Sony Claims It Told Users of PSN Info Breach Immediately

[beema]

Sony: Make Believe We Care
Sony: Make Believe Security
Sony: Make Believe This Isn't Happening


feel free to use those

 

[BloodSquirrel]

...and this is why I love MS points cards. The fewer people that have my credit card info the better.

 

[Jams]

It is a major screw up I fully admit, but (and I know I'll definately recieve an awful lot of abuse and "lololololo fanboi!!!" from people here), the blame cant really all be placed at Sonys door can it?

Its fairly half and half, Sony for not having the nowse to keep the security tight and up to date, and the intruder(s) for being so selfish as to go about with this "hack".

I'm only thinking of rationailty here. I mean, if your house gets burgled or your car gets broken into, you dont go about screaming at the locksmith or Volkswagon do you?

If you leave your front door open or the keys in the ignition of your car you can be sure the insurance company will lay the blame on you not the thief. Everybody in the world new PS3 had been hacked and yet sony took no extra steps to protect the system.

 

[drisky]

Sony got a letter from the US senate or some other government higher up who was annoyed at them for not giving enough information in time lol. I can't be stuffed linking it but I bet if it's actually true the Escapist will have it up soon or already has it up.

if you can't be bothered to substansiate any information you recieve then don't bother posting it

I never got an e-mail Sony, I had to find out via the Escapist. And honestly I'm very mad. Hell they never even sent out an email saying that they were hacked. Nothing at all and a lot of PSN users are likely to still be unaware.

ffs, just read this

They posted directly to the blog, which as Frank_Sinatra_ stated via PM, he has linked to his Facebook news feed as well. So it sends to HIM. It was definitely reported.

If there's a breach, e-mails would be compromised. Sony's blog/main site is a regular site they post updates and news to. If you don't check it, that's your own damn fault. The main e-mails from PlayStation are automatic monthly game updates. Not updates from the blog.

Doesn't matter, I just feel the right to know. Not everyone has a reason to to follow the playstation blog or any gaming news at all. It's a bad thing that their are people who use PSN and still don't know about this. No amount of people yelling at me to sign up for the Playstaiton blog will change my mind on that. Its seems pretty damn petty that we should assume "Well they don't care enough about Playstation to get news updates, I guess they don't care about identify theft." Yes they told people, but as long as people have their identity stolen and they aren't being notified, my anger is 100% justified.

 

[EMFCRACKSHOT]

I'm still waiting for that email from Sony.
The lying bastards.

 

[Celtic_Kerr]

Wait... I thought Rebug used FAKE numbers, not Stolen numbers? Weren't we told that Kotaku's claims of stolen info were bullshit?

I am SERIOUSLY fucking confused

 

[robert022614]

/looks at email

Yeah no. Still have yet to be told by them.

Lawl.

I find that oddly amusing for whatever reason 'cause I got an e-mail just recently;

Spoiler

Add [email protected] to your address book

===================================

PlayStation(R)Network

===================================

Valued PlayStation(R)Network/Qriocity Customer:

We have discovered that between April 17 and April 19, 2011,
certain PlayStation Network and Qriocity service user account
information was compromised in connection with an illegal and
unauthorized intrusion into our network. In response to this
intrusion, we have:

1) Temporarily turned off PlayStation Network and Qriocity services;

2) Engaged an outside, recognized security firm to conduct a full
and complete investigation into what happened; and

3) Quickly taken steps to enhance security and strengthen our
network infrastructure by rebuilding our system to provide you
with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill
as we do whatever it takes to resolve these issues as quickly and
efficiently as practicable.

Although we are still investigating the details of this incident,
we believe that an unauthorized person has obtained the following
information that you provided: name, address (city, state, zip), country,
email address, birthdate, PlayStation Network/Qriocity password and login,
and handle/PSN online ID. It is also possible that your profile data,
including purchase history and billing address (city, state, zip),
and your PlayStation Network/Qriocity password security answers may
have been obtained. If you have authorized a sub-account for your
dependent, the same data with respect to your dependent may have
been obtained. While there is no evidence at this time that credit
card data was taken, we cannot rule out the possibility. If you have
provided your credit card data through PlayStation Network or Qriocity,
out of an abundance of caution we are advising you that your credit
card number (excluding security code) and expiration date may have
been obtained.

For your security, we encourage you to be especially aware of email,
telephone and postal mail scams that ask for personal or sensitive
information. Sony will not contact you in any way, including by email,
asking for your credit card number, social security number or other
personally identifiable information. If you are asked for this information,
you can be confident Sony is not the entity asking. When the PlayStation
Network and Qriocity services are fully restored, we strongly recommend that
you log on and change your password. Additionally, if you use your PlayStation
Network or Qriocity user name or password for other unrelated services or
accounts, we strongly recommend that you change them as well.

To protect against possible identity theft or other financial loss, we
encourage you to remain vigilant, to review your account statements and
to monitor your credit reports. We are providing the following information
for those who wish to consider it:
- U.S. residents are entitled under U.S. law to one free credit report annually
from each of the three major credit bureaus. To order your free credit report,
visit www.annualcreditreport.com or call toll-free (877) 322-8228.

- We have also provided names and contact information for the three major U.S.
credit bureaus below. At no charge, U.S. residents can have these credit bureaus
place a "fraud alert" on your file that alerts creditors to take additional steps
to verify your identity prior to granting credit in your name. This service can
make it more difficult for someone to get credit in your name. Note, however,
that because it tells creditors to follow certain procedures to protect you,
it also may delay your ability to obtain credit while the agency verifies your
identity. As soon as one credit bureau confirms your fraud alert, the others
are notified to place fraud alerts on your file. Should you wish to place a
fraud alert, or should you have any questions regarding your credit report,
please contact any one of the agencies listed below:

Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division,
P.O. Box 6790, Fullerton, CA 92834-6790

- You may wish to visit the website of the U.S. Federal Trade Commission at
www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania
Avenue, NW, Washington, DC 20580 for further information about how to protect
yourself from identity theft. Your state Attorney General may also have advice
on preventing identity theft, and you should report instances of known or
suspected identity theft to law enforcement, your State Attorney General,
and the FTC. For North Carolina residents, the Attorney General can be
contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone
(877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney
General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202;
telephone: (888) 743-0023; or www.oag.state.md.us.

We thank you for your patience as we complete our investigation of this
incident, and we regret any inconvenience. Our teams are working around the
clock on this, and services will be restored as soon as possible. Sony takes
information protection very seriously and will continue to work to ensure that
additional measures are taken to protect personally identifiable information.
Providing quality and secure entertainment services to our customers is
our utmost priority. Please contact us at 1-800-345-7669 should you have any
additional questions.

Sincerely,

Sony Computer Entertainment and Sony Network Entertainment

===================================

LEGAL
"PlayStation" and the "PS" Family logo are registered
trademarks and "PS3" and "PlayStation Network" are
trademarks of Sony Computer Entertainment Inc.
(C) 2011 Sony Computer Entertainment America LLC.

Sony Computer Entertainment America LLC
919 E. Hillsdale Blvd., Foster City, CA 94404

Guess it took them a whole day to write up the draft to that whole post for whatever reason.

The trademark portion takes a hell of a lot of time to write up, dontchaknow! /oy.

Nothing here either! Checking my email periodically.

 

[DeASplode]

I'm still waiting for that email from Sony.
The lying bastards.

I've just had an email.

18:16 GMT

It just says "AMMA SORREE" and the usual "This, this and this may or may not have been stolen".

Let's just hope that this is as far as it goes and nobody is scammed for this major cock up.

 

[Shadie777]

/looks at email

Yeah no. Still have yet to be told by them.

Lawl.

I find that oddly amusing for whatever reason 'cause I got an e-mail just recently;

Spoiler

Add [email protected] to your address book

===================================

PlayStation(R)Network

===================================

Valued PlayStation(R)Network/Qriocity Customer:

We have discovered that between April 17 and April 19, 2011,
certain PlayStation Network and Qriocity service user account
information was compromised in connection with an illegal and
unauthorized intrusion into our network. In response to this
intrusion, we have:

1) Temporarily turned off PlayStation Network and Qriocity services;

2) Engaged an outside, recognized security firm to conduct a full
and complete investigation into what happened; and

3) Quickly taken steps to enhance security and strengthen our
network infrastructure by rebuilding our system to provide you
with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill
as we do whatever it takes to resolve these issues as quickly and
efficiently as practicable.

Although we are still investigating the details of this incident,
we believe that an unauthorized person has obtained the following
information that you provided: name, address (city, state, zip), country,
email address, birthdate, PlayStation Network/Qriocity password and login,
and handle/PSN online ID. It is also possible that your profile data,
including purchase history and billing address (city, state, zip),
and your PlayStation Network/Qriocity password security answers may
have been obtained. If you have authorized a sub-account for your
dependent, the same data with respect to your dependent may have
been obtained. While there is no evidence at this time that credit
card data was taken, we cannot rule out the possibility. If you have
provided your credit card data through PlayStation Network or Qriocity,
out of an abundance of caution we are advising you that your credit
card number (excluding security code) and expiration date may have
been obtained.

For your security, we encourage you to be especially aware of email,
telephone and postal mail scams that ask for personal or sensitive
information. Sony will not contact you in any way, including by email,
asking for your credit card number, social security number or other
personally identifiable information. If you are asked for this information,
you can be confident Sony is not the entity asking. When the PlayStation
Network and Qriocity services are fully restored, we strongly recommend that
you log on and change your password. Additionally, if you use your PlayStation
Network or Qriocity user name or password for other unrelated services or
accounts, we strongly recommend that you change them as well.

To protect against possible identity theft or other financial loss, we
encourage you to remain vigilant, to review your account statements and
to monitor your credit reports. We are providing the following information
for those who wish to consider it:
- U.S. residents are entitled under U.S. law to one free credit report annually
from each of the three major credit bureaus. To order your free credit report,
visit www.annualcreditreport.com or call toll-free (877) 322-8228.

- We have also provided names and contact information for the three major U.S.
credit bureaus below. At no charge, U.S. residents can have these credit bureaus
place a "fraud alert" on your file that alerts creditors to take additional steps
to verify your identity prior to granting credit in your name. This service can
make it more difficult for someone to get credit in your name. Note, however,
that because it tells creditors to follow certain procedures to protect you,
it also may delay your ability to obtain credit while the agency verifies your
identity. As soon as one credit bureau confirms your fraud alert, the others
are notified to place fraud alerts on your file. Should you wish to place a
fraud alert, or should you have any questions regarding your credit report,
please contact any one of the agencies listed below:

Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division,
P.O. Box 6790, Fullerton, CA 92834-6790

- You may wish to visit the website of the U.S. Federal Trade Commission at
www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania
Avenue, NW, Washington, DC 20580 for further information about how to protect
yourself from identity theft. Your state Attorney General may also have advice
on preventing identity theft, and you should report instances of known or
suspected identity theft to law enforcement, your State Attorney General,
and the FTC. For North Carolina residents, the Attorney General can be
contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone
(877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney
General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202;
telephone: (888) 743-0023; or www.oag.state.md.us.

We thank you for your patience as we complete our investigation of this
incident, and we regret any inconvenience. Our teams are working around the
clock on this, and services will be restored as soon as possible. Sony takes
information protection very seriously and will continue to work to ensure that
additional measures are taken to protect personally identifiable information.
Providing quality and secure entertainment services to our customers is
our utmost priority. Please contact us at 1-800-345-7669 should you have any
additional questions.

Sincerely,

Sony Computer Entertainment and Sony Network Entertainment

===================================

LEGAL
"PlayStation" and the "PS" Family logo are registered
trademarks and "PS3" and "PlayStation Network" are
trademarks of Sony Computer Entertainment Inc.
(C) 2011 Sony Computer Entertainment America LLC.

Sony Computer Entertainment America LLC
919 E. Hillsdale Blvd., Foster City, CA 94404

Guess it took them a whole day to write up the draft to that whole post for whatever reason.

The trademark portion takes a hell of a lot of time to write up, dontchaknow! /oy.

Nothing here either! Checking my email periodically.

If you have the time to check your email periodically you obviously have the time to check the updates made by Sony on the playstation blog. There is a reason why it was made.

 

[robert022614]

No I should not have to check the blog as many people with PSN accounts dont keep up with gaming news or news at all it is Sony's responsibility to inform their customers directly.

 

[Shadie777]

No I should not have to check the blog as many people with PSN accounts dont keep up with gaming news or news at all it is Sony's responsibility to inform their customers directly.

So you are checking your email constantly yet you don't want to check Sony's website because you shouldn't have to? Sony's website is the best place to go for the updates on this situation.
So instead of waiting for that email you can save a lot of time and just got to the damn website. Or you can just continue waiting, its your choice.

 

[robert022614]

No I should not have to check the blog as many people with PSN accounts dont keep up with gaming news or news at all it is Sony's responsibility to inform their customers directly.

So your checking your email constantly yet you don't want to check Sony's website because you shouldn't have to? Sony's website is the best place to go for the updates on this situation.
So instead of waiting for that email you can save a lot of time and just got to the damn website. Or you can just continue waiting, its your choice.

I am well aware of the situation and have taken all the necessary steps to prevent myself from being harmed. My point is that there are thousands if not more people who don't keep up with news and would not know any other way. The fact that I have not received the email just worries me because I have friends and family who probably don't know what is going on and of course i will warn them, but I should not have to and neither should anyone. This news should not have to travel by word of mouth, but from the company to its customers directly.

[edit] just because you have a PSN account doesnt mean you check Playstations website regularly.

 

[Laughing Man]

If you have the time to check your email periodically you obviously have the time to check the updates made by Sony on the playstation blog. There is a reason why it was made.

Actually I am pretty sure they are legally required to inform those that are affected in some form of communication. Given that you had to give an email to sign up Sony have no excuse not to being telling those affected. I am also a PSN user, luckily I have never bought anything from their so never had to use my CC on it right here and right now all I am interested in is weather or not Sony is actually doing what they are legally required to do, if they are only sending emails to those they suspect have had their details taken or is this a continuation of the rather half arsed events of the last week, because so far I haven't received any info from Sony as yet.

The question now has to be asked, how many PS3 users thos gen will buy the PS4. After having read more about the situation surrounding this entire breach, specifically Son'y almost laughable security with regards to user info... well god I can't believe I am gonna say this but I recon I won't be buying Sony in the next gen.

 

[Shadie777]

If you have the time to check your email periodically you obviously have the time to check the updates made by Sony on the playstation blog. There is a reason why it was made.

Actually I am pretty sure they are legally required to inform those that are affected in some form of communication. Given that you had to give an email to sign up Sony have no excuse not to being telling those affected. I am also a PSN user, luckily I have never bought anything from their so never had to use my CC on it right here and right now all I am interested in is weather or not Sony is actually doing what they are legally required to do, if they are only sending emails to those they suspect have had their details taken or is this a continuation of the rather half arsed events of the last week, because so far I haven't received any info from Sony as yet.

The question now has to be asked, how many PS3 users thos gen will buy the PS4. After having read more about the situation surrounding this entire breach, specifically Son'y almost laughable security with regards to user info... well god I can't believe I am gonna say this but I recon I won't be buying Sony in the next gen.

Instead of just planning on not buying something that will not come out for years, I will just wait until they release it before I make my decision. Heck, Sony might end up using better security measures for their next console because of this.

 

[StriderShinryu]

Okay, but no. Sure they maybe didn't know the extent of the intrusion on Day 1 but as soon as they had some idea what the intrusion might have involved they should have warned everyone. It's much better to do that and then pull back a few days later with an "Oops, it wasn't as bad as we thought but remember to always be safe" then to go "Oh, that thing we sort of knew about a week ago.. yeah, shit blew up real big and we had no idea."

 

[Ickorus]

I do recall reading something along the lines of "PSN is down, external intrusion not out of the question, data may have been stolen" wasn't written like that of course but I do distinctly remember something along those lines being said.

 

[VanityGirl]

I haven't recieved one shred of mail from them. I check my email everyday and haven't got one email from them.

I call BS Sony, nice try though.

 

[Laughing Man]

Instead of just planning on not buying something that will not come out for years, I will just wait until they release it before I make my decision. Heck, Sony might end up using better security measures for their next console because of this.

Yes a valid point but here's what is kicking about.

Their security system could be accessed by anyone, not just a dedicated machines on the developers network but anyone with a modified system. Now apparently they have closed that loop hole by doing an update to the developer PS3s so now ONLY PS3 developer units can access the network. Now the idea that ANY PS3 could access the network, all it required was a hacked firmware that turned the PS3 from a bog standard one in to a developer one is frankly comical levels of security made even worse when it comes on the back of the root key thing a few months back plus the fact that hacker groups have said they are gunning for Sony.

Then you have the stored data itself, it wasn't encoded now that, THAT, is pathetic levels of security. On another forum I asked the question what level of security did Sony have in place to combat this and threw out the comment, did it require someone who knew exactly what they were doing, who had gotten access to a unique one off piece of kit that gave them the access or did the person just need to throw a banana in to distract the chimp guarding the gate long enough to let them get in and do what they wanted, the more info that is appearing it seems the latter is rapidly becoming the case.

If the CC details were had, and they weren't encoded on the Sony servers then Sony is going to get a serious and frankly well deserved ass whooping for this one.

Finally given the more rapid shift towards downloadable media and pay on line services would you in all honesty on the back of this be willing to give your details to Sony if it was a requirement of their next PS system?

 

[Theron Julius]

There's no way someone could get away with breaching Sony utterly scott-free. Sony has a lot of money they can throw into finding them. Either they have no foresight, they are some damn cocky bastards, or they are actually that good. My bet is one of the first two... or both.

It may be more difficult than you think -- no matter the available financial resources. If Sony follows the trail and it ends up at some ISP, what are they gonna do? Kick in the door and start rummaging through records? Unless the hacker's sitting down the hallway from the server he hacked (which does happen sometimes), hack jobs don't usually get solved unless law enforcement gets involved -- they have the authority to kick in doors and nosy around file cabinets.

Well I didn't mean Sony alone. I'm guessing that law enforcement will get involved eventually. With a breach of security this big and the massive potential for identity theft, how could they not?

 

[Megacherv]

Just to point out, they have sent out updates via Twitter and all the regions' blogs, so they have been updating.