Sony confirmed that its PlayStation Network and Qriocity properties were hacked and the personal data of 77 million users---names, addresses, log-ins, passwords and profile data---were swiped.
According to Sony's blog post, credit card numbers weren't swiped, but you can't really rule out the possibility that they were stolen. Sony said:
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
This incident brings up a few thoughts.
Here are the primary items:
- Can Sony recover? Sony is going to have a tough time recovering from this breach. First Sony's PlayStation Network has been down for a week. Sony doesn't communicate to customers well. Then, Sony dumps this personal data loss on customers. As a sidebar, Sony talked up its two tablets, which partially depend on the PlayStation Network and Qriocity properties for a value proposition. Good luck with that one Sony.
- Game networks are such obvious theft targets. The most staggering item in Sony's breach disclosure is the sheer numbers involved. A person---or group---ran off with the personal information of 77 million customers. That's staggering. Sure, we knew that PlayStation was popular, but that's a lot of data. Microsoft's Xbox Live would make a fine target. So would Nintendo's Wii. Do we know the security procedures at these gaming networks? I don't. You probably don't either. And until now no one thought twice about handing these game networks a nice chunk of personal information. As an extension, a hack of Apple's iTunes would be the Holy Grail.
Rest assured folks will start wondering about game network security soon. If hackers can take down the PlayStation Network other gaming properties may become targets too.
- Sony confirms PlayStation Network hack exposed user info
- PlayStation Network intrusion hackers grabbed customer details
- 6 important things about the ongoing PlayStation Network outage that Sony won't reveal
- Sony PlayStation Network downtime continues; personal data in jeopardy?
- Sony PlayStation Network suffering outages - again