Sony hasn’t yet got to the bottom of what is being described as one of the biggest security breaches ever, while 77-million PlayStation Network and Qriocity users wait to hear the extent of the damage and whether their credit card information has been compromised along with their online IDs.
“Although we are still investigating the details of this incident, we believe that an unauthorised person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birth date, PlayStation Network/Qriocity password and login, and handle/PSN online ID,” Sony warns users in an online update.
“It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorised a sub-account for your dependent, the same data with respect to your dependent may have been obtained.
“While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.”
The security breach took place between 17 April and 19 April, when “certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorised intrusion into our network”, Sony says.
In response to the attack, Sony has temporarily turned off PlayStation Network and Qriocity services. It has also engaged an external security firm to conduct a full and complete investigation into what happened, while taking steps to enhance security and strengthen its network infrastructure.
The company is advising users to be particularly aware of e-mail, telephone, and postal mail scams that ask for personal or sensitive information and which may be related to the breach.
“Sony will not contact you in any way, including by e-mail, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking,” it warns users.
“When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.
“To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports.”