PlayStation hacker took user info

 
PlayStation Network unavailable message Users trying to connect to the PlayStation Network are met with an error message

Related Stories

Sony has warned users of its PlayStation Network that their personal information, including credit card details, may have been stolen.

The company said that the data might have fallen into the hands of an "unauthorised person" following a hacking attack on its online service.

Access to the network was suspended last Wednesday, but Sony has only now revealed details of what happened.

Users are being warned to look out for attempted telephone and e-mail scams.

In a statement posted on the official PlayStation blog, Nick Caplin, the company's head of communications for Europe, said: "We have discovered that between April 17 and April 19 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network".

The blog posting lists the personal information that Sony believes has been taken.

  • Name
  • Address (city, state/province, zip or postal code)
  • Country
  • E-mail address
  • Date of birth
  • PlayStation Network/Qriocity passwords and login
  • Handle/PSN online ID

Mr Caplin added: "It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained.

"For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information."

Credit cards

Sony admitted that credit card information, used to purchase games, films and music, may also have been stolen.

"While there is no evidence that credit card data was taken at this time, we cannot rule out the possibility," Mr Caplin said.

"If you have provided your credit card data through PlayStation Network or Qriocity, to be on the safe side we are advising you that your credit card number (excluding security code) and expiration date may also have been obtained."

Sony has not given any indication of how many PlayStation Network users may have had their information taken, but the service has around 70 million members worldwide.

'PR Disaster'

The theft of so much detailed customer data would be seen as a "public relations disaster", according to Graham Cluley, senior technology consultant at security firm Sophos.

"This is a big one," he told BBC News.

"The PlayStation Network is a real consumer product. It is in lots of homes all over the world.

"The impact of this could be much greater than your typical internet hack."

Mr Cluley warned that, even without credit card details, the information taken was enough to help criminals carry out further attacks on other services.

"Some people will use the same passwords on other sites. If I was a hacker right now, I would be taking those e-mail addresses and trying those passwords," he said.

User anger
Lovefilm error message on PlayStation Some streaming media services available on PlayStation have been affected by the outage

PlayStation users got their first indication that something was wrong with the service when it became unavailable on Wednesday 20 April.

In the following days, Sony issued three brief statements asking users to be patient while it investigated an "external intrusion", or hack.

However, the fact that it took almost seven days for the company to reveal that data had been taken has angered some gamers.

Commenting on the Sony blog, Tacotaskforce wrote: "You waited a week to tell us our personal information was compromised? That should have been said last Thursday."

Another user Sid4peeps wrote: "This update is about 6 days late. I think it is time to move to the other network, no regard for customers here."

But some PlayStation users appeared to be happy with Sony's handling of the matter. Ejsponge61 commented: "Wow, this is alot of info. Thanks, this is very much appreciated by all of us PlayStation fans."

The Sony PlayStation Network remains unavailable to users. The company has not said when service will be restored.

 

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

Comments

 
  • rate this
    +5

    As a software engineer I find myself shocked that Sony did not encrypt account information. This entire situation should never have happened, it's the equivalent of leaving a bank vault door open! Personal information should never be stored in plain text.

    I don't know how a company so big with a database of millions could take such risks.

  • rate this
    -2

    I haven't been able to get online but hey ho, it means I've enjoyed the sunshine. Now I'm a bit worried that all that data was stolen? Surely Sony should be able to protect data better than that? Very disappointed in Sony.

  • rate this
    0

    I use the playstation network a lot and while it is worrying that information has been stolen I think this case highlights the insecurity of technology and people need to be aware this can happen to anyone who has details stored by any company electronically that is connected to a network.

    Although hopefully Sony will have improved security now against similar attacks it may face in future.


 
 

More Technology stories

RSS

Elsewhere on BBC News

Programmes

  • Keith WallaceFast Track Watch

    A visit to some of the British Royal Family's official suppliers in London, for some quality merchandise

bbc.co.uk navigation

BBC © 2011 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.

Quantcast