Originally posted on Lalawag
Sony just confirmed on its PlayStation Blog the worst case scenario for its recent PlayStation Network downtime/security breach – massive amounts of customer personal data was compromised by hackers. There are over 70 million PSN accounts currently. This is a security breach of disastrous proportions.
From Sony’s PSN Outage FAQ:
Q.6 Does that mean all users’ information was compromised? Tell us more in details of what personal information leaked.
In terms of possibility, yes. We believe that an unauthorized person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity password, login, password security answers, and handle/PSN online ID. It is also possible that your profile data may have been obtained, including purchase history and billing address (city, state/province, zip or postal code). If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. If you have provided your credit card data through PlayStation Network or Qriocity, it is possible that your credit card number (excluding security code) and expiration date may also have been obtained.
That, my friends, is quite a Happy Meal of personal data that is out in the hands of someone “unauthorized.” Not only do they have your contact information and birthdate, but they have your friggin’ password and password security answers! Does this mean that Sony stupidly stored your passwords in plaintext somewhere? How dumb/cheap/lazy must your company be to store 70 million passwords in plaintext?
If the hackers had just gotten access to password hashes, I would have expected Sony would have mentioned that in order to allay some fears. Nowhere in Sony’s statement does it leave the possibility for password data to not have been compromised which leads many people to suspect gross negligence on Sony’s part. What else would you expect from a company that announces new Playstation/Qrocity branded tablets on the same day that it reports one of the worst breaches of consumer personal data in history?
There is some good news, though, as Sony did confirm that Steam account information was not compromised during the hack. Last week, PS3 players could link Portal 2 to their Steam account to gain access to extra features prior to the PSN going down. I was one of those players, but you can bet your sweet ass that I changed my Steam password ASAP. I suggest you do the same.
Hopefully the leaked information isn’t used maliciously, but obviously you can’t count on that so here’s what you can do right now to deal with Sony’s giant fuckup:
- Change any passwords to your accounts that are similar to your PSN password.
- Double check your credit card activity to make sure that nothing out of the ordinary is going on.
- Be extra careful clicking links in emails – the most likely outcome of all this personal information getting out there is an increased amount of phishing attacks on unsuspecting people.
- When the PSN comes back up, change your password.
It’s pretty much all you can do at this moment in time other than pray no one messes with your information. Yes, it’s a big pain in the ass, but it’s better to do this now than have to deal with getting your identity back or dealing with credit card fraud.
We can all thank Sony for being inept in network building and security for that inconvenience. For all Sony’s posturing on how the PSN was “free” compared to Microsoft’s Xbox Live, you can bet your ass that Microsoft is having a laugh at Sony’s expense right now.
We’re not even close to looking at the long term fallout of this disaster yet, but you can probably look forward to getting some more compensation in the inevitable class action suit. Time will tell just how big of a hit Sony is going to take in consumers’ eyes for future console and online content sales.
Oh, and for anyone who still cares, Sony hopes to have the PSN back up “within a week.” At this point, the last thing I’m sure people want to do is play their tainted video game consoles.