Feeds

User data stolen in Sony PlayStation Network hack attack

Poorly secured system to remain offline

Beginner's guide to SSL certificates

Sony is warning its millions of PlayStation Network (PSN) users to watch out for identity-theft scams after hackers breached its security and plundered the user names, passwords, addresses, birth dates, and other information used to register accounts.

The stolen information may also include payment-card data, purchase history, billing addresses, and security answers used to change passwords, Sony said on Tuesday. The company plans to keep the hacked system offline for the time being, and to restore services gradually. The advisory also applies to users of Sony's related Qriocity network.

Sony's stunning admission came six days after the PlayStation Network was taken down following what the company described as an “external intrusion”.

Sony had already come under fire for a copyright lawsuit targeting customers who published instructions for unlocking the game console so it could run games and applications not officially sanctioned by the company. The criticism only grew after Sony lawyers sought detailed records belonging to hacker George Hotz, including the IP addresses of everyone who visited his jailbreaking website over a span of 26 months.

Hackers howled with displeasure saying they should have a right to modify the hardware they legally own. Sony recently settled that case, but Hotz, whose hacker moniker is GeoHot, has remained highly critical of the company. Many have also objected to the removal of the so-called OtherOS, which allowed PlayStation 3 consoles to run Linux.

Sony's advisory on Tuesday means that the company was likely storing passwords, credit card numbers, expiration dates, and other sensitive information unhashed and unencrypted on its servers. Sony didn't say if its website complied with data-security standards established by the Payment Card Industry.

Sony reminded users located in the US that they're entitled to receive one credit report per year from each of the three major credit bureaus. The company didn't offer to pay for any sort of credit monitoring service to help ensure the information it lost isn't used in identity-theft ruses against its users.

“When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password,” advises a letter that Sony is sending to its users.

Of course, that suggestion assumes users continue to trust Sony to safeguard their information and stand behind assurances that the PlayStation Network is secure, and at the moment there's little evidence to support that assumption. ®

How to simplify SSL certificate management

More from The Register

next story
Nothing illegal to see here: Tribunal says TEMPORA spying is OK
Rules mass surveillance is legal, in principle at least
Google kills CAPTCHAs: Are we human or are we spammer?
Do you make up these questions, Mr Wonka?
Author fined $500k in first US spyware conviction
100,000 creeps buy mobe-watching wares
Sony Pictures struggles as staff details, salaries and films leaked
Fury and Annie now doing the rounds - along with staff's privates
Stupid humans and their EXPENSIVE DATA BREACHES
Non-human cockups only account for 7% of leaks
Australian Government funds effort to secure wearable data pulses
Skipping hand-in-hand with government and insurance company databases
prev story

Whitepapers

Virtual desktop cost analysis
The downward trend in desktop virtualization costs and how this trend is prompting organizations to evaluate their own physical PC costs.
Manage security in real time
How security information and event management (SIEM) can work, but also shows how SIEM will become an essential feature of your security environment.
The Escalating Threat of DDoS Attacks
With increasing frequency and scale, some of the world’s largest data center and network operators are suffering from crippling Distributed Denial of Service (DDoS) attacks.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Everything a site builder wants to know
The major changes in Drupal 8 for end users, site builders, designers and front-end developers, and for back-end developers - part 2.