All Articles: ApocalyPS3 2011
PSN credit card sale a hoax, says Sony
Rumors have been spreading about credit card information that was leaked by the PSN security breach – one of them being that the hackers tried to sell a list of stolen card numbers back to Sony. Patrick Seybold, Senior Director of Corporate Communications and Social Media at Sony, said on the PlayStation Blog that “To my knowledge there is no truth to this report of a list, or that Sony was offered an opportunity to purchase the list.” He also reiterated that Sony will never ask you for your credit card number or social security number or any other information like that, so if you’re approached for this information, it’s by a party posing as Sony and you should not share that information. Duh.
He also explained what they meant at this weekend’s press conference when they said users’ passwords were not encrypted. “While the passwords that were stored were not ‘encrypted,’ they were transformed using a cryptographic hash function,” wrote Seybold. “There is a difference between these two types of security measures which is why we said the passwords had not been encrypted. But I want to be very clear that the passwords were not stored in our database in cleartext form.” Seybold also offered a link explaining the difference.
We’re nearly two weeks into the PSN outage, with not one, but two class action lawsuits against Sony already. The PSN should be back up this week, but have people already lost too much faith in Sony?
Sony Online Entertainment accounts compromised
The ApocalyPS3 continues as yesterday Sony took down Sony Online Entertainment in response to their discovery of “an issue.” According to CNet, after SOE was taken down, this message was sent: “Dear Valued SOE Customers, We have had to take the SOE service down temporarily. In the course of our investigation into the intrusion into our systems we have discovered an issue that warrants enough concern for us to take the service down effective immediately. We will provide an update later today Monday. We apologize for any inconvenience and greatly appreciate your patience.”
Sony released more information at the SOE website, detailing the breach: “Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password.” There’s also “evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained.”
Holy crap. This is really bad, Sony. The company is pointing SOE users to the government-offered free credit report service: “U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228.” In other news, I just got my free t-shirt for participating in the Rewards Beta. I think I’ll wear it when I sign up for my free credit report.
PSN to be restored next week; Sony offers “Welcome Back” gifts
As promised, Sony held a press conference on the state of the PlayStation Network and announced that the PSN/Qriocity music service will be back online next week. An exact date for the service’s return was not revealed, but the initial phase of the rollout will include restoration of online play, Qriocity’s Music Unlimited service, account management options (including password resets), PlayStation Home, the Friends List and chat. It looks like the PlayStation Store will come back online later.
Sony spent the last week examining the network infrastructure and investigating how the breach occured. In order to prevent something like this from happening again, the company has created a new position: Chief Information Security Officer. In addition to a new executive that reports directly to the highest levels of Sony, the gamemaker has beefed up the PSN’s security with automated software monitoring to defend against attacks, tougher encryption and new firewalls.
A mandatory PS3 update will also require all PSN users to change their passwords before logging in to the restored system. To further enhance security, this password change can only be performed on the same PS3 in which that account was activated or through a validated email confirmation.
To apologize for gamer’s patience during The Great PSN Outage of 2011, Sony has launched a “Welcome Back” program. The “Welcome Back” program will supply PSN users with free “entertainment content” (specific content will be announced soon) and a 30-day subscription to PlayStation Plus (or a 30-day extension for current subscribers). Current Qriocity users will receive a 30 days of free service. Sony plans to announce additional “Welcome Back” offerings over the next few weeks.
The full text of the press statement can be read at the PlayStaton.Blog.
Sony evaluating “goodwill gesture” for PSN users
With the PlayStation Network still down and seemingly no end in sight, Sony has begun to investigate ways they can say “We’re sorry!” to gamers.
The latest update on the PlayStation.Blog confirms that user’s download history, friends list, settings, Trophies and PlayStation Plus cloud saves will be unaffected by the network outage.
The update also revealed that Sony wants to provide a goodwill gesture to gamers for their patience in dealing with the PSN outage and while they’re not ready to announce what it is just yet, the company is currently evaluating several different options. Though they did say that DC Universe Online and Free Realms players would receive some kind of compensation for the downtime as part of Sony’s “make good” plan.
Sony says “we didn’t know hackers stole info” as CT Senator goes after company
It looks like gamers aren’t the only ones that can’t believe Sony waited as long as they did to inform consumers about their lost personal information. Connecticut Senator Richard Blumenthal has written a letter to SCEA President and CEO Jack Tretton demanding that consumers be compensated for the security breach and Sony’s failure to notify PlayStation Network users in a timely manner.
The Senator is asking Sony to provide PSN users with free access to credit reporting services for two years (this service is actually already provided by the federal government) and asked that “affected individuals [..] be provided with sufficient insurance to protect them from the possible financial consequences of identity theft.”
While I’m sure gamers everywhere appreciate Blumenthal going to bat for them, Sony is actually claiming that they just learned of the user information theft on Monday, April 25th. A Sony spokesman posted the following timeline of events on the PlayStation.Blog late last night:
There’s a difference in timing between when we identified there was an intrusion and when we learned of consumers’ data being compromised. […] It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach.
The forehead-slapping stupidity of that statement makes me think the Senator might have a point. Sony’s failure to admit it was a strong possibiliy that hackers accessed the personal information of 77 million PSN users on the 19th is inexcusable.
Maybe it really is the “ApocalyPS3” for Sony…
Sony admits hackers stole personal info, possibly credit card numbers as well
First, the good news. Sony has “a clear path” to bringing the PlayStation Network back online. The software giant expects some services to be back online within a week. It’s not much, but a preliminary timetable is more than we knew before.
Now the bad news… HACKERS HAVE STOLEN YOUR PERSONAL INFORMATION FROM SONY! According to Sony, during the intrusion, an outside party obtained the following information from PSN users:
[N]ame, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. […] If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
While Sony states they are still investigating the security breach, I can’t believe they just learned what personal information (and possible credit card information) the hackers gained access to today. Sony should have notified PS3 owners about this possibility a week ago and I’m shocked that they, quite literally, said nothing over the holiday weekend.
More information is available at the PlayStation.Blog.
Infamous 2 beta extended due to PSN Outage
The Infamous 2 beta has been going on for a few weeks now, and players were enjoying creating new missions for its hero, Cole. All good things must come to an end though, and when the Playstation Network went dark, Sucker Punch, the developer of Infamous 2, was lit up with emails. Today, Sucker Punch has confirmed through their Twitter page the beta will be extended… when the PSN is back up:
We’ve decided to extend the beta. Once PSN is back up we’ll determine by how long, but rest assured: your outcry has been heard.
The Infamous 2 beta began on April 12 and Sucker Punch has also revealed that they’ve suspended beta code giveaways until Sony works out the PSN network issues:
Handing out beta codes you can’t redeem would be cruel and unusual; all contests and giveaways suspended until the PSN servers are back up.
Sony still analyzing extent of damage to PSN, unsure if credit card info was compromised
It’s been a rough couple days for PlayStation Network users, and despite rumors of the service coming back online soon, there’s really no end in sight. The latest update from the PlayStation Blog claims there’s no “update or timeframe to share at this point in time,” but that they’ll let us know as soon as new information becomes available.
Satoshi Fukuoka, spokesman for Sony Computer Entertainment in Tokyo, stated that a full investigation is underway to resolve the problem, which still is not being disclosed to the public. Even more alarming is that the company doesn’t know the scope of the security breach, stating that they don’t know if credit card information has been stolen. Fortunately, Fukuoka assures everyone that PlayStation will disclose such a breach immediately if it turns out to be true.
This is getting really bad, but I’m sure we all know who’s really behind this, despite them claiming they wouldn’t attack the PSN anymore. I guess they’ve gone back to looking at gamers everywhere as collateral damage.