Sony has released a detailed Q&A to address the many questions users may have regarding the PlayStation Network down time and the risks following the subsequent breach of users' personal information.
Sony's PSN service has been offline for almost a week, and although SCEA said today it was working towards getting the service back online "within a week", it also admitted hackers had access to the personal information of PSN users, possibly including credit card numbers.
If you're worried you should take the time to read the below Q&A just released by Sony to answer some of your questions.
Q.1 When did you realise the system had been intruded?
We discovered between April 17 and April 19 there was an illegal and unauthorized intrusion into our network.
Q.2 How did you know that the system was intruded?
We watch for any issues that may be raised with respect to security and monitor for such issues both internally and externally.
Q.3 What is the main reason to this problem? Which parts of the system were vulnerable to the intrusion?
We are currently conducting a thorough investigation of the situation. Since this is an overall security related issue, we will not comment further on this case.
Q.4 What action did you take (are you taking)? Is there any possibility of further unauthorized access?
As soon as we learned of this issue, 1) we temporarily turned off PlayStation Network and Qriocity services in order to conduct a thorough investigation and to verify the smooth and secure operation of our network services, 2) we have also engaged an outside, recognized security firm to conduct a full and complete investigation into what happened, and 3) quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.
Q.5 How many were affected? How many per each region? What is the latest status of PlayStation Network registered account/ operating countries.
Our investigation indicates that all PlayStation Network/ Qriocity accounts may have been affected.
Q.6 Does that mean all users' information was compromised? Tell us more in details of what personal information leaked.
In terms of possibility, yes. We believe that an unauthorized person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity password, login, password security answers, and handle/PSN online ID. It is also possible that your profile data may have been obtained, including purchase history and billing address (city, state/province, zip or postal code). If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. If you have provided your credit card data through PlayStation Network or Qriocity, it is possible that your credit card number (excluding security code) and expiration date may also have been obtained.
Q.7 Have you notified those users?
We are sending out e-mails directly to these users to their e-mail address registered on the PS Network accounts. Also, we have posted web notices, and additional necessary procedures have been followed by each region.
Q.8 Have you received reports or claims that their PSN ID information/ credit card had been used improperly?
Not at this point in time.
Q.9 I want to know if my account has been affected.
To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your account statements and to monitor your credit reports. Additionally, if you use the same user name or password for your PlayStation Network or Qriocity service account for other unrelated services or accounts, we strongly recommend that you change them. When the PlayStation Network and Qriocity services are back on line, we also strongly recommend that you log on to change your password.
For your security, we encourage you to be especially aware of email, telephone, postal mail or other scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking.
Q.10 What should I do to prevent any unauthorized use of my (credit card) personal information?
For your security, we encourage you to be especially aware of email, telephone, postal mail or other scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. Additionally, if you use the same user name or password for your PlayStation Network or Qriocity service account for other unrelated services or accounts, we strongly recommend that you change them. When the PlayStation Network and Qriocity services are back on line, we also strongly recommend that you log on to change your password.
To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your account statements and to monitor your credit reports.
Q.11 Since when have PSN/Qriocity become unavailable and in which region?
PSN/Qriocity services have not been available since April 20 (US time) in all regions.
Q.12 How come it is taking so much time to resume the service?
We are taking the investigation seriously. We decided to keep the service down to allow us to conduct a thorough investigation and verify smooth operation of our network services.
Q.13 How serious is this? Have the hackers broken the security on PSN/Qriocity? Are you taking necessary measures to prevent such outage happening in the future?
Since this is an overall security related issue, we will not comment further on this case but we are working to restore and maintain the services, including countermeasures against future intrusions.
Q.14 When will the service resume?
We are taking the investigation seriously. We will keep the service down to allow us to conduct a thorough investigation and verify smooth operation of our network services but are working hard to resume the services as soon as we can be reasonably assured security concerns are addressed.
Q.15 Seems like SOE service was also not available/ suffering outage. Is this true? Is this due to the same reason as the PSN/Qriocity outage?
SOE's service is available although a service interruption due to an external attack did occur. A thorough investigation is ongoing.
Q.16 I want my money back (subscription fee, content) since the PSN/Qriocity was not available.
When the full services are restored and the length of the outage is known, we will assess the correct course of action.
Q.17 There seems to be some games that cannot be played even offline?
Depending on the game titles, but mainly PSN games, some may require access to PSN for trophy sync, security check, etc.
Contact Details
Country Customer Support
Africa sonycustomercare.mea@ap.sony.com
Australia 1-300 365-911
Austria 0820 44 45 40
Belgium 011 516 406
Bulgaria support@sbhbg.com
Croatia playstation.hr@arsvenatus.hr
Cyprus 22352282
Czech Republic 222 864 199
Denmark 90137013
Estonia 6543484
Finland 600411911
France 0820 31 32 33
Germany 01805 766 977
Greece 801 11 92000
Hungary 1 814 4800
Iceland 591- 5100
India 1800-103-7799
Ireland 0818 365065
Israel 09-9711700
Italy 199 116 266
Latvia 67046049
Lithuania 37338655
Luxembourg 0820 31 32 33
Malta 234 360 00
Middle East - All sonycustomercare.mea@ap.sony.com
Netherlands 0495 574 817
New Zealand 09 415 2447
Norway 82068322
Poland 0 801 230 000
Portugal 707 23 23 10
Romania support@sbhbg.com
Russia 8-800-200-76-67
Slovakia 232 112 209
Slovenia 1 510 31 30
South Africa 0861 773783
Spain 902 102 102
Sweden 9002033075
Switzerland 0848 84 00 85
Turkey bilgi@eu.sony.com
UK 0844 736 0595
Comments
39 comments so far...
Mmmmgrolsch on 27 Apr '11 said:
Please put this as your main news at the top not wii regrets
Honest to god I hope these hackers get rapped by a group of massively hung black men and brutally tortured until they die! 
stop leaving your customers in the lurch and keep us posted rather than guessing. 
As for Sony, this info should have been released days ago
I really fear for the future of Playstation, the PS3 just doesn't get any luck, just as it was getting off the ground it gets raped like this by some thieves
I am in 2 minds as to whether this is just thieves or someone like Anonymous doing this to show Sony what they can do. My moneys in the former.
As for 360 trolls posting "LOLZ Live dusnt get these problems lolzzzz die sony hahaha" p**s off is this really a time to troll? This is sad times to see an important gaming brand to be taking a hit.
And if it were the other way round my comments still stand. Its not nice to see any gaming company to get attacked like this. After all it effects every single one of us gamers.
StokedUp on 27 Apr '11 said:
These hackers could easilu become mega hated people, if theyve got Users personal data these users are not going to be happy about it, i know i wouldnt, and id love them to show there faces. These guys are cowards, id love to beat the s**t out of them.
Madzaw on 27 Apr '11 said:
ouch, this sucks for sure. It's one thing that you couldn't play online but credit card information and personal stuff like that, shame on you sony. I guess anonymous is a lot more than just doing ddos attacks!
gobbybobby on 27 Apr '11 said:
it was not anonymous.
theaface on 27 Apr '11 said:
Q18. Why did you wait until 26th April to notify your customers?
Atko10 on 27 Apr '11 said:
This probably wasn't anonymous as not admitting to it would be defeating the point of the group. However it could easily be people affiliated with the group and this just goes to show that hacking causes more problems than it solves. The hackers behind this should realise that by stealing psn users personal information they are in no way fighting for some noble cause i.e. internet freedom/defending Geohotz. They are just making themselves look like criminals and proving that Sony were right in their pursuit of Geohotz, as without his initial hacking of the ps3 system this would not have been possible. It is more likely that this has been caused by nothing more than a bunch of cowardly thieves. What a bunch of F*CKING C*NTS!!!
Dewin on 27 Apr '11 said:
@Gobbybobby
Yeah, because you can trust hackers to tell the truth. They are honest people.
/facepalm
PandyBear on 27 Apr '11 said:
Want me to hand over my Drivers license, National Insurance No. and Birth certifcate too? Seeing as they 'Could' possibly have all of the above.
By writing a short apology on the Blog going, "LoL, oops. Sorry guys. No refundsies or freebies"
But in all seriousness, this is a pretty horrible situation for Sony right now. I've not been affected by the PSN down time myself, as i've been out enjoying this Bank holiday weather and Playing on me PC. Swings n round abouts and all that.
El Mag on 27 Apr '11 said:
I don’t blame Sony for being hacked. But I hate how they were so hush hush about everything. This stuffs happening to companies we place our trust in too often, i remember Shopto and Play.com having issues where info was stolen. It's not so much our names and addresses i'm worried about, they're easily obtainable to these type of people in most cases anyway. It's those who used a card during the dates of the failure and those that had their card info always stored i feel for.
Dewin on 27 Apr '11 said:
Hypothecal question:
If PSN users lose money because of credit card fraud... could you sue Geohotz?
As in compromised PSN users vs Geohotz?
Lets face it, all this crap is still this little turds fault as he broke the lock.
dangermou5e on 27 Apr '11 said:
Questions 6 to 10 is scary stuff
Makes me wonder is Microsoft evaluating their security as if this was a bunch of hackers whats to stop them having a bash at Live?
El Mag on 27 Apr '11 said:
Judging from the comments on the american blog last night some will be actively going about suing Sony for that as soon as they can. I just hope they find whoever did this, and he's given a very slippery bar of soap for his going away gift.
dangermou5e on 27 Apr '11 said:
Wrong! He disabled the security on the PS3 only, This was a PSN attack which had nothing to do with why Sony are suing/sued Geohot.
boskersrevenge on 27 Apr '11 said:
Wrong?
..is stuff like that ever necessary? You could have started your post without it and it would have come over much less confrontational.
I wouldn't be surprised if there was a breach or two on Live we never heard about.
All of this just wasn't worth it because Sony removed the other OS feature, which I am assuming is what this is all about.
Most people just buy a console to play games and could do without the freedom fighters stealing their IDs.
Dewin on 27 Apr '11 said:
This breach in PSN security still came forth from a custom firmware hack. The one Geohotz made possible. So it still applies to him. And i''m pretty sure legally you could make that stick, especially in the US.
starvinbull on 27 Apr '11 said:
M$ have reportedly begun unbanning banned consoles.
El Mag on 27 Apr '11 said:
I think most will go after Sony though if they sue, big company with money or smart annoying arse with a spotty face.
Completely off topic but i just heard who the married football player that Imogen tart from Big Brother was banging, if true then it's a massive shock.
veato on 27 Apr '11 said:
I'm pretty sure I never linked a card to my account so I'm not worried about that. A quick change of my PSN password will be needed though. What annoys me is that I cannot very well change my name and address! How can I stop credit applications being taken out in my name?
To any fanboys either taking advantage and laughing (Xbots) or defending the corporation against any liability (SDF) then you really need to take a long hard look at yourselves.
@El Mag who is it?
Ninja Wolfman on 27 Apr '11 said:
It happened with TXMAXX in the USA a few years ago on this scale, XBOX LIVE is the next target I bet.
starvinbull on 27 Apr '11 said:
Wrong! The intrusion came about as a result of hackers being able to masquerade as admin by using hacked PS3s made to appear as debug PS3s to the PSN.
The efforts of GeoHotz to break apart all security on the PS3 contributed to this attack.
Anonymous are criminals that have veered from genuine freedom of speach activism to corporate terrorism.
With regards people saying that anonymous certainly didn't carry out these hacks I say this, why would you believe a word they say? Their assurance goes this far "we didn't officially do it, some of our members may have done it under the radar." They have the means, motive and they threatened to attack Sony services numerous times. Unless another, definitely unrelated individual is caught and prosecuted I will continue to believe somebody from anonymous has a hand in this attack.
If you enjoy playing games as a hobby and believe that companies ought to provide services you want to use then these attacks are an attack on you. Stop defending the scum that either carried it out, encouraged others to do so or provided the means to do so.
heatuk10 on 27 Apr '11 said:
Did he score last night by any chance? lol
starvinbull on 27 Apr '11 said:
Who was it?
Mark240473 on 27 Apr '11 said:
It's always worrying when personal details go walkies, especially card details.
Mind you, it'll make a change from the missus using it.
You've got to laugh in these situations. Oh, and probably cancel your card too.
pmantis on 27 Apr '11 said:
Wow. Who was it and how did you find out.
She's a f**king hot one - gonna crack one out to her just now.
(on topic)
Sony are disgusting pigs for letting this happen.
theaface on 27 Apr '11 said:
That famous Pro Evolution Soccer 3 player, Greggs?
shogunreaper on 27 Apr '11 said:
I enjoy playing games but i don't think this happening was a bad thing, maybe sony will finally start improving their service now.
I do feel sorry for all the people who pay for psn+ though, but then again they are stupid enough to pay for something that yields hardly any benefits other than discounts on games that shouldn't cost as much as they do in the first place.
But anyway, blaming this on geohotz is ridiculous. You want someone to blame? Blame the developers of the ps3, they are the ones that made the half-assed security system in the first place that allowed every single thing in recent history to take place.
Zepf on 27 Apr '11 said:
Surely if the security codes and expiration dates weren't hacked then card details are useless?
Any purchase I've made over phone/ internet needed those things.
ricflair on 27 Apr '11 said:
If that's right, Konami will be suing CVG for dollar.
Anyway, is this directly linked to the hacking on the PS3 (I'm sure it's a consequence of the whole episode though)? I would think this has been an attack on Sony's servers, so does it have anything to do with the security breaches established be Geohoy etc?
gnokgnik on 27 Apr '11 said:
I haven't received an e-mail yet. Does this mean I'm not affected or that Sony is slow in doing this also?
El Mag on 27 Apr '11 said:
That's where people will have a problem. Supposedly the card info was like this in plain view on Sonys servers, all the EXAMPLE bits and numbers would be your details.
creditCard.paymentMethodId=_”CC_COMPANY”_&
creditCard.h olderName=EXAMPLENAME&
creditCard.cardNumber=_”1234567890123456?_ &
creditCard.expireYear=2012&creditCard.expireMonth=_”2?_& ;
creditCard.securityCode=_”123?_&
creditCard.address.address1=_ “EXAMPLESTREET”_%2024%20&creditCard.address.city=_”EXAMPLECITY_”%2 0&
creditCard.address.province=_”EXAMPLEREGION_”%20&
creditCard.address.postalCode=_”12345_”%20
dangermou5e on 27 Apr '11 said:
Yes Bosker maybe that did come across a little confrontational it was not meant to be overly hostile so I apologize, But blaming one Guy for the downfall of PSN is a little narrow sighted! I don't support what Geohot(or the simpletons who attacked PSN if they exist?) has done in any way but I also don't like the way people are now blaming him for everything.
Sony must have realized that in suing someone as big as Geohot is in the hacking community that they might just face a few p**sed off hackers, So some of the blame needs to lay at Sony as we put our trust in them by supporting PSN and purchasing items and games from their network and they should have expected that just maybe someone might just attack PSN and in doing so steeling are data to which we intrust Sony with.
boskersrevenge on 27 Apr '11 said:
Hey, it's the internet, we're all t**ts
martinawatson on 27 Apr '11 said:
The only other question would be is there anything you could do in the future to track and trace the hackers on future hacking attempts as they are actually occurring.
starvinbull on 27 Apr '11 said:
As much as Sony have a duty to protect consumers using PSN they didn't lose the information or allow hackers access. Determined individuals acted in a covert effort to break/steal from/gain access to Sony's private network. The blame lies primarily with the people doing the hacking and coming on the back of many attacks on Sony's services I'm surprised how many people don't blame the hackers themselves, you know, the guys guys robbing from us all.
If you leave a window open in your house and thieves manage to squeeze through and steal your stuff, you don't let them off the hook because you forgot to close the window do you? In this analogy it isn't even you leaving the window open, it's Geohotz and his mates.
RetroSteveUK on 27 Apr '11 said:
I read the original article that shared those details. All info sent from your PS3 is encrypted. If you're using a hacked firmware, that's when things get dodgy. Credit card info, etc. can end up being sent unencrypted, and can be covertly intercepted by the creator of the hacked firmware. It's not hard to imagine a hacker creating firmware that secrectly passes info to him/her, distributing it to people who say, "whoopee, I can hack the PS3," and harvesting the info from these unsuspecting hacker wannabes.
alan666 on 27 Apr '11 said:
Sony should have said something straight away even if there was only a tiny chance that peoples data have been stolen.
StokedUp on 27 Apr '11 said:
i recieved an email at 17.56 today off sony saying this:
Valued PlayStation Network/Qriocity Customer:
We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:
1) Temporarily turned off PlayStation Network and Qriocity services;
2) Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
3) Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.
We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence that credit card data was taken at this time, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, to be on the safe side we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
[b]For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security, tax identification or similar number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.
To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your account statements and to monitor your credit or similar types of reports.
We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at http://www.eu.playstation.com/psnoutage should you have any additional questions.
Sincerely,
Sony Network Entertainment and Sony Computer Entertainment Teams.
is this just a mandatory email which every psn member is going to receive or is it a personal email telling me that I am someopne who has been breached? has anyone else recieved it? the thing that gets me is that IF it is a personal email why havnt they used my name instead of "Dear Valued member"?
alan666 on 27 Apr '11 said:
i got a email exactly the same as that one.
psiloqk on 27 Apr '11 said:
excuse me
Im just as p**sed at Sony , playstation , hackers but......
HOLD THE f**k UP !!!WATCH THAT BULLs**t ABOUT "U HOPE THEY ARE RAPED BY HUNG BLACK MEN" .
WTF? COMMENT IS THAT ? THATS SOME UNCOMFORTABLE s**t TO SAY ..
what is that comparable to? nightmare on elm street??
watch what u say cause I might be a hung blk man damnit . and I havent raped anyone ever. so watch that" bulls**t" boderline comment dude . Now!... sony , playstation... you guys suck for not seeing this a head of time these hackers got ya ass this time good and p**sed of your customers globally....... Im one of them and Im mad as hell for the bulls**t infomation sony, playstation informed the public and the hackers to go wit it bastards]!!!! all of them :evil