The U.S. PlayStation Blog has finally been updated with more information on what's going on with the PlayStation Network and what Sony is doing to expedite the process (thanks to Flamespeak and Andrew Eisen).
SCEA's Patrick Seybold (Sr. Director, Corporate Communications & Social Media) said that the service would be back on "within the week," and that they "have a clear path to have PlayStation Network and Qriocity systems back online." This week's releases have been rescheduled for a later time as well - though when that time will be remains a mystery. A letter from SCEA has been sent to PSN account holders’ emails explaining the security breach of the network.
The letter details the steps that SCEA has taken to deal with what it calls a security breach including temporarily turning off PlayStation Network and Qriocity services and bringing in a high profile security firm to conduct a "full and complete investigation." SCEA also says that it has "enhanced security" by re-building the entire system.
On what exactly happened, the letter notes:
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
Finally, SCEA thanks PSN users for their patience:
We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at 1-800-345-7669 should you have any additional questions.
Source: U.S. PlayStation Blog
Comments
Re: SCEA: PlayStation Network Back Online 'Within the Week'
At the end of the day this isn't really any worse than any of the other massive data breaches that have occurred at every place from Amazon and Wal-Mart to the banks themselves.
The only difference here is that there was a highly visible service interruption which makes this SOUND much worse than it is. Normally there isn't such a highly visible interruption coupled with the data compromise.
There really isn't a need to go changing your credit card yet. I would change your email password but monitor your credit card statement, watch your credit report (maybe put a fraud alert on it) and just be vigilant.
IF the credit card data was compromised (and that has NOT been confirmed) they have MILLIONS of individual account info so the odds of them using YOURS are very long. You have to weigh the danger against the sheer inconveinence of changing all your credit card info, notifying any auto-bill locations etc.
Re: SCEA: PlayStation Network Back Online 'Within the Week'
Let's HOPE Sony's telling the truth that they shut everything down themselves so stuff like that couldn't be stolen.
Of course, the truth will out by the end of the week, sadly enough...
Re: SCEA: PlayStation Network Back Online 'Within the Week'
Oh man, looks like I gotta tell my friend to check on his credit card stament to make sure nothing is wrong.
http://www.magicinkgaming.com/
Re: SCEA: PlayStation Network Back Online 'Within the Week'
Name, address, and date of birth. That's bad. It's a lucky break I only use prepaid cards (because I was afraid of just this happening).
Re: SCEA: PlayStation Network Back Online 'Within the Week'
Thank God I don't have a credit card.
Re: SCEA: PlayStation Network Back Online 'Within the Week'
This is so awesome.
I don't believe that they actually know whether the customer information was stolen or not. I don't think Sony knows anything about what's going on in their network. They're just assuming the worst based on the fact that the hackers had the keys to their entire network infrastructure.
That being said...I keep wondering how anyone could steal my PSN password even if they had access. Surely Sony with all their wizdom and network security expertise would keep my passwords encrypted. /sarcasm
-- http://pixelantes.blogspot.com/
Re: SCEA: PlayStation Network Back Online 'Within the Week'
"That being said...I keep wondering how anyone could steal my PSN password even if they had access."
Password hint answers aren't encrypted, in case you need to give them to a human over the phone.
Re: SCEA: PlayStation Network Back Online 'Within the Week'
I was just thinking the same thing. Then I remember that we're talking about the guys who completely fucked up basic cryptography on their console.
http://en.wikipedia.org/wiki/ECDSA#Signature_generation_algorithm
Re: SCEA: PlayStation Network Back Online 'Within the Week'
Re: SCEA: PlayStation Network Back Online 'Within the Week'
Umm, wow. Sony really set themselves up for a whole heap of trouble if all this information for folks (potentially myself included) was stolen.