Sony has admitted that as a result of the hack which prompted it to take the PSN offline, hackers have stolen the personal data of all of its users, including their name and address, date of birth, passwords and security questions, purchase history and possibly credit card info.
In its latest official announcement, Sony claims it will have services restored within a week of when service will resume, but does provide extensive details about just how badly it has been compromised:
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided:
Name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID.
It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained.
If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained.
While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility.
If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information.
Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking.
When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password.
Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.
[Sony also provides details on how US residents can make it more difficult for criminals to fraudulently make credit cards in their name now hackers have all their personal info]
As most people tend to utilise the same passwords and password prompts on multiple sites, even with no personal or credit card data leaked, a great many users are likely to be placed at considerable risk.
The most recent rumour regarding the actual cause of the outage suggests that the latest cracked firmware allowed users of hacked PS3s to download any and all paid PSN content and DLC for free using fake credit card numbers, prompting Sony to pull the entire service.
Sony has so far been silent regarding such theories, but the admission that so much personal data has been compromised suggests Sony’s security lapse has been on a catastrophic scale and that the consequences may be far-reaching – not least when everyone starts suing Sony.
Meanwhile, Microsoft is apparently experiencing an Xbox Live outage of its own – because so many people are creating new accounts with them, their servers are experiencing some difficulties.
Wow, I’am a 360 guy but even Iam saddened by this development, it’s good to know that the banks are on te ready, it’s sad that sony is being put ‘under the bus’ like this even after the quake an all….. Not exactly a karma balance from west to east 🙁
god damn it, hopefully sony fixes this 😛
Onoes some company doesn’t protect you against low life hackers, BLAME THE COMPANY!
“download any and all paid PSN content and DLC for free”
Can’t be that much of a problem. PS haz no gaemz lol.
Oh ok
http://psx-scene.com/forums/f6/call-privacy-modern-spyware-playstation-network-81141/
Well if you leave info unencrypted like that for two months that’s called “Letting” and it’s not like Sony didn’t that site or any other ps3 hacking site; they are in all if not most of their legal papers in the George Hotz case.