PlayStation Network Security Update

443 1

On Tuesday, April 26 we shared that some information that was compromised in connection with an illegal and unauthorized intrusion into our network. Once again, we’d like to apologize to the many users who were inconvenienced and worried about this situation.

We want to state this again given the increase in speculation about credit card information being used fraudulently. One report indicated that a group tried to sell millions of credit card numbers back to Sony. To my knowledge there is no truth to this report of a list, or that Sony was offered an opportunity to purchase the list.

One other point to clarify is from this weekend’s press conference. While the passwords that were stored were not “encrypted,” they were transformed using a cryptographic hash function. There is a difference between these two types of security measures which is why we said the passwords had not been encrypted. But I want to be very clear that the passwords were not stored in our database in cleartext form. For a description of the difference between encryption and hashing, follow this link.

To reiterate a few other security measures for your information: Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well. To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports.

We continue to work with law enforcement and forensic experts to identify the criminals behind the attack. Once again, we apologize for causing users concern over this matter.

Our objective is to increase security so our customers can safely and confidently play games and use our network and media services. We will continue to provide updates as we have them.

Comments are closed.

443 Comments

1 Author Reply

  • When is the Pakistan DLC map pack with the Osama murderlize mission going to be available? go go Black Ops

  • Dood enough about this CC stuff. I get it and wasnt worried even in the begining. The stupid interweb highlights and swims in confusion. I was hoping to read today “hey psn will be online today at such and such time”. I had patients but my GF used that all up so yeah hurryz upz please and thank you!

  • Switch EURO psn back on please. Like in next hour i plan to play online in 1 hours time.

  • Just put it up now who cares about “safer” they have all our info reguardless

  • SOOPERGOOMAN187

    @Patrick Seybold I tried to contact you all last week with info to arrest the hackers only to have one of your Lackeys call me a Layman. I found out who did this intrusion, their methods used and even tutorials and video’s of them doing it, yet nobody at SONY not even you will hear me out. I’m fed up trying to help you guys out cause you just dont want it.

    How the heck do you expect to catch em when you don’t even tell all these people THE REAL TRUTH! I know the REAL truth, but do You Players of PS3 know the FULL REAL TRUTH?

    BRING PSN ONLINE OK cause these updates mean nothing to any of us now. Im fed up with not being able to play anything cause alot of my games that I bought from the store need a login to use. thats deplorable.

    Fire up the PSN Now! WE ARE SICK TO DEATH OF WAITING and a stupid ps plus free for a month isn’t a good enough apology.

    There had better be new features like skype, cross game chat, new web browser and faster in game xmb with that update of yours.

    That is all Good Day Sir.

  • wanst PSN suppose to be up like a few weeks ago lol, i remember the first update we got it said that psn would be back in one or two days and that they were doing routine maintenance….o how far we have come T_T im tierd, board, and about to lose my mind up in this joint. Get PSN back up now, not tommrow not in a weeks time, but now goddamit.

  • Man, this is way longer than I expected but then again I’d rather they do whatever necessary to not have this occur again.

  • ..no offense – but would it have killed you guys to not have waited well over a week before figuring out the passwords were hashed?

    I mean, you do understand that it’s serious for us as consumers if we lose our private data (address, name) together with our credit card numbers. Just losing one of those on it’s own isn’t a terrible problem – but you can’t change your name and go into hiding “just to be safe”, see? Because if I get my identity stolen, and it’s used for something criminal – I’m [BUTTERFLIES AND FLOWERS]. Not just for a while, but for as long as my name stays the same.

    And on top of this, Kaz actually has the gall to state that Sony are committed to stopping credit card fraud against /their/ systems? You’ve screwed me over so many times now Sony I’ve lost count – what about at least trying to level with us here for once. Would it really hurt you as a company to do so? Inform us quickly about what sort of databases might have been breached, and what info had been linked.
    (cont’d..)

  • Because what you’re doing now just gives off the impression that you’re not really concerned about our data at all. And that you’re either using the threat to users as an excuse – or that the real threat was actually only against Sony’s internal info, admin accounts, etc. If that’s the case, I’m sorry. But I don’t have time for “you maybe lost your identity and credit card to thieves, so be careful! Just in case!”.

    Not only is it useless for us, but it’s also very serious for us as users. If you actually had linked databases in a way that would actually allow sweeping datamining like this, Sony would also be in legal trouble in just about every country in the world. I hope you realize that.

    I’m not even being too dramatic about it – you already have half of the attorney generals in the States looking for ways to get more info out of you. And we still don’t know if the data lost actually stems from some “other” “implied” data-mining operation that Sony hasn’t told us about.

    But you just say: “we’re making things safer for you”. I don’t trust that. Why should I?
    (cont’d..)

  • Thanks for the info but I’m still curious when we’ll start to see restoration and what sort of reimbursements we’ll get for subscription based games like free realms.

    Though I’m glad to see this is getting sorted out finally.

  • ….

    See, we need specific information about what databases were linked, and what sort of data might have been breached and in what fashion. How were the credit card details stored. How does that differ between the regions, etc.

    So.. yeah.. Dear Playstation, whatever..

    P.S. Another thing – please don’t force a PS+ subscription on my account when the system comes back up. I don’t want to lose any games I buy this month when PS+ expires again. And my region doesn’t have any services tied to ps+, etc, so it’s not very interesting for me unless I want to just give you money for nothing in return. .. I’m guessing the system won’t ask me if I want the ps+ bonus or a regular purchase tied to my account “forever” (rather than just the 30 days).. if I’m already subscribed. So please sort that out.

  • Suprised my login still works :) but It looks like there will be no PSN update today then :(, hopefully there might come one later this week? :)

  • Clarifying that the passwords were hashed from the get-go probably would have saved Sony a lot of grief, and consumers a lot of stress. Regardless, this is obviously good news… hopefully, this will turn out to not be as big of a deal as it initially sounded it would be.

  • Well, that’s a bit of a relief. Still, I went ahead and changed any passwords I deemed insecure after this. Thanks, though.

  • SOOPERGOOMAN187

    I wish someone would listen to THIS SAHREHOLDER!!!! I have 100 shares left to me by my recently deceased grand parents. I would like to ensure the integrity of those shares as I have lost money on them this past week. Now Call me Patrick Seybold, so that I can make sure that they are fine. I was only trying to help make sure MY INVESTMENT is fine. I might just have to sell em now. As your lack of Real communication and the distasteful treatment I have suffered at the hands of your FOSTER CITY HQ staff.

  • lol SOOPERGOOMAN187

  • Im starting to deciede wether ot not I will buy a ps4 when it comes out…..mabey ill buy the xbox 720 ….

  • @RYuuskyez same here man but becareful somy sony heads here will start ctying just for thinking about it. Or others will try and defend sony and say it could happen to microsoft too, yea well IT HASNT. Sony is lucky I invested so much into my ps3. But I am going to strongly consider the next xbox unless sony pulls something out of their rear!

  • Sharingan_itachi

    Thanks for update.

  • @super goo man call the fbi hotline they posted up. Mr seyboyd cant do nothing for you in these matters. call the fbi hotline they gave out tell them whats up..

  • PLEASE SONY JUST LISTEN TO SUPERGOOMAN187 HE MIGHT BE RIGHT!!! PLEASE WE ARE WAITING PATIENTLY, BUT STILL DON´T GO WITH LIES ´CAUSE ON THE STATUS THINGY IT SAID THAT IT WAS PROBABLY ON ON MAY 2.. GUESS WHAT ITS MAY 2 ALREADY!!!
    ….Lets just hope that of the DLC we could get the FIRST STRIKE DLC!!! (for the COD black ops!!)

  • listen to supergooman187 Sony he might be right!!! WE WANT TO PLAY ALREADY!!!
    ….hope i am not the only one who wants the FIRST STRIKE DLC for COD black ops for free when the PSN is on!

  • eyesofreality03

    great updte now….DATE FOR PSN(2) opening up?

  • + Gerry_the_Veg on May 2nd, 2011 at 11:37 am said:
    ” YOU ALWAYS LIE AND CHANGE THE DATES FROM ‘ 2 DAYS TO WITHIN THIS WEEK'”

    I am guessing that you are relatively new to the internet and the PSN. Sony very rarely announces specific dates of release due to the fact that things can happen that may affect that particular release date. And then we would have the community in an uproar.

    People tend to complain if no date is stated, a given date is not met, or no date is specified. The best solution is keep the information open ended. I know that the PSN going back online is this week, thus I am happy.

  • Does this mean there will be no PSN tomorrow?

    And you misspelled “worried abut this situation.”

  • OK. Thanks for the updates, but we would like to know when will the network be back up.

  • i hope psn is coming on some time early thise week

  • PSN went down ?!?!?!?

  • SOOPERGOOMAN187

    Oh well Im bored with this. I’ve been a Sony Fan since I first Received this Short-wave radio http://goo.gl/GV4Kh as a Gift. Used it to listen to radio stations the world over, it’s what initially started me on Your Company. Can you imagine in the 80’s being able to hear music from around the world all in the palm of your hand? TO hear news events as they happen, I even once heard a distress signal at night on it. Back then there was no internet. A typical short wave system at this time was Thousands of dollars yet Sony’s had it a small and compact form and an affordable price. I then went onto the walkman, then the discman which was very expensive at the time but a marvel to use(anti skip). Ps1, psone, ps2, then slim ps2, psp1000, psp 2000, psp3000, pspGo, ps3 phat 4 times (ket breaking). Sony phones, cameras, stereo equipment, tv’s, computers, heck I still have all that stuff. And the best thing was, with the older electronics, They All Still Work.

    I’lll just go get that radio now, might as well. Nothing else to really do this Evening.

    Also you said Two days initially, after two days I had all the info you needed…….

    Sold my shares………………….

  • it’s coming…it’s coming….I can’t wait till all this is back to normal. How sad that hacks effected alot…no, a bunch of people that play.

  • That’s good news, I was a bit worried about my password. Anyway, hopefully some features will be up tomorrow, and I hope the Store won’t be down for much longer.

  • you don’t have this psn up by friday im selling my [DELETED] because of this………….

  • i don’t even remember the last time i turned on my ps3. give us a

  • DATE!!!!!!!!!!!!!!!!!!

  • slowest 2 weeks of work for me and its been down the whole time…….POST A DATE

  • *comprised

  • Oh what the crap, I didn’t know I was typing in this window. GUHHHH. Plz delete.

  • Patience is a virtue for users who can get their entire thought into one post.

    In a day and age where things are far to often rushed unfinished to hit that magical “date” it’s good to see a major company understand that it’s perfectly fine to miss that date to give a higher quality product. Is it a coincidence that some of the best developers are also notorious for missing deadlines?

    If Sony is finding more ways to improve their system and to catch the person(s) responsible, then take your time. Rushing to appease the impatient is what results in things like this happening, as an extreme example. Or more common to an online gamer, day 1 patches to fix on disc glitches, bugs, or simply missing functionality.

  • @SOOPERGOOMAN187

    Call the FBI, man. Then tell *us* who did it. Kthx.

  • Ok in the other update. You guys said that once it the psn launches again, we will be able to get ahold of free dlc… Would the new Black Ops map pack ( coming soon ) be one of those choices? Other than that or something related to Mortal Kombat or Modnation cuz that’s all I play.

  • @ #86 shredder110:

    Or the Shift 2 Unleashed Legends Pack? That would save me a $20 PSN Card.

    But, considering how EA is with DLC (After all, they DID invent the Online Pass DLC for used game copies) that probably won’t happen. One can dream, tho!

  • Well then…I think that we need to get an update on exactly WHEN the PSN will be back up and running. And for the free content, the new COD map pack “Escalation” or the New Vegas “Dead Money” DLC would be nice. Or just some free game. Either way, hurry up and get this done!

  • Man i sure hope everythings ok

  • Glad i got my free psn codes from http://www.freepsnstorecodes.com :D now even if something happens to my account i can still redeem the free $50 psn card i got

  • i get it, my information was compromised!
    once the system is up, i’m removing my
    credit card information and will use pre-paid
    playstation network cards from now on – sigh.

  • Now SOE has been taken offline too.. what does this mean for PSN? Is Sony ever going to be able to recover from this??

  • SOE was attacked to…

  • + Jimmy_Cosmos on May 2nd, 2011 at 4:39 pm said:
    “Now SOE has been taken offline too.. what does this mean for PSN? Is Sony ever going to be able to recover from this??”

    You do realize that SOE and SCEA/SCE are different divisions of Sony and that SOE is also actively involved in making sure their interests, and the interests of their subscribers, are being taken care of?

    SCE/SCEA has the Network (PSN) that all internet partners (PS3 online games) use in order to bring their games and services us.

  • + ssmarcos3 on May 2nd, 2011 at 4:51 pm said:
    “SOE was attacked too…”

    Old news. Now they are busy making reparations. SOE will be up and running once they have verified that their updates are working properly. SOE and SCE are working together to make this transition work properly for all of us. Patience. It’s all going to work out.

  • Still waiting for some kind of clarification about the usefulness of deleting our card info off the PSN prior to this breach. Seems like a very simple question to answer, yet I have asked 4 times (one in each new blog entry) and have yet to see an answer in any of these updates.

    Which makes me wonder, is there a law that says if we delete our info that it cannot be held on your system? Perhaps despite this law you guys still kept it on your servers and is why none of these ‘updates’ are commenting on it.

Please enter your date of birth.

Date of birth fields