Sony announces user data stolen from SOE servers

FBI brought in to investigate unlawful, forceful application of shit to fan

There's a nice symmetry to the idea that whether you spent the past 48-odd hours obsessively watching the news or pointedly thrashing Mortal Kombat, you're still lost in the developing details of two or three fairly huge news stories. Well, the really big ones aren't really our purview – but within the world of gaming, the big shock of the moment is very much the developing SOE/PSN issue, which Sony has confirmed stemmed from attacks on the company's servers.

The PSN outage which began on April 20th was caused by a manual shutdown of the network at Sony's end. Sony's Qriocity media-streaming service was also shut down by the company on the 19th, immediately following Sony's discovery of an intrusion into its servers sometime between the 17th and 19th. These shutdowns were for the purposes of protecting user accounts and auditing the company's data systems and security measures.

Sony's MMO division, Sony Online Entertainment, initially indicated that its user information had not been affected by the PSN attack, but it announced today that the breach did extend to its servers. Financial Times is reporting that rather than a single intrusion, Sony is still discovering the traces of a series of attacks; however, the company maintains that these all stem from the initial April 17th-19th system breach.

SOE customer? On a panic-scale from "shrug" to "run for the hills," this should rate somewhere around "employ a sensible level of vigilance." Sony has announced that the information stolen from their SOE servers includes users' names, addresses, phone numbers, birthdates, login names and hash-scrambled passwords; this also includes credit or debit card numbers for around 12,700 non-US customers. Security numbers for the cards were apparently not stolen, making fraudulent use of the cards more difficult, but not impossible.


Above: Card security numbers are still safe. Except poor Mr. Public's, of course

Four security companies have been enlisted to trace the attack, and the FBI has been asked to investigate the matter as a criminal act. Congress, in turn, has asked Sony to provide information about their handling of customer security as a result of the attacks, including the delay in notifying customers of the data breach.

Sony is asking all customers of its online services to watch credit card records and account statements for unexplained purchases over the coming weeks. Users in affected territories will be offered complimentary enrollment in identity-protection programs, and Sony will be contacting all users whose data it believes may have been affected by the attack; however, the company wishes to stress that anyone contacting you requesting credit card, social security or other personally identifiable information is NOT a representative of Sony and no information should be given out.


Above: And thank God the FBI are in on this, or we'd have no way to link it back to videogames whatsoever

Sony expects to be initiating a gradual return of PSN and Qriocity services this week. Initial logins will require a password change via authenticated email or on the PS3 on which the account was initially created. The company is also urging customers to change details for any other online accounts which use the same login and/or password as their PSN or Qriocity accounts. In better news, Sony's "Welcome Back" program will provide apologies for the inconvenience in the form of free content and online time for PSN or Qriocity.

May 2, 2011

The PSN outage which began on April 20th was caused by a manual shutdown of the network at Sony's end. Sony's Qriocity media-streaming service was also shut down by the company on the 19th, immediately following Sony's discovery of an intrusion into its servers sometime between the 17th and 19th. These shutdowns were for the purposes of protecting user accounts and auditing the company's data systems and security measures.

Sony's MMO division, Sony Online Entertainment, initially indicated that its user information had not been affected by the PSN attack, but it announced today that the breach did extend to its servers. Financial Times is reporting that rather than a single intrusion, Sony is still discovering the traces of a series of attacks; however, the company maintains that these all stem from the initial April 17th-19th system breach.

SOE customer? On a panic-scale from "shrug" to "run for the hills," this should rate somewhere around "employ a sensible level of vigilance." Sony has announced that the information stolen from their SOE servers includes users' names, addresses, phone numbers, birthdates, login names and hash-scrambled passwords; this also includes credit or debit card numbers for around 12,700 non-US customers. Security numbers for the cards were apparently not stolen, making fraudulent use of the cards more difficult, but not impossible.


Above: Card security numbers are still safe. Except poor Mr. Public's, of course

Four security companies have been enlisted to trace the attack, and the FBI has been asked to investigate the matter as a criminal act. Congress, in turn, has asked Sony to provide information about their handling of customer security as a result of the attacks, including the delay in notifying customers of the data breach.

Sony is asking all customers of its online services to watch credit card records and account statements for unexplained purchases over the coming weeks. Users in affected territories will be offered complimentary enrollment in identity-protection programs, and Sony will be contacting all users whose data it believes may have been affected by the attack; however, the company wishes to stress that anyone contacting you requesting credit card, social security or other personally identifiable information is NOT a representative of Sony and no information should be given out.


Above: And thank God the FBI are in on this, or we'd have no way to link it back to videogames whatsoever

Sony expects to be initiating a gradual return of PSN and Qriocity services this week. Initial logins will require a password change via authenticated email or on the PS3 on which the account was initially created. The company is also urging customers to change details for any other online accounts which use the same login and/or password as their PSN or Qriocity accounts. In better news, Sony's "Welcome Back" program will provide apologies for the inconvenience in the form of free content and online time for PSN or Qriocity.

May 2, 2011

Topics

We recommend