PlayStation Network Users Are Informed About Account Hacking

Sony "cannot rule out the possibility" that this included credit card data.

An unauthorized person has hacked into users’ accounts on Sony’s PlayStation Network, accessing such information as names and addresses and possibly credit card information, Sony admitted Tuesday. The PlayStation Network and Qriocity online services have been down since April 20.

A Tuesday post on the PlayStation blog warned that account holders should “remain vigilant” against possible identity theft.

“Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, ZIP), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID,” a letter on the blog post (with information that Sony also intends to email to account holders) explains. “It is also possible that your profile data, including purchase history and billing address (city, state, ZIP), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility.”

The blog message, which was posted by Patrick Seybold, senior director of corporate communications and social media, cautions, “If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution, we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.”

Entertainment technology consultant John Footen told The Hollywood Reporter: "This warning from Sony should be taken seriously. With this much personal information, a hacker could attempt to access other sites with the users' information. They could theoretically get access by using the password if the person uses the same password in a lot of places. They could also use the other information to reset passwords and gain access that way."

PlayStation Network had more than 60 million registered accounts.

Tuesday’s blog post offers additional background on the incident: “We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have temporarily turned off PlayStation Network and Qriocity services; engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and quickly taken steps to enhance security and strengthen our network infrastructure by rebuilding our system to provide you with greater protection of your personal information.

“For your security, we encourage you to be especially aware of email, telephone and postal mail scams that ask for personal or sensitive information,” the blog reads. “Sony will not contact you in any way, including by email, asking for your credit card number, Social Security number or other personally identifiable information.”

Sony has not given a date for when the service will be restore, saying in the post: “We have a clear path to have PlayStation Network and Qriocity systems back online and expect to restore some services within a week. We’re working day and night to ensure it is done as quickly as possible. We appreciate your patience and feedback.”

The complete post can be found here.