Sony Hacked!

Valued PlayStation Network/Qriocity Customer:

We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:

1) Temporarily turned off PlayStation Network and Qriocity services;

2) Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and

3) Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence that credit card data was taken at this time, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, to be on the safe side we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security, tax identification or similar number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your account statements and to monitor your credit or similar types of reports.

We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at www.eu.playstation.com/psnoutage should you have any additional questions.

Sincerely,
Sony Network Entertainment and Sony Computer Entertainment Teams

donweir wrote:it's a good thing we don't have any xbox 360 fanboys on the site, they might laugh at this kind of thing.

Central components of the "Welcome Back" programme will include:

• Each territory will be offering selected PlayStation entertainment content for free download. Specific details of this content will be announced in each region soon.

• All existing PlayStation Network customers will be provided with 30 days free membership in the PlayStation Plus premium service. Current members of PlayStation Plus will receive 30 days free service.

• Q Music Unlimited subscribers (in countries where the service is available) will receive 30 days free service.

Sony Computer Entertainment introduces increased security measures ahead of PSN service restoration.

Sony Computer Entertainment (SCE) and Sony Network Entertainment International (SNEI, the company) will today begin a phased restoration by region of PlayStation Network and Qriocity services. The phased restoration will be on a country by country basis beginning in the Americas, Europe, Australia, New Zealand and the Middle East.

The first phase of restored services for North America and Europe will include:

Sign-in for PlayStation Network and Qriocity services, including the resetting of passwords.
Restoration of online gameplay across PlayStation 3 and PSP.
Playback rental video content, if within rental period, of PlayStation Store Video Store on PS3, PSP and Media Go.
Q Music Unlimited, for current subscribers, on PS3 and PC.
Access to third party services such as VidZone and MUBI.
'Friends' category on PS3, including Friends List, Chat Functionality, Trophy Comparison, etc.
PlayStation Home.
Increased Security Measures

As the result of a criminal cyber attack on the company's data centre located in San Diego, California, USA, SNEI shut down the PlayStation Network and Qriocity services on 20 April 2011, in order for the company to undergo an investigation and make enhancements to the overall security of the network infrastructure.

Working closely with several respected outside security firms, the company has implemented new and additional security measures that strengthen safeguards against unauthorized activity, and provide consumers with greater protection of their personal information.

The company has made considerable enhancements to the data security, including updating and adding advanced security technologies, additional software monitoring and penetration and vulnerability testing, and increased levels of encryption and additional firewalls.

The company also added a variety of other measures to the network infrastructure including an early warning system for unusual activity patterns that could signal an attempt to compromise the network.

"I'd like to send my sincere regret for the inconvenience this incident has caused you, and want to thank you all for the kind patience you've shown as we worked through the restoration process," said Kazuo Hirai, Executive Deputy President, Sony Corporation.

"I can't thank you enough for your patience and support during this time. We know even the most loyal customers have been frustrated by this process and are anxious to use their Sony products and services again. We are taking aggressive action at all levels to address the concerns that were raised by this incident, and are making consumer data protection a full time, company-wide commitment."

"During the past 18 months, we've seen a dramatic rise in the volume of cyber attacks, their sophistication and their impact on businesses. Thwarting cyber-crime requires an evolutionary approach to security that is well integrated, reduces risk exposure and improves efficiencies," said Francis deSouza, senior vice president, Enterprise Security Group, Symantec. "Today's cyber crime attacks are proving to be more covert, more targeted and better organized than those we've seen in years past. In working with Sony on the move of their data centre, it's clear they're implementing measures to reduce security risks moving forward."

As an additional measure, Fumiaki Sakai, president of Sony Global Solutions Inc. (SGS), has been appointed acting Chief Information Security Officer of SNEI. In addition to his current role at SGS, Mr Sakai, in his role at SNEI, will work to further reinforce overall information security across the company's network infrastructure.

Mr Sakai will lead the recruiting effort in finding a new and permanent CISO for SNEI. As CISO, Mr. Sakai will report to Tim Schaaff, president, SNEI, as well as to Mr Shinji Hasejima, CIO, Sony Corporation.

"While we understand the importance of getting our services back online, we did not rush to do so at the expense of extensively and aggressively testing our enhanced security measures. Our consumers' safety remains our number one priority," Hirai continued. "We want to assure our customers that their personal information is being protected with some of the best security technologies available today, so that everyone can feel comfortable enjoying all that PlayStation Network and Qriocity services have to offer."

The restoration of the services across the Americas, Europe, Australia, New Zealand and the Middle East are beginning, and consumers will be able to enjoy some of the online functionality provided by both the PlayStation Network and Qriocity services. The company expects to have the services fully restored by the end of May 2011.

The company will be offering customers a "Welcome Back" package of services and premium content to all registered PlayStation Network and Qriocity account services.

The details of this program will be available at eu.playstation.com/welcomeback shortly.

Before you start using PlayStation Network again...

In restoring PSN, we have introduced a safety measure which means you will need to update your PlayStation Network account password before you can start using PSN again.

If you've got a PlayStation 3, you can do this by updating to system software version 3.61 and then signing in to PlayStation Network from the XMB (XrossMediaBar) Menu. Find out more at eu.playstation.com/ps3/support/system-software.

Otherwise, you can change your password by visiting https://store.playstation.com/login.gvm on your PC. It shouldn't take more than a few minutes and if you'd like more help you can follow the step by step guide at eu.playstation.com/psppsn.

Please contact us at uk.playstation.com/psnoutage should you have any additional questions. For more information about the PlayStation Network and Qriocity services intrusion and restoration, keep an eye on PlayStation.Blog at blog.eu.playstation.com, twitter.com/PlayStationEU and eu.playstation.com for the latest updates.

According to reports on Nyleveia.com, Eurogamer, and NeoGAF, Sony's PlayStation Network password reset system-the one just put in place after the PSN hack-has been compromised, allowing hackers to change a PSN password if they know your email and date of birth. Exactly the sort of information that was released in the original hack.

Sony has taken the password reset system offline. Kotaku has reached out to Sony for comment.

Update 1: The good news (as pointed out by NeoGAF's "Metalmurphy") is that if your account was compromised, you should have gotten an email from PSN that says your password has been reset.

Update 2: An official community moderator on the EU PlayStation forums notes the following services are offline:

PlayStation.com
PlayStation forums
PlayStation Blog
Qriocity.com
Music Unlimited via the web client
All PlayStation game title websites

'PSN Status' – Is PSN Down? There's an App for That

If you are amongst the millions of iPhone owners who also happen to have PS3's, I've got the perfect app for you. Behold, PSN Status [Free]. This free app will tell you both quickly and easily whether or not PSN is up. Sure, it would have been much more useful last month, but it will be handy to keep around if/when PSN goes down again.

Sony Computer Entertainment introduces increased security measures ahead of PSN service restoration.

Sony Computer Entertainment (SCE) and Sony Network Entertainment International (SNEI, the company) will today begin a phased restoration by region of PlayStation Network and Qriocity services. The phased restoration will be on a country by country basis beginning in the Americas, Europe, Australia, New Zealand and the Middle East.

The first phase of restored services for North America and Europe will include:

Sign-in for PlayStation Network and Qriocity services, including the resetting of passwords.
Restoration of online gameplay across PlayStation 3 and PSP.
Playback rental video content, if within rental period, of PlayStation Store Video Store on PS3, PSP and Media Go.
Q Music Unlimited, for current subscribers, on PS3 and PC.
Access to third party services such as VidZone and MUBI.
'Friends' category on PS3, including Friends List, Chat Functionality, Trophy Comparison, etc.
PlayStation Home.
Increased Security Measures

As the result of a criminal cyber attack on the company's data centre located in San Diego, California, USA, SNEI shut down the PlayStation Network and Qriocity services on 20 April 2011, in order for the company to undergo an investigation and make enhancements to the overall security of the network infrastructure.

Working closely with several respected outside security firms, the company has implemented new and additional security measures that strengthen safeguards against unauthorized activity, and provide consumers with greater protection of their personal information.

The company has made considerable enhancements to the data security, including updating and adding advanced security technologies, additional software monitoring and penetration and vulnerability testing, and increased levels of encryption and additional firewalls.

The company also added a variety of other measures to the network infrastructure including an early warning system for unusual activity patterns that could signal an attempt to compromise the network.

"I'd like to send my sincere regret for the inconvenience this incident has caused you, and want to thank you all for the kind patience you've shown as we worked through the restoration process," said Kazuo Hirai, Executive Deputy President, Sony Corporation.

"I can't thank you enough for your patience and support during this time. We know even the most loyal customers have been frustrated by this process and are anxious to use their Sony products and services again. We are taking aggressive action at all levels to address the concerns that were raised by this incident, and are making consumer data protection a full time, company-wide commitment."

"During the past 18 months, we've seen a dramatic rise in the volume of cyber attacks, their sophistication and their impact on businesses. Thwarting cyber-crime requires an evolutionary approach to security that is well integrated, reduces risk exposure and improves efficiencies," said Francis deSouza, senior vice president, Enterprise Security Group, Symantec. "Today's cyber crime attacks are proving to be more covert, more targeted and better organized than those we've seen in years past. In working with Sony on the move of their data centre, it's clear they're implementing measures to reduce security risks moving forward."

As an additional measure, Fumiaki Sakai, president of Sony Global Solutions Inc. (SGS), has been appointed acting Chief Information Security Officer of SNEI. In addition to his current role at SGS, Mr Sakai, in his role at SNEI, will work to further reinforce overall information security across the company's network infrastructure.

Mr Sakai will lead the recruiting effort in finding a new and permanent CISO for SNEI. As CISO, Mr. Sakai will report to Tim Schaaff, president, SNEI, as well as to Mr Shinji Hasejima, CIO, Sony Corporation.

"While we understand the importance of getting our services back online, we did not rush to do so at the expense of extensively and aggressively testing our enhanced security measures. Our consumers' safety remains our number one priority," Hirai continued. "We want to assure our customers that their personal information is being protected with some of the best security technologies available today, so that everyone can feel comfortable enjoying all that PlayStation Network and Qriocity services have to offer."

The restoration of the services across the Americas, Europe, Australia, New Zealand and the Middle East are beginning, and consumers will be able to enjoy some of the online functionality provided by both the PlayStation Network and Qriocity services. The company expects to have the services fully restored by the end of May 2011.

The company will be offering customers a "Welcome Back" package of services and premium content to all registered PlayStation Network and Qriocity account services.

The details of this program will be available at eu.playstation.com shortly.

Before you start using PlayStation Network again...

In restoring PSN, we have introduced a safety measure which means you will need to update your PlayStation Network account password before you can start using PSN again.

If you've got a PlayStation 3, you can do this by updating to system software version 3.61 and then signing in to PlayStation Network from the XMB (XrossMediaBar) Menu once the service is restored in your country. Find out more at eu.playstation.com/ps3psn.

Otherwise, you can change your password by visiting https://store.playstation.com/login.gvm on your PC. It shouldn't take more than a few minutes and if you'd like more help you can follow the step by step guide at eu.playstation.com/psppsn.

At last Signing In is possible