Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

PlayStation Network Hacked: User Data Compromised

PlayStation Breach, Network Hacked: Sensitive User Data Compromised

PlayStation Breach, Network Hacked: Sensitive User Data Compromised

PlayStation Network BreachSony today alerted users that an unauthorized person has obtained significant pieces of personal data including, name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID of its PlayStation Network users.The company also warned that profile data, including purchase history and billing address (city, state, zip), and PlayStation Network/Qriocity password security answers may have been obtained. With the PlayStation Network having over 75 Million registered users, we have a massive breach here. Yes, another one.

Sony says the network could be down for up to another week. Sony had intentionally “shut off” access to the PlayStation Network last Wednesday, presumably when the breach occurred.

While it’s not known who is responsible for the intrusion, many were initially pointing fingers at Anonymous, the “Hacktivist” group that gained much visibility over Wikileaks and music industry related attacks. The group had recently targeted Sony Web properties with DDoS attacks in response to a lawsuit that Sony had filed against Georg Hotz, an American hacker who discovered how to unlock (jailbreak) the PlayStation 3 console’s operating system. 

But the Anonymous group says it’s not behind the incident saying earlier this week, “For Once We Didn’t Do It.” In a post to the site the group uses to update the world on its latest initiatives, the group wrote, “While it could be the case that other Anons have acted by themselves AnonOps was not related to this incident and takes no responsibility for it. A more likely explanation is that Sony is taking advantage of Anonymous’ previous ill-will towards the company to distract users from the fact the outage is actually an internal problem with the companies servers.”

Below is from an update from Sony as of this afternoon:

Valued PlayStation Network/Qriocity Customer:
We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:

1. Temporarily turned off PlayStation Network and Qriocity services;

2. Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and

Advertisement. Scroll to continue reading.

3. Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

We will continue to update this Sony PlayStation breach incident and provide additional information as we are able to get it.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.