Justin Lee On April 27, 2011 at 11:11 am

Patrick Seybold Sr. Director, Corporate Communications & Social Media has posted an upate to the PlayStation Network outage and now we know that they were hacked and some data may have been compromised. One point on the FAQ that may concern you:

14. What personally identifying information do you suspect has been compromised?
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information provided by PlayStation Network/Qriocity account holders: name, address (city, state, zip), country, email address, birth date, PlayStation Network/Qriocity password, login, and handle/PSN online ID. Other profile data may also have been obtained, including purchase history and billing address (city, state, zip). If an account holder has authorized a sub-account for a dependent, the same data with respect to that dependent may have been obtained. If an account holder provided credit card data through PlayStation Network or Qriocity, it is possible that the credit card number (excluding security code) and expiration date may also have been obtained.

I wanted to take this opportunity to clarify a point and answer one of the most frequently asked questions today.

There’s a difference in timing between when we identified there was an intrusion and when we learned of consumers’ data being compromised. We learned there was an intrusion April 19th and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon.

For those who were looking there’s also an FAQ with some more frequently asked questions.

Thank you for your continued patience and support.

One Response

  1. gareth says:

    At least they’re doing something.

    That lawsuit against Sony, for the record, likely won’t hold up because we, and those silly lawyers, have no idea what steps were in place to prevent this. Nor do we know the full effect of it as this has just happened. If this custom firmware allowed them in as a trusted party, like a developer, then it’s likely there was very little in the way that would normally be in the way of a normal user. This is, of course, because the only people who should have access to that space of PSN are devs who would be financially liable if they stole anything