Feeds

User data stolen in Sony PlayStation Network hack attack

Poorly secured system to remain offline

The Essential Guide to IT Transformation

Sony is warning its millions of PlayStation Network (PSN) users to watch out for identity-theft scams after hackers breached its security and plundered the user names, passwords, addresses, birth dates, and other information used to register accounts.

The stolen information may also include payment-card data, purchase history, billing addresses, and security answers used to change passwords, Sony said on Tuesday. The company plans to keep the hacked system offline for the time being, and to restore services gradually. The advisory also applies to users of Sony's related Qriocity network.

Sony's stunning admission came six days after the PlayStation Network was taken down following what the company described as an “external intrusion”.

Sony had already come under fire for a copyright lawsuit targeting customers who published instructions for unlocking the game console so it could run games and applications not officially sanctioned by the company. The criticism only grew after Sony lawyers sought detailed records belonging to hacker George Hotz, including the IP addresses of everyone who visited his jailbreaking website over a span of 26 months.

Hackers howled with displeasure saying they should have a right to modify the hardware they legally own. Sony recently settled that case, but Hotz, whose hacker moniker is GeoHot, has remained highly critical of the company. Many have also objected to the removal of the so-called OtherOS, which allowed PlayStation 3 consoles to run Linux.

Sony's advisory on Tuesday means that the company was likely storing passwords, credit card numbers, expiration dates, and other sensitive information unhashed and unencrypted on its servers. Sony didn't say if its website complied with data-security standards established by the Payment Card Industry.

Sony reminded users located in the US that they're entitled to receive one credit report per year from each of the three major credit bureaus. The company didn't offer to pay for any sort of credit monitoring service to help ensure the information it lost isn't used in identity-theft ruses against its users.

“When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password,” advises a letter that Sony is sending to its users.

Of course, that suggestion assumes users continue to trust Sony to safeguard their information and stand behind assurances that the PlayStation Network is secure, and at the moment there's little evidence to support that assumption. ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Tor attack nodes RIPPED MASKS off users for 6 MONTHS
Traffic confirmation attack bared users' privates - but to whom?
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.