I’ve actually been holding off on posting this news since last week, but since Sony has come forth with more details it would seem now is a good time to bring it up. Long story short – The Sony Playstation network has been hacked.
For anyone out there who plays PS3 games on the Playstation Network (better known as PSN), it’s been down for about a week now. Sony originally stated it was unplanned maintenance on their blog. Then they stated that they had a security breach and that was the cause of the unplanned maintenance. As of right now though, Sony has posted further details to their official blog as to what exactly has happened, and it’s not pretty.
It seems that PSN was indeed hacked by an unknown hacker(s). Sony posted on their blog this Tuesday that information that people used to sign up to PSN with, may have been stolen during this intrusion. I quote from Patrick Seybold – Director, Corporate Communications & Social Media for Sony Entertainment of America:
“Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.”
The official blog post can be found here.
My take on this is that Sony perpetrated these actions from the hacker community and the innocent subscribers of the Playstation Network now must suffer and worry about their personal, private and financial information. Sony has had quite a bit of history over the past year of upsetting and angering those in the hacking community. It began with Sony removing the ability to run an alternate OS on the PS3 called OtherOS. People pleaded for Sony to restore it, but Sony made claims that it promoted piracy of their game library. Eventually the PS3 was reverse engineered and their private keys to the system were released on the Internet. Numerous hacker/developers in the Sony hacking scene have made a name by unlocking the secrets and potential of the system – Hector Martin (@marcan42), George Hotz (aka Geohot) and others. Eventually Sony filed a lawsuit against many in the hacking community, most notably – Geohot. Geohot responded with a rap, which he posted to YouTube. In recent weeks, Sony dropped the case against Geohot in exchange for his promise to never reverse engineer or hack a Sony gaming console again.
Sony is committing to bringing some of the PSN services back online in the next week, but there are still many unanswered questions; such as who brought this embarrassment upon Sony. Some claim it was the hacker group “Anonymous”. Anonymous has come out publicly in saying that it wasn’t them. Regardless, someone out there has targeted Sony and obviously wants to see Sony suffer. It’s just a shame it has to be Sony customers who the innocent bystanders in this online war. Sony not only has very relaxed security on their game console and it’s now public that their gaming network is also no different.
Maybe Sony should’ve just hired Geohot or someone from the hacking community to assist them with locking things down. Maybe if they hadn’t removed OtherOS, none of this would’ve happened. Hopefully we will know more soon enough.