When PlayStation Network got hacked: Sony's six-week PR nightmare

Update: Well, wouldn't you know it? The PlayStation Network restoration process has begun! The process won't be instantaneous, however, as Sony will be launching it in phases. You can watch the US map here (no map currently available for Europe) to see if your area has been given the go-ahead. The current phase applies to online gameplay and services (e.g. Netflix, Hulu, Vudu, and MLB.tv), friends list, chat, PlayStation Home, and more. (Nothing involving payments — that's for another day.) The Welcome Back offerings have not yet been detailed. Kaz Hirai has a video he made just for you — it's after the break.

Update 2: The first phase has been revealed (as of 10:14PM ET), and it's the northeast US — New York, New Jersey, Main, and everything in between. Sony warns that it can take some time for the servers to populate fully, but fear not, these regions are getting Portal 2 multiplayer soon.

Everyone, please take your seats, there's no need for panic. PlayStation Network didn't get restored this weekend as planned — the company warned as much in a blog post late Friday night. There's been more than a few worried tweets and articles about Sony now telling Bloomberg the service won't return until May 31st, but that isn't quite the case. Let's stop and read what's actually written.

Sony's spokesperson says the company is "in the process of adopting an improved security system and its plan to restart the services fully by May 31 is unchanged." The key word here is "fully," and as Sony has said from the start of the rebuilding process, only part of the service (i.e. everything that doesn't involve payment) will be re-enabled first. So while there's no set date on the partial service (i.e. multiplayer) restoration, your Portal 2 co-op buddies can probably plan for pre-June play dates. Probably.

Since Sony's letter to Congress on the PlayStation Network breach, there's been some interesting developments reported both in and out of the company — chief among them a $1 million identity theft insurance policy for free, care of Sony. While we wait to see if PSN will, in fact, come back within the now-promised "coming days," let's break down the new developments.

Sony is making good on its promise to provide free enrollment into an identity theft protection program, and the details are in. Debix's "AllClear ID Plus" program for Sony customers will include cyber monitoring and surveillance, priority access to licensed private investigators and identity restoration specialists, and $1 million ID theft insurance for "certain fees, lost wages and fraud losses related to recovering your identity." Account holders should be getting an activation code via email over the next few days; they'll have until June 18th to sign up and the service lasts for 12 months. This currently applies to US customers only, though international audience will be getting more details shortly.

Late last week, a Congressional subcommittee sent a letter to Sony's second-in-command Kaz Hirai pressing him for more answers to the massive PlayStation Network security breach. Today, Hirai has responded with an eight-page letter that not only addresses each of the subcommittee's questions one-by-one but also provides some more details into the Sony Online Entertainment breach and volleys a not-so-subtle jab at Anonymous, a hacking group he calls "conspirators or... simply duped into providing cover for a very clever thief." Yeah, it's a great read. The biggest takeaways and a full timeline of events after the break.

According to Reuters, Sony's aforementioned retained firms include teams from Data Forte, Guidance Software, and Robert Half International subsidiary Protiviti. It's also hired the law firm Baker & McKenzie to help with the investigation.

According to the official press statement, an "outdated database" from 2007 was hit on April 16th and 17th, with the hackers in question gaining access to 24.6 million SOE accounts (US and international), 12,700 non-US credit cards, and 10,700 direct deposit record (read: bank information) from customers in Austria, Germany, Netherlands and Spain. I've independently confirmed with SOE that no US credit card or banking information was located on the database.

The account information includes much what you'd expect (and wish wasn't so): name, address, email, birthdate, gender, phone number, login, and hashed password. The 10,7000 direct deposit record are particularly worrisome, as they include bank account number, account name, customer name and customer address.

For a security breach whose victims number over 77 million — most of them worldwide, if PS3 hardware sales figures are any indication — Sony's choice for a 2PM JST press conference (that's 1AM EDT and 6AM BST) is odd to say the least, especially for a Sunday and for news that isn't exactly breaking. But it's Sony, which is to say, nothing really surprises any of us at this point. The company's heir apparent Kaz Hirai outlined what we should expect to see when PlayStation Network and Qriocity go back online this week, as well as some of what users will receive as part of its "'Welcome Back' appreciation program." Still no word on who actually did the deed, and the additional details of the attack itself are sparse at best, but there's a lot to cover here anyway.

Hirai reaffirms that the company was alerted of the breach on April 20th and promptly shut down services. The affected San Diego data center has now been moved to a new location and bulked up with numerous new security enhancements, including additional firewalls and methods to detect intrusion / unauthorized access in the network. Sony has worked with "multiple expert information security firms and over the course of several days and conducted an extensive audit of the system." It's still being dubbed a "criminal cyber-attack," and although credit cards have yet to be ruled out, Hirai notes that so far no reports of credit fraud have been confirmed.

Or, "how Sony just made the best case for pre-paid point cards ever."

There's one tiny drop of good news out of the latest update on the PlayStation Network outage and I might as well lead with that. According to a lengthy PlayStation blog post from SCEA's Patrick Seybold, the company "expect to restore some services within a week." He doesn't specify what services, nor does he guarantee the timeline or provide any details beyond "an illegal and unauthorized intrusion," but hey, it's something.