Wednesday, April 27, 2011

PlayStation Network Hack Leaks Sensitive Info of Over 70 Million Users

After claiming for days that its PlayStation network is under maintenance, Sony finally admitted that it has been targeted by a hacking attack, therefor the network has been taken down for investigation by security experts that the company contacted in order to help fix the issue and secure the network.

Not only the gaming network has been affected, the outage also affected the film rental site LoveFilm, as service that is also running over the PS network. Problems have also been reported by the Netflix users.

The company's official position mentions that sensitive data, like credit card information, might have fallen into the hands of an "unauthorized person".

In an attempt to hide the hacking and stop the intrusion, Sony kept the truth from the users, and while it all started on Wednesday, the company waited until yesterday to make the announcement. In a blog post by Head of Communication, Nick Chaplin, the company announces that: "certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network." To add to the users' reasons to be unhappy with their membership, not only that the information has been kept away for a week, but they just found out that their info is not encrypted inside the PSN network.

Mr. Chaplin came up with even more excuses in his today's blog post:
"There’s a difference in timing between when we identified there was an intrusion and when we learned of consumers’ data being compromised. We learned there was an intrusion 19th April and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly yesterday evening. "

The network's 77 million users have also been emailed about the issue and have been warned that they are at risk of fraud and have been advised to  keep a close eye on their bank accounts.

Knowing that most of the online people use the same combination of user name and password, not only their credit cards and PSN accounts are in danger. The hacker(s) can use the email address/password combination to try and break into the users' email accounts where further sensitive information to access other accounts can be found. 

Changing password for the other services they use would be the right thing to do now. 

Going to the bank and disabling the credit card and ask for a new one would be another smart thing to do, if the bank allows it, and even if it does, this will probably cost extra. I would do it and send the bill to Sony.