Maybe you have heard that Sony has taken their Playstation Network (PSN) offline on April 20. It first was not clear why it was taken down, with many suspecting a DDOS attack to be the reason. Back then, Sony let everyone know that the services were taken offline because of external intrusion. No one knew the scope of the intrusion at that time, nor if data was downloaded by the intruders.
Yesterday Sony revealed additional information, and boy does it look back. Information about the situation are provided to all customers of the service in an email.
The email speaks of an "illegal and unauthorized intrusion" in which certain "service user account information" were stolen by the attackers.
The important part follows with a list of information that have been stolen. This includes:
name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity passwords and login, and handle/PSN online ID.
Please note that the email address, login and passwords have been stolen. This is likely going to turn ugly considering that many users on the web use the same email and password combination on a lot of sites.
If you are a customer of PSN or Qriocity you need to immediately change your passwords on site where you may have used the same password, and on your email account.
Sony furthermore says that it is possible that profile data may have also been obtained by the attackers, which would include purchase history and billing address. Even worse, they cannot eliminate the possibility that created card data was taken as well.
That's the worst case scenario, and there is not lot that users of the network can do at this time, but to actively monitor their credit card bills to check for unauthorized payments.
To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your account statements and to monitor your credit or similar types of reports.
The data stolen could also be used in custom attacks as the attackers could use the user's name and other information to make requests look legit.
Sony asks all users to change their PSN passwords as soon as the service goes online again.
A frequently asked questions section has been uploaded to the Playstation website which contains further information and support phone numbers.
To paraphrase: PSN users need to change their web account passwords immediately, especially if they are identical to their PSN password. They also need to change the password of their email accounts if identical, and need to monitor their credit card statements and account statements to make sure that no unauthorized payments are made from the accounts.
Since the hack has been first noticed on April 17, it is advised to look at your account statements for April to see if you find any unauthorized payments.
Sony is still investigating the issue at this point in time. The hack is a marketing fiasco for Sony, and more than a nuisance for customers of the service who now have to fear that their data gets abused by the hacker.
With 70 million users, the data alone could be worth a fortune on the black market. Spammers would love to get their hands on email addresses, names and countries for instance to send out personalized spam to those users.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.