The hack that has plagued the Playstation Network for the last week is much worse than simply taking down the platform. Sony reports on its Playstation Network blog that personal data of its 70 million users has been exposed by the hacker, including the possibility of credit card numbers.
According to the Playstation Network blog; “we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birth date, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained.”
Sony has said that credit card information may have been obtained but they cannot be sure.
“While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility,” Sony wrote. “If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.”
The hack shows that even the biggest vendors on the Web are vulnerable to security threats by a motivated hacker. Yet, this is a big black eye for Sony and there will probably be some significant consequences.
This goes way beyond a simple distributed denial of service attack or even a hack that just compromised connectivity. The fact that Sony cannot confirm if credit card information for 70 million accounts has been breached means that the attack was sophisticated enough to completely befuddle Sony’s security team.
Sony says that the attack happened between April 17 and April 19. Since discovery, the company shutdown the network, engaged an outside security firm and attempted to strength the network by rebuilding the infrastructure with greater protection for personal information.
The depth of the breach and the amount of information taken ranks up there with some of the major data thefts in history. Last year two hackers infiltrated AT&T servers that held personal information on 120,000 iPads including government officials and celebrities. Gawker had a massive and embarrassing data breach in December, 2010 that exposed information on 1.25 million accounts. Just last week WordPress suffered an attack that took down many of the popular websites on the Internet and exposed 18 million accounts personal information. In what could be the most similar type of attack, social gaming and entertainment network RockYou.com exposed account information for 32 million accounts in December, 2010.
Sony urges Playstation Network and Qriocity users to be vigilant in protecting in tracking and protecting their information. In its blog post it gives the numbers of credit card agencies and the Federal Trade Commission if users want to investigate the extent of their information leaked.