PSN Intrusion: More Q&A


The Official PSBlog posted another Q&A Post today that addresses some more questions about the PSN intrusion.

Some highlights include:

They “expect to have some services up and running within a week from yesterday.” (So hopefully by Tuesday, May 3rd.) “However, we want to be very clear that we will only restore operations when we are confident that the network is secure.”

It says that all 77 million people have been, or will be, contacted via email by tomorrow. I received mine this morning.

They also revealed that a “new system software update that will require all users to change their password once PlayStation Network is restored,” is being created.

All Credit card data was encrypted, however, the personal information was not encrypted.

The entire post is re-posted below for your convenience.

First off, we want to again thank you for your patience. We know that the PlayStation Network and Qriocity outage has been frustrating for you. We know you are upset, and so we are taking steps to make our services safer and more secure than ever before. We sincerely regret any inconvenience or concern this outage has caused, and rest assured that we’re going to get the services back online as quickly as we can.
-
We received a number of questions and comments yesterday and early today relating to the criminal intrusion into our network. We’d like to address some of the most common questions today.
-
We are also going to continue to post updates to this blog with any additional information and insight that we can over the next few days.
-
We are reading your comments. We are listening to your suggestions. Please keep them coming.
Thank you.

Q: Are you working with law enforcement on this matter?
-
A: Yes, we are currently working with law enforcement on this matter as well as a recognized technology security firm to conduct a complete investigation. This malicious attack against our system and against our customers is a criminal act and we are proceeding aggressively to find those responsible.

Q: Was my personal data encrypted?
-
A: All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.

Q: Was my credit card data taken?
-
A: While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained. Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network or Qriocity, and is therefore not stored anywhere in our system.

Q: What steps should I take at this point to help protect my personal data?
-
A: For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well. To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports.

Q: What if I don’t know which credit card I’ve got attached to my PlayStation Network account?
-
A: If you’ve added funds to your PlayStation Network wallet in the past, you should have received a confirmation email from “DoNotReply@ac.playstation.net” at the email address associated with your account. This email would have been sent to you immediately after you added the funds, and will contain the first 4 digits and last 4 digits of your credit card number. You can also check your previous credit card statements to determine which card was attached to your PlayStation Network or Qriocity accounts.

Q: When or how can I change my PlayStation Network password?
-
A: We are working on a new system software update that will require all users to change their password once PlayStation Network is restored. We will provide more details about the new update shortly.

Q: Have all PlayStation Network and Qriocity users been notified of the situation?
-
A: In addition to alerting the media and posting information about it on this blog, we have also been sending emails directly to all 77 million registered accounts. It takes a bit of time to send that many emails, and recognize that not every email will still be active, but this process has been underway since yesterday. At this time, the majority of emails have been sent and we anticipate that all registered accounts will have received notifications by April 28th. Consumers may also visit www.us.playstation.com/support and www.qriocity.com for notices regarding this issue. In addition, we have taken steps to disseminate information regarding this issue to media outlets so that consumers are informed.

Q: What steps is Sony taking to protect my personal data in the future?
A: We’ve taken several immediate steps to add protections for your personal data. First, we temporarily turned off PlayStation Network and Qriocity services and, second, we are enhancing security and strengthening our network infrastructure. Moving forward, we are initiating several measures that will significantly enhance all aspects of PlayStation Network’s security and your personal data, including moving our network infrastructure and data center to a new, more secure location, which is already underway. We will provide additional information on these measures shortly.

Q: Has Sony identified the party or parties responsible for the PlayStation Network hack and subsequent theft of personal information?
-
A: We are currently conducting a thorough investigation of the situation and are working closely with a recognized technology security firm and law enforcement in order to find those responsible for this criminal act no matter where in the world they might be located.

Q: When will the PlayStation Network and Qriocity be back online?
-
A: Our employees have been working day and night to restore operations as quickly as possible, and we expect to have some services up and running within a week from yesterday. However, we want to be very clear that we will only restore operations when we are confident that the network is secure.


Written by: Oly - Senior PR Manager


  1. #1 by Jason on April 27th, 2011 [ 27484 Points ]

    I dont trust em. going to need to be down for a long time. Im up-set over this to be completely honest. Why our information was not encrypted is beyond me. Shame shame shame. Sony love level slightly diminished

  2. #2 by Emrah on April 28th, 2011 [ 7319 Points ]

    Next EULA will include “Sony can make no guarantees to the safe-keeping of your personal data. Sony cannot be held responsible for any sort of identity-theft or credit card fraud with information obtained from PSN network through malicious activities.”

    After which, die-hard Sony fans will remind us how we agreed to their EULA :) Not signing the EULA will mean not playing online, but hey, it is Sony being gratuitous to allow us to use our consoles online, no?

    /rant

  3. #3 by dave on April 28th, 2011

    Good at lease your CC was encrypted, but your address what are they going to do with that? I mean who cares if they have your address your zip code and your state and city, people they cant do nothing with your address info. all they will know is were everybody lives at, And I feel Sony will get these people soon, hacks like this, people always leave some kind of evidence behind even if they thank they got away their is something always somewere left in the computer sofeware, it depends on if they know were to look and look for and Sony being a big huge company they can spend lots of money on this hack to find that group or person that did this lol Sony has allll the money in the world, Iam pretty confident they will find something, and I still have faith in Sony after all this said and done.

  4. #4 by Buster on April 28th, 2011

    “they cant do nothing with your address info”?!?! Criminals? Thieves? Not much except rob you blind and kill you in your sleep or sell the info to other criminals who get special sexual enjoyment out of doing those sorts of things…. Not everyone is sane Meathead, there is nothing wrong with precautions.

  5. #5 by Eddie on April 28th, 2011 [ 44532 Points ]

    Until we know the extent of which the data was protected, I’m not sure how anyone of you can come to a conclusion other then some assclown stole your info. Encryptions are just one of many steps in protecting information and are no where near 100% effective.

    ICO is currently involved in an investigation on Sony and until they come up with some conclusive evidence, everything everyone is saying is pure speculation and assumption.

    Hell just last January the Pentagons credit union was hacked and all the personal information was leaked. Do you think that was encrypted? Of course it was.

    There are a few basics thought processes we need to stick to.

    1. Nothing is 100% unhackable EVER.
    2. Encryption will not save your information.
    3. Any company cutting corners with private info should be punished.
    4. Don’t assume you know whats best.

    On a more personal note…I F’ing miss the days we could just enjoy video games…

  6. #6 by Pedro on April 28th, 2011 [ 39949 Points ]

    I’m not angry at this, not at all (but that maybe just me), but of course I’m also disappointed at Sony, I can’t deny that.

    @Eddie: I agree with you 297% ! Yesterday I was discussing the exact same arguments with some people at the chat! Nothing is unhackable, I even mentioned the fact even the pentagon was hacked!

    It’s not right to blame everything on Sony, when it’s obvious they’re not responsible for this whole mess. It’s whomever hacked the PSN that should be blamed. Sure maybe if Sony’s protection was better it MIGHT not have happened, but there’s just no way of knowing that.

    Above all, I think it’s safe to say it’s 90% certain that this invasion wasn’t targeting gamers info. As I said yesterday, the point of the intrusion was simply to hack the PSN and Sony acted accordingly, since it was impossible to know what was truly going on.

    Why I say that? Because if such a expert hacker (obviously, since I’ll bet there’s less than 100 people in the world that could’ve done that) wanted to get credit card information he would simply try a more resourceful database, such as Amazon or PayPal, because they store ALL you CC information and I really don’t believe security must be that much better on those sites.

    Anyway, that’s what I think.

  7. #7 by Pedro on April 28th, 2011 [ 39949 Points ]

    Eddie: On a more personal note…I F’ing miss the days we could just enjoy video games…  

    Sorry for the double post, just forgot to mention:

    Me too. I miss the days we need not to worry about cheating, or hacking because there were no trophies or online competition.

    You could do whatever with your game, it was yours and yours alone. There were no patches to fix the (mostly) non-existing (game breaking) bugs and glitches.

  8. #8 by Jason on April 28th, 2011 [ 27484 Points ]

    “We exclude all liability for loss of data or unauthorised access to your data, Sony Online Network account or Sony Online Network wallet and for damage caused to your software or hardware as a result of using or accessing Sony Online Network.”
    Sony has their ass covered. They will be free and clear of any lawsuit so I expect it to come on soon again having read that. We need a data protection act like the uk. That from tos http://legaldoc.dl.playstation.net/ps3-eula/psn/e/e_tosua_en.html

  9. #9 by Eddie on April 28th, 2011 [ 44532 Points ]

    Thats a standard liability clause used by all companies Jason. Besides that, EULA is not the law. Niether is TOS. If they are liable, this won’t make them not liable.

  10. #10 by Pedro on April 28th, 2011 [ 39949 Points ]

    @Jason : I’m pretty sure i had already commented to that info weird…

    Anyway, that is… well, predictable. I mean, companies do have a tendency to cover their asses in some way or the other…

    That’s why I don’t read those things, I think I’d be too scared to go through and be left with no service at all. :z (I might be a little paranoid)

  11. #11 by dave on April 28th, 2011

    I fell like people are makeing this a big deal, like your life is on the line, heres something to do 1. cancel your CC that will take care of that 2. move out of youre house if you thank someone is going to rob you or kill you like someone told me here 3. dont ever sign up with Sony when they get it up and running in case this happens again 4. or make up fake address when its up and running 5. if all else fells run in your bathroom and stick your head in the toilet that would kept you safe for sure. 6. if you have bad credit like me ID thieves are going to run away from you, they cant get credit if you already have bad credit, not that I wanted bad credit it just that something happen to me and I couldnt pay for it. Yes I dont like this ether that my info. was robbed from the PSN but I will not lose sleep over it.

  12. #12 by xDeFcoN_2FasT4Ux on April 28th, 2011 [ 2160 Points ]

    read this


You must be logged in to post a comment.

Like trophies? Like giveaways? Want to speak your mind? Register here!