Yes unfortunately the rumours and news stories are entirely true and Sony’s PlayStation Network has been hacked and the hackers have made off with all 70 million PSN users personal details including your full name, address, email address, birth date, security questions and passwords.
In a more startling admission Sony has confirmed that it doesn’t think that the credit card data has been stolen but it is a possibility and they are still investigating.
So basically what this means is that if you’re a PSN user then someone out there has enough personal information about you to possibly steal your identity and take out a bank loan in your name.
There unfortunately isn’t an upside to this and if you are a PSN subscriber then I would recommend cancelling whichever card you signed up with and changing your passwords and security questions that you might share with your PSN account.
It hasn’t yet been revealed who broke into the PSN and stole the data but by all accounts this is entirely unrelated to the recent anonymous attacks.
The full statement by Sony reads as follows
We believe that an unauthorised person has obtained the following information that you provided: name, address, country, email address, birth date, PlayStation Network/Qriocity password and login.
While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility.
If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information.
To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports.
Sony has also moved to clarify why it took so so long to announce this theft by stating that they needed to clarify what exactly had occurred before announcing anything prematurely.
There’s a difference in timing between when we identified there was an intrusion and when we learned of consumers’ data being compromised. We learned there was an intrusion April 19th and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident.It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon
This is not only an absolute disaster for Sony in public relations terms but don’t be surprised when the lawsuits and government investigations start piling in questioning how they allowed this to happen and not to mention how they were possibly storing passwords unencrypted.
Last Updated: April 27, 2011