Sony confirms personal PSN data compromised

PS3 maker says "unauthorized person" has gained access to identifying information including username and password; credit card data possibly compromised.





Sony has entered the seventh day of its PlayStation Network outage, and the situation has turned from bad to worse. Offering an update on the "external intrusion" that gave the Japanese electronics company cause to brings its online service for the PlayStation 3 and PSP offline, Sony has confirmed that personal information has been compromised.


PS3 owners have had their personal information compromised.
"We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network," a Sony spokesperson confirmed on the company's official blog.

As for what that means to PSN and Qriocity users, Sony said that "an unauthorized person" has gained access to such identifying information as registrants "name, address (city, state, zip), country, e-mail address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID." Sony recently told a group of investors that the PSN currently has some 75 million registered users.

According to the publisher, it is also possible that the intruder obtained certain profile data, including "purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained."

Sony also confirmed speculation that credit card data may have been compromised as part of the attack. "While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility," the Sony spokesperson said. "If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."

Sony is taking a three-pronged approach to addressing the situation. The first, as many gamers have noticed, has been to indefinitely bring down the PSN and Qriocity media service. Sony said that it has also "engaged an outside, recognized security firm to conduct a full and complete investigation into what happened." Finally, the publisher said that it is currently taking steps to "enhance security and strengthen our network infrastructure by re-building our system."

Sony noted that US PSN and Qriocity users can contact credit-monitoring agencies Experian, Equifax, and TransUnion for a free "fraud alert" that ensures credit agencies will take extra precautionary measures toward identity verification. The publisher notes that this fraud alert may impede the expediency of legitimate credit requests.

Luckily there appears to be a light at the end of the tunnel, with Sony saying, "We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week."