70 million Sony PlayStation accounts exposed in security breach

For the past week, more than 70 million users of the Sony Playstation Network, 3 million in the UK alone, have been unable to access their accounts and yesterday the reason became apparent.

 
In a statement on its website Sony says:

 

"We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network."

 
In response to this intrusion, Sony says the PlayStation Network and Qriocity services were shut down. Sony also detailed how a security firm has launched an investigation and that it has taken steps to improve the security and network infrastructure.
The statement also details some of the personal information that may have been compromised by "an authorised person." This includes names, addresses and email addresses, birth dates and PlayStation Network/Qriocity password security answers. Sony also warned that credit card numbers and expiry dates may have also have fallen into the wrong hands but this hasn’t been confirmed. On the site, Sony says: "While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility."

 

Sony is advising its users to change usernames and passwords on other accounts if they use the same log-in information on other sites. Sony also advises users to keep a close eye on account statements. On the site, Sony has listed the details of three credit bureaus people can register with if they are concerned.

 

I contacted Sony this week after learning of the outage. While they didn’t have anything further to add they issued this statement which has been made available on their blog:

 

"We sincerely regret that PlayStation Network and Qriocity services have been suspended, and we are working around the clock to bring them both back online. Our efforts to resolve this matter involve re-building our system to further strengthen our network infrastructure. Though this task is time-consuming, we decided it was worth the time necessary to provide the system with additional security. We thank you for your patience to date and ask for a little more while we move towards completion of this project. We will continue to give you updates as they become available."

There was some speculation that Anonymous may have been behind it but on their website Anonymous issued a statement entitled "For once we didn’t do it" denying any involvement in the Sony Playstation Network outage.