympozium
Well they had to protect the Playstation busieness somehow, every company will do this
Pitcher-T
It’s alright, I’ll let you off Cort ;) lol
DrNate86
I think hiding his comment was a bit extreme!
sesameseed
Maybe because it’s “you know who”?
DrNate86
Voldemort?
Sympozium
Dark Demon overlord ready to rule the lands?
Sympozium
Sad that this must happen, why must people do this >.<…
paxpacis
Omg, they put the message through a stupid translation program/site and did not bother to change the mistakes it made..
http://nl.playstation.com/psn/news/articles/detail/item369675/Update-over-onderbrekingen-in-de-PSN-service/
dutch# we worden bedankt voor onze “aardigheid”
a inferior race
Unfortunately, I don’t understand Dutch but Sony should not be taking a cheap option right now.
Cort
NO NETWORK IS SAFE! It’s a constant game between service providers and hackers; sometimes the hackers get in and wreak their havoc (it’s not the first time this year a major system has been breached).
Welcome to the future.
Sympozium
+1 I totally agree, its very sad to know that this happens in the online world
skibadee
well said it can happen anytime.
Cort
http://i.imgur.com/l2h2A.jpg
Jas-n
There is so much truth in that strip
m61726b
LOL Very good.
TSBonyman
Oh dear, what an epic disaster – to top off what was already an epic disaster. Thankfully i never owned (or wanted) a credit card but i’m still anxious to login and check my account/change password now that this news is released.I really hope nobody is badly affected by this.
I’ve thought to myself on a few occasions this generation how i miss the old days, when a games console was just that and the game you bought was complete and there was none of this ‘signing-up to be milked’ malarkey, dangnabbit…. But there’s no going back now i guess :|
Cort
CC information is, I’m afraid, the least of our worries. Of more value is our name, address and date of birth as this allows identity fraud. Geohot’s mates will be selling this information as we speak, if they haven’t already done so.
TSBonyman
That is true about cc info being least of peoples worries, although personally i’ve always been cautious about using my actual personal details for anything online, meaning i don’t generally. That’s the approach i took when signing up for PSN and i’m glad i did now.
sesameseed
Where do I sign up to be “milked”? Oh, and “kupo kupo” again ;)
E8_BALL_
maybe i do need to turn my ps3 off & get out more lol. kupo?
Roynaldo
One word: http://www.youtube.com/watch?v=95SYdjRVCR0&feature=related
gideon1451
That & http://www.youtube.com/watch?v=WWaLxFIVX1s
Sympozium
Who would have thought that the PSN would’ve become a target of cyber crimnals, let’s hope that these evil people face pure uncorrupt justice.
I can’t really blame Sony it could happen to every service online but I really hope that everyones details are safe, with 70 million people (possisbly) thats quite huge.
cc_star
Pretty sure banks, payment services, financial services & large ecommerce sites survive hacking attempts every day of the week…
Whilst the dogs of war will be (quite rightly) after the hackers, I can’t see Sony avoiding them either
Sympozium
I know… bit sad
iamtdogg
they may survive them everyday, but not always, there have been some HUGE breaches at banks in the past, including the World Bank and i remember a time when the RBS Worldpay thing which is used on a huge amount of websites got hacked too.
these things happen to even the most secure of “secure” organisations.