In yet another blow to Sony’s consumer image, Sony Online Entertainment confirmed that they suffered from an external intrusion. Much of the press release mirrors the information given when a statement was made regarding the PlayStation Network. This includes their servers being taken down, an outside recognized security firm conducting an investigation, and steps to further secure the network infrastructure.
Sony Online Entertainment servers where taken offline at the same time the PlayStation Network and Qriocity services, yet had been restored since then. It has been revealed that access to personal information occurred on April 16th and 17th yet was only announced May 2nd as was discovered by their ongoing investigation. Personal information includes name, address, e-mail address, gender,birth date, phone number, log in ID, and password. The passwords were in hashed form, as with PSN, and information obtained is only as far as each user supplied. It is estimated that 24.6 million user’s information was obtained.
Also along the lines of the PSN intrusion, they state that there is no evidence that any credit card information was obtained from their main server. Unlike the PSN intrusion however, some credit and debit card information has been obtained. This information was stored on an outdated database from 2007. Credit card and/or debit card numbers are estimated at 12,700 for non-US customers, including expiration dates. In addition, 10,700 direct debit records were also obtained. These records include bank account numbers, customer name, account name, and customer address for certain customers in Germany, Netherlands, Austria, and Spain. They stated that they will be promptly notifying each affected customer.
Sony Online Entertainment is also releasing a “make good plan” similar to the one offered to PlayStation Network and Qriocity service subscribers. They are granting all customers a 30 day extension to their subscriptions, in addition to a free day for every day the service is down. In the future they will also outline more details of this plan that will be extended to PlayStation 3 subscribers of their MMOs DC Universe Online and Free Realms.
There seems to be a lot of questions that still need to be answered by Sony. Many people are unaware that PlayStation Network and Sony Online Entertainment were experiencing issues up to a week before the services were taken offline. I myself have been experiencing issues since April 14th, 6 days before the network was taken down. During this time some people had no issues, but others have. Upon calling the Sony Computer Entertainment of America support number, I was greeted with an automated message.
” Thank you for calling SCEA, currently PlayStation Network services are down and we expect to have them restored shortly. We apologize for any inconvenience.”
There is very little posted on the PlayStation forums, but there are a handful of complaints prior to the PSN shutdown, along with some posts saying there were no problems. I could not log onto to the blog or the forums to add my own comments and this may be the reason why there are so few posts. I called SCEA every day from April 14th up until the PSN shutdown and was always greeted with the same message. I did stay on to speak with a customer representative on 3 occasions and they did confirm that PSN was down. This was on April 6th, 16th, and 19th, all before the PlayStation Network was officially taken offline.
So the question is, is Sony covering up something? I think all Sony customers deserve an answer.
I got double screwed. Not only did my PSN account information get stolen, so did my SOE account! Gonna be very wary about using Sony’s services now.
I’m just waiting for PSN to come back up. Thankfully I had nothing compromised other than not being able to play on PSN, but I can see where others are frustrated.