Sony answers questions about PlayStation Network data theft

Sony answered some of the most asked questions about the subscriber data stolen from its PlayStation Network and Qriocity services.

24

A fresh post from Sony senior director corporate communication and social media Patrick Seybold answers some of the most asked questions in the wake of Sony's disclosure that subscriber data has been stolen from the PlayStaion Network and Qriocity services. The highlights include:

  • Confirmation that all credit card numbers were stored in an encrypted format and that there is no evidence that data was taken.

  • Admission that personal data maintained in a separate data table was not encrypted.

  • Recommendation that if you use the same username and password elsewhere that those passwords be changed.

  • For those trying to figure out which card was on their account, the first four and last four digits of the card number would be on a confirmation email from DoNotReply@ac.playstation.net if you used it to fund your online wallet.

  • A new system software update will rollout with the restoration of the PlayStation Network requiring all users to change their password.

  • Sony is working with law enforcement personnel and proceeding aggressively to find those responsible, wherever they may be around the world.

No additional update on when the service might be back online was given beyond reiterating that Sony expects to have some services up within a week from yesterday. That timetable also comes with the disclaimer that they will only start to turn it back on when they are "confident that the network is secure."

From The Chatty
  • reply
    April 27, 2011 5:50 PM

    Garnett Lee posted a new article, Sony answers questions about PlayStation Network data theft.

    Sony answered some of the most asked questions about the subscriber data stolen from its PlayStation Network and Qriocity services.

    • reply
      April 27, 2011 6:06 PM

      Only half a comfort.

      • reply
        April 27, 2011 6:08 PM

        at least it hopefully puts to bed the question whether the passwords were encrypted or not

        • reply
          April 27, 2011 6:15 PM

          wtf, i meant to say credit cards. all this password talk is too much sometimes

      • reply
        April 27, 2011 6:11 PM

        That's true. I wonder if it will ever be clear who/what is the cause.

    • reply
      April 27, 2011 6:14 PM

      [deleted]

      • reply
        April 27, 2011 6:17 PM

        looks like they still haven't addressed that, specifically. personal data, no, but does that include passwords?

        • reply
          April 27, 2011 6:20 PM

          If they haven't told us that they were encrypted by this point, I would assume that they were not and they don't want to talk about it because its fucking retarded on their part.

          • reply
            April 27, 2011 7:20 PM

            [deleted]

            • reply
              April 27, 2011 7:23 PM

              Can a one-way hashed and salted value be rainbow tabled? Too bad most of what was compromised actually needed to stay unsalted and two-way encrypted anyhow so that it could be used for recurring billing.

            • reply
              April 27, 2011 7:24 PM

              If people are using non-dictionary passwords, they should still be pretty well protected, no?

      • reply
        April 27, 2011 6:20 PM

        Yeah, user names, passwords, and all the rest were apparently in the second data set that was not encrypted and was stolen.

        • reply
          April 28, 2011 5:56 AM

          And that's completely inexcusable. It is literally "ASP/PHP/Ruby for Dummies" level stuff that has been disregarded for a 50m+ user commerce-based system.

          I'm starting to wonder if Sony placed all their eggs in one basket with the PS3, that they focused all their efforts on securing the consumer hardware and cut corners elsewhere as that hardware acted as their ultimate 'firewall'. It would explain why they went after PS3 exploiters so aggressively - it was their entire security model at stake.

          • reply
            April 28, 2011 2:46 PM

            I would be ok if the password was at least hashed. If its neither hashed or encrypted, then I see a large problem.

      • reply
        April 27, 2011 7:19 PM

        PsnUserPasswords.txt

    • reply
      April 27, 2011 7:08 PM

      The koolaid must be strong to roll over for this kind of thing. Consumers have to be furious or it's only downhill from here. I'm sick of the onslaught from the corporations - if you're complacent, you deserved this happening.

      • reply
        April 28, 2011 12:44 PM

        Oh get the fuck over yourself. You sound like a seventeen year old kid fresh into college. "Corporations maannnnn, they're like....out to get you and stuff. Fight the man dogg!"

        People make mistakes. Yes, this was a mistake with my data, and I'm pissed, but stop talking like a retard.

        • reply
          April 28, 2011 1:47 PM

          And you're the reason this country [The US] sucks.

        • reply
          April 28, 2011 2:07 PM

          I dont see how people keep defending Sony. It was not a mistake it was neglect. They did not tell us what was going on until a week after. Stop fucking defending them. Customers have a right to be very angry. Get that through your head, then try to form a better argument that mannnnnnnnnn.

      • reply
        April 28, 2011 11:30 PM

        "if you're complacent, you deserved this happening." what, so everyone who signed up for PSN and isn't pissed off at Sony deserved this? i agree with the above poster, get over yourself.

        • reply
          April 29, 2011 5:32 AM

          Oh so let me guess my friends that was raped for trusting a friend so she deserved have had that happen to her.

          I deserved to be held up at knife point because I went to work on freaking morning and was doing my job

          Another friend of mine deserved to be held up at gun point just for WALKING HOME!!...

          Like Really... REALLY?

          When you people and this sites get a clue... This was and is a crime. yes 70 million people are now victims Of the largest Information Heist in history.

          • reply
            April 29, 2011 5:33 AM

            Nwillard that this was not directed towards you but the comment you commented on... Sorry if there is was any confusion

      • reply
        April 29, 2011 9:28 AM

        lol

    • reply
      April 28, 2011 1:37 PM

      [deleted]

      • reply
        April 28, 2011 2:47 PM

        I know pigs will fly when this happens but Steam teaming up with sony's PSN.... Food for thought...

    • reply
      April 29, 2011 5:47 AM

      http://bits.blogs.nytimes.com/2011/04/28/hackers-claim-to-have-playstation-users-card-data/?ref=technology

      Just read this on the NYtimes website

      go figure they used a hacked PS3 who would have thought

    • reply
      April 29, 2011 6:59 AM

      There is a security standard that companies are required to follow when storing personal, credit card, or other payment type of data. It's called PCI. And apparently Sony failed to impliment it correctly - or all that data would have been encrypted.

    • reply
      April 29, 2011 8:37 AM

      proof that consoles are for noobs. xD

      • reply
        April 29, 2011 8:42 AM

        but seriously, i'm laughing @ all the outrage w/ PSN; it's some black-hat who is stealing/selling personal info. as for PCI DSS, it's a standard, not a law, and it's not so specific that it can prevent every attack from happening, just a guideline which outlines fundamentals of a secure business information system.

Hello, Meet Lola