PlayStation Now Pwn3dStation
The Playstation online network is still down due to a massive security breach that exposed or lost player account information including credit card and addresses of network users.
So Playstation is urging everyone to get a free credit report and place a fraud flag on their credit accounts. And they admit they still don’t know how it happened or how extensive the breach is.
From their blog here:
We are currently working to send a similar message to the one below via email to all of our registered account holders regarding a compromise of personal information as a result of an illegal intrusion on our systems. These malicious actions have also had an impact on your ability to enjoy the services provided by PlayStation Network and Qriocity including online gaming and online access to music, movies, sports and TV shows.
We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week.
We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:
Temporarily turned off PlayStation Network and Qriocity services;
Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.We believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained.
So that looks like the complete pwnage of their entire user database. They admit they don’t know how it happened, but yet they have some kind of idea on how to completely rebuild their network to make it more secure- which in a way is to admit that it was built insecurely in the first place. And if they know it was weak in the first place, and they went about their business collecting personally identifiable information and storing it insecurely on servers, I think they may be open to some LOLsuits.