Sony has finally admitted that account details, logins and online IDs for 77 million registered Sony PlayStation Network users have been compromised, following a hacker attack that has brought the whole gaming network down for over a week.
The information was stolen sometime between April 17 and 19, according to a Sony blog post, as early as nine days before Sony notified its users of the breach.
Sony says there’s no evidence that users’ credit card data was taken, but it can’t rule out the possibility.
The attack is likely to become known as one of the biggest data theft heists so far, affecting 77 million users across the globe.
The admission came nearly a week after Sony pulled the plug on PSN and its Qriocity music service, blaming the outage on an “external intrusion” into Sony’s network.
Sony says that it is rebuilding the PSN and Qriocity server system with improved security.
At the time of writing, the company estimates that “some services” will be back online within a week.
Users warned of email scams
Users are being warned to look out for attempted telephone and e-mail scams.
In a statement posted on the official PlayStation blog, Nick Caplin, the company’s head of communications for Europe, said: “We have discovered that between April 17 and April 19 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network”.
The blog posting lists the personal information that Sony believes has been taken.
• Name
• Address (city, state/province, zip or postal code)
• Country
• E-mail address
• Date of birth
• PlayStation Network/Qriocity passwords and login
• Handle/PSN online ID
Caplin added: “It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained.
“For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information.”
Credit cards stolen?
Sony admitted that credit card information, used to purchase games, films and music, may also have been stolen.
“While there is no evidence that credit card data was taken at this time, we cannot rule out the possibility,” Caplin said.
“If you have provided your credit card data through PlayStation Network or Qriocity, to be on the safe side we are advising you that your credit card number (excluding security code) and expiration date may also have been obtained.”
Sony has not given any indication of how many PlayStation Network users may have had their information taken, but the service has around 77 million members worldwide.
Read the full text of Sony’s PlayStation hack apology here.
