Sony confirmed earlier today that the recent PlayStation Network breach have resulted in stolen personal data. Sony says while personal information was likely stolen they don’t believe credit card numbers were and that they hope to have the Playstation Network service back up within a week.
Based on their recent blog post regarding the issue, Sony says they’ve hired a “recognized security firm” to conduct a complete investigation into what happened and have taken steps to enhance security and strengthen network infrastructure. The news comes more than nine days after the intrusion and six days after Sony shut down both the Playstation Network and Qriocity services in reaction to the breach.
“We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network,” Patrick Seybold, senior director of corporate communications for Sony Computer Entertainment of America, wrote on the official Playstation Blog today.
Below is a compiled FAQ taken from Kotaku.
I can’t remember, did I need to use a credit card to create a Playstation Network account?
No, that’s only required if you added funds to your wallet to purchase content on your PS3 like a game, add-on or movie.
What if I can’t remember if I used a credit card?
Try searching through your emails for anything from DoNotReply@ac.playstation.net.
What if I did use a credit card on the Playstation Network?
While Sony says they have no evidence credit card numbers were stolen, they also say they’re not sure they weren’t. Now might be a good time to cancel your current card and get a replacement.
What if I didn’t use a credit card on my account. Am I safe?
Yes and no. Your credit card info is safe, but your personal information may be out there in the wrong hands. It might be a good idea to keep an eye out for phishing scams, watch your credit report and make sure you change your passwords if you re-used them in multiple places.
What information was taken from Sony?
Sony has confirmed that account information has been compromised, including name, address, and login information for the PlayStation Network and the Qriocity music service.
So how do I check my credit?
U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit http://www.annualcreditreport.com or call toll-free (877) 322-8228. You can also check the three bureaus individually:
Experian: 888-397-3742; http://www.experian.com; P.O. Box 9532, Allen, TX 75013
Equifax: 800-525-6285; http://www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
TransUnion: 800-680-7289; http://www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790
When will the Playstation Network be back up?
As of April 26, Sony is expecting the PlayStation Network to be back up “within a week.”
How long has PSN been down?
The system went down last Wednesday, April 20th. (That’s seven days if you’re keeping score.)
Can I play games without going online, either by myself or with a friend locally?
Absolutely. Almost every PS3 game, whether it’s played via disc or download, will work so long as you’re using a mode that doesn’t require PSN access. (That’s internet multiplayer, mostly.) There is a small exception to this, which I’ll explain a little later.
What about using a LAN?
Sure, a setting up a little LAN party would be a great alternative. The only problem is that the selection of LAN-capable PS3 games is pretty limited.
Is Anonymous responsible?
Probably not. The group has publicly denied their involvement, and there has been no definitive proof to say otherwise.
So why are they being arrested?
They aren’t. The rumor is based on an old press release from January.
Some games use digital rights management to prevent piracy. Will that affect my ability to play?
As of now, the only games that we know to be affected are a pair of Capcom downloadable games, Bionic Commando Rearmed 2 and the Final Fight/Magic Sword game pack.
So I can’t play any games online or use PSN. Can I still use non-game PSN apps like Netflix, Hulu Plus, etc?
Netflix works on and off if you’re persistent enough. The others not at all.
What about features like the browser, which use the internet, but aren’t connected to PSN?
Users have reported via forums that the PS3 browser still works.
Can I still get system updates?
The system update feature is not connected to PSN and is therefore functional. (Ever notice that you have to sign out of PSN to download an update?) Users can still also download system updates via the Playstation website.
Is there a chance my trophies could get wiped?
Trophies will not update as long as PSN is down, but since most of them are not internet-based, it’s likely (but not definite) that the trophies that you earn during the shutdown will be added to your account when it updates once PSN is back online. If you were to delete your account or if your console were to crash, however, you would definitely lose any trophies earned while PSN is down. Currently, it is not possible to check trophies via the Playstation website.
Will I lose my saved game data?
Not likely, your saved game data is stored on your hard drive, and therefore should not be affected by the outage.
Am I more likely to lose my data if I’ve been using the cloud storage feature of
No. While you definitely aren’t able to update any data you’ve saved in the cloud, the cloud data is technically a copy of whatever was saved from your machine, so even if the back-up data was lost your save would still be in tact on the machine where it was originally recorded.
Wait I have some questions you didn’t or can’t answer. Can I ask Sony directly?
Yes, Sony says you should contact them if you have any additional questions at: 1-800-345-7669.
My advice is to start changing your passwords for all your emails that you’ve used to register for PSN accounts. Get in touch with your local bank if you’re having issues with your debit/credit card. Most of all, ignore all emails requesting for personal information and NEVER login from any email links.
Below, I leave you with a letter from US Senator, Richard Blumenthal to SCEA president and CEO, Jack Tretton.
April 26, 2011
Mr. Jack Tretton
President and CEO
Sony Computer Entertainment America
919 East Hillsdale Boulevard
Foster City, CA USA 94404
Dear Mr. Tretton:
I am writing regarding a recent data breach of Sony’s PlayStation Network service. I am troubled by the failure of Sony to immediately notify affected customers of the breach and to extend adequate financial data security protections.
It has been reported that on April 20, 2011, Sony’s PlayStation Network suffered an “external intrusion” and was subsequently disabled. News reports estimate that 50 million to 75 million consumers – many of them children – access the PlayStation Network for video and entertainment. I understand that the PlayStation Network allows users to store credit card information online to facilitate the purchasing of content such as games and movies through the PlayStation Network. A breach of such a widely used service immediately raises concerns of data privacy, identity theft, and other misuse of sensitive personal and financial data, such as names, email addresses, and credit and debit card information.
When a data breach occurs, it is essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised. Additionally, PlayStation Network users should be provided with financial data security services, including free access to credit reporting services, for two years, the costs of which should be borne by Sony. Affected individuals should also be provided with sufficient insurance to protect them from the possible financial consequences of identity theft.
I am concerned that PlayStation Network users’ personal and financial information may have been inappropriately accessed by a third party. Compounding this concern is the troubling lack of notification from Sony about the nature of the data breach. Although the breach occurred nearly a week ago, Sony has not notified customers of the intrusion, or provided information that is vital to allowing individuals to protect themselves from identity theft, such as informing users whether their personal or financial information may have been compromised. Nor has Sony specified how it intends to protect these consumers.
PlayStation Network users deserve more complete information on the data breach, as well as the assurance that their personal and financial information will be securely maintained. I appreciate your prompt response on this important issue.
United States Senate
Also, follow Kotaku as they update on the current issue as well.
Everything You Need To Know About The PlayStation Network Hack [Kotaku]
Update on PlayStation Network and Qriocity [Playstation.com]
Blumenthal Demands Answers from Sony over Playstation Data Breach [blumenthal.senate.gov]