PlayStation Network's initial period of global outage was revealed to have been caused by a targeted hacking attack, with millions of users' personal and financial information widely compromised. Eventually service was restored after over 3 weeks of downtime, with a welcome package of free games following for those affected by the incident, but Sony took a huge PR hit over the blackout.(Editor note: This PlayStation Network post accidentally surfaced again in our RSS feeds and Twitter today. PSN is fine. Our apologies for the mistake.)
May 14, 2011
Update: Well, wouldn't you know it? The PlayStation Network restoration process has begun! The process won't be instantaneous, however, as Sony will be launching it in phases. You can watch the US map here (no map currently available for Europe) to see if your area has been given the go-ahead. The current phase applies to online gameplay and services (e.g. Netflix, Hulu, Vudu, and MLB.tv), friends list, chat, PlayStation Home, and more. (Nothing involving payments — that's for another day.) The Welcome Back offerings have not yet been detailed. Kaz Hirai has a video he made just for you — it's after the break.Read Article >
Update 2: The first phase has been revealed (as of 10:14PM ET), and it's the northeast US — New York, New Jersey, Main, and everything in between. Sony warns that it can take some time for the servers to populate fully, but fear not, these regions are getting Portal 2 multiplayer soon.
May 9, 2011
PlayStation Network's Neverending Story, starring Capcom, Anonymous, and an unknown restoration date
Everyone, please take your seats, there's no need for panic. PlayStation Network didn't get restored this weekend as planned — the company warned as much in a blog post late Friday night. There's been more than a few worried tweets and articles about Sony now telling Bloomberg the service won't return until May 31st, but that isn't quite the case. Let's stop and read what's actually written.Read Article >
Sony's spokesperson says the company is "in the process of adopting an improved security system and its plan to restart the services fully by May 31 is unchanged." The key word here is "fully," and as Sony has said from the start of the rebuilding process, only part of the service (i.e. everything that doesn't involve payment) will be re-enabled first. So while there's no set date on the partial service (i.e. multiplayer) restoration, your Portal 2 co-op buddies can probably plan for pre-June play dates. Probably.
May 6, 2011
Sony's Howard Stringer pens apology, offers free Debix ID theft protection plan as new PSN hits final testing stages
Since Sony's letter to Congress on the PlayStation Network breach, there's been some interesting developments reported both in and out of the company — chief among them a $1 million identity theft insurance policy for free, care of Sony. While we wait to see if PSN will, in fact, come back within the now-promised "coming days," let's break down the new developments.Read Article >
Sony is making good on its promise to provide free enrollment into an identity theft protection program, and the details are in. Debix's "AllClear ID Plus" program for Sony customers will include cyber monitoring and surveillance, priority access to licensed private investigators and identity restoration specialists, and $1 million ID theft insurance for "certain fees, lost wages and fraud losses related to recovering your identity." Account holders should be getting an activation code via email over the next few days; they'll have until June 18th to sign up and the service lasts for 12 months. This currently applies to US customers only, though international audience will be getting more details shortly.
May 4, 2011
Sony's letter to Congress provides timeline for PlayStation Network breach, accuses Anonymous of incidental involvement
Late last week, a Congressional subcommittee sent a letter to Sony's second-in-command Kaz Hirai pressing him for more answers to the massive PlayStation Network security breach. Today, Hirai has responded with an eight-page letter that not only addresses each of the subcommittee's questions one-by-one but also provides some more details into the Sony Online Entertainment breach and volleys a not-so-subtle jab at Anonymous, a hacking group he calls "conspirators or... simply duped into providing cover for a very clever thief." Yeah, it's a great read. The biggest takeaways and a full timeline of events after the break.Read Article >
According to Reuters, Sony's aforementioned retained firms include teams from Data Forte, Guidance Software, and Robert Half International subsidiary Protiviti. It's also hired the law firm Baker & McKenzie to help with the investigation.
Sony Online Entertainment breached: 'outdated database' included 24.6 million accounts, thousands of non-US credit cards
According to the official press statement, an "outdated database" from 2007 was hit on April 16th and 17th, with the hackers in question gaining access to 24.6 million SOE accounts (US and international), 12,700 non-US credit cards, and 10,700 direct deposit record (read: bank information) from customers in Austria, Germany, Netherlands and Spain. I've independently confirmed with SOE that no US credit card or banking information was located on the database.Read Article >
The account information includes much what you'd expect (and wish wasn't so): name, address, email, birthdate, gender, phone number, login, and hashed password. The 10,7000 direct deposit record are particularly worrisome, as they include bank account number, account name, customer name and customer address.
For a security breach whose victims number over 77 million — most of them worldwide, if PS3 hardware sales figures are any indication — Sony's choice for a 2PM JST press conference (that's 1AM EDT and 6AM BST) is odd to say the least, especially for a Sunday and for news that isn't exactly breaking. But it's Sony, which is to say, nothing really surprises any of us at this point. The company's heir apparent Kaz Hirai outlined what we should expect to see when PlayStation Network and Qriocity go back online this week, as well as some of what users will receive as part of its "'Welcome Back' appreciation program." Still no word on who actually did the deed, and the additional details of the attack itself are sparse at best, but there's a lot to cover here anyway.Read Article >
Hirai reaffirms that the company was alerted of the breach on April 20th and promptly shut down services. The affected San Diego data center has now been moved to a new location and bulked up with numerous new security enhancements, including additional firewalls and methods to detect intrusion / unauthorized access in the network. Sony has worked with "multiple expert information security firms and over the course of several days and conducted an extensive audit of the system." It's still being dubbed a "criminal cyber-attack," and although credit cards have yet to be ruled out, Hirai notes that so far no reports of credit fraud have been confirmed.
Apr 26, 2011
Or, "how Sony just made the best case for pre-paid point cards ever."Read Article >
There's one tiny drop of good news out of the latest update on the PlayStation Network outage and I might as well lead with that. According to a lengthy PlayStation blog post from SCEA's Patrick Seybold, the company "expect to restore some services within a week." He doesn't specify what services, nor does he guarantee the timeline or provide any details beyond "an illegal and unauthorized intrusion," but hey, it's something.
Apr 26, 2011
Interestingly, there's a different theory being promulgated on Reddit: turns out a PS3 custom firmware called Rebug released in March allowed users to spoof developer units and use fake credit card numbers to pirate PSN content, which some say led Sony to pull the plug on the entire network until the loophole could be closed. We have absolutely zero confirmation of that theory, but between admitting to a security breach that potentially compromised user data and dealing with a legion of console hackers motivated to cause mischief because of the Geohot lawsuit, things certainly aren't going Sony's way right now. Too bad the S1 and S2 Android tablets aren't launching until the fall -- they'd have certainly been a nice distraction.Read Article >
Update: Anonymous has disavowed centralized responsibility, so at least that's cleared up.