This is a rough time to be a PlayStation Network user. PSN being down for the past 6 days as bothered many, but was more of an inconvenience than anything else. But now Sony admits that all of its users have had their personal information compromised from an external intrusion.
The PlayStation Blog goes on to list what information has been acquired. Apparently, everyone’s “name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID” has been obtained by the person(s) behind this. Further information that could have possibly been stolen as well consist of “profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers.” If that wasn’t enough, Sony says that, while there is no evidence that credit card information has been obtained, to take measures as if your credit card number and expiration date have been acquired.
I have to say, Sony has really dropped the ball on this one. Not only are over 70 million customers’ account information in danger, but we’re only finding out about this today, the 26th of April. According to the blog, Sony learned that user information was compromised between the dates of April 17 and April 19. Sony promises to send out email notifications to users, and the blog has some tips on what members can do to help protect themselves from identity theft and fraud, but I can’t help but feel disappointed in the way Sony handled the situation. The company has had to deal with a huge assault on its network, I understand that, but while possibly trying to save face, they’ve given the attackers that much more time with PSN members’ information, and that just isn’t right. When it comes to identity theft, notifying customers this late is simply inexcusable. My guess is that PSN cards are going to be purchased a lot more in the future, because right now Sony may have lost the trust of many of its customers, myself included.
Regardless, if you’d like to learn more about some precautions you can take, visit the links below. Joystiq has some good advice on things you can do to protect your identity.
Update: Sony says that, while they discovered the intrusion on the 19th, they only learned of the compromised account information yesterday. “It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon.” If this is true (and I don’t completely buy it yet) then that explains the late notice, but things are definitely still going to be difficult for Sony.