We want to let you know that we have detected attempts on Sony Entertainment Network, PlayStation Network and Sony Online Entertainment (“Networks”) services to test a massive set of sign-in IDs and passwords against our network database. These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources. In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks. We have taken steps to mitigate the activity.
Less than one tenth of one percent (0.1%) of our PSN, SEN and SOE audience may have been affected. There were approximately 93,000 accounts globally (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000) where the attempts succeeded in verifying those accounts’ valid sign-in IDs and passwords, and we have temporarily locked these accounts. Only a small fraction of these 93,000 accounts showed additional activity prior to being locked. We are currently reviewing those accounts for unauthorized access, and will provide more updates as we have them. Please note, if you have a credit card associated with your account, your credit card number is not at risk. We will work with any users whom we confirm have had unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet.
As a preventative measure, we are requiring secure password resets for those PSN/SEN accounts that had both a sign-in ID and password match through this attempt. If you are in the small group of PSN/SEN users who may have been affected, you will receive an email from us at the address associated with your account that will prompt you to reset your password.
Similarly, the SOE accounts that were matched have been temporarily turned off. If you are among the small group of affected SOE customers, you will receive an email from us at the address associated with your account that will advise you on next steps in order to validate your account credentials and have your account turned back on.
We want to take this opportunity to remind our consumers about the increasingly common threat of fraudulent activity online, as well as the importance of having a strong password and having a username/password combination that is not associated with other online services or sites. We encourage you to choose unique, hard-to-guess passwords and always look for unusual activity in your account.
Sudden feeling of deja vu….
@97 Agreed! people should learn how to make safe passwords
@95 It is 11:44 pm PST, which is the time that they use cause they are from the West Coast.
To all that think that it was a hack on the PSN, you are mistaken and clearly did not read the entire notice. It clearly says that someone(or some group) tried to use a list of user ID and passwords that were listed on some source that is not tied in to Sony’s own network. But they just happened to be user ID and password pairs.
So. like some had said, if you are using the same user ID and password on other sites as you do on PSN, you are basically asking for trouble. Also, when the PSN was brought back online in May all of us had to use a different password due to the mandatory password reset. If you happened to change that password back to the password that you used before the compromise, then you are really dumb and deserved it.
Like some have said, use password managers. There are freeware utilities for both Windows and Mac to help you get this organized. You don’t have to memorize if but it does help a lot.
Thanks for letting us know. But I really hope PSN does not go down again…please no do something Sony come on. Battlefield 3 comes out in 2 weeks. If PSN goes down when that game comes out I think I will lose my mind.
IM SO SICK OF THIS B.S.!!! I MEAN, GLAD YOU ALL ARE PUTTING EFFORT INTO TRYING TO CATCH THE VILLAINS BUT DAMN!!!! EVERTIME I TURN AROUND I HAVE INTERRUPTED GAME PLAY BECAUSE OF SOME B.S. AND THEN IT TAKES FOREVER BEFORE ITS FIXED!!! NOW YOU SAY IT WILL BE A EMAIL SENT OUT ABOUT CHANGING THE PASSWORD BUT JUST HOW FREAKIN LONG WILL IT BE BEFORE THAT EMAIL IS SENT OUT??? DAMN NEAR A MONTH?? THIS IS TOTALLY GETTING RIDICULOUS… I HOPE I GET MY EMAIL VERY SOON!!! #MR VERY IRRITATED GUY FEE REALLL!!
Huh! Look what happened while I was finishing ICO!
I echo the sentiments of the majority here, but how do you know it was a quick response? Did I miss the part of the post where he said that?
My account is fine, was downloading stuff for hours today, signing in & out on my 2 PS3’s. I made sure last time that my PSN password is unique among all my various online accts since some jack*sses are targeting Sony.
Shouldn’t these people be wearing their V for Vendetta masks @ their local Occupy sites & leave us harmless gamers alone?
Thanks for the info, great that you guys are keeping us informed about potential threats. I’m confident in my PW for my psn account, I use that PW only on psn and nowhere else.
PSN fails again. It can’t do everything.
It’s when i see posts like this that i’m proud to be a Sony customer. By keeping us informed, you prove that you care about your customers. Thank you.
As for people that got hacked (or not), using a secondary email to register/log in to less secure sites like forums and having different password for each website/services is the best way to avoid this kind of hack. Sometimes only a little variant in your password (ex.: password , pa55w0rd, pass_word001, etc) help you remember it and still avoid those hacking attempts. Hope this helps :)
Neo
Thanks for the fast update and to be straight with us! you win so much by doing that! and i dont get why people are so dumb and keep doing this, get a real job and stop making other peoples life sad, they prolly hate Sony like a mother”%”#@ but come on!
I gotta admit while this did happen again. I’m at least happy they us know from the get go and not wait or keep us in the dark about every little detail. it would be nice to know who got hack to know if we need to change any/all our info. Plus i think now would be a great time to be able to change our things like Psn ID/e-mail, etc. so that we are able to lower the risk of hackers against us.
Maybe find out where the information was stolen from? Nearly 100,000 accounts compromised is not a small thing.
SEE when they know what happens there is no problem. :3 Only when it comes out no where and effects every account is there a problem.
WE GOTTA GO THRU THIS MESS AGAIN.YALL CAN GIVE US PLAYSTATION CREDIT POINTS AND FREE GAMES DOWNLOADS AND 250 FREE STUFF INPLAYSTATION NETWORK AS WELL AS A FREE YR OF PLATSTATION PLUS . WE DESERVE IT FOR BEING LOYAL FAN AND STANDING BY YALL SIDE THRU THIS SITUTATION
Thank you for the update. Greatly appreciated :)
Oooh. :O Thanks for the update!
Thanks Sony.
I think I’m gonna change my password again, just to be save ;)
thank you Sony for letting us know this time. Keep up the good work.
You would think the hackers would be to busy playing Gears of War 3 & Forza 4 on their Xbox 360’s to have time to hack PSN :D
Thanks for the update. Most understand brute force attempts to hack people’s account in this way are un preventable. Best bet is a good PW. Is it possible to have a 3 party [like 1Password] encrypt our passwords?
Awesome that you guys are updating us.
sony why do u keep breaking my heart ?
good job on for adding a early detection system when psn came back online. so good job sony for letting us know
@91 DCS-Tekken
Why don’t you learn to read. Read that first paragraph.
It BLATANTLY tells you they tried and FAILED to hack them. Sony is just letting you know they stopped any of the accounts the ATTEMPTS were coming from. All you ever seem to do is whine and moan. And NO, you’re not entitled to ANYTHING FREE just because they TOLD you they stopped a hack attempt.
I don’t get it! Oh well, If the PSN gets shut down again I can just play my PS2 just like the old days.
Great work this is much better letting us know quickly that a breach has happened. Thank you.
Cool ! Thank You For The Update :D
Keep up the good work Sony…
This may have something to do with it. 2 days ago as I was browsing through my message box I noticed 2 new messages that I haven’t seen B4.
1. An invitation from a PSN user w/ a PSN Logo asking me to join them on a new PS Home Beta. It has an attachment that said “PSN Home Beta”.
2. A message asking me to pass on a their message to other Friends & by doing so We will receive a code for a $50.00 PSN wallet credit. On the bottom of the message was a code entitled “$50.00 PSN wallet credit”
I have since deleted those messages.
C’mon those kinda messages stink of dead fish.
If any of you receive those kinda messages don’t open them, don’t use them, reply, or entertain them. Delete them from your Inbox.
Read the forums on the Playstation Blogs that’s the real deal (Moderators R on hand to filter truth from lies & Deals from Scams)
@ Emby25
The list is not Sony’s. It is likely a list of usernames and passwords stolen from another website that the hackers took a chance on. They fed them into a bot and hoped that people were using the same username and password on the PSN network as they did on that website.
The lesson: Vary your usernames and passwords. Otherwise, if one website you use is compromised, then, at least for you, every website you use is compromised.
May I suggest a 2 step sign in procedure such as Google offers?
Gonna be checking my accounts then. I have 4 of them so I’ll manually check each one.
when they catch these Pr1cks im gonna get my .35 caliber revolver out and pop a cap in their knee caps
So I noticed something fishy going on with my account last night about 11:00 EST. It kept saying my password wasn’t correct and wouldn’t let me sign in, so I went and reset my password immediately. Would you say I should still reset it again?
Sony needs to be careful with Activision and Microsoft.
They have an agreement that goes far beyond the Call of Duty DLC.
I Love Playstation :)
thank for the info, sad that hackers would try and abuse a free network . can’t see why they think hacking a free network is cool to do .
Glad to see that you guys learned from last time.
Thanks for the info
Thanks guys for the info. Please keep working hard to maintain the security on PSN. This year the hackers activity increased in a manner nobody expected. All the major sites in the world have had intrussions and attempts to steal information. Even accounts from people from the pentagon was compromised recently. So far, most people didn’t pay attention to keep good security measures in their accounts (email, eshops, forums, social networks, etc.) because they still think internet is just a addon to their real life. The same way you try keep your physical credit card out of unknown or suspicious people or not letting just any stranger let to know where you live if he/she ask you at the street, you must do the same in internet, setting strong passwords, and even changing those passwords regularly and be aware of the security/privacy options of your forum, social network, email or any site you have an account at. Sounds kind of paranoic, but these days is what we have.
wow
Hope these idiots get caught.
Thanks for the heads up.
You’ve heard it before (last time this happened), thanks for the updates and fight the good fight.
Please keep us all posted on further developments and if anyone else should have cause for concern.
man what a drag. i have to fix all of my accounts >.> really don’t need to lose this one like the last one loool
Sony do your best to repair the issues :D
Mr. Reitinger – Thank you for the notification and for being on top of this! Much appreciated and a job well done.
While it’s bad that this did happen, it’s good to read that Sony is actively monitoring their networks for security breaches. Thank You Mr. Reitinger for informing us of the situation and how Sony is going to handle the issue.
Refreshing Honesty. Sony did learn.
Password mining is a real threat these days. Take your bank which is very secure at sending data and somewhere you do not want others getting into. over 75% of peoples Facebook/MySpace, Email and bank passwords are the exact same username and password.
Even if your Banks username and password is different if your email is not then the attacker can easily reset said password.
As for protections like place of birth or mothers maiden name 75% of people use the 3 easiest to find per site. A simple visit to the users compromised Facebook page and you have access to a pre-tagged list of all their relatives, pets, hometowns, schools, colleges, foods, likes, and any other information you might need. And even access to their friends and family members information.
There are even programs that can automate this task for you and organize all said information into a life dump including all the major sites you know passwords too.
Thanks for the head-ups!
i’m going to start Resetting my password every day from now on 365 passwords a year hack that Stupid hackers.
DESPUES QUE NO INTERFIERAN CON EL LANZAMIENTO DE UNCHARTED Y MW3.