Sony Admits to Massive PlayStation Network Data Breach

/ Source: SecurityNewsDaily

Sony has finally explained why it took down its PlayStation Network last week -- there was a massive data breach that may have compromised all 69 million of the online gaming service's registered users.

"We believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID," explained an email sent to registered users today and cross-posted to the official PlayStation blog.

"It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained," it continued."While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."

Neither the email nor the blog posting explained how many accounts had been affected, but the tech blog TechCrunch noted that in January, there were 69 million registered users of the PlayStation Network worldwide.

The PlayStation Network went offline last Wednesday (April 20), initially without explanation from Sony, which led many to believe that the "hacktivist" collective Anonymous had launched another directed denial-of-service (DDoS) attack against it for complicated reasons involving PlayStation hacker George Hotz.

But Anonymous denied doing so, and Sony on Friday said that an "external intrusion" had forced administrators to shut the service down.

Sony stayed mum until today's statement, which flatly stated that "between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network."

Qriocity is a service similar to the PlayStation Network which provides on-demand entertainment services.