This thread was originally about PSN being hacked in 2011, but we thought it fitting to make it a general "Oh Sony" thread to contain rants or news about Sony's war on hackers (and hackers' war on Sony).

The original OP is below.


Update 5/31/11: PSN to be back by Friday

IGN said:

Sony said today it will fully restore PlayStation Network and Qriocity services in the Americas, Europe/PAL territories and Asia - excluding Japan, Hong Kong, and South Korea - by the end of this week. Service updates for Japan, Hong Kong, and South Korea will be available at a later date.

Full restoration for PSN includes:

- Full functionality on PlayStation Store

- In-game commerce

- Ability to redeem vouchers and codes

- Full functionality on Music Unlimited powered by Qriocity for PS3, PSP, VAIO and other PCs

- Full functionality on Media Go
"We have been conducting additional testing and further security verification of our commerce functions in order to bring the PlayStation Network completely back online so that our fans can again enjoy the first class entertainment experience they have come to love," said Kazuo Hirai, Executive Deputy President, Sony Corporation. "We appreciate the patience and support shown during this time."

End 5/31/11 Update.

Kotaku said:

A security breach in the Playstation Network by still unidentified hackers resulted in stolen personal information, Sony confirmed today.

Sony says while personal information was likely stolen they don't believe credit card numbers were and that they hope to have the Playstation Network service back up within a week.

The news comes more than nine days after the intrusion and six days after Sony shut down both the Playstation Network and Qriocity services in reaction to the breach. Sony says they've hired a "recognized security firm" to conduct a complete investigation into what happened and have taken steps to enhance security and strengthen network infrastructure.
"We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network," Patrick Seybold, senior director of corporate communications for Sony Computer Entertainment of America, wrote on the official Playstation Blog today.

Among the possible information stolen:

Name
Address (city, state, zip)
Country
Email address
Birthdate
PlayStation Network/Qriocity password and login and handle/PSN online ID.
"While there is no evidence at this time that credit card data was taken," writes Seybold, "we cannot rule out the possibility."

"If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained," Seybold continues.

Sony is encouraging users to be especially aware of potential phishing scams from people using email, phone calls and mail to try and extract more personal or sensitive information from you. Sony also is strongly recommending that you change you password once you're able to log back into the Playstation Network.

"To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports," Seybold wrote

"We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at 1-800-345-7669 should you have any additional questions."

Sources
Kotaku

IGN

UPDATE
Sony is being sued.

IGN said:

A class action lawsuit was filed against Sony a day after the company publicly admitted that personal information from PlayStation Network was compromised by a security breach. The lawsuit was filed by the Rothken Law Firm today in a California court and alleges Sony "failed to take reasonable care to protect, encrypt, and secure the private and sensitive data."

Yesterday, Sony said it believes an unauthorized person obtained PSN user information, including members' names, addresses, birthdays, and login passwords. The company said there was no evidence that credit card information was stolen, but did not rule out that possibility.

"We brought this lawsuit on behalf of consumers to learn the full extent of Sony PlayStation Network data security practices and the data loss and to seek a remedy for consumers. We are hopeful that Sony will take this opportunity to learn from the network vulnerabilities, provide a remedy to consumers who entrusted their sensitive data to Sony, and lead the way in data security best practices going forward," said Ira P. Rothken an attorney who filed the class action complaint.

"Sony's breach of its customers' trust is staggering. Sony promised its customers that their information would be kept private. One would think that a large multinational corporation like Sony has strong protective measures in place to prevent the unauthorized disclosure of personal information, including credit card information. Apparently, Sony doesn't," commented J.R. Parker, co-counsel in the case.

The lawsuit seeks monetary compensation for the data loss and "loss of use of the Sony PlayStation Network, credit monitoring, and other relief according to proof."

IGN has contacted Sony for comment.

Maybe I'll get $5 bucks out of all of this. Yay me.

URL to share (right click and copy)

I still haven't received an email. Those rats.

@colep53

You should do that! I've been tempted to get rid of my Xbox (and maybe my PS3) because my new PC and Steam are a dangerous combination... Of JOY!

Yeahhhhh I don't think Sony is done at all. Most consumers probably don't even know about this yet, it will be big news for awhile, and then no one will care anymore. I barely care right now, then again, I'm lazy and maybe I have way too much trust that nothing bad is actually going to come of this regarding my credit card. I also haven't touched my PS3 in a month or so, so the loss of service hasn't affected me.

Though I do keep checking my online bank statements to make sure.

LOL! That Airplane gif is funny as ish!

Sony is being sued.

IGN said:

A class action lawsuit was filed against Sony a day after the company publicly admitted that personal information from PlayStation Network was compromised by a security breach. The lawsuit was filed by the Rothken Law Firm today in a California court and alleges Sony "failed to take reasonable care to protect, encrypt, and secure the private and sensitive data."

Yesterday, Sony said it believes an unauthorized person obtained PSN user information, including members' names, addresses, birthdays, and login passwords. The company said there was no evidence that credit card information was stolen, but did not rule out that possibility.

"We brought this lawsuit on behalf of consumers to learn the full extent of Sony PlayStation Network data security practices and the data loss and to seek a remedy for consumers. We are hopeful that Sony will take this opportunity to learn from the network vulnerabilities, provide a remedy to consumers who entrusted their sensitive data to Sony, and lead the way in data security best practices going forward," said Ira P. Rothken an attorney who filed the class action complaint.

"Sony's breach of its customers' trust is staggering. Sony promised its customers that their information would be kept private. One would think that a large multinational corporation like Sony has strong protective measures in place to prevent the unauthorized disclosure of personal information, including credit card information. Apparently, Sony doesn't," commented J.R. Parker, co-counsel in the case.

The lawsuit seeks monetary compensation for the data loss and "loss of use of the Sony PlayStation Network, credit monitoring, and other relief according to proof."

IGN has contacted Sony for comment.

I wouldn't mind if Sony gave me free money.

Is it too early to bust out the popcorn.gifs?

I've never been a big fan of class action lawsuits. We get $10 and the lawyer gets millions. Yay.

@Orbital74 True. But I'll still take it.

I'm kind of curious, legally, if Sony on their own were to just decide to give something back to its customers, would that affect the lawsuit?

Orbital74 said:

I've never been a big fan of class action lawsuits. We get $10 and the lawyer gets millions. Yay.

Me neither. It's just an easy way for lawyers to get a lot of money while preying on the hopes of people.

Zero said:

@Orbital74 True. But I'll still take it.

I'm kind of curious, legally, if Sony on their own were to just decide to give something back to its customers, would that affect the lawsuit?

I'm not versed in class actions suits, but I would assume that the courts would see at as good faith when they determine what is owed to the plaintiffs, if anything.

Orbital74 said:

I've never been a big fan of class action lawsuits. We get $10 and the lawyer gets millions. Yay.

Pretty much this. Good for lawyers. Not so good for consumers.

You have a good point, Anand. But... but it's so... convenient!

Nah, I'm taking my info off today.

Also, I too agree that this lawsuit probably won't do much of anything for consumers, and much more for the lawyers.

Zero - I don't think it's going to cause legions of fans to leave, not by a long shot. Most people that are saying that (not particularly here, but other places I've seen the news) are just having that "knee jerk reaction" moment, although considering the *possible* severity of the situation, I can't say I blame them.

That said, I wouldn't doubt if the Sony's promises on security cost them some of their user-base in the near future or down the road, even if they lock the service up tighter than Fort Knox after this (ugh... that's so unoriginal, sorry I used that). If they'd been more transparent from the beginning instead of waiting six days in, I think it would have been much better at least from a PR standpoint. Even if they didn't know the extent of the breach, at least they could have given people a heads-up:

"We are not certain at this time, however there is a possibility that information pertaining to your account may have been obtained. We are currently investigating this issue..."

Why not send/say something along those lines much earlier? At least this way, if information isn't taken, they can easily turn around and say "false alarm guys, we're good to go."

Waiting until now and letting everyone believe it wasn't something major like this just looks really bad and doesn't help customer loyalty.

I dunno'. I'm not certain how it all works of course, but it just seems like they should have erred on the side of caution and told consumers much sooner than they did.

They updated the PS Blog with a Q&A:
http://blog.us.playstation.com/2011/04/27/qa-1-for-
playstation-network-and-qriocity-services/

The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.

Yeah this sucks, I had to change all my CC info recently because my wallet was stolen, and I haven't bought anything on PSN since like December, so I'm okay... but still. Sucks. Oh wait? ... actually that's not true, I think I bought some stuff on my PSP... rats. Sigh.

So any word when PSN will be back up?

VofEscaflowne said:

They updated the PS Blog with a Q&A:
http://blog.us.playstation.com/2011/04/27/qa-1-for-
playstation-network-and-qriocity-services/

The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.

Good thing about the cc info, I guess. As for my identity, I think I only put my name as k and p, and am using an old address, lol. Even if it were the case with me using my full name and such, it'd be useless for certain reasons.

sirmastersephiroth said:

Hey [ref=id=5296&pagenumber=3#137133]@heliumsky, where have you been? Haven't seen you in a while.

Was on vacation, and then crazy busy with work. Popping in to check up on things (esp this PSN hacking thing), but will probably be sporadic around here for a while, until the project at work finishes up.

I'm not entirely sure whether to believe their statement about the CC's not taken, yet... I'll probably change my CC# anyway, once I figure out if I was storing info online or not. I can't remember.

heliumsky said:

sirmastersephiroth said:

Hey [ref=id=5296&pagenumber=3#137133]@heliumsky, where have you been? Haven't seen you in a while.

Was on vacation, and then crazy busy with work. Popping in to check up on things (esp this PSN hacking thing), but will probably be sporadic around here for a while, until the project at work finishes up.

I'm not entirely sure whether to believe their statement about the CC's not taken, yet... I'll probably change my CC# anyway, once I figure out if I was storing info online or not. I can't remember.

The credit card associated with my account is maxed, so I guess I'm good for the moment. Don't be a stranger.

@New Forms

None so far. Last I heard the date was estimated to be "some time next week" but that was a few days ago.

Only one or two people understood/cared about my post?

C'mon, I thought it was a good one!