Fury as Sony takes a week to admit credit-card hack
By Barry Collins
Posted on 26 Apr 2011 at 21:31
PlayStation users have reacted furiously, after Sony admitted customers' credit-card details may have been stolen in a hack attack.
The PlayStation Network - the console's online gaming service - has been down for the best part of the week as Sony battled with an unidentified security issue.
The company tonight broke its silence, admitting that customers' personal details - and possibly their credit-card data - have been stolen.
While there is no evidence at this time that credit-card data was taken, we cannot rule out the possibility
"We have discovered that between 17 April and 19 April 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorised intrusion into our network," the company announced on the PlayStation Blog.
"Although we are still investigating the details of this incident, we believe that an unauthorised person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID.
"It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained."
Sony also concedes that payment data may have been compromised. "While there is no evidence at this time that credit-card data was taken, we cannot rule out the possibility," the company said. "If you have provided your credit-card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."
Many customers are angry that Sony has taken so long to admit to the scale of the problem. "Not thrilled that Sony waited a week to mentioned that personal info may have been stolen," said Twitter user @MrPsycohed.
"Wow! Personal details stolen, and possibly credit card details too. And Sony took a week to tell everyone," added @RandomStanYau
"So tempted to trade in my PS3," said @thisisnath. "You messed up big time Sony."
Sony has stopped short of advising customers to cancel their credit cards, but is warning users to keep a close eye on their financial affairs. "To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports," the company states.
It's also warning users of the potential of secondary attacks. "If you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them," Sony adds.
Ironically, Sony is advising customers to change their PlayStation Network logins and passwords - although the service isn't yet back up and running.
Is your business a social business? For helpful info and tips visit our hub.
In some ways this makes me glad that I have an Xbox 360 rather than a PS3, but still surely this amounts to negligence on the side of Sony of not disclosing this information sooner. Also, consumers may possibly have a legitimate claim for compensation as per the legislation in the Data Protection Act.
This one could be far reaching and never ending for Sony- even if their share price has only fallen .5% so far...
By willdamien on 26 Apr 2011
NOT a GAME
Well done Sony (NOT).
The idea is along the lines of...
Cloud Computing = Scotch Mist!
By lenmontieth on 27 Apr 2011
It is not just poor but perturbing that so many company's are "losing" customers data.
Any Company compromising customer data, costs customers extra.
The failing company should:
1. Pay customers for loss of private data.
2. The time and inconvenience in putting matters right.
3. Any Insurance increases because of the companies failure.
By lenmontieth on 27 Apr 2011
Hiding the truth to save face
SONY finally admitted what they've tried for a week to cover up.
Perhaps an additional seven days warning could have allowed the hackers less of a head-start to sell our identities?
By cheysuli on 27 Apr 2011
I will now have to spend the morning changing a whole raft of passwords. OK, you probably shouldn't use the same password for other accounts, but let's face it, who has the capacity and time to set a different password for all the online accounts you have.
This is a major lapse of security for Sony. Sony has always been a permier brand for me and this incident has severely damaged their image.
However, even though I have an Xbox, I'm not going to take the Apple Mac attitude and consider myself safe.
By Jules75 on 27 Apr 2011
taking down a 70million user network that is NOT free,
whilst advertising your wares sponsoring films on TV,
not providing any official communication
or apology to your users for a disconnected playstation,
Then deciding in your infinite wisdom
to 'rebuild' your flaky system,
that should justify a few more days
of you cowering in the corner and allow you to delay
the inevitable truth about our personal data.
You really are scum; i'm now a Sony hater.
By BaseII on 27 Apr 2011
Different password for every service. It isn't that hard, especially with something like LastPass or a password safe.
By big_D on 27 Apr 2011
Indeed. For those who now have to change a raft of passwords, you do need to take some (a lot?) of the responsibility for not having a well thought out approach to passwords on the net.
By Aspicus on 27 Apr 2011
@ Big D
Funny you should say that, I just purchased Password Depot 5 which has indeed made it easier.
Saying that, with the current password count in PD5 at 27 passwords (and that's just the sites I use a lot), I would still say having a unique password for each that you can easily remember (without having to look it up) is still a challege. Especially for those who are less tech savy (not me of course lol).
By Jules75 on 27 Apr 2011
I thought that the big credit card providers required any data to be encripted?
Maybe they will have something to say about this.
By Ex_Sailor on 27 Apr 2011
One trick is to use memorable dates, and the shift key on every 2nd (or 3rd) character.
I use random passwords for important services (bank, email), one of a selection of standard passwords for less important (social networks) and crappy passwords for crappy sites (shops who don't store my CC details and, thankfully, PSN).
By radicalbyte on 27 Apr 2011
A case of another huge company losing their customer's personal data
It makes a change for it not to be a government agency I suppose!
For anyone worried that their personal data could be included in this, I would definitely recommend checking your credit report. There a three providers in the UK, Experian, Equifax and CallCredit. You can get your report free from all three when you sign-up for their 30 day free trial.
There is a good comparison at http://www.whichcreditreport.co.uk
They also have some great advice about avoiding becoming a victim of identity theft.
By jemima on 2 May 2011
- 20 years of PC Pro: our best covers
- Why we've closed the PC Pro forums
- How to turn off Google Location Tracking
- 20 years of PC Pro: our greatest review mistakes
- 20 years of PC Pro: our first A-List
- Wikipedia's "right to be forgotten" protest hits the wrong note
- 3D printing hits the high street for plastic selfies
- 20 years of PC Pro: What amazed us in our first issue
- How Google Glass ruined my lunch hour
- Smartphone battery packs: can a USB power pack beat the festival battery blues?
- How to write your company's IT security policy
- The key to choosing a secure password
- Please stop reposting fake Facebook messages
- Is Facebook safe for business?
- Don't rely on Chrome's password vault
- Facebook Graph Search: don't panic
- Gmail drafts and Pastebin: could they evade the email snoops?
- Applying for a job at GCHQ? Here's your plain-text password
- Google two-step verification: a must for business email
- Yes, I write down my passwords