Millions of PlayStation users have been warned their personal information, including credit card details, may have been stolen. Gamers, 70 million users worldwide, have been locked out of the network for a week. Sony revealed yesterday that the system has been down since it was hacked last Wednesday.
Sony said it discovered that between April 17 and 19, there was an “illegal and unauthorized” intrusion of its network and warned users to look out for telephone and email scams. Names, PlayStation log-in details and email addresses are also thought to have been taken by the hackers. PlayStation members are also required to submit credit card and personal details to play online games and download software, films and music.
Sony said it had hired an outside security firm to investigate what happened and has taken steps to rebuild its system to provide greater protection for personal information.
PlayStation Network posted an apology to users through the Sony website saying it would email those who are suspected to be victims of the hacking. It said: “We don’t have an exact date to share at this moment as to when we will have the services turned on, but are working day and night to ensure it is as quickly as possible. Please note that we are as upset as you are regarding this attack and are going to proceed aggressively to track down those that are responsible.”
The company said it has no direct evidence that credit card information was taken, but said “we cannot rule out the possibility”.
Purchase history and credit card billing address information may have been stolen but the intruder did not obtain the three-digit security code on the back of cards, Sony said.
Josh Shaul, chief technology officer for Application Security Inc., which makes database security software, called the intrusion “one of the worst breaches we’ve seen in several years”.
Despite there being no direct proof of the theft of credit card information, he said Sony might just not know which files were affected. “They indicated that they’re worried about it, which is probably a very strong indication that everything was stolen,” he added.
If the intruder successful stole credit card information, the heist would rank among the largest known thefts of financial data.