Skip to navigation
Latest News

Fury as Sony takes a week to admit credit-card hack

Credit cards

By Barry Collins

Posted on 26 Apr 2011 at 21:31

PlayStation users have reacted furiously, after Sony admitted customers' credit-card details may have been stolen in a hack attack.

The PlayStation Network - the console's online gaming service - has been down for the best part of the week as Sony battled with an unidentified security issue.

The company tonight broke its silence, admitting that customers' personal details - and possibly their credit-card data - have been stolen.

While there is no evidence at this time that credit-card data was taken, we cannot rule out the possibility

"We have discovered that between 17 April and 19 April 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorised intrusion into our network," the company announced on the PlayStation Blog.

"Although we are still investigating the details of this incident, we believe that an unauthorised person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID.

"It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained."

Sony also concedes that payment data may have been compromised. "While there is no evidence at this time that credit-card data was taken, we cannot rule out the possibility," the company said. "If you have provided your credit-card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."

Users' anger

Many customers are angry that Sony has taken so long to admit to the scale of the problem. "Not thrilled that Sony waited a week to mentioned that personal info may have been stolen," said Twitter user @MrPsycohed.

"Wow! Personal details stolen, and possibly credit card details too. And Sony took a week to tell everyone," added @RandomStanYau

"So tempted to trade in my PS3," said @thisisnath. "You messed up big time Sony."

Customer advice

Sony has stopped short of advising customers to cancel their credit cards, but is warning users to keep a close eye on their financial affairs. "To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports," the company states.

It's also warning users of the potential of secondary attacks. "If you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them," Sony adds.

Ironically, Sony is advising customers to change their PlayStation Network logins and passwords - although the service isn't yet back up and running.

Is your business a social business? For helpful info and tips visit our hub.

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here
User comments

Ouch

In some ways this makes me glad that I have an Xbox 360 rather than a PS3, but still surely this amounts to negligence on the side of Sony of not disclosing this information sooner. Also, consumers may possibly have a legitimate claim for compensation as per the legislation in the Data Protection Act.

This one could be far reaching and never ending for Sony- even if their share price has only fallen .5% so far...

By willdamien on 26 Apr 2011

NOT a GAME

Well done Sony (NOT).

The idea is along the lines of...

Cloud Computing = Scotch Mist!

By lenmontieth on 27 Apr 2011

Lapses

It is not just poor but perturbing that so many company's are "losing" customers data.

Any Company compromising customer data, costs customers extra.

The failing company should:
1. Pay customers for loss of private data.
2. The time and inconvenience in putting matters right.
3. Any Insurance increases because of the companies failure.

By lenmontieth on 27 Apr 2011

Hiding the truth to save face

SONY finally admitted what they've tried for a week to cover up.
Very poor.
Perhaps an additional seven days warning could have allowed the hackers less of a head-start to sell our identities?

By cheysuli on 27 Apr 2011

Shocking

I will now have to spend the morning changing a whole raft of passwords. OK, you probably shouldn't use the same password for other accounts, but let's face it, who has the capacity and time to set a different password for all the online accounts you have.

This is a major lapse of security for Sony. Sony has always been a permier brand for me and this incident has severely damaged their image.

However, even though I have an Xbox, I'm not going to take the Apple Mac attitude and consider myself safe.

By Jules75 on 27 Apr 2011

Pony Baloney

taking down a 70million user network that is NOT free,
whilst advertising your wares sponsoring films on TV,
not providing any official communication
or apology to your users for a disconnected playstation,
Then deciding in your infinite wisdom
to 'rebuild' your flaky system,
that should justify a few more days
of you cowering in the corner and allow you to delay
the inevitable truth about our personal data.
You really are scum; i'm now a Sony hater.

By BaseII on 27 Apr 2011

@Jules75

Different password for every service. It isn't that hard, especially with something like LastPass or a password safe.

By big_D on 27 Apr 2011

@big_D

Indeed. For those who now have to change a raft of passwords, you do need to take some (a lot?) of the responsibility for not having a well thought out approach to passwords on the net.

By Aspicus on 27 Apr 2011

@ Big D

Funny you should say that, I just purchased Password Depot 5 which has indeed made it easier.

Saying that, with the current password count in PD5 at 27 passwords (and that's just the sites I use a lot), I would still say having a unique password for each that you can easily remember (without having to look it up) is still a challege. Especially for those who are less tech savy (not me of course lol).

By Jules75 on 27 Apr 2011

I thought that the big credit card providers required any data to be encripted?
Maybe they will have something to say about this.

By Ex_Sailor on 27 Apr 2011

Passwords

One trick is to use memorable dates, and the shift key on every 2nd (or 3rd) character.

I use random passwords for important services (bank, email), one of a selection of standard passwords for less important (social networks) and crappy passwords for crappy sites (shops who don't store my CC details and, thankfully, PSN).

By radicalbyte on 27 Apr 2011

A case of another huge company losing their customer's personal data

It makes a change for it not to be a government agency I suppose!

For anyone worried that their personal data could be included in this, I would definitely recommend checking your credit report. There a three providers in the UK, Experian, Equifax and CallCredit. You can get your report free from all three when you sign-up for their 30 day free trial.

There is a good comparison at http://www.whichcreditreport.co.uk

They also have some great advice about avoiding becoming a victim of identity theft.

By jemima on 2 May 2011

Leave a comment

You need to Login or Register to comment.

(optional)

advertisement

Latest Blog Posts Subscribe to our RSS Feeds
Latest ReviewsSubscribe to our RSS Feeds
Latest Real World Computing

advertisement

Sponsored Links
 
SEARCH
Loading
WEB ID
SIGN UP

Your email:

Your password:

remember me

advertisement


Hitwise Top 10 Website 2010
 
 

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.