MSE News: PlayStation users' data stolen in hack: what should you do?

edited 3 May 2011 at 2:20PM in Credit Cards
64 replies 8.3K views
12346

Replies

  • mysuni wrote: »
    if i haven't had an email does it mean my details are ok?

    I cant answer that question but I had 2 PSN accounts and got the following email to one email address on Thursday 28th April 2011 and the same email to another email address on Friday 29th April 2011 at 20:54 & 18:23 respectivly.

    So you might get one soon or not at all, but I think I read somewhere that Sony have sent these emails to everyone with a PSN account.

    "Valued PlayStation Network/Qriocity Customer:

    We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:

    1) Temporarily turned off PlayStation Network and Qriocity services;
    2) Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
    3) Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.
    We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.
    Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence that credit card data was taken at this time, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, to be on the safe side we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

    For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security, tax identification or similar number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

    To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your account statements and to monitor your credit or similar types of reports.

    We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at www.eu.playstation.com/psnoutage should you have any additional questions.

    Sincerely,
    Sony Network Entertainment and Sony Computer Entertainment Teams

    Sony Network Entertainment Europe Limited (formerly known as PlayStation Network Europe Limited) is a subsidiary of Sony Computer Entertainment Europe Limited the data controller for PlayStation Network/Qriocity personal data"
  • Taken from http://uk.playstation.com/home/news/articles/detail/item369506/PlayStation-Network-Restoration-Update/


    This morning, a press conference took place in Tokyo, Japan and the following press release is now being distributed worldwide. We would also like to once again thank you for your patience.
    On 1 May 2011, Sony Computer Entertainment (SCE) and Sony Network Entertainment International (SNEI, the company) announced they will shortly begin a phased restoration by region of PlayStation Network and Qriocity services, beginning with gaming, music and video services to be turned on.
    The company also announced both a series of immediate steps to enhance security across the network and a new customer appreciation programme to thank its customers for their patience and loyalty.
    Following a criminal cyber attack on the company's data centre located in San Diego, California, USA, SNEI quickly turned off PlayStation Network and Qriocity services, engaged multiple expert information security firms over the course of several days, and conducted an extensive audit of the system.
    Since then, the company has implemented a variety of new security measures to provide greater protection of personal information. SNEI and its third party experts have conducted extensive tests to verify the security strength of PlayStation Network and Qriocity services.
    With these measures in place, SCE and SNEI plan to start a phased roll-out by region of the services shortly. The initial phase of the roll-out will include, but is not limited to, the following:
    • Restoration of online gameplay across PlayStation 3 and PSP systems, including titles requiring online verification and downloaded games.
    • Access to Q Music Unlimited for PS3/PSP for existing subscribers.
    • Access to account management and password reset.
    • Access to download unexpired movie rentals on PS3, PSP and Media Go.
    • PlayStation Home.
    • Friends List.
    • Chat functionality.
    Working closely with several outside security firms, the company has implemented significant security measures to further detect unauthorized activity and provide consumers with greater protection of their personal information.
    The company is also creating the position of Chief Information Security Officer, directly reporting to Shinji Hasejima, Chief Information Officer of Sony Corporation, to add a new position of expertise in and accountability for customer data protection, and to supplement existing information security personnel.
    The new security measures implemented include, but are not limited to, the following:
    • Added automated software monitoring and configuration management to help defend against new attacks.
    • Enhanced levels of data protection and encryption.
    • Enhanced ability to detect software intrusions within the network, unauthorized access and unusual activity patterns.
    • Implementation of additional firewalls.
    The company also expedited an already planned move of the system to a new data centre in a different location that has been under construction and development for several months.
    In addition, PS3 will have a forced system software update that will require all registered PlayStation Network users to change their account passwords before being able to sign into the service. As an added layer of security, that password can only be changed on the same PS3 in which that account was activated, or through validated email confirmation, a critical step to help further protect customer data.
    The company is conducting a thorough and ongoing investigation and working with law enforcement to track down and prosecute those responsible for the illegal intrusion.
    "This criminal act against our network had a significant impact not only on our consumers, but our entire industry," said Kazuo Hirai, Executive Deputy President, Sony Corporation. "These illegal attacks obviously highlight the widespread problem with cyber security. We take the security of our consumers' information very seriously and are committed to helping our consumers protect their personal data. In addition, the organization has worked around the clock to bring these services back online, and are doing so only after we had verified increased levels of security across our networks. Our global audience of PlayStation Network and Qriocity consumers was disrupted. We have learned lessons along the way about the valued relationship with our consumers, and to that end, we will be launching a customer appreciation programme for registered consumers as a way of expressing our gratitude for their loyalty during this network downtime, as we work even harder to restore and regain their trust in us and our services."
    Complimentary Offering and "Welcome Back" Appreciation Programme
    While there is no evidence at this time that credit card data was taken, the company is committed to helping its customers protect their personal data and will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programmes. The implementation will be at a local level and further details will be made available shortly in each region.
    The company will also roll out the PlayStation Network and Qriocity "Welcome Back" programme, to be offered worldwide, which will be tailored to specific markets to provide our consumers with a selection of service options and premium content as an expression of the company's appreciation for their patience, support and continued loyalty.
    Central components of the "Welcome Back" programme will include:
    • Each territory will be offering selected PlayStation entertainment content for free download. Specific details of this content will be announced in each region soon.
    • All existing PlayStation Network customers will be provided with 30 days free membership in the PlayStation Plus premium service. Current members of PlayStation Plus will receive 30 days free service.
    • Q Music Unlimited subscribers (in countries where the service is available) will receive 30 days free service.
    Additional "Welcome Back" entertainment and service offerings will be rolled out over the coming weeks as the company returns the PlayStation Network and Qriocity services to the quality standard users have grown to enjoy and strive to exceed those exceptions.
    SNEI will continue to reinforce and verify security for transactions before resuming the PlayStation Store and other Qriocity operations, scheduled for this month.
    For more information about the PlayStation Network and Qriocity services intrusion and restoration, keep an eye on PlayStation.Blog at blog.eu.playstation.com, twitter.com/PlayStationEU and eu.playstation.com for the latest updates.
  • esuhlesuhl Forumite
    9.4K Posts
    Part of the Furniture 1,000 Posts Name Dropper
    ✭✭✭✭
    davidfryuk wrote: »
    This is what I don't know. I assume it would be for breach of contract for loosing my data, thoughts? :question:

    I don't think you can sue someone just for breach of contract; you'd need to sue them for specific damages sustained as a result of the breach.
  • dizziblondedizziblonde Forumite
    4.3K Posts
    I've had the hack warning email, hubby hasn't (accounts set up at the same time). Never used my card online there though - if I want online content I tend to buy the pre-loaded cards.
    Little miracle born April 2012, 33 weeks gestation and a little toughie!
  • edited 2 May 2011 at 2:59PM
    moneysavingkittenmoneysavingkitten Forumite
    576 Posts
    edited 2 May 2011 at 2:59PM
    r1c0l1 wrote: »
    Taken from http://uk.playstation.com/home/news/articles/detail/item369506/PlayStation-Network-Restoration-Update/

    Central components of the "Welcome Back" programme will include:
    • Each territory will be offering selected PlayStation entertainment content for free download. Specific details of this content will be announced in each region soon.
    • All existing PlayStation Network customers will be provided with 30 days free membership in the PlayStation Plus premium service. Current members of PlayStation Plus will receive 30 days free service.
    • Q Music Unlimited subscribers (in countries where the service is available) will receive 30 days free service.

    That's so rubbish, not even one full free game? 30 day trial of PS Premium is practically like having a discount card for 30 days and I can't imagine many people feel like shopping in the PS Store at the moment. And different stuff for different regions, that means the UK is going to get not a lot and the US will get loads more doesn't it? Why isn't everyone data equal? Bit late for help with ID fraud as well isn't it?

    Also what happens if you don't have the PS3 or PSP you signed up with any more? Does that mean bye bye account?
    So so SO tired of being ripped off, and mislead
    Hope sharing saves some pain.
  • AshmaniacAshmaniac Forumite
    14 Posts
    I am sure that the CC info would have been encrypted as that would be standard practice for any company of that size. I do have a question though. Seeing as though the personal info was not encrypted and the hackers got their hands on it doesn't this create a breach of the data protection act? And if so are Sony liable to pay compensation to those affected?
  • AtomAtom Forumite
    295 Posts
    Ashmaniac wrote: »
    I am sure that the CC info would have been encrypted as that would be standard practice for any company of that size.

    I wouldn't be so sure about that.. Company's of this size do not expect to be breached ! There security would have been as lax as most servers - either that one of there employees where targeted.
    The only real security that a man can have in this world is a reserve of knowledge, experience and ability.
  • edited 3 May 2011 at 7:57AM
    JamesJames Forumite
    2K Posts
    Part of the Furniture 1,000 Posts Combo Breaker
    ✭✭✭✭
    edited 3 May 2011 at 7:57AM
    Martin, I beg you to inform readers of the proactive steps they can take to render their personal details worthless to crooks.

    NOT ONE SINGLE PERSON USING THIS SYSTEM (AS FAR AS I'M AWARE) HAS BEEN THE VICTIM OF APPLICATION FRAUD

    Check out freeidprotection.co.uk (Check out the Media Links on the Home Page [Bottom Right])

    Anyone can use the free id protection system right now. But what you could be done to render card details worthless to those crooks who would use them to purchase goods on the Internet, or by Mail Order or Telephone read on.

    There's no reason twhy he Free ID Protection System couldn't be adapted to deter Online shopping fraud.

    Here's how: Click here.


    Martin please have a look at the 'Free ID Protection' system. It allows INDIVIDUALS to lay down their terms and conditions, it's a proactive deterrent rather than a reactive warning system, and actually fingers crooks.
  • Freddie_SnowbitsFreddie_Snowbits
    4.3K Posts
    ✭✭✭✭
    James, having banked online since 1998 and IE3, stored passwords et al, I have never had a fraudulent transaction occur, though I have had a card canceled because of some rogue software engineer at a hotel chain cloning cards. It was spotted within hours by my bank, and apart from a little hassle at the time, I am sure that your brainwave you had in 2007 would not had prevented this from occurring, rather more, it would increase the cost of every transaction to boot.

    Vigilance in accounting, security software and use of good old fashioned ledgers deter and detect fraud.
  • JamesJames Forumite
    2K Posts
    Part of the Furniture 1,000 Posts Combo Breaker
    ✭✭✭✭
    James, having banked online
    Vigilance in accounting, security software and use of good old fashioned ledgers deter and detect fraud.

    Quite agree, but in n your words deter and detect. There is very little to deter and not a lot to detect. Hence the great value put by crooks on your personal and card details.

    Why be a victim in the first place? I commend Free ID Protection to you.


    It definitely:

    Deters, crooks and provideds an Indication & Warning to ALL lenders of attempted ID Theft

    Protects; Actually protects indiviuals. It's your own personal rules and your own personal ball game, where you have control of the ball.

    Identifies. Unique - in so much as IF ID Theft did occur, then the Law Enforcement Agencies would have something to go on. The perpetrators PRINT.
This discussion has been closed.
Latest MSE News and Guides