• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

PSN Hack Update: FAQs in OP, Read before posting

Status
Not open for further replies.

Killthee

helped a brotha out on multiple separate occasions!
Original Statement:
Patrick Seybold // Sr. Director said:
Update on PlayStation Network and Qriocity

Thank you for your patience while we work to resolve the current outage of PlayStation Network & Qriocity services. We are currently working to send a similar message to the one below via email to all of our registered account holders regarding a compromise of personal information as a result of an illegal intrusion on our systems. These malicious actions have also had an impact on your ability to enjoy the services provided by PlayStation Network and Qriocity including online gaming and online access to music, movies, sports and TV shows. We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week.

We’re working day and night to ensure it is done as quickly as possible. We appreciate your patience and feedback.

Valued PlayStation Network/Qriocity Customer:
We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:

  • Temporarily turned off PlayStation Network and Qriocity services;
  • Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
  • Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it:

U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228.

We have also provided names and contact information for the three major U.S. credit bureaus below. At no charge, U.S. residents can have these credit bureaus place a “fraud alert” on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below.

Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790

You may wish to visit the web site of the U.S. Federal Trade Commission at www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania Avenue, NW, Washington, DC 20580 for further information about how to protect yourself from identity theft. Your state Attorney General may also have advice on preventing identity theft, and you should report instances of known or suspected identity theft to law enforcement, your State Attorney General, and the FTC. For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone (877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202; telephone: (888) 743-0023; or www.oag.state.md.us.

We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at 1-800-345-7669 should you have any additional questions.

Sincerely,
Sony Computer Entertainment and Sony Network Entertainment​

Addendum:

Patrick Seybold // Sr. Director said:
Clarifying a Few PSN Points

I wanted to take this opportunity to clarify a point and answer one of the most frequently asked questions today.

There’s a difference in timing between when we identified there was an intrusion and when we learned of consumers’ data being compromised. We learned there was an intrusion April 19th and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon.

For those who were looking there’s also an FAQ with some more frequently asked questions

Thank you for your continued patience and support.


Link to FAQ.


SOE's statement regarding PSN DCUO/Free Realms subs:

SOE_Brasse said:
We apologize for any inconvenience players may have experienced as a result of the recent service interruption. As a global leader in online gaming, SOE is committed to delivering stable and entertaining games for players of all ages.

To thank players for their patience, we will be hosting special events this weekend across our game portfolio, including a Double Station Cash day on Saturday, April 30th.

We are also working on a “make good” plan for players of the PS3 versions of DC Universe Online and Free Realms. Details will be available soon on the individual game websites and forums.


EU PS Blog comment regarding wallet funds:




PS Blog Q&A #1:

Q: Are you working with law enforcement on this matter?
A: Yes, we are currently working with law enforcement on this matter as well as a recognized technology security firm to conduct a complete investigation. This malicious attack against our system and against our customers is a criminal act and we are proceeding aggressively to find those responsible.

Q: Was my personal data encrypted?
A: All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.

Q: Was my credit card data taken?
A: While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained. Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network or Qriocity, and is therefore not stored anywhere in our system.

Q: What steps should I take at this point to help protect my personal data?
A: For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well. To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports.

Q: What if I don’t know which credit card I’ve got attached to my PlayStation Network account?
A: If you’ve added funds to your PlayStation Network wallet in the past, you should have received a confirmation email from “DoNotReply@ac.playstation.net” at the email address associated with your account. This email would have been sent to you immediately after you added the funds, and will contain the first 4 digits and last 4 digits of your credit card number. You can also check your previous credit card statements to determine which card was attached to your PlayStation Network or Qriocity accounts.

Q: When or how can I change my PlayStation Network password?
A: We are working on a new system software update that will require all users to change their password once PlayStation Network is restored. We will provide more details about the new update shortly.

Q: Have all PlayStation Network and Qriocity users been notified of the situation?
A: In addition to alerting the media and posting information about it on this blog, we have also been sending emails directly to all 77 million registered accounts. It takes a bit of time to send that many emails, and recognize that not every email will still be active, but this process has been underway since yesterday. At this time, the majority of emails have been sent and we anticipate that all registered accounts will have received notifications by April 28th. Consumers may also visit http://goo.gl/Ivkux and http://goo.gl/w7T9l for notices regarding this issue. In addition, we have taken steps to disseminate information regarding this issue to media outlets so that consumers are informed.

Q: What steps is Sony taking to protect my personal data in the future?
A: We’ve taken several immediate steps to add protections for your personal data. First, we temporarily turned off PlayStation Network and Qriocity services and, second, we are enhancing security and strengthening our network infrastructure. Moving forward, we are initiating several measures that will significantly enhance all aspects of PlayStation Network’s security and your personal data, including moving our network infrastructure and data center to a new, more secure location, which is already underway. We will provide additional information on these measures shortly.

Q: Has Sony identified the party or parties responsible for the PlayStation Network hack and subsequent theft of personal information?
A: We are currently conducting a thorough investigation of the situation and are working closely with a recognized technology security firm and law enforcement in order to find those responsible for this criminal act no matter where in the world they might be located.

Q: When will the PlayStation Network and Qriocity be back online?
A: Our employees have been working day and night to restore operations as quickly as possible, and we expect to have some services up and running within a week from yesterday. However, we want to be very clear that we will only restore operations when we are confident that the network is secure.

PS Blog Q&A #2:


Q: Will our download history/friends list/settings be affected by the PSN downtime?
A: No, they will not.

Q: Will trophies that were earned in single-player offline games during the outage be intact when the service resumes?

A: These trophies are intact and will be re-synched when the network is once again operational.

Q: Will my PS+ cloud saves be retrievable?
A: Yes, once PSN is restored.

Q: What if we have a subscription to PS3 MMOs DC Universe Online or Free Realms? Will we get compensation for that?

A: From Sony Online Entertainment: “We apologize for any inconvenience players may have experienced as a result of the recent service interruption. As a global leader in online gaming, SOE is committed to delivering stable and entertaining games for players of all ages. To thank players for their patience, we will be hosting special events across our game portfolio. We are also working on a “make good” plan for players of the PS3 versions of DC Universe Online and Free Realms. Details will be available soon on the individual game websites and forums.”

Q: Will there be a goodwill gesture for the time we haven’t been able to utilize PSN/Qriocity?
A: We are currently evaluating ways to show appreciation for your extraordinary patience as we work to get these services back online.

Seybold's statement regarding the rumor that the hackers offered to sell the CC database back to Sony:

When asked about the hackers’ claims, Patrick Seybold, senior director of corporate communications and social media at Sony, said, ”To my knowledge there is no truth to the report that Sony was offered an opportunity to purchase the list.”

Q&A #1 correction after Destructoid pointed out that Sony does in fact ask for a CCV code:



5/1 Press Conference:

Patrick Seybold // Sr. Director said:
Press Release: Some PlayStation Network and Qriocity Services to be Available This Week

SOME PLAYSTATION®NETWORK AND QRIOCITY™ SERVICES TO BE AVAILABLE THIS WEEK
Phased Global Rollout of Services to Begin Regionally; System Security Enhanced to Provide Greater Protection of Personal Information

Tokyo, May 1, 2011 – Sony Computer Entertainment (SCE) and Sony Network Entertainment International (SNEI, the company) announced they will shortly begin a phased restoration by region of PlayStation®Network and Qriocity™ services, beginning with gaming, music and video services to be turned on. The company also announced both a series of immediate steps to enhance security across the network and a new customer appreciation program to thank its customers for their patience and loyalty.

Following a criminal cyber-attack on the company’s data-center located in San Diego, California, U.S.A., SNEI quickly turned off the PlayStation Network and Qriocity services, engaged multiple expert information security firms over the course of several days and conducted an extensive audit of the system. Since then, the company has implemented a variety of new security measures to provide greater protection of personal information. SNEI and its third-party experts have conducted extensive tests to verify the security strength of the PlayStation Network and Qriocity services. With these measures in place, SCE and SNEI plan to start a phased rollout by region of the services shortly. The initial phase of the rollout will include, but is not limited to, the following:

  • Restoration of Online game-play across the PlayStation®3 (PS3) and PSP® (PlayStation®Portable) systems
  • -This includes titles requiring online verification and downloaded games
  • Access to Music Unlimited powered by Qriocity for PS3/PSP for existing subscribers
  • Access to account management and password reset
  • Access to download un-expired Movie Rentals on PS3, PSP and MediaGo
  • PlayStation®Home
  • Friends List
  • Chat Functionality

Working closely with several outside security firms, the company has implemented significant security measures to further detect unauthorized activity and provide consumers with greater protection of their personal information. The company is also creating the position of Chief Information Security Officer, directly reporting to Shinji Hasejima, Chief Information Officer of Sony Corporation, to add a new position of expertise in and accountability for customer data protection and supplement existing information security personnel. The new security measures implemented include, but are not limited to, the following:
  • Added automated software monitoring and configuration management to help defend against new attacks
  • Enhanced levels of data protection and encryption
  • Enhanced ability to detect software intrusions within the network, unauthorized access and unusual activity patterns
  • Implementation of additional firewalls

The company also expedited an already planned move of the system to a new data center in a different location that has been under construction and development for several months. In addition, PS3 will have a forced system software update that will require all registered PlayStation Network users to change their account passwords before being able to sign into the service. As an added layer of security, that password can only be changed on the same PS3 in which that account was activated, or through validated email confirmation, a critical step to help further protect customer data.

The company is conducting a thorough and on-going investigation and working with law enforcement to track down and prosecute those responsible for the illegal intrusion.

“This criminal act against our network had a significant impact not only on our consumers, but our entire industry. These illegal attacks obviously highlight the widespread problem with cyber-security. We take the security of our consumers’ information very seriously and are committed to helping our consumers protect their personal data. In addition, the organization has worked around the clock to bring these services back online, and are doing so only after we had verified increased levels of security across our networks,” said Kazuo Hirai, Executive Deputy President, Sony Corporation. “Our global audience of PlayStation Network and Qriocity consumers was disrupted. We have learned lessons along the way about the valued relationship with our consumers, and to that end, we will be launching a customer appreciation program for registered consumers as a way of expressing our gratitude for their loyalty during this network downtime, as we work even harder to restore and regain their trust in us and our services.”

Complimentary Offering and “Welcome Back” Appreciation Program

While there is no evidence at this time that credit card data was taken, the company is committed to helping its customers protect their personal data and will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs. The implementation will be at a local level and further details will be made available shortly in each region.

The company will also rollout the PlayStation Network and Qriocity “Welcome Back” program, to be offered worldwide, which will be tailored to specific markets to provide our consumers with a selection of service options and premium content as an expression of the company’s appreciation for their patience, support and continued loyalty.

Central components of the “Welcome Back” program will include:

  • Each territory will be offering selected PlayStation entertainment content for free download. Specific details of this content will be announced in each region soon.
  • All existing PlayStation Network customers will be provided with 30 days free membership in the PlayStation Plus premium service. Current members of PlayStation Plus will receive 30 days free service.
  • Music Unlimited powered by Qriocity subscribers (in countries where the service is available) will receive 30 days free service.

Additional “Welcome Back” entertainment and service offerings will be rolled out over the coming weeks as the company returns the PlayStation Network and Qriocity services to the quality standard users have grown to enjoy and strive to exceed those exceptions.

SNEI will continue to reinforce and verify security for transactions before resuming the PlayStation®Store and other Qriocity operations, scheduled for this month.

For more information about the PlayStation Network and Qriocity services intrusion and restoration, please visit http://blog.us.playstation.com. or http://blog.eu.playstation.com/
 

dLMN8R

Member
You know what? Yeah, fuck that hacker, but fuck you too Sony, you incompetent piece of crap company. How the hell do you screw everything up from a random number generator to having a competent web security back-end? Just plain irresponsibility.

If this requires me to go and change all of my passwords, e-mail addresses, and logins again, just like the Gawker breach did last year, I'd be happy never buying another Sony product again.
 

NewFresh

Member
It just gets better and better

name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID.... profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers ...If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
 

Snuggles

erotic butter maelstrom
Fucking A, man.

Like I said in the old thread, it's pretty scary stuff. My PSN account is worth far more than what I have on my CC, so losing that account would be the worst thing that could happen.

I didn't sign up for this shit.
 

benny_a

extra source of jiggaflops
dLMN8R said:
If this requires me to go and change all of my passwords, e-mail addresses, and logins again, just like the Gawker breach did last year, I'd be happy never buying another Sony product again.
If the passwords you use are the same on PSN as on other services, then yes, you need to change your passwords.
 
I suspect (hope) that the information may not have actually been obtained but they've got to warn people of the possibility just in case it has... a legal ass covering sort of thing.

This is all terribly damaging reputation wise... I've got to imagine that if they find the person(s) responsible, they're in for a world of hurt
 

BeeDog

Member
I blocked my CC just now, and I truly hope Sony implements a password resetting system for each and every user. If not, they can go royally fuck themselves.
 

Papercuts

fired zero bullets in the orphanage.
As Wario said in the last thread, thanks for waiting a fucking WEEK to tell us all of this is out in the open.
 
Thank god the one credit card that I ever used on PSN expired months ago. Man this is bad.

And to think I thought I could always trust these companies with my info. I'm going to be using pre-paid cards on all services from now on.
 

SmithnCo

Member
Luckily my PSN password was unique. But if anything is changed about my account when PSN comes back I'm going to be pissed.
 

RPGCrazied

Member
Again.. I ask. How hard is to delete a CC on the PS3? I have one, but its not even mine, its my Mothers!

Ugh, so mad. If I *EVER* buy anything from PSN again, its PSN cards from now on.
 
This is gonna be a big deal for them. Soon as some of the big news outlets (CNN, foxnews) report this Sony is in for a long couple of days. This is huge.

On a good note, I'm really glad I never put my CC info on the PSN.
 
D

Deleted member 20415

Unconfirmed Member
Guys, you're looking at this the wrong way. This security breach didn't cost you anything!

Time to monitor my CC more often...
 

Takao

Banned
On the bright side they'll probably have to remotely deactivate everyone's PS3s and PSPs to make sure it's on equal footing. Good chance to get rid of some dead weight, right?
 
I just cannot get over how long it's taken them to give any idea on the scope of this and how much info might have been accessed. smh A fucking week, man.
 

dream

Member
Step 1: Go through all your credit card statements.
Step 2: Call your credit bureaus to have a fraud alert placed on your record.
Step 3: Join in any class action lawsuits filed against Sony.
 

GodofWine

Member
Hide yo credit cards...hide yo SSN!

While Im one of the souls who have been compromised, Im not terribly concerned anyone will do anything with my credit card (plus Im watching it like a hawk)..and Im not getting phished, Im not dumb enough to fall for that crap.

And its also a 1 in a million thing...I like my odds, but hope it happens to no one.
 
I knew that other thread will be closed. Archive that plz.

Oh well:

. . .name, address (city, state, zip), country, email address, birthdate. . .

Oh great, thx Sony for your shitty security. In b4 someone defends this and says don't blame Sony, calm down etc.
 

Vinci

Danish
radioheadrule83 said:
I suspect (hope) that the information may not have actually been obtained but they've got to warn people of the possibility just in case it has... a legal ass covering sort of thing.

This is all terribly damaging reputation wise... I've got to imagine that if they find the person(s) responsible, they're in for a world of hurt

I see one single unauthorized transaction on my credit card... then fuck Sony. I've supported them three generations in a row, but if they can't get something this important right, fuck 'em.
 
FUCK WE ALL GONNA DIE!!

but seriously fuck Mr hacker and fuck you too Sony.

I knew no good would come from you kids and your online machines
 
Status
Not open for further replies.
Top Bottom