Sony says 70 million Playstation subscribers have had their personal data breached

http://www.cnbc.com/id/42769019

Six days after a security breach of its PlayStation Network, Sony said Tuesday that the incursion was much worse than expected and hackers had obtained personal information on 70 million subscribers.

Source: SonyPlayStation 3 The company, in a blog entry posted Tuesday afternoon, added it is still unsure if the intruder also obtained credit card data for members who have that on file with the service, which provides online functionality for the PlayStation 3.

"Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID," wrote Patrick Seybold, senior director of corporate communications for Sony Computer Entertainment America.

"It is also possible that your profile data, including purchase history and billing address … and your PlayStation Network/Qriocity password security answers may have been obtained. … While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility."

Sony says the attack has led it to begin rebuilding the system. It expects to restore some services within a week.

The company is urging subscribers to be on alert for identity theft attempts as well as email, telephone and postal scams. (Users can contact the three major U.S. credit bureaus — Experian, Equifax and TransUnion — and have their accounts put in "high alert" status for no charge.) It is also advising them to change their password when service is ultimately restored.

Hey Daisy - I was just reading about this.

When the network went down last week, and was STILL down after several days (and Sony's only statement @ the time was that they were "experiencing technical difficulties", my first thought was that it had been hacked.

They know user dater has been stolen, but they're claiming they still don't know if credit card data has been stolen. I'm skeptical about that last part - I think they know credit card data has been stolen, but they're trying to downplay it to keep their 70 million + members from jumping ship (as well as to prevent their stocks from falling any more than they already have).

Anyone who has purchased anything on the PSN with a credit card should immediately cancel their cards, if they haven't already done so.

Playstation 3 security breach


SONY was hit with a major lawsuit today over a leak of personal information of Playstation 3 users. That security breach is not only affecting local users -- its also affecting Texoma businesses.


http://www.kxii.com/home/headlines/Playstation_3_security_breach_120832154.html

"Sony has made mistake by assuming that their security was good enough to keep out the hackers and to keep out the people who want to perform a malicious act," said Carl Rabe, Store Manager of Game Xchange.

The massive security breach of personal data affects more than 75 million people worldwide -- including people who stream Netflix or Hulu on their PS3 .
In Sherman, the Game Xchange has been been feeling the impact of the recent Playstation hack with customers refusing to buy popular games.

Sony sued, could bleed billions following PlayStation Network hack

http://ingame.msnbc.msn.com/_news/2...-following-playstation-network-hack?GT1=43001

Gamers and government officials are irate over Sony's admission that a massive security breach gave hackers access to large amounts of personal data from the company's PlayStation Network and, surprise(!), one gamer has already filed a lawsuit.

I got an email today from Sony about the breach. Everything from passwords to email addresses, home addresses if entered, to credit cards were breached.

otto said:

I got an email today from Sony about the breach. Everything from passwords to email addresses, home addresses if entered, to credit cards were breached.

Click to expand...

I was just going to say... we knew about everything and POSSIBLY credit card info. Now they've confirmed credit card info was breached.

This is why I'm so glad that we never bought my son a PS 3. The most current game system he has is PS2. He is very active in sports, and even though he has asked for either a XBOX or PS3, I just couldnt justify spending the money for it. He is only on it when it rains or is too cold to go outside.

This is the one time that I'm glad that my son doesnt have everything his friends have.

http://en.wikipedia.org/wiki/George_Hotz

On April 7, 2010, Hotz posted a video on the internet detailing his claimed progress with custom firmware on the machine, and showing a PlayStation 3 running with the OtherOS feature enabled on firmware 3.21. He named his custom firmware as 3.21OO, and suggested that it may also work on newer Slim models of the console. However, he didn't announce a release date for the custom firmware or mention whether he was working on the same hack for the latest firmware version of 3.41.[21] It was never released. On July 13, 2010, Hotz posted a message on his Twitter account stating that he was giving up trying to crack the PS3 any further.[22] However, on January 2, 2011, he posted the root keys of the PlayStation 3 on his website.[23] These keys were later removed from his website as a result of legal action by Sony (see below).[24] On January 6, 2011, he showed a demo of running homebrew applications on PS3 firmware 3.55 without using any jailbreak USB dongles, based on the discovery of the security exploit by the fail0verflow team.[25] On January 7, 2011, he showed off a demo video running homebrew applications on PlayStation 3 custom firmware 3.55.[26] On January 11, 2011, Sony filed an application for a temporary restraining order (TRO) against Hotz in the US District Court of Northern California.[27] The timeline of the lawsuit is continued below. On January 14, 2011, Hotz appeared in an interview on G4′s The Loop, where he explained why he jailbroke the Sony PlayStation 3.[28]

This is what Sony sent:

Valued PlayStation Network/Qriocity Customer:

We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:

1) Temporarily turned off PlayStation Network and Qriocity services;

2) Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and

3) Quickly taken steps to enhance security and strengthen our network infrastructure by rebuilding our system to provide you with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity password, login, password security answers, and handle/PSN online ID. It is also possible that your profile data may have been obtained, including purchase history and billing address (city, state/province, zip or postal code). If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained.

While there is no evidence that credit card data was taken at this time, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising that your credit card number (excluding security code) and expiration date may also have been obtained.

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security, tax identification or similar number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them as well.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit or similar types of reports.

We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority.
Please contact us at 1-800-345-7669 should you have any additional questions.

Sincerely,

Sony Computer Entertainment and Sony Network Entertainment

Eh, IMO, I don't think GeoHotz had anything to do with this... I could be dead wrong though.

There were 2 completely different "PS3 hacks" recently.

"Geohotz" figured out a way for people to run whatever software they wanted to, on their own PS3. He was sued, and then there was a settlement, and now that guy is taking a vacation and staying away from anything Sony.

The other hack was based on a thing called "Rebug" which switched any PS3 into a special "Developer mode", which then could access the online developer-only area. And then people started using that and downloading all the games (for free!). And other people jumped on and used Rebug to wiggle into other online areas, and downloaded all sorts of things they weren't supposed to.

Source: Various articles and comments on slashdot.org and theregister.co.uk
:coffeecup: