Playstation Network suspended over 'external intrusion'

Playstation Network suspended over 'external intrusion'











An error message like this one greeted users trying to log-in to the Playstation Network



Continue reading the main story Related Stories

• Sony and Hotz settle hacking case
  
• Sony gets PS3 hack case details
  

Millions of gamers are unable to play online as the Playstation Network remains unavailable.
Users are seeing error messages stating the network is "undergoing maintenance" or is "suspended".
In a blog post,
maker Sony said it turned off the network on Wednesday after it
detected an "external intrusion" and that it was doing all it could to
resolve it the problem.

In recent weeks, Playstation has been targeted by hackers' group Anonymous.
The group appeared to deny being responsible for the attack, releasing a message stating "for once we didn't do it".

The network has more than 70 million users worldwide, but Sony were unable to clarify how many players had been affected.

However, Twitter messages and blog posts have been posted from all over the world.
The problems have also affected other services running on the
network. Film rental site LoveFilm confirmed to the BBC that their
customers are currently unable to stream films when using the
Playstation service.

This outage is the latest in a series of problems for the
network which has suffered extended periods of downtime over the past
few weeks.


In response, angry gamers have flooded blogs, forums and Twitter with complaints.
"A full day and you guys still have no clue what is causing this," wrote user Slickshoes in response to the company's blog post.
'Poor timing'


Another user, Max Smith, contacted the BBC to share his frustration that Sony is not keeping gamers better informed.
"To be honest I think that Sony need to give more updates
towards the gamers via their Twitter account. There has been no update
in the past 18 hours which is really making the community go crazy," he
said.

Oli Welsh, from Eurogamer.net, said the outage is a big problem for Sony - especially at Easter.
"As much as the weather's lovely, a lot of gamers will be looking forward to tucking in to their favourite hobby this week.
"It's also a pretty big week for new releases, the biggest
we've had in a couple of months. There's one really key game coming out
called Portal 2 which has a great online mode that a lot of people now
won't be able to access straight away.
"For gamers it's a shame, and for Sony it's a problem."

Anonymous, the group which gained notoriety over
Wikileaks-related attacks, has previously strongly criticised the
Japan-based entertainment giant over its treatment of George Hotz, an
American hacker who unlocked the games console's closed operating
system.
Sony filed a lawsuit against the 21-year-old, arguing that his hack had allowed pirated games to be played on the machine.
The case was dropped earlier this month after Mr Hotz agreed to sign an injunction banning him from similar behaviour in future.

A spokesperson for Sony was unavailable for comment.

Hah Sony sucks balls ^_^

Below is the full text of Sony's blog posting on the PlayStation Network hack and loss of personal data.
The latest information on the PlayStation Network service outage.
Thank you for your patience while we work to resolve the
current outage of PlayStation Network & Qriocity services. The
following email has been sent to all PSN registrants; please read the
help and support FAQ for more information.
Valued PlayStation Network/Qriocity Customer:

We have discovered that between April 17 and April 19, 2011,
certain PlayStation Network and Qriocity service user account
information was compromised in connection with an illegal and
unauthorized intrusion into our network. In response to this intrusion,
we have:

1) Temporarily turned off PlayStation Network and Qriocity services;

2) Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and

3) Quickly taken steps to enhance security and strengthen
our network infrastructure by re-building our system to provide you
with greater protection of your personal information.

We greatly appreciate your patience, understanding and
goodwill as we do whatever it takes to resolve these issues as quickly
and efficiently as practicable.

Although we are still investigating the details of this
incident, we believe that an unauthorized person has obtained the
following information that you provided: name, address (city,
state/province, zip or postal code), country, email address, birthdate,
PlayStation Network/Qriocity passwords and login and handle/PSN online
ID. It is also possible that your profile data, including purchase
history and billing address (city, state, zip), and your PlayStation
Network/Qriocity password security answers may have been obtained. If
you have authorized a sub-account for your dependent, the same data with
respect to your dependent may have been obtained. While there is no
evidence that credit card data was taken at this time, we cannot rule
out the possibility. If you have provided your credit card data through
PlayStation Network or Qriocity, to be on the safe side we are advising
that your credit card number (excluding security code) and expiration
date may also have been obtained.
For your security, we encourage you to be especially aware of
email, telephone, and postal mail scams that ask for personal or
sensitive information. Sony will not contact you in any way, including
by email, asking for your credit card number, social security, tax
identification or similar number or other personally identifiable
information. If you are asked for this information, you can be confident
Sony is not the entity asking. When the PlayStation Network and
Qriocity services are fully restored, we strongly recommend that you log
on and change your password. Additionally, if you use your PlayStation
Network or Qriocity user name or password for other unrelated services
or accounts, we strongly recommend that you change them, as well.


To protect against possible identity theft or other financial
loss, we encourage you to remain vigilant to review your account
statements and to monitor your credit or similar types of reports.


We thank you for your patience as we complete our
investigation of this incident, and we regret any inconvenience. Our
teams are working around the clock on this, and services will be
restored as soon as possible. Sony takes information protection very
seriously and will continue to work to ensure that additional measures
are taken to protect personally identifiable information. Providing
quality and secure entertainment services to our customers is our utmost
priority. Please contact us at uk.playstation.com/psnoutage should you
have any additional questions.

Sincerely,
Sony Network Entertainment

Sony has warned users of
its PlayStation Network that their personal information, including
credit card details, may have been stolen.


The company said that the data might have fallen into the
hands of an "unauthorised person" following a hacking attack on its
online service.

Access to the network was suspended last Wednesday, but Sony has only now revealed details of what happened.


Users are being warned to look out for attempted telephone and e-mail scams.
In a statement posted on the official PlayStation blog,
Nick Caplin, the company's head of communications for Europe, said: "We
have discovered that between April 17 and April 19 2011, certain
PlayStation Network and Qriocity service user account information was
compromised in connection with an illegal and unauthorized intrusion
into our network".

The blog posting lists the personal information that Sony believes has been taken.

• Name
  
• Address (city, state/province, zip or postal code)
  
• Country
  
• E-mail address
  
• Date of birth
  
• PlayStation Network/Qriocity passwords and login
  
• Handle/PSN online ID
  

Mr Caplin added: "It is also possible that your profile
data, including purchase history and billing address (city, state, zip),
and your PlayStation Network/Qriocity password security answers may
have been obtained.
"For your security, we encourage you to be especially aware
of email, telephone, and postal mail scams that ask for personal or
sensitive information."
Read the full text of Sony's PlayStation hack apology here.

Credit cards
Sony admitted that credit card information, used to purchase games, films and music, may also have been stolen.

"While there is no evidence that credit card data was taken at this time, we cannot rule out the possibility," Mr Caplin said.

"If you have provided your credit card data through
PlayStation Network or Qriocity, to be on the safe side we are advising
you that your credit card number (excluding security code) and
expiration date may also have been obtained."

Sony has not given any indication of how many PlayStation
Network users may have had their information taken, but the service has
around 77 million members worldwide.

Investigation
The UK's information commissioner, Christopher Graham, said that his organisation had already begun investigating the Sony hack.
He told BBC Radio 4's "You and Yours" programme, that it looked like "a very significant breach of data protection law".

The Information Commissioner's Office (ICO) has the power to impose fines of up to £500,

However, Mr Graham stressed that his ability
to take action would ultimately depend on whether data from the
PlayStation Network was stored in the UK - something he was still trying
to establish.

"It if turns out that it is our responsibility here in the UK, we would ask 'were the security measures appropriate'," he added.

'PR Disaster'
The theft of so much detailed customer data would be seen as a
"public relations disaster", according to Graham Cluley, senior
technology consultant at security firm Sophos.

"This is a big one," he told BBC News.

"The PlayStation Network is a real consumer product. It is in lots of homes all over the world.

"The impact of this could be much greater than your typical internet hack."

Mr Cluley warned that, even without credit card details, the
information taken was enough to help criminals carry out further attacks
on other services.
"Some people will use the same passwords on other sites. If I
was a hacker right now, I would be taking those e-mail addresses and
trying those passwords," he said.
User anger





Some streaming media services available on PlayStation have been affected by the outage




PlayStation users got their first indication that something was
wrong with the service when it became unavailable on Wednesday 20
April.

In the following days, Sony issued three brief statements
asking users to be patient while it investigated an "external
intrusion", or hack.

However, the fact that it took almost seven days for the company to reveal that data had been taken has angered some gamers.

Commenting on the Sony blog, Tacotaskforce wrote: "You waited
a week to tell us our personal information was compromised? That should
have been said last Thursday."

Another user Sid4peeps wrote: "This update is about 6 days
late. I think it is time to move to the other network, no regard for
customers here."

But some PlayStation users appeared to be happy with Sony's
handling of the matter. Ejsponge61 commented: "Wow, this is alot of
info. Thanks, this is very much appreciated by all of us PlayStation
fans."

The Sony PlayStation Network remains unavailable to users. The company has not said when service will be restored.

Sony has revealed that credit card details held on its PlayStation Network were stored in securely encrypted files.


The news offers some hope to users worried about their personal data after the online system was hacked.

Sony had previously warned that card numbers and expiry dates may have been among the stolen data.

However, other information, including dates of birth and home addresses, did not have the same level of protection.

The full extent of the security breach was revealed on Monday, following a week-long investigation by Sony.

The company said that up to 77 million PlayStation Network
members may have had their personal information taken during an
"external intrusion".

The FBI confirmed to BBC News that it was now involved and had been in contact with Sony in the United States.

One of the main concerns for users has been the issue of card security.
In a question and answer blog,
posted on the PlayStation website, the company said: "The entire credit
card table was encrypted and we have no evidence that credit card data
was taken.

"The personal data table, which is a separate data set, was
not encrypted, but was, of course, behind a very sophisticated security
system that was breached in a malicious attack."
The company has not revealed the type or strength of
protection given to credit card information, and Graham Cluley from
security firm Sophos warned that "encryption" could mean almost
anything.

"Some are as weak as tissue paper, and others can take millions of years to crack," he told BBC News.

"For instance, you could have an encryption that made every
'A' a 'D', every 'B' an 'E' etc, but that would be trivial to crack."

Unusual transactions
Sony suggested that users should keep a close eye on their
financial statements and alert their card issuer about any unusual
transactions.
That advice was echoed by Visa Europe, the company behind the
Visa payment system. It explained that if card data was found to have
been stolen and used to make unauthorised payments, users would not have
to pick up the bill.
"Cardholders who are innocent victims of fraud will get their
money back, subject to the terms and conditions of their bank," it said
in a statement.
PlayStation Network members were urged not to cancel their cards at this stage.

A spokesman for Barclaycard said that such action was
unnecessary until it was known if card numbers had fallen into the wrong
hands.

If that proved to be the case, Sony would need to hand over
the information to the UK Payments Administration - the umbrella body
that oversees financial transactions including bank transfers and card
payments.

The card numbers would then be identified and passed to
relevant banks who could block them from use or elevate the level of
monitoring for unusual activity.

Sony to resume some PlayStation gaming services





Sony
has said it will resume some services on its PlayStation Network, which
was shut after the theft of personal details of about 77m users.
Sony officials said they had boosted the security of their
computer systems after user names, email addresses and log-in details
were stolen.
Executives, including Kazuo Hirai, the head of Sony's PlayStation unit, apologised for the security breach.
The theft has prompted legal action and investigations in the US and Europe.
"The organisation has worked around the clock to bring these
services back on line and are doing so only after we had verified
increased levels of security across our networks," said Mr Hirai in a
statement.
He is seen as the frontrunner to take over as head of Sony Corp.
Deep bow
"These illegal attacks obviously highlight the widespread problem with cyber-security," Mr Hirai's statement said.



Kazuo Hirai is seen as a frontrunner to take over Sony Corp


Later, at a news conference, Mr Hirai and two other Sony executives apologised and bowed deeply.
"We apologise deeply for causing great unease and trouble to our users," he said.
PlayStation users got their first indication that something was wrong with the service when it became unavailable on 20 April.
In the following days, Sony issued three brief statements
asking users to be patient while it investigated an "external
intrusion", or hack.
The full extent of the security breach became apparent on 27 April.
In a statement posted on the official PlayStation blog,
the company said user account information for the PlayStation Network
and Qriocity services had been compromised following an "illegal and
unauthorized intrusion into our network".
Sony said that although credit card data was encrypted and
there was no evidence it was stolen, the theft of the data could not be
ruled out.
The PlayStation network allows gamers to download software and play with other users.