IF you're one of the 77 million people signed up to the PlayStation Network, criminals could already know your name, your address and perhaps even your credit card number.That's what electronics giant Sony is telling users of its online gaming service today.
The PlayStation Network, or PSN, has been offline since last week. In recent days Sony said the outage was the result of an "external intrusion".
Now the company has revealed just how much trouble it’s in.
Overnight Sony began sending an alert to "all of our registered account holders" telling them that their personal information had been stolen.
"We believe that an unauthorised person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID," the alert said.
"It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained.
"While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility.
"If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."
The company said the PSN was still offline and it had hired a security firm to "conduct a full and complete investigation into what happened".
In the meantime, it has asked PSN users to be "vigilant" about the possibility of identity theft and to review their credit card statements.
Sony warned customers not to fall for any scam messages including those that appeared to be from the company itself.
"Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking," it said.
You can read the full security alert here.
'Could cost billions'
Industry experts said the scale of the PlayStation Network breach was staggering and could cost the company billions of dollars.
"Simply put, one of the worst breaches we've seen in several years," said Josh Shaul, chief technology officer for Application Security, a New York company that is one of the country's largest database security software makers.
Mr Shaul said the fact that Sony didn't have direct proof of credit card information theft should not instil a sense of security, and could just mean the company didn't know what files were touched.
"They indicated that they're worried about it, which is probably a very strong indication that everything was stolen," he said.
If the intruder successfully stole credit card data, the heist would rank among the biggest known thefts of financial data.
If you find this article useful, please feel free to link to this page from your website or blog.
Posts
Leave a Reply