Sony admitted that user information including login credentials and credit card numbers have been leaked.
Sony yesterday issued a statement regarding the ongoing PSN outage, confirming speculation that personal information such as credit card numbers and other details may have been compromised.
“We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network,” Sony said on the company’s blog.
Sony confirmed that an “unauthorized person” had gained access to information such as “name, address (city, state, zip), country, e-mail address, birth date, PlayStation Network/Qriocity password and login, and handle/PSN online ID,” including “purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers.” More worryingly, Sony said it was uncertain if credit card information had been stolen.
“While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility,” the Sony spokesperson said. “If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.”
Fortunately, Sony says that they now have a “clear path to have PlayStation Network and Qriocity systems back online and expect to restore some services within a week.” The company will be taking a three-pronged approach to the situation. The first was to bring down the Playstation Network to avoid any further attacks. Sony have also got a “recognized security firm” on board to “conduct a full and complete investigation into what happened.” Finally, the electronics giant said that it is currently taking steps to “enhance security and strengthen our network infrastructure by rebuilding our system.”
In separate statement, Sony clarified why it took so long for them find out if data had been compromised.
“We wanted to take this opportunity to clarify a point and answer one of the most frequently asked questions today.
“There’s a difference in timing between when we identified there was an intrusion and when we learned of consumers’ data being compromised. We learned there was an intrusion 19th April and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly yesterday evening.
“For those who were looking there’s also an FAQ with some more on frequently asked questions.
“Thank you for your continued patience and support.”