June 19, 2024

Sony Says PlayStation Hacker Got Personal Data

Christopher Miller’s PlayStation Portable game console had been broken for most of two years. So when his parents got him a new one for his 25th birthday on April 18, he was elated — but only briefly.

Last week, Sony’s online network for the PlayStation suffered a catastrophic failure through a hacking attack. And since then, the roughly 77 million gamers worldwide like Mr. Miller who have accounts for the service have been unable to play games with friends through the Internet or to download demos of new games.

Then, on Tuesday, after several days of near silence, Sony said that as a result of the attack, an “unauthorized person” had obtained personal information about account holders, including their names, addresses, e-mail addresses, and PlayStation user names and passwords. Sony warned that other confidential information, including credit card numbers, could have been compromised, warning customers through a statement to “remain vigilant” by monitoring identity theft or other financial loss.

Law-enforcement officials said Tuesday that Sony had reported the breach to the Federal Bureau of Investigation in San Diego, which specializes in computer crime.

The breach comes after an incident earlier this month, when Epsilon, a marketing firm that handles e-mail lists, suffered a security breach that put millions of people’s e-mail addresses at risk. In some instances, customers’ names were also stolen. Last year, an ATT breach exposed the e-mail addresses of at least 100,000 owners of the Apple iPad.

Even before Sony’s disclosure, complaints about the system failure had been mounting on Web sites, including Sony’s own. “It’s ridiculous,” said Mr. Miller, a 3-D animation student from Saline, Mich., in an e-mail.

Other customers — who have come to take the gaming network for granted — said they were astonished by the failure’s duration and its target, Sony, a globally recognized technology company. Some suggested that the incident, already a severe blow to Sony’s reputation, would give its top video game rivals, Microsoft and Nintendo, a leg up in the console wars.

“Sony is pretty much doing everything wrong,” said Carl-Niclas Odenbring of Releasy Customer Management in Sweden, which helps companies manage social media. Mr. Odenbring said his daughter, age 6, misses playing games on her Sony console, but is now playing on an iPad.

“She doesn’t have any direct purchasing power, but her indirect influence in what my wife and I buy is enormous,” he said. “Sony is losing the battle over her.”

Last weekend, after the attack, Sony said it would rebuild the network to make it more secure. The Sony Qriocity service, which is used to stream audio and video to high-end Sony televisions, Sony Blu-ray players and other Web-enabled Sony devices, was also knocked offline.

“It is very unusual for Sony to completely rebuild a system after a security breach, rather than just stopping the bleeding and going back to some kind of restricted network,” said Mark Seiden, a longtime information security consultant. “The fact that two separate networks are involved in this security breach suggests Sony discovered a major underlying problem that already existed.”

It remains unclear who the hackers were. Anonymous, a well-known hacking group that has been blamed for previously attacking the Sony and PlayStation Web sites, denied any responsibility; the group’s Web site stated, “For once we didn’t do it.”

Last Wednesday, Sony began posting sporadic messages that the PlayStation Network was down. In its first detailed statement on the attack, Sony told its customers on Tuesday afternoon that it had discovered that an “illegal and unauthorized intrusion” into the network had taken place between April 17 and 19.

“If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number and expiration date may have been obtained,” Patrick Seybold, senior director for corporate communications at Sony, wrote in a post on the PlayStation Web site and in an e-mail to customers.

Sony representatives declined to give further details.

Sony said it expected to restore some services — but apparently not all — within a week.

Shortly after Sony’s announcement Tuesday, Senator Richard Blumenthal, Democrat of Connecticut, sent a letter to Sony asking why customers had not been notified immediately about the security breach and not told for nearly a week about the extent of the attack. Mr. Blumenthal also cited concerns that many PlayStation users are children.

The letter said Sony should provide PlayStation customers “financial data security services, including free access to credit reporting services.”

One group of gamers who were particularly vociferous were the members of DC Universe Online, an online game. The game has been out of operation since the attack, affecting gamers who have paid for the service for months in advance.

Other customers said they had had trouble connecting to the popular online streaming service Netflix through the PlayStation console.

Daniel McGuire, a PlayStation user in London, in an e-mail criticized Sony’s initial silence. “Most PlayStation users would never cross over to the Xbox,” he said, referring to Microsoft’s rival console, “but this situation is pushing people. If ever Xbox wanted to snatch PlayStation users, this would be the time.”

Article source: http://feeds.nytimes.com/click.phdo?i=29f064b013013db2699cc3ccf2c164d3

Speak Your Mind