Sony’s PlayStation Network Comprised; All User Data Stolen
Posted on April 26, 2011 1:00 PM by Rob Williams
As we discussed in our news on Friday, Sony pulled its PlayStation Network service offline in the middle of last week due to a problem that arose – but until today, that problem has been kept secret. Though speculation ran rampant that a DDoS was the source of the problem, the worst possible outcome instead came true: PSN was hacked. Worse still, all PSN users have had their data comprised, though Sony is still not sure whether or not credit card information is a part of that.
Here’s the information about each user that Sony is confident has been compromised:
Address (City / State / Zip)
PSN / Qriocity Password and Login
PSN Handle / Online ID
Sony notes that there is no evidence which states that credit card information has been stolen, but it won’t rule out the possibility: “If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.“
Even without credit card information being verified as stolen, the information the alleged hackers did acquire is rather severe, as it’s virtually every last bit of information Sony’s PlayStation Network stores on a user. It’s important to note that since PSN logins and passwords were stolen, it’s extremely important to change the password of any accounts which share the same password (a practice which should be avoided).
Being that such an event has come to fruition, I can’t help but bring up some facts. Rather than ensure that its own customers are safe, Sony instead decided to spend its time suing hackers like George Hotz over things that don’t matter in the grand scheme, and remove the ability to install Linux on a PS3 – to thwart hacking. It’s a little unfortunate that Sony valued issues like these higher than protecting its own customers’ personal data.
It’s also unfortunate that Sony took so long to come forth regarding the issue, as it should have announced the problem immediately – especially where its customers’ personal information is involved.