Playstation Network Customer Data Compromised – Sony Waits a Week to Divulge Information
The Sony Playstation Network has been down since last Wednesday – almost a full week so far. Sony has put out as little information as possible while they’re scrambling to get everything up and running. Their first three reports stated the network might be down a day or two, but since we’re moving into week one, these timeframes weren’t working. On their most recent report, they claim some services of the network will be up “within a week”.
With their most recent update today, April 26th, Sony had this to say:
“We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network.”
Considering that was well over a week ago and they’re just now telling the customers that their name, address, credit card information – not to mention their username and password – was compromised, I would call that a huge misstep by Sony.
At least if they were upfront and quick in explaining what happened right off the bat, they would have given users enough time to change their passwords & notify their banks. Oh… and forgot to mention the part about having over 70 million registered users. This is why I use my dumbed-down passwords on things like these.
http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/
On a side-note, Steam – which many users were looking forward to use on Playstation Network, has a feature which runs through 3 layers of verification to associate a user to his or her account. Email, Captcha, Password. Once your account is validated to an unrecognized computer, you can use it.
Update 4/27:
Sony has provided a bit more information regarding their network being hacked, including a Q&A section to answer some of the concerns everyone has had over the past week.
Out of all of that, this is the line that stands out for me;
“The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.”
So… basically all the personal user information was left unencrypted, except for the credit card information? They’re not helping their case much here.
At any rate, Sony claims that some of their services will be “up and running within a week from yesterday.” This works out to being May 3, 2011 – so we’ll see if they live up to their estimate.
http://blog.us.playstation.com/2011/04/27/qa-1-for-playstation-network-and-qriocity-services/
Update 4/28:
Sony has addressed a few more inconsequential concerns regarding MMO leveling, savestates, points, and trophies. One thing they closed this update with was regarding compensation.
Q: Will there be a goodwill gesture for the time we haven’t been able to utilize PSN/Qriocity?
A: We are currently evaluating ways to show appreciation for your extraordinary patience as we work to get these services back online.
We’ll see what they come up with and will bring the latest news as it comes out.
http://blog.us.playstation.com/2011/04/28/qa-2-for-playstation-network-and-qriocity-services/