Saturday, 30 April 2011

PlayStation Network User Data Hacked

Seven days and counting: Sony's Playstation Network was still offline after the announcement  it had taken the service down indefinitely, while they 'rebuilt from the ground up.' PSN has suffered a major hack-attack and personal information of all users has been stolen, possibly including credit card data.

Following the Geo-Hotz-Sony lawsuit, it was assumed the hacking group Anonymous had suceeded in it's concerted denial of service attacks to shut down PSN but Anonymous has denied any involvement...

Sony's belated statement (forced, it's thought by some suspect credit card activity among PSN members) included:

"We believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained..." Further, Sony states, "If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility."

"We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience," Sony apologises, "Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority."

PSN has around 70 million registered users. If nothing else, this exposes the myth of on-line security, through which we have sleep-walked over recent years.

UPDATE:
The latest as of Friday 29 April: hackers claim to have 2.2m credit cards, copied during the attack between 17 and 19 April which led Sony to shut down the network for more than a week. Some of the 77 million PSN users are reporting new fraudulent charges on their credit cards, although this is not yet proven to link to the breach as any large number of credit cards is likely to suffer a proportion of frauded by 'usual' methods.

Sony insisted in a blog post that the credit card data it stored was encrypted: "While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility.


"If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained. Keep in mind, however, that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network or Qriocity, and is therefore not stored anywhere in our system."

Meanwhile the class action lawsuits are already being prepared against Sony in the US. RC

No comments:

Post a Comment

At least try to be nice, it won't kill you...