Timeline of Sony data theft

A detailed timeline of events in the PlayStation Network and Sony Online Entertainment data thefts.


Sony's Kaz Hirai has issued a letter in response to an inquiry from the US House Subcommittee on Commerce, Manufacturing, and Trade. It outlined several new details regarding how events unfolded after the data theft. We've combed through that information and Sony's prior communications on the matter to piece together this timeline of the cyber-attack that stole data from the PlayStation Network and other Sony online services.

  • April 4 (Monday) - Hacker group Anonymous targets Sony for denial of service attacks, in retaliation for Sony legal action against George Hotz (aka "GeoHot") and Graf_Chokolo

  • April 7 (Thursday) - Anonymous halts attacks, apologizes for inconveniencing users, and acknowledges diverse points of view within hacker group

  • April 17-19 (Sunday-Tuesday) - PlayStation Network and Sony Online Entertainment hacked, user data stolen

  • April 19 (Tuesday, 4:15 pm PDT) - Sony Network Entertainment America network team notices unauthorized activity due to unscheduled server reboots; team begins running logs to analyze data

  • April 20 (Wednesday, early afternoon) - Sony forms larger team to assist the investigation; network team discovers unauthorized intrusion and that unknown data had been transferred from the PlayStation Network; network team shuts down PSN; Sony retains a security and forensic consulting firm to assist in the investigation; Sony begins mirroring suspected servers

  • April 21 (Thursday) - Sony retains a second security and forensic consulting firm; Sony issues a statement suggesting the network could be down for "a day or two"

  • April 22 (Friday) - Sony Computer Entertainment America general counsel provides FBI with information about the intrusion; network team finishes mirroring 9 of the 10 suspected servers; Sony issues a statement admitting an "external intrusion"

  • April 23 (Saturday) - Network teams determine that sophisticated hackers deleted log files to hide activity within the network; Sony issues a statement regarding re-building the network infrastructure for better security

  • April 24 (Sunday) - Sony decides to retain a third forensic team to help determine the scope of the breach

  • April 25 (Monday) - Forensic teams are able to determine that user data had been stolen, but could not rule out whether credit card information had been accessed

  • April 26 (Tuesday) - Sony notifies public of data intrusion; Sony also notifies regulatory authorities in New Jersey, Maryland, and New Hampshire;

  • April 27 (Wednesday) - Sony meets with FBI regarding data intrusion; Sony notifies the regulatory authorities in Hawaii, Louisiana, Maine, Massachusetts, Missouri, New York, North Carolina, South Carolina, and Puerto Rico; Sony tells SOE users that their databases and servers are kept separate, and therefore safe

  • April 28 (Thursday) - Hacker groups claim to be selling credit card data; security analysts confirm the discussions are taking place, but cannot confirm the legitimacy of the list; one hacker claims to have tried selling to Sony, but Sony denies any knowledge of such a sale

  • April 30 (Saturday) - Sony holds a press conference in Tokyo, apologizing for the data theft and detailing the PSN Welcome Back program; Sony says that some services will resume in the coming week

  • May 1 (Sunday, afternoon) - Sony detects intrusion into Sony Online Entertainment, including a file titled "Anonymous" that reads "We are Legion"

  • May 2 (Monday, morning) Sony Online Entertainment servers taken offline, with a brief statement, "we have discovered an issue that warrants enough concern for us to take the service down effective immediately."

  • May 2 (Monday) - Sony receives Congressional inquiry; Sony issues a statement that 12,700 credit cards and 24.6 million accounts were compromised in SOE data theft

  • May 4 (Wednesday) - Sony's Kaz Hirai responds to Congressional inquiry, implicating Anonymous Group

As of the time of writing, both PlayStation Network and Sony Online Entertainment are still offline.

From The Chatty
  • reply
    May 4, 2011 12:30 PM

    Steve Watts posted a new article, Timeline of Sony data theft.

    A detailed timeline of events in the PlayStation Network and Sony Online Entertainment data thefts.

    • reply
      May 4, 2011 12:42 PM

      12,700 credit cards 'compromised'? wow..... so much for them being encrypted.

      • reply
        May 4, 2011 12:54 PM

        they said the PSN CCs were encrypted, not the SOE ones. different events

        • reply
          May 4, 2011 1:01 PM

          why would you encrypt one set of credit card numbers but not another? Honestly at this point i dont trust what sony announces, and have less trust for their services.

          • Ebu legacy 10 years legacy 20 years
            May 4, 2011 1:48 PM

            Because there are many teams working there, and apparently not all of them know what they should be doing.

            • reply
              May 5, 2011 10:39 AM

              Right, which is why i am saying that i dont trust the company anymore.
              To give your credit card information out...especially online...requires alot of trust. Trust that you wont get ripped off and the company provides the service you purchased, but also trust that they are storing your information appropriately. In this area, sony is clearly lacking.
              Its unrealistic to expect a system to be completely unhackable, but a certain amount of due diligence can be expected, and demanded, of a company. To not even encrypt the data, even if it is old, is pretty bad.

              So....in my opinion sony has proven themselves to be untrustworth and that is something that is very hard to come back from.

    • reply
      May 4, 2011 1:05 PM

      someone in the UK managed to spend over 2000 pounds on my CC last week before I noticed and had to cancel my card, and I live in Canada! bastards!

Hello, Meet Lola