Playstation Network hacked - UPDATE - It happened AGAIN
 

I have not seen a thread talking about this, so here is it for those that don't know it if any, as it's an important issue if you have your credit card data into PSN for games, etc purchases.

Here is the latest update and FAQ by Sony:


Q.1 When did you realise the system had been intruded?

We discovered between April 17 and April 19 there was an illegal and unauthorized intrusion into our network.

Q.2 How did you know that the system was intruded?

We watch for any issues that may be raised with respect to security and monitor for such issues both internally and externally.

Q.3 What is the main reason to this problem? Which parts of the system were vulnerable to the intrusion?

We are currently conducting a thorough investigation of the situation. Since this is an overall security related issue, we will not comment further on this case.

Q.4 What action did you take (are you taking)? Is there any possibility of further unauthorized access?

As soon as we learned of this issue, 1) we temporarily turned off PlayStation Network and Qriocity services in order to conduct a thorough investigation and to verify the smooth and secure operation of our network services, 2) we have also engaged an outside, recognized security firm to conduct a full and complete investigation into what happened, and 3) quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.

Q.5 How many were affected? How many per each region? What is the latest status of PlayStation Network registered account/ operating countries.

Our investigation indicates that all PlayStation Network/ Qriocity accounts may have been affected.

Q.6 Does that mean all users’ information was compromised? Tell us more in details of what personal information leaked.

In terms of possibility, yes. We believe that an unauthorized person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity password, login, password security answers, and handle/PSN online ID. It is also possible that your profile data may have been obtained, including purchase history and billing address (city, state/province, zip or postal code). If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. If you have provided your credit card data through PlayStation Network or Qriocity, it is possible that your credit card number (excluding security code) and expiration date may also have been obtained.

Q.7 Have you notified those users?

We are sending out e-mails directly to these users to their e-mail address registered on the PS Network accounts. Also, we have posted web notices, and additional necessary procedures have been followed by each region.

Q.8 Have you received reports or claims that their PSN ID information/ credit card had been used improperly?

Not at this point in time.

Q.9 I want to know if my account has been affected.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your account statements and to monitor your credit reports. Additionally, if you use the same user name or password for your PlayStation Network or Qriocity service account for other unrelated services or accounts, we strongly recommend that you change them. When the PlayStation Network and Qriocity services are back on line, we also strongly recommend that you log on to change your password.
For your security, we encourage you to be especially aware of email, telephone, postal mail or other scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking.

Q.10 What should I do to prevent any unauthorized use of my (credit card) personal information?

For your security, we encourage you to be especially aware of email, telephone, postal mail or other scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. Additionally, if you use the same user name or password for your PlayStation Network or Qriocity service account for other unrelated services or accounts, we strongly recommend that you change them. When the PlayStation Network and Qriocity services are back on line, we also strongly recommend that you log on to change your password.
To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your account statements and to monitor your credit reports.

Q.11 Since when have PSN/Qriocity become unavailable and in which region?

PSN/Qriocity services have not been available since April 20 (US time) in all regions.

Q.12 How come it is taking so much time to resume the service?

We are taking the investigation seriously. We decided to keep the service down to allow us to conduct a thorough investigation and verify smooth operation of our network services.

Q.13 How serious is this? Have the hackers broken the security on PSN/Qriocity? Are you taking necessary measures to prevent such outage happening in the future?

Since this is an overall security related issue, we will not comment further on this case but we are working to restore and maintain the services, including countermeasures against future intrusions.

Q.14 When will the service resume?

We are taking the investigation seriously. We will keep the service down to allow us to conduct a thorough investigation and verify smooth operation of our network services but are working hard to resume the services as soon as we can be reasonably assured security concerns are addressed.

Q.15 Seems like SOE service was also not available/ suffering outage. Is this true? Is this due to the same reason as the PSN/Qriocity outage?

SOE's service is available although a service interruption due to an external attack did occur. A thorough investigation is ongoing.

Q.16 I want my money back (subscription fee, content) since the PSN/Qriocity was not available.

When the full services are restored and the length of the outage is known, we will assess the correct course of action.

Q.17 There seems to be some games that cannot be played even offline?

Depending on the game titles, but mainly PSN games, some may require access to PSN for trophy sync, security check, etc.

It's in the Video Games thread at 2011 Video Games Thread - Front Office Football Central

but not in any great detail

I was wondering why my PSN login was acting weird the past few weeks. I keep myself logged in for things like Netflix and the Netflix app has been telling me I am not logged into PSN since around that time period. I then go to PSN login, try to login again, and it does nothing really. Then I go back to Netflix and it barks at me again but hitting cancel (or circle) allows me to browse and watch movies.

Glad FOFC was there to notify me of this type of shit...PSN dam sure didn't. Also glad I never input my CC to those idiots.

+1

Although I did see something about it somewhere else on the web a few days ago. But certainly not from PSN/Sony. Fuckwads.

I actually got an e-mail last night. But it's definitely overdue. Should have been sent much sooner. I went ahead and called the credit card company and put a fraud alert on my card just in case.

I probably got one too...I just used a @yahoo.com email that I never check as my sign-in email.

In the biggest Spanish consoles forum, there are some reports with screenshoots of fraudulent uses of their credit cards already, mainly payments attempts in online shops (up to $600) and in Netflix, so take a look at your cc statements just in case yours have been used too.

they ought to buy a years worth of protection for everyone (short Sony)

I never heard of this until last night when one of my friends mentioned it. Yup, Sony, you dropped the ball big time on this without making sure notifications went out via email to everyone. Since you obviously had them, knew over a WEEK ago, yet, still nothing from you. Since I downloaded the map packs for Black Ops on there, now I have to call my bank to make sure that nothing has been compromised. Sure would have been nice to know this not long after you guys found out about it.

I haven't received an email, and my CC was saved there. Fantastic. Just checked my card, and there aren't any fraud purchases, but I'll let them know anyway.

Just no excuse in the world to not notify you ASAP.....

From the Sony email...


Ok, we bought rockband songs awhile back using a CC on PSN (not a 100% sure it is one we still have, it's been awhile). Anyone have any experience with what extra steps they take to verify your identity?

How big a pain is it trying to shop with a "fraud alert" card? Are you delayed every time you try to checkout?

Does this card become virtually useless to use for online shopping?

Is one better off just cancelling the card and getting a new one?

How does this affect something like going to buy a new car or any major purchase? Right now with my credit I can easily go buy a car and drive away no questions asked. Does this only change with them having to make a phone call or two?

Thanks.

I believe it only comes into play if someone tried to obtain new credit. A new CC, finance something, things like that.

thanks.

Yeah I'd say trying to get a new CC is not a good idea right now.

U.S. Only for the fraud alert? Does Canada not have that? I was gonna call to put a fraud alert on so now I'm confused.

There has got to be some legal ramification to not notifying as soon as you know there might have been a breach, right? How can you not let people know their cards have been compromised and not be liable for any bad shit that goes down in the meantime.

To be extra sure, you can call your credit card company and ask them to close out your account number and transfer everything to a new credit card number. I did this a while back when I lost a card while traveling.

I canceled my account awhile back, last year when they removed the "other OS" option from the bios. Now I get an email today about this. Apparently they did not delete my info.

Finally got the email just now... It'll be a pain, as I use that card for a lot of saved/auto things, but I suppose I can get a new one. The email says it's not certain card numbers were compromised; do we have any confirmation that they were? I think I used an incorrect b-day when I signed up for that thing, so the CC is the big concern.

I wonder if you only get an email if you stored a CC on file? I have never used a CC with them but still have not received an email mentioning this problem.

I believe they have only sent emails to accounts whose information they believe have been compromised.

Seems like they are just taking their time, I just got one this morning. To hell with numbers to call in credit alerts that inconvenience us, they should pay for a year of credit monitoring for those that may have been compromised.

We called our CC company, been with them over 10 years, and they offered to do this without us even asking. Should have new cards in a few days.


Agreed. I am wondering what a hacker is missing to stop them from applying for credit using your name. Just a social security number? CC was a relatively easy fix as was changing any passwords, someone having info to be able to apply for credit is now my concern.

Still no email from them.

I got the email. And I'm as unimpressed with them today as I was when the news first broke.

Luckily I don't reuse passwords that get associated with credit cards.

/tk

Finally got my email this afternoon.

Finally got my email at 6:24pm. Somehow my view of them is not any different than before I received it.

Got mine a little before 6 last night. Gee Sony, sorry you had to go so far out of your way to inform everybody OVER a week after the incident. No apology either and yea, I know I can get a free credit report each year from the 3 major credit reporting bureaus, that's been the law for a few years now.

Update:

http://blog.us.playstation.com/2011/...ble-this-week/

Everytime they post about Qriocity I really want to be all like, "what the fuck is Qriocity." I swear this almost seems like a publicity stunt in order to boost awareness of Qriocity or something. Just get PSN back running you stupid sony fucktards.

Same here. Every time I hear it, I think of Q-Link for the Commodore 64.

Two attempts to use my card last night at an online European hobby shop. My bank immediately flagged my card and blocked the purchases.

by you?

No, sorry for not being clear there. I went to buy something this morning and found out my card that was attached to my PSN account was locked. The reason was someone was trying to make some small purchases on the card.

EW YORK — Sony Corp. said Monday that hackers may have taken personal information from an additional 24.6 million user accounts after a review of the recent PlayStation Network breach found an intrusion at a division that makes multiplayer online games.

The data breach comes on top of the 77 million PlayStation accounts it has already said were jeopardized by a malicious intrusion.

The latest incident occurred April 16 and 17 — earlier than the PlayStation break-in, which occurred from April 17 to 19, Sony said.

About 23,400 financial records from an outdated 2007 database involving people outside the U.S. may have been stolen in the newly discovered breach, including 10,700 direct debit records of customers in Austria, Germany, the Netherlands and Spain, it said.

Sony says 25 million more accounts hacked *| ajc.com

Was it a French women underwear shop? (no fun intended, i know two Spanish guys that had fraudulent purchases attempts in that shop for up to $600).

I canceled out my CC. Curious what information I had in the PS account though since I usually fudge a few things (like b-day).

I believe it's a little more complicated than that. Altough having your SS probably makes it a relatively short leap to get the remaining info needed if they really want to. You need things like residential history, employment history, and bank account information.

As incompetent and immoral as Sony has acted, you have to wonder how often this happens with companies not reporting it at all.

I think that going forward I will probably buy cards for most of these services and will use my debit card in fewer places.

Last year someone took my card number from somewhere (I was thinking it was "rubbed" at Jamba Juice) and used it to buy a $9.99 NeoPet.

Just from looking at the application form for a credit card at Citibank, it looks like all you need is:

Name
Address
Phone #
SSN
DOB

Really? I've always had to supply employment information and income information, at minimum. I looked on on Citi's site and they ask for all of that.

I just called my bank to let them know that my debit card has been compromised since it was linked to my account and they basically told me that this is all a scam and that only my bank's fraud department can let me know if my card has been compromised. Really?

I got the number for someone higher up the pecking order but they are out to lunch. May be time for a new bank. I don't need people this thick headed handling my accounts and money.

You can just make all that up. Well at least you used to be able to. They'll give credit to almost anyone, especially since they can't lose money in the deal.

Interesting. What bank if you don't mind?

RainMaker is correct. The employment information is not for verification. If you notice, on the Citi site, they are not requiring to provide your employer's name, address, or phone number. Just your general occupation and your income. They use that information for approval amount, research, and marketing.

I am one of those people that likes to challenge the DO NOT REPLY nature of these type of messages. I found this to be an interesting response. So I guess they won't be informing me when people steal my information again? Or did they just confirm the nature of their emails is to promote Qriocity? :)

Is the Playstation going to die? I don't know if they can get past this situation. It will be interesting to see some data over the next few months. I haven't used my 360 in a year probably, and now I'm going to switch my preorder of LA Noire over to it.