Q.1 When did you realise the system had been intruded?
We discovered between April 17 and April 19 there was an illegal and unauthorized intrusion into our network.
Q.2 How did you know that the system was intruded?
We watch for any issues that may be raised with respect to security and monitor for such issues both internally and externally.
Q.3 What is the main reason to this problem? Which parts of the system were vulnerable to the intrusion?
We
are currently conducting a thorough investigation of the
situation. Since this is an overall security related issue, we will not
comment further on this case.
Q.4 What action did you take (are you taking)? Is there any possibility of further unauthorized access?
As
soon as we learned of this issue, 1) we temporarily turned off
PlayStation Network and Qriocity services in order to conduct a thorough
investigation and to verify the smooth and secure operation of our
network services, 2) we have also engaged an outside, recognized
security firm to conduct a full and complete investigation into what
happened, and 3) quickly taken steps to enhance security and strengthen
our network infrastructure by re-building our system to provide you with
greater protection of your personal information.
Q.5 How
many were affected? How many per each region? What is the latest
status of PlayStation Network registered account/ operating countries.
Our investigation indicates that all PlayStation Network/ Qriocity accounts may have been affected.
Q.6 Does that mean all users’ information was compromised? Tell us more in details of what personal information leaked.
In
terms of possibility, yes. We believe that an unauthorized person has
obtained the following information that you provided: name, address
(city, state/province, zip or postal code), country, email address,
birthdate, PlayStation Network/Qriocity password, login, password
security answers, and handle/PSN online ID. It is also possible that
your profile data may have been obtained, including purchase history and
billing address (city, state/province, zip or postal code). If you
have authorized a sub-account for your dependent, the same data with
respect to your dependent may have been obtained. If you have provided
your credit card data through PlayStation Network or Qriocity, it is
possible that your credit card number (excluding security code) and
expiration date may also have been obtained.
Q.7 Have you notified those users?
We
are sending out e-mails directly to these users to their e-mail address
registered on the PS Network accounts. Also, we have posted web
notices, and additional necessary procedures have been followed by each
region.
Q.8 I want to know if my account has been affected.
To
protect against possible identity theft or other financial loss, we
encourage you to remain vigilant to review your account statements and
to monitor your credit reports. Additionally, if you use the same user
name or password for your PlayStation Network or Qriocity service
account for other unrelated services or accounts, we strongly recommend
that you change them. When the PlayStation Network and Qriocity
services are back on line, we also strongly recommend that you log on to
change your password.
For your security, we encourage you to be
especially aware of email, telephone, postal mail or other scams that
ask for personal or sensitive information. Sony will not contact you in
any way, including by email, asking for your credit card number, social
security number or other personally identifiable information. If you are
asked for this information, you can be confident Sony is not the entity
asking.
Q.9 What should I do to prevent any unauthorized use of my (credit card) personal information?
For
your security, we encourage you to be especially aware of email,
telephone, postal mail or other scams that ask for personal or sensitive
information. Sony will not contact you in any way, including by email,
asking for your credit card number, social security number or other
personally identifiable information. If you are asked for this
information, you can be confident Sony is not the entity
asking. Additionally, if you use the same user name or password for
your PlayStation Network or Qriocity service account for other unrelated
services or accounts, we strongly recommend that you change them. When
the PlayStation Network and Qriocity services are back on line, we also
strongly recommend that you log on to change your password.
To
protect against possible identity theft or other financial loss, we
encourage you to remain vigilant to review your account statements and
to monitor your credit reports.
Q.10 Since when have PSN/Qriocity become unavailable and in which region?
PSN/Qriocity services have not been available since April 20 (US time) in all regions.
Q.11 How come it is taking so much time to resume the service?
We
are taking the investigation seriously. We decided to keep the service
down to allow us to conduct a thorough investigation and verify smooth
operation of our network services.
Q.12 How serious
is this? Have the hackers broken the security on PSN/Qriocity? Are you
taking necessary measures to prevent such outage happening in the
future?
Since this is an overall security related issue,
we will not comment further on this case but we are working to restore
and maintain the services, including countermeasures against future
intrusions.
Q.13 When will the service resume?
We
are taking the investigation seriously. We will keep the service down
to allow us to conduct a thorough investigation and verify smooth
operation of our network services but are working hard to resume the
services as soon as we can be reasonably assured security concerns are
addressed.
Q.14 Seems like SOE service was also not
available/ suffering outage. Is this true? Is this due to the same
reason as the PSN/Qriocity outage?
SOE's service is
available although a service interruption due to an external attack did
occur. A thorough investigation is ongoing.
Q.15 I want my money back (subscription fee, content) since the PSN/Qriocity was not available.
When the full services are restored and the length of the outage is known, we will assess the correct course of action.
Q.16 There seems to be some games that cannot be played even offline?
Depending on the game titles, but mainly PSN games, some may require access to PSN for trophy sync, security check, etc.
ref: [url=http://faq.en.playstation.com/cgi-bin/scee_gb.cfg/php/enduser/std_adp.php?locale=en_GB&p_faqid=5593]
We discovered between April 17 and April 19 there was an illegal and unauthorized intrusion into our network.
Q.2 How did you know that the system was intruded?
We watch for any issues that may be raised with respect to security and monitor for such issues both internally and externally.
Q.3 What is the main reason to this problem? Which parts of the system were vulnerable to the intrusion?
We
are currently conducting a thorough investigation of the
situation. Since this is an overall security related issue, we will not
comment further on this case.
Q.4 What action did you take (are you taking)? Is there any possibility of further unauthorized access?
As
soon as we learned of this issue, 1) we temporarily turned off
PlayStation Network and Qriocity services in order to conduct a thorough
investigation and to verify the smooth and secure operation of our
network services, 2) we have also engaged an outside, recognized
security firm to conduct a full and complete investigation into what
happened, and 3) quickly taken steps to enhance security and strengthen
our network infrastructure by re-building our system to provide you with
greater protection of your personal information.
Q.5 How
many were affected? How many per each region? What is the latest
status of PlayStation Network registered account/ operating countries.
Our investigation indicates that all PlayStation Network/ Qriocity accounts may have been affected.
Q.6 Does that mean all users’ information was compromised? Tell us more in details of what personal information leaked.
In
terms of possibility, yes. We believe that an unauthorized person has
obtained the following information that you provided: name, address
(city, state/province, zip or postal code), country, email address,
birthdate, PlayStation Network/Qriocity password, login, password
security answers, and handle/PSN online ID. It is also possible that
your profile data may have been obtained, including purchase history and
billing address (city, state/province, zip or postal code). If you
have authorized a sub-account for your dependent, the same data with
respect to your dependent may have been obtained. If you have provided
your credit card data through PlayStation Network or Qriocity, it is
possible that your credit card number (excluding security code) and
expiration date may also have been obtained.
Q.7 Have you notified those users?
We
are sending out e-mails directly to these users to their e-mail address
registered on the PS Network accounts. Also, we have posted web
notices, and additional necessary procedures have been followed by each
region.
Q.8 I want to know if my account has been affected.
To
protect against possible identity theft or other financial loss, we
encourage you to remain vigilant to review your account statements and
to monitor your credit reports. Additionally, if you use the same user
name or password for your PlayStation Network or Qriocity service
account for other unrelated services or accounts, we strongly recommend
that you change them. When the PlayStation Network and Qriocity
services are back on line, we also strongly recommend that you log on to
change your password.
For your security, we encourage you to be
especially aware of email, telephone, postal mail or other scams that
ask for personal or sensitive information. Sony will not contact you in
any way, including by email, asking for your credit card number, social
security number or other personally identifiable information. If you are
asked for this information, you can be confident Sony is not the entity
asking.
Q.9 What should I do to prevent any unauthorized use of my (credit card) personal information?
For
your security, we encourage you to be especially aware of email,
telephone, postal mail or other scams that ask for personal or sensitive
information. Sony will not contact you in any way, including by email,
asking for your credit card number, social security number or other
personally identifiable information. If you are asked for this
information, you can be confident Sony is not the entity
asking. Additionally, if you use the same user name or password for
your PlayStation Network or Qriocity service account for other unrelated
services or accounts, we strongly recommend that you change them. When
the PlayStation Network and Qriocity services are back on line, we also
strongly recommend that you log on to change your password.
To
protect against possible identity theft or other financial loss, we
encourage you to remain vigilant to review your account statements and
to monitor your credit reports.
Q.10 Since when have PSN/Qriocity become unavailable and in which region?
PSN/Qriocity services have not been available since April 20 (US time) in all regions.
Q.11 How come it is taking so much time to resume the service?
We
are taking the investigation seriously. We decided to keep the service
down to allow us to conduct a thorough investigation and verify smooth
operation of our network services.
Q.12 How serious
is this? Have the hackers broken the security on PSN/Qriocity? Are you
taking necessary measures to prevent such outage happening in the
future?
Since this is an overall security related issue,
we will not comment further on this case but we are working to restore
and maintain the services, including countermeasures against future
intrusions.
Q.13 When will the service resume?
We
are taking the investigation seriously. We will keep the service down
to allow us to conduct a thorough investigation and verify smooth
operation of our network services but are working hard to resume the
services as soon as we can be reasonably assured security concerns are
addressed.
Q.14 Seems like SOE service was also not
available/ suffering outage. Is this true? Is this due to the same
reason as the PSN/Qriocity outage?
SOE's service is
available although a service interruption due to an external attack did
occur. A thorough investigation is ongoing.
Q.15 I want my money back (subscription fee, content) since the PSN/Qriocity was not available.
When the full services are restored and the length of the outage is known, we will assess the correct course of action.
Q.16 There seems to be some games that cannot be played even offline?
Depending on the game titles, but mainly PSN games, some may require access to PSN for trophy sync, security check, etc.
ref: [url=http://faq.en.playstation.com/cgi-bin/scee_gb.cfg/php/enduser/std_adp.php?locale=en_GB&p_faqid=5593]