Sony Claims It Told Users of PSN Info Breach Immediately

Tom Goldman

Crying on the inside.
Aug 17, 2009
14,499
0
0
Sony Claims It Told Users of PSN Info Breach Immediately



Sony didn't tell PSN users that personal information had been compromised right away because it took some time to figure out what happened.

Sony recently hit PlayStation Network users with a doozy when it informed them that one angry senator [http://www.escapistmagazine.com/news/view/109568-Sony-Admits-Private-PSN-Info-Has-Been-Stolen-All-Of-It], to wonder why the company didn't reveal that sensitive information may have been stolen right away. According to Sony, it simply wasn't aware of the leak.

The latest post from Sony's Patrick Seybold on the PlayStation Blog details a little more of the internal steps that Sony had to take when it learned someone had gained illegitimate entry into the PSN. "There's a difference in timing between when we identified there was an intrusion and when we learned of consumers' data being compromised," he wrote.

"We learned there was an intrusion April 19th and subsequently shut the services down," Seybold continued. "We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon (April 26)."

It's impossible to know if Sony is telling the truth, because this would be the official story no matter what the case. However, when you're dealing with a situation where literally hundreds of thousands (millions?) of customers may have had their information stolen by a "scary hacker man [http://www.escapistmagazine.com/news/view/109545-Speculation-About-PSN-Outage-Turns-to-Custom-Firmware]," you're going to want to make sure that you know it actually happened.

The best idea is definitely to perform a full investigation rather than to spark outrage for no reason. Unfortunately, the situation with the PSN has sparked outrage with good reason, which is much, much worse.

Thanks for the tip Ophiuchus [http://www.escapistmagazine.com/profiles/view/Ophiuchus]!

Source: PS Blog [http://blog.us.playstation.com/2011/04/26/clarifying-a-few-psn-points/]

Permalink
 

notyouraveragejoe

Dehakchakala!
Nov 8, 2008
1,449
0
0
I'm sorry what? I'm a PSN user and I wasn't informed. At all. In any way shape or form. Not even warned about the possibility. I mean....I'd have loved to have been told. I mean...An email would have been nice. So I call LIES! Or at least not the full truth.
 

Qizx

Executor
Feb 21, 2011
458
0
0
I remember someone once said "When you're caught, lie, lie your way out of anything."
Yeah I don't think that's gonna work here... Bad move Sony...
 

Swifteye

New member
Apr 15, 2010
1,079
0
0
I got an official email about all this boondoggle just today and if it wasn't for the fact that I had been keeping tabs the whole time I would be flipping out. I understand wanting to get all the information figured out before you start telling people this and that but It's pretty factual that they didn't say what happened when the server went down other than "we don't know what's going on".
 

Jumplion

New member
Mar 10, 2008
7,873
0
0
The wording on this title assumes that Sony knew what had happened immediately, so I think it's a little misleading (so it's probably going to get yet 20+ page thread war). Sony had (allegedly) only recently found out the result of this hack and told the consumers the day after (really? That's the stupid part, why the day after?)

So, yeah, believe them or don't, that's what they're going with.
 

Jumplion

New member
Mar 10, 2008
7,873
0
0
Tehlanna TPX said:
/looks at email

Yeah no. Still have yet to be told by them.

Lawl.
I find that oddly amusing for whatever reason 'cause I got an e-mail just recently;

Add [email protected] to your address book

===================================

PlayStation(R)Network

===================================

Valued PlayStation(R)Network/Qriocity Customer:

We have discovered that between April 17 and April 19, 2011,
certain PlayStation Network and Qriocity service user account
information was compromised in connection with an illegal and
unauthorized intrusion into our network. In response to this
intrusion, we have:

1) Temporarily turned off PlayStation Network and Qriocity services;

2) Engaged an outside, recognized security firm to conduct a full
and complete investigation into what happened; and

3) Quickly taken steps to enhance security and strengthen our
network infrastructure by rebuilding our system to provide you
with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill
as we do whatever it takes to resolve these issues as quickly and
efficiently as practicable.

Although we are still investigating the details of this incident,
we believe that an unauthorized person has obtained the following
information that you provided: name, address (city, state, zip), country,
email address, birthdate, PlayStation Network/Qriocity password and login,
and handle/PSN online ID. It is also possible that your profile data,
including purchase history and billing address (city, state, zip),
and your PlayStation Network/Qriocity password security answers may
have been obtained. If you have authorized a sub-account for your
dependent, the same data with respect to your dependent may have
been obtained. While there is no evidence at this time that credit
card data was taken, we cannot rule out the possibility. If you have
provided your credit card data through PlayStation Network or Qriocity,
out of an abundance of caution we are advising you that your credit
card number (excluding security code) and expiration date may have
been obtained.

For your security, we encourage you to be especially aware of email,
telephone and postal mail scams that ask for personal or sensitive
information. Sony will not contact you in any way, including by email,
asking for your credit card number, social security number or other
personally identifiable information. If you are asked for this information,
you can be confident Sony is not the entity asking. When the PlayStation
Network and Qriocity services are fully restored, we strongly recommend that
you log on and change your password. Additionally, if you use your PlayStation
Network or Qriocity user name or password for other unrelated services or
accounts, we strongly recommend that you change them as well.

To protect against possible identity theft or other financial loss, we
encourage you to remain vigilant, to review your account statements and
to monitor your credit reports. We are providing the following information
for those who wish to consider it:
- U.S. residents are entitled under U.S. law to one free credit report annually
from each of the three major credit bureaus. To order your free credit report,
visit www.annualcreditreport.com or call toll-free (877) 322-8228.

- We have also provided names and contact information for the three major U.S.
credit bureaus below. At no charge, U.S. residents can have these credit bureaus
place a "fraud alert" on your file that alerts creditors to take additional steps
to verify your identity prior to granting credit in your name. This service can
make it more difficult for someone to get credit in your name. Note, however,
that because it tells creditors to follow certain procedures to protect you,
it also may delay your ability to obtain credit while the agency verifies your
identity. As soon as one credit bureau confirms your fraud alert, the others
are notified to place fraud alerts on your file. Should you wish to place a
fraud alert, or should you have any questions regarding your credit report,
please contact any one of the agencies listed below:

Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division,
P.O. Box 6790, Fullerton, CA 92834-6790

- You may wish to visit the website of the U.S. Federal Trade Commission at
www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania
Avenue, NW, Washington, DC 20580 for further information about how to protect
yourself from identity theft. Your state Attorney General may also have advice
on preventing identity theft, and you should report instances of known or
suspected identity theft to law enforcement, your State Attorney General,
and the FTC. For North Carolina residents, the Attorney General can be
contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone
(877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney
General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202;
telephone: (888) 743-0023; or www.oag.state.md.us.

We thank you for your patience as we complete our investigation of this
incident, and we regret any inconvenience. Our teams are working around the
clock on this, and services will be restored as soon as possible. Sony takes
information protection very seriously and will continue to work to ensure that
additional measures are taken to protect personally identifiable information.
Providing quality and secure entertainment services to our customers is
our utmost priority. Please contact us at 1-800-345-7669 should you have any
additional questions.

Sincerely,

Sony Computer Entertainment and Sony Network Entertainment

===================================

LEGAL
"PlayStation" and the "PS" Family logo are registered
trademarks and "PS3" and "PlayStation Network" are
trademarks of Sony Computer Entertainment Inc.
(C) 2011 Sony Computer Entertainment America LLC.

Sony Computer Entertainment America LLC
919 E. Hillsdale Blvd., Foster City, CA 94404

Guess it took them a whole day to write up the draft to that whole post for whatever reason.
 

XandNobody

Oh for...
Aug 4, 2010
308
0
0
If this was even a possibility, you tell people.

It's like a Doctor telling you, "It's just heart burn, your alright", then a week later, you learn that it was a symptom of a heart attack, and the Doc goes, "Hey, I thought so, but I didn't want to worry you, or lose business, you now..."
 

Tehlanna TPX

New member
Mar 23, 2010
284
0
0
Jumplion said:
Tehlanna TPX said:
/looks at email

Yeah no. Still have yet to be told by them.

Lawl.
I find that oddly amusing for whatever reason 'cause I got an e-mail just recently;

Add [email protected] to your address book

===================================

PlayStation(R)Network

===================================

Valued PlayStation(R)Network/Qriocity Customer:

We have discovered that between April 17 and April 19, 2011,
certain PlayStation Network and Qriocity service user account
information was compromised in connection with an illegal and
unauthorized intrusion into our network. In response to this
intrusion, we have:

1) Temporarily turned off PlayStation Network and Qriocity services;

2) Engaged an outside, recognized security firm to conduct a full
and complete investigation into what happened; and

3) Quickly taken steps to enhance security and strengthen our
network infrastructure by rebuilding our system to provide you
with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill
as we do whatever it takes to resolve these issues as quickly and
efficiently as practicable.

Although we are still investigating the details of this incident,
we believe that an unauthorized person has obtained the following
information that you provided: name, address (city, state, zip), country,
email address, birthdate, PlayStation Network/Qriocity password and login,
and handle/PSN online ID. It is also possible that your profile data,
including purchase history and billing address (city, state, zip),
and your PlayStation Network/Qriocity password security answers may
have been obtained. If you have authorized a sub-account for your
dependent, the same data with respect to your dependent may have
been obtained. While there is no evidence at this time that credit
card data was taken, we cannot rule out the possibility. If you have
provided your credit card data through PlayStation Network or Qriocity,
out of an abundance of caution we are advising you that your credit
card number (excluding security code) and expiration date may have
been obtained.

For your security, we encourage you to be especially aware of email,
telephone and postal mail scams that ask for personal or sensitive
information. Sony will not contact you in any way, including by email,
asking for your credit card number, social security number or other
personally identifiable information. If you are asked for this information,
you can be confident Sony is not the entity asking. When the PlayStation
Network and Qriocity services are fully restored, we strongly recommend that
you log on and change your password. Additionally, if you use your PlayStation
Network or Qriocity user name or password for other unrelated services or
accounts, we strongly recommend that you change them as well.

To protect against possible identity theft or other financial loss, we
encourage you to remain vigilant, to review your account statements and
to monitor your credit reports. We are providing the following information
for those who wish to consider it:
- U.S. residents are entitled under U.S. law to one free credit report annually
from each of the three major credit bureaus. To order your free credit report,
visit www.annualcreditreport.com or call toll-free (877) 322-8228.

- We have also provided names and contact information for the three major U.S.
credit bureaus below. At no charge, U.S. residents can have these credit bureaus
place a "fraud alert" on your file that alerts creditors to take additional steps
to verify your identity prior to granting credit in your name. This service can
make it more difficult for someone to get credit in your name. Note, however,
that because it tells creditors to follow certain procedures to protect you,
it also may delay your ability to obtain credit while the agency verifies your
identity. As soon as one credit bureau confirms your fraud alert, the others
are notified to place fraud alerts on your file. Should you wish to place a
fraud alert, or should you have any questions regarding your credit report,
please contact any one of the agencies listed below:

Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division,
P.O. Box 6790, Fullerton, CA 92834-6790

- You may wish to visit the website of the U.S. Federal Trade Commission at
www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania
Avenue, NW, Washington, DC 20580 for further information about how to protect
yourself from identity theft. Your state Attorney General may also have advice
on preventing identity theft, and you should report instances of known or
suspected identity theft to law enforcement, your State Attorney General,
and the FTC. For North Carolina residents, the Attorney General can be
contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone
(877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney
General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202;
telephone: (888) 743-0023; or www.oag.state.md.us.

We thank you for your patience as we complete our investigation of this
incident, and we regret any inconvenience. Our teams are working around the
clock on this, and services will be restored as soon as possible. Sony takes
information protection very seriously and will continue to work to ensure that
additional measures are taken to protect personally identifiable information.
Providing quality and secure entertainment services to our customers is
our utmost priority. Please contact us at 1-800-345-7669 should you have any
additional questions.

Sincerely,

Sony Computer Entertainment and Sony Network Entertainment

===================================

LEGAL
"PlayStation" and the "PS" Family logo are registered
trademarks and "PS3" and "PlayStation Network" are
trademarks of Sony Computer Entertainment Inc.
(C) 2011 Sony Computer Entertainment America LLC.

Sony Computer Entertainment America LLC
919 E. Hillsdale Blvd., Foster City, CA 94404

Guess it took them a whole day to write up the draft to that whole post for whatever reason.
The trademark portion takes a hell of a lot of time to write up, dontchaknow! /oy.
 

Beautiful End

New member
Feb 15, 2011
1,755
0
0
These guys just need to come out and tell the truth. I mean, whatever happened already happened. What's the point in being all "Uhh...well...about that...uhh...you see, there's this thing..." and giving us the run around? Just come out and say "Yeah, you all know we got hacked. We're fixing it."

I think it's ridiculous that they're acting like nothing's going on and just patting us gamers on the back as if we're all crazy and just creating rumors. We all know what happened already! What are they afraid of? Will the lose people because of this? Yeah, definitely. But what's done is done, once again. So what they say right now is just gravy. However, some others will stay with Sony and will remember this bitterly as they play Portal 2 online for the first time. I fall under the latter because, yeah, I like my PS3 and my PS3 titles and I just don't like the Xbox or Wii (Personal opinion! Not wanting to start something). So whatever, Sony. Put on your big boy pants and stop pointing fingers and lying like if the corporation was being run by 5 year olds. That's not helping anyone, especially since we all know it's a lie.

It's just dumb to think that a guy (Or a group or whatever) was able to hack a major corporation like Sony. How dumb does that sound?! Come on, Sony. Pull your stuff together!

As a side note, I haven't received any e-mails. I want to think this is good because it might mean MY information wasn't compromised but I doubt it...
 

Jumplion

New member
Mar 10, 2008
7,873
0
0
Tehlanna TPX said:
Jumplion said:
Tehlanna TPX said:
/looks at email

Yeah no. Still have yet to be told by them.

Lawl.
I find that oddly amusing for whatever reason 'cause I got an e-mail just recently;

Add [email protected] to your address book

===================================

PlayStation(R)Network

===================================

Valued PlayStation(R)Network/Qriocity Customer:

We have discovered that between April 17 and April 19, 2011,
certain PlayStation Network and Qriocity service user account
information was compromised in connection with an illegal and
unauthorized intrusion into our network. In response to this
intrusion, we have:

1) Temporarily turned off PlayStation Network and Qriocity services;

2) Engaged an outside, recognized security firm to conduct a full
and complete investigation into what happened; and

3) Quickly taken steps to enhance security and strengthen our
network infrastructure by rebuilding our system to provide you
with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill
as we do whatever it takes to resolve these issues as quickly and
efficiently as practicable.

Although we are still investigating the details of this incident,
we believe that an unauthorized person has obtained the following
information that you provided: name, address (city, state, zip), country,
email address, birthdate, PlayStation Network/Qriocity password and login,
and handle/PSN online ID. It is also possible that your profile data,
including purchase history and billing address (city, state, zip),
and your PlayStation Network/Qriocity password security answers may
have been obtained. If you have authorized a sub-account for your
dependent, the same data with respect to your dependent may have
been obtained. While there is no evidence at this time that credit
card data was taken, we cannot rule out the possibility. If you have
provided your credit card data through PlayStation Network or Qriocity,
out of an abundance of caution we are advising you that your credit
card number (excluding security code) and expiration date may have
been obtained.

For your security, we encourage you to be especially aware of email,
telephone and postal mail scams that ask for personal or sensitive
information. Sony will not contact you in any way, including by email,
asking for your credit card number, social security number or other
personally identifiable information. If you are asked for this information,
you can be confident Sony is not the entity asking. When the PlayStation
Network and Qriocity services are fully restored, we strongly recommend that
you log on and change your password. Additionally, if you use your PlayStation
Network or Qriocity user name or password for other unrelated services or
accounts, we strongly recommend that you change them as well.

To protect against possible identity theft or other financial loss, we
encourage you to remain vigilant, to review your account statements and
to monitor your credit reports. We are providing the following information
for those who wish to consider it:
- U.S. residents are entitled under U.S. law to one free credit report annually
from each of the three major credit bureaus. To order your free credit report,
visit www.annualcreditreport.com or call toll-free (877) 322-8228.

- We have also provided names and contact information for the three major U.S.
credit bureaus below. At no charge, U.S. residents can have these credit bureaus
place a "fraud alert" on your file that alerts creditors to take additional steps
to verify your identity prior to granting credit in your name. This service can
make it more difficult for someone to get credit in your name. Note, however,
that because it tells creditors to follow certain procedures to protect you,
it also may delay your ability to obtain credit while the agency verifies your
identity. As soon as one credit bureau confirms your fraud alert, the others
are notified to place fraud alerts on your file. Should you wish to place a
fraud alert, or should you have any questions regarding your credit report,
please contact any one of the agencies listed below:

Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division,
P.O. Box 6790, Fullerton, CA 92834-6790

- You may wish to visit the website of the U.S. Federal Trade Commission at
www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania
Avenue, NW, Washington, DC 20580 for further information about how to protect
yourself from identity theft. Your state Attorney General may also have advice
on preventing identity theft, and you should report instances of known or
suspected identity theft to law enforcement, your State Attorney General,
and the FTC. For North Carolina residents, the Attorney General can be
contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone
(877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney
General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202;
telephone: (888) 743-0023; or www.oag.state.md.us.

We thank you for your patience as we complete our investigation of this
incident, and we regret any inconvenience. Our teams are working around the
clock on this, and services will be restored as soon as possible. Sony takes
information protection very seriously and will continue to work to ensure that
additional measures are taken to protect personally identifiable information.
Providing quality and secure entertainment services to our customers is
our utmost priority. Please contact us at 1-800-345-7669 should you have any
additional questions.

Sincerely,

Sony Computer Entertainment and Sony Network Entertainment

===================================

LEGAL
"PlayStation" and the "PS" Family logo are registered
trademarks and "PS3" and "PlayStation Network" are
trademarks of Sony Computer Entertainment Inc.
(C) 2011 Sony Computer Entertainment America LLC.

Sony Computer Entertainment America LLC
919 E. Hillsdale Blvd., Foster City, CA 94404

Guess it took them a whole day to write up the draft to that whole post for whatever reason.
The trademark portion takes a hell of a lot of time to write up, dontchaknow! /oy.
It was the lawyer's first day on the job, he couldn't find the (C) symbol!
 

Fiz_The_Toaster

books, Books, BOOKS
Legacy
Jan 19, 2011
5,498
1
3
Country
United States
You know what?

I don't even care about that right now, just fucking fix it Sony!
 

MattAn24

Pulse l'Cie
Jul 16, 2009
656
0
0
notyouraveragejoe said:
I'm sorry what? I'm a PSN user and I wasn't informed. At all. In any way shape or form. Not even warned about the possibility. I mean....I'd have loved to have been told. I mean...An email would have been nice. So I call LIES! Or at least not the full truth.
Learn to read the blog (both EU AND US blogs posted about it several times) AND their Twitter accounts. It was made well aware, and members of those blogs knew about it because they READ IT WHEN IT HAPPENED.
 

Baralak

New member
Dec 9, 2009
1,244
0
0
The PSN isn't console specific, it's just flatout the entire Playstation Network.