Originally Posted by Sony

SOME PLAYSTATION NETWORK AND QRIOCITY SERVICES TO BE AVAILABLE THIS WEEK

Phased Global Rollout of Services to Begin Regionally; System Security Enhanced to Provide Greater Protection of Personal Information.

Tokyo, May 1, 2011 – Sony Computer Entertainment (SCE) and Sony Network Entertainment International (SNEI, the company) announced they will shortly begin a phased restoration by region of PlayStation®Network and Qriocity™ services, beginning with gaming, music and video services to be turned on. The company also announced both a series of immediate steps to enhance security across the network and a new customer appreciation program to thank its customers for their patience and loyalty.

Following a criminal cyber-attack on the company’s data-center located in San Diego, California, U.S.A., SNEI quickly turned off the PlayStation Network and Qriocity services, engaged multiple expert information security firms over the course of several days and conducted an extensive audit of the system. Since then, the company has implemented a variety of new security measures to provide greater protection of personal information. SNEI and its third-party experts have conducted extensive tests to verify the security strength of the PlayStation Network and Qriocity services. With these measures in place, SCE and SNEI plan to start a phased rollout by region of the services shortly. The initial phase of the rollout will include, but is not limited to, the following:

• Restoration of Online game-play across the PlayStation®3 (PS3) and PSP® (PlayStation®Portable) systems
• This includes titles requiring online verification and downloaded games
• Access to Music Unlimited powered by Qriocity for PS3/PSP for existing subscribers
• Access to account management and password reset
• Access to download un-expired Movie Rentals on PS3, PSP and MediaGo
• PlayStation®Home
• Friends List
• Chat Functionality

Working closely with several outside security firms, the company has implemented significant security measures to further detect unauthorized activity and provide consumers with greater protection of their personal information. The company is also creating the position of Chief Information Security Officer, directly reporting to Shinji Hasejima, Chief Information Officer of Sony Corporation, to add a new position of expertise in and accountability for customer data protection and supplement existing information security personnel. The new security measures implemented include, but are not limited to, the following:

• Added automated software monitoring and configuration management to help defend against new attacks
• Enhanced levels of data protection and encryption
• Enhanced ability to detect software intrusions within the network, unauthorized access and unusual activity patterns
• Implementation of additional firewalls

The company also expedited an already planned move of the system to a new data center in a different location that has been under construction and development for several months. In addition, PS3 will have a forced system software update that will require all registered PlayStation Network users to change their account passwords before being able to sign into the service. As an added layer of security, that password can only be changed on the same PS3 in which that account was activated, or through validated email confirmation, a critical step to help further protect customer data.

The company is conducting a thorough and on-going investigation and working with law enforcement to track down and prosecute those responsible for the illegal intrusion.

“This criminal act against our network had a significant impact not only on our consumers, but our entire industry. These illegal attacks obviously highlight the widespread problem with cyber-security. We take the security of our consumers’ information very seriously and are committed to helping our consumers protect their personal data. In addition, the organization has worked around the clock to bring these services back online, and are doing so only after we had verified increased levels of security across our networks,” said Kazuo Hirai, Executive Deputy President, Sony Corporation. “Our global audience of PlayStation Network and Qriocity consumers was disrupted. We have learned lessons along the way about the valued relationship with our consumers, and to that end, we will be launching a customer appreciation program for registered consumers as a way of expressing our gratitude for their loyalty during this network downtime, as we work even harder to restore and regain their trust in us and our services.”

Complimentary Offering and “Welcome Back” Appreciation Program

While there is no evidence at this time that credit card data was taken, the company is committed to helping its customers protect their personal data and will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs. The implementation will be at a local level and further details will be made available shortly in each region.

The company will also rollout the PlayStation Network and Qriocity “Welcome Back” program, to be offered worldwide, which will be tailored to specific markets to provide our consumers with a selection of service options and premium content as an expression of the company’s appreciation for their patience, support and continued loyalty.

• Each territory will be offering selected PlayStation entertainment content for free download. Specific details of this content will be announced in each region soon.
• All existing PlayStation Network customers will be provided with 30 days free membership in the PlayStation Plus premium service. Current members of PlayStation Plus will receive 30 days free service.
• Music Unlimited powered by Qriocity subscribers (in countries where the service is available) will receive 30 days free service.

Additional “Welcome Back” entertainment and service offerings will be rolled out over the coming weeks as the company returns the PlayStation Network and Qriocity services to the quality standard users have grown to enjoy and strive to exceed those exceptions.

SNEI will continue to reinforce and verify security for transactions before resuming the PlayStation®Store and other Qriocity operations, scheduled for this month.

For more information about the PlayStation Network and Qriocity services intrusion and restoration, please visit http://blog.us.playstation.com or http://blog.eu.playstation.com/

Originally Posted by PlayStation.com

Sony Computer Entertainment introduces increased security measures ahead of PSN service restoration.

Sony Computer Entertainment (SCE) and Sony Network Entertainment International (SNEI, the company) will today begin a phased restoration by region of PlayStation Network and Qriocity services. The phased restoration will be on a country by country basis beginning in the Americas, Europe, Australia, New Zealand and the Middle East.

The first phase of restored services for North America and Europe will include:

Sign-in for PlayStation Network and Qriocity services, including the resetting of passwords.

Restoration of online gameplay across PlayStation 3 and PSP.

Playback rental video content, if within rental period, of PlayStation Store Video Store on PS3, PSP and Media Go.

Q Music Unlimited, for current subscribers, on PS3 and PC.

Access to third party services such as VidZone and MUBI.

'Friends' category on PS3, including Friends List, Chat Functionality, Trophy Comparison, etc.

PlayStation Home.

Originally Posted by ICO

27 April 2011

Response to data breach involving Sony’s PlayStation Network

An ICO spokesperson said:

The Information Commissioner’s Office takes data protection breaches extremely seriously. Any business or organisation that is processing personal information in the UK must ensure they comply with the law, including the need to keep data secure.
We have recently been informed of an incident which appears to involve Sony. We have contacted Sony and will be making further enquiries to establish the precise nature of the incident before deciding what action, if any, needs to be taken by this office.

Originally Posted by PS Blog

Posted by Patrick Seybold // Sr. Director, Corporate Communications & Social Media

Thank you for your patience while we work to resolve the current outage of PlayStation Network & Qriocity services. We are currently working to send a similar message to the one below via email to all of our registered account holders regarding a compromise of personal information as a result of an illegal intrusion on our systems. These malicious actions have also had an impact on your ability to enjoy the services provided by PlayStation Network and Qriocity including online gaming and online access to music, movies, sports and TV shows. We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week.

We’re working day and night to ensure it is done as quickly as possible. We appreciate your patience and feedback.

Valued PlayStation Network/Qriocity Customer:
We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:

Temporarily turned off PlayStation Network and Qriocity services;
Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

(snip)

Originally Posted by CIFAS

If you have been the victim of a mugging or burglary and personal identification documents have been stolen, there is a risk that they could be used fraudulently by the thief to obtain credit or other products and services in your name. For an annual administration fee of £12 + VAT CIFAS offers a service to protect your name and personal details from being misused in this way.

When you request 'Protective Registration', a CIFAS warning flag marked Protective Registration will then be placed on the CIFAS National Fraud Database against your name and personal details to indicate that you have been recorded at your own request for your protection.

CIFAS Member organisations dealing with requests for credit or other services from someone who has taken out CIFAS Protective Registration will be alerted to the need for caution. CIFAS Members, when undertaking their routine checks against your personal name and details will see “CIFAS – DO NOT REJECT – VALIDATION REQUIRED”. As a result of this, CIFAS Members will undertake additional checks to ascertain that the applicant is genuine and not a fraudster trying to use your details to commit identity theft. .

If you believe that the identity of a deceased person could be used by a fraudster to obtain credit or other products and services, a CIFAS Protective Registration may be placed by a relative or executor against the deceased person’s name and personal details.

Once your application for Protective Registration has been processed, the entry will be placed on the database and you will receive confirmation. The data will remain on the database for at least a year from the date of the most recent fraudulent activity, but you can request the removal or extension of the Protective Registration by writing to the address below.

To make a CIFAS Protective Registration, click here to download the form. The form must be opened with Adobe Reader, which is free software that lets you view and print Adobe Portable Document Format (PDF) files. Please click the link to download the latest version of Adobe Reader. Once the form is complete, return it to the following address:

CIFAS Protective Registration
Capital House
e-state
Bankhead Crossway South
Edinburgh
EH11 4EP

Alternatively you can telephone on 0330 100 0180 (Mon-Fri 8am-8pm, 10am-1pm Sat). Please only use this telephone number for Protective Registration matters; for any other CIFAS queries, please click here.

Click here for answers to the most frequently asked questions about Protective Registration.

Originally Posted by craigj2k11 (Post 35223427)

as has been said, they need to sort out security, how could they not have any form of protection on the data? surely thats a data protection issue??

Originally Posted by Stephen (Post 35223297)

Originally Posted by Stephen (Post 35223297)

Personally the PSN is really poor compared to Live.....

Originally Posted by Hom3r (Post 35223723)

Thank god I'm on XBL.

Originally Posted by LSainsbury (Post 35223896)

Nice double-standards there! .

Originally Posted by Stephen (Post 35223940)

I was referring to the post above mine.

I was talking about the actual on line services of the console in my post, the post before mine just claimed one console was rubbish compared to the other.

Originally Posted by Stephen (Post 35222843)

Sony are totally useless.

Originally Posted by wwe (Post 35224058)

have the hackers got everyone details who goes on the psn?

Originally Posted by MSE

(snip)

Should I be worried about my card details?

Financial Fraud Action (FFA), which represents card firms, says Sony is due to pass it the details of all card numbers that may have been stolen, which FFA will then distribute to banks and building societies.

FFA says this is standard procedure after a hack.

It therefore says anyone who has entered their card number on the PlayStation network does not need to contact their provider as firms will cancel many cards automatically.

FFA adds in a statement: "Customers should keep a close eye on their account for any unusual activity – if they spot any they should contact their bank or card company.

"If anyone is the innocent victim of fraud they will get their money back from their bank or card company."

Sony is not certain that credit card details have been stolen but states on its website: "While there is no evidence credit card data was taken we cannot rule out the possibility.

"To be on the safe side we are advising your credit card number (excluding security code) and expiration date may also have been obtained."

What about my passwords?

Names, addresses, PlayStation log-in details and email addresses are also thought to have been taken by the hackers.

FFA is therefore also advising users to change passwords for all their accounts, be it a bank or email account, if it is the same as they use on PlayStation.

And what about ID fraud?

Playstation users also need to be alert to the threat of identity theft, according to credit reference agency Equifax.

It says fraudsters only need three items of personal information to be able to steal an individual's identity.

If you're worried, you can check your credit report to identify whether fraudsters try to open accounts in your name (see the Credit Rating guide to check for free).

(snip)

Originally Posted by ICO

27 April 2011

Response to data breach involving Sony’s PlayStation Network

An ICO spokesperson said:

The Information Commissioner’s Office takes data protection breaches extremely seriously. Any business or organisation that is processing personal information in the UK must ensure they comply with the law, including the need to keep data secure.
We have recently been informed of an incident which appears to involve Sony. We have contacted Sony and will be making further enquiries to establish the precise nature of the incident before deciding what action, if any, needs to be taken by this office.

Originally Posted by Chrysalis (Post 35225184)

I learned a while back if you know someone has the capability to either DDOS you to death or knows what he is doing in regards to security compromise then dont mess them about, just ignore them as you dont want their focus. Nothing is 100% secure, its impossible. The best in the world if focused will get in to anything.

Originally Posted by Stuart (Post 35225218)

With due respect, your situation is a little different to Sony's. The sites you run probably have little interest for hackers. When they hack Sony, not only do they get the prestige (amongst the hacker networks) of hacking a major corporation, but there is also the draw that they can potentially access tens of millions of credit card details.

In short, if you ignore a hacker, he or she will probably go away. If Sony does, word will get round and it'll actually attract more hackers.

Originally Posted by broadbandking (Post 35225456)

great another weekend with out a bit of online action after a long day of resting in the garden.

Originally Posted by Matt D (Post 35226584)

Originally Posted by Chrysalis (Post 35226614)

who thinks it will get breached again?

Originally Posted by Sony's press release

(snip)

...Since then, the company has implemented a variety of new security measures to provide greater protection of personal information. SNEI and its third-party experts have conducted extensive tests to verify the security strength of the PlayStation Network and Qriocity services...

(snip)

Working closely with several outside security firms, the company has implemented significant security measures to further detect unauthorized activity and provide consumers with greater protection of their personal information. The company is also creating the position of Chief Information Security Officer, directly reporting to Shinji Hasejima, Chief Information Officer of Sony Corporation, to add a new position of expertise in and accountability for customer data protection and supplement existing information security personnel. The new security measures implemented include, but are not limited to, the following:

• Added automated software monitoring and configuration management to help defend against new attacks
• Enhanced levels of data protection and encryption
• Enhanced ability to detect software intrusions within the network, unauthorized access and unusual activity patterns
• Implementation of additional firewalls

The company also expedited an already planned move of the system to a new data center in a different location that has been under construction and development for several months.

(snip)

Originally Posted by sniper007 (Post 35226619)

Does anyone know how I can find out if I ever entered my credit card details into the sony network? I can't remember if I ever did.

Originally Posted by MoneySavingExpert.com

Should I be worried about my card details?

Financial Fraud Action (FFA), which represents card firms, says Sony is due to pass it the details of all card numbers that may have been stolen, which FFA will then distribute to banks and building societies.

FFA says this is standard procedure after a hack.

It therefore says anyone who has entered their card number on the PlayStation network does not need to contact their provider as firms will cancel many cards automatically.

FFA adds in a statement: "Customers should keep a close eye on their account for any unusual activity – if they spot any they should contact their bank or card company.

"If anyone is the innocent victim of fraud they will get their money back from their bank or card company."

Sony is not certain that credit card details have been stolen but states on its website: "While there is no evidence credit card data was taken we cannot rule out the possibility.

"To be on the safe side we are advising your credit card number (excluding security code) and expiration date may also have been obtained."

Originally Posted by Graham M (Post 35226626)

Just go into Billing Details when it comes back online :confused:

Originally Posted by sniper007 (Post 35226772)

I formatted my PS3 when I got a new HDD and I don't know even what my login and password were/are. Can I reset that? I don't really understand how it works. Signed up once ages ago and never used it.

Originally Posted by sniper007 (Post 35227088)

On the Playstation I mean? Or do I go online to a website to reset it? Will it recognize me if I have formatted and used a different HDD and/or console? My console was repaired as well before but I may have been given new internals/refurb since I signed up.

Originally Posted by sniper007 (Post 35227088)

On the Playstation I mean? Or do I go online to a website to reset it? Will it recognize me if I have formatted and used a different HDD and/or console? My console was repaired as well before but I may have been given new internals/refurb since I signed up.

Originally Posted by SnoopZ (Post 35227422)

Sony Online Entertainment servers have now been shut down due to an unnamed intrusion!

http://www.neowin.net/news/sony-onli...amed-intrusion

Originally Posted by IGN

Sony Online Entertainment confirmed today it is investigating an security breach into its network systems and that hackers may have stolen SOE customer information.

A spokesperson said this was not a second attack, and the temporary take down of SOE services was related to the ongoing investigation of the external intrusion that caused PlayStation Network and Qriocity services to shut down last month.

"This information, which was discovered by engineers and security consultants reviewing SOE systems, showed that personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007," SOE said in a statement.

"The information from the outdated database that may have been stolen includes approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain."

SOE says it will give customers 30 days of additional time on their subscriptions "in addition to compensating them one day for each day the system is down." The company is also outlining a "make good" plan for its multiplatform MMOs - DC Universe Online and Free Realms - with more details coming this week.

SOE posted a notice on its website saying, "There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment."

Copyright 1996-2011, IGN Entertainment, Inc.

Originally Posted by pabscars (Post 35227873)

I've had dozens of spam emails from eastern european ladies looking for relationships and seeking contact via Skype.

Originally Posted by Fitze73 (Post 35227874)

at least it wasnt for men eh paul lol :)

Originally Posted by Tod (Post 35227951)

As part of my yahoo mail package I have a unique email address for my PSN, and I have received no spam at all on it.

Originally Posted by craigj2k11 (Post 35228638)

i too havent received any more spam than usual

Originally Posted by Tod (Post 35228647)

I just want to get my PSN+ stuff, it's the turn of the month now! :D

Although I hope it is not dumbed down as it is free to all this month!

Originally Posted by Sony

Today, the Subcommittee on Commerce, Manufacturing and Trade of the U.S. House of Representatives Committee on Energy and Commerce held a hearing in Washington, DC on “The Threat of Data Theft to American Consumers.”

Kazuo Hirai, Chairman of the Board of Directors of Sony Computer Entertainment America, submitted written answers to questions posed by the subcommittee about the large-scale, criminal cyber-attack we have experienced. We wanted to share those answers with you (click here).

In summary, we told the subcommittee that in dealing with this cyber attack we followed four key principles:

1. Act with care and caution.
2. Provide relevant information to the public when it has been verified.
3. Take responsibility for our obligations to our customers.
4. Work with law enforcement authorities.

We also informed the subcommittee of the following:

* Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack.

* We discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named “Anonymous” with the words “We are Legion.”

* By April 25, forensic teams were able to confirm the scope of the personal data they believed had been taken, and could not rule out whether credit card information had been accessed. On April 26, we notified customers of those facts.

* As of today, the major credit card companies have not reported any fraudulent transactions that they believe are the direct result of this cyber attack.

* Protecting individuals’ personal data is the highestpriority and ensuring that the Internet can be made secure for commerce is also essential. Worldwide, countries and businesses will have to come together to ensure the safety of commerce over the Internet and find ways to combat cybercrime and cyber terrorism.

* We are taking a number of steps to prevent future breaches, including enhanced levels of data protection and encryption; enhanced ability to detect software intrusions, unauthorized access and unusual activity patterns; additional firewalls; establishment of a new data center in an undisclosed location with increased security; and the naming of a new Chief Information Security Officer.

(snip)

Originally Posted by DABhand (Post 35230315)

It is not Anonymous, it is a Chinese hacking group, who announced today they will go for a 3rd attack because of the way Sony has conducted themselves during the previous 2 attacks.

Originally Posted by Maggy J (Post 35230174)

Originally Posted by Fitze73 (Post 35232862)

they reckon by the 31st may , but dont hold your breath ive passed out several times already :)

http://www.maxconsole.net/content.ph...-further-weeks

thank god ive got black ops on the 360 as well