Tag Archives: PlayStation Network

PlayStation Network Threatens to be Back Up Before I Finish Making My Fancy “Days Down” Graphic For the Side Bar

Or so says the EQ2 Wire.

I’ll believe it when I see it.  I’m going to keep working on the graphic.

In other news, when it comes to SOE, there is no other news.

It is still down.

Follow Up Clarification – The EQ2 Wire does not mention my attempt at a fancy graphic for the side bar.  They are just reporting that the network might be up… and that Wired is trying to figure out who done it.  Also I think I managed a pretty amusing comment on that piece.  Go me.

One Possibly Amsuing Result of the Sony Hacking

I had to laugh when I read this over at Kotaku.

Sure, it hasn’t come to pass, but it would be amusing if it did.

Hackers, it seems, get $5-10 per credit card/identity sets on the… do we call it a black market?

Anywhere, where ever it is they do their buying and selling, that is the price range.

But there is a worry in the hacker community that if all of those Sony credit card/identity sets suddenly flood the market, the price might drop as low as $1-2 per set.

Life is tough all over I guess.

Meanwhile, the latest SOE update just showed up.

We regret that we were unable to bring services back online today, and continue to work hard on the issue!

It has to be painful down in San Diego this week.

SOE To Remain Offline Until Friday… Or Longer

The key quote from this article in the San Diego Union-Tribune, noted over at EQ2 Wire:

Rodriguez added that Sony Online Entertainment’s network would be shut down until Friday and possibly longer. The company has contacted the FBI to investigate the attack.

And if the shut down bleeds into people’s weekend free time, their weekend game time, then people will start looking for something else to play.

As Syp sort of asked, can SOE recover from something like that?

There is the player base in general to consider.  Surely the hard core, long time players will return, but I wonder how fragile the EverQuest II Extended player base is.  Dose free to play’s low bar to entry also imply a low threshold to abandonment?

Then there is the who question of confidence in Sony, SOE, SCEA, et al., in holding our personal data.  Should Sony, as Cringley and Lum suggest, outsource the whole thing to the likes of PayPal or PlaySpan?

(PlaySpan is now owned by VISA, which I think gives it the legitimacy to be considered.  Games like World of Tanks use it already.)

Or will we all forget about this in a month or two and things will be business as usual… until it happens again?

Addendum: Develop has posted an excellent time line of the Sony PSN and SOE hacking saga.

(I recall all the grief I got for not wanting to give EA-Mythic a credit card number in order to take advantage of their 10 free days offer.  Doesn’t seem so unreasonable now, does it?)

SOE Offline for a Second Day

Hey folks, in response to many inquiries, we wanted to reassure you that all of your characters and items are safe and awaiting your return. We continue to work on the issues as fast as we can, but unfortunately the servers will not come up today. Thank you for your continued patience; we expect to be back up very soon.

SOE Update on Facebook, 18:15 PDT, May 3


Well, it looks like the downtime might eclipse the great December 2004 EverQuest II outage, which ran about 2 days if I recall right.

Has any other big name MMO, like WoW or EverQuest, been down for more than a couple of days?

SOE – The Drum Beat of Bad News Continues

SOE has a new press release this morning, the meat of which is quoted below, since I expect it will disappear from the Sony site at some future date.  Comments and a couple of links follow.

SONY ONLINE ENTERTAINMENT ANNOUNCES THEFT OF DATA FROM ITS SYSTEMS

Breach Believed to Stem From Initial Criminal Hack of SOE

Tokyo, May 3, 2011 – Sony Corporation and Sony Computer Entertainment announced today that their ongoing investigation of illegal intrusions into Sony Online Entertainment LLC (SOE, the company) systems revealed yesterday morning (May 2, Tokyo time) that hackers may have stolen SOE customer information on April 16th and 17th, 2011 (PDT).  SOE is based in San Diego, California, U.S.A.

This information, which was discovered by engineers and security consultants reviewing SOE systems, showed that personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007.  The information from the outdated database that may have been stolen includes approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain.

With the current outage of the PlayStation® Network and Qriocity™ services and the ongoing investigation into the recent attacks, SOE had also undertaken an intensive investigation into its system. Upon discovery of this additional information, the company promptly shut down all servers related to SOE services while continuing to review and upgrade all of its online security systems in the face of these unprecedented cyber-attacks.

On May 1, Sony apologized to its customers for the inconvenience caused by its network services outages.  The company is working with the FBI and continuing its own full investigation while working to restore all services.

Sony is making this disclosure as quickly as possible after the discovery of the theft, and the company has posted information on its website and will send e-mails to all consumers whose data may have been stolen.

The personal information of the approximately 24.6 million SOE accounts that was illegally obtained, to the extent it had been provided to SOE, is as follows:

  • name
  • address
  • e-mail address
  • birthdate
  • gender
  • phone number
  • login name
  • hashed password.

In addition to the information above, the 10,700 direct debit records from accounts in Austria, Germany, Netherlands and Spain, include:

  • bank account number
  • customer name
  • account name
  • customer address.

SOE will grant customers 30 days of additional time on their subscriptions, in addition to compensating them one day for each day the system is down. It is also in the process of outlining a “make good” plan for its PlayStation®3 MMOs (DC Universe Online and Free Realms). More information will be released this week.

Well, that upped the ante.  Yesterday it was just 23,400 accounts, 12,700 pre-2007 credit card records and 10,700 direct debit records.

Now the count is up to 24.6 million.

24.6 million accounts accounts from SOE plus 77 million accounts from the PlayStation Network brings the stolen accounts tally over the 100 million mark.

For perspective, if each of those accounts represented a single individual, the total would surpass in population the Philippines, the 12th most populous country in the world.

So as the PlayStation Network is about to lurch into its third week of being down,  I fully expect to not be able to log into any SOE game for a second night, and likely a few more nights after that.

Over at I, Cringely there is a post up looking at credit card security rules, Japanese society, and how Sony might get themselves out of this mess.  Sony cannot start running again until they lock down all this customer data, and it sounds like they have been slack on that so far so they have a lot of work to do.

And over at the EQ2 Wire, where they suddenly have very little on which to report besides “servers still down,” there is a poll up asking users to speculate when they think SOE games will be up and available to play.

The current going winner is Friday.

Is that optimism or pessimism?

SOE Joins PlayStation Network Hacking Woes

I thought I was safe, not having given my credit card to Sony on the PlayStation Network.

Then Sony Online Entertainment brought down all their servers this morning, purportedly for “an investigation into an intrusion.”

And now it seems there was a reason for it.

While the shut down has been covered around the webKotaku is now reporting that hackers may have stolen more than 12,700 credit card numbers from Sony Online Entertainment players.

That is a small-ish percentage of the players of SOE games such as EverQuest II, and considerably fewer credit card numbers than were obtained through the hacking of the PlayStation Network (last count, 10 million!), but it is still a disturbing reminder of the problems Sony is currently having with network security.  And who knows what the final numbers will be.

No word on how to tell if your credit card has been compromised, though SOE Community Manager Amnerys encourages you to call SOE customer service if you have concerns.

Good luck getting through!

You might as well read the alarming security update from SOE.

I guess I picked a bad week to quit WoW.

Addendum: Sony says this was not a second attack, which I guess means they still haven’t figured out how bad the attack nearly two weeks ago really was.

Addendum 2:  Per ZAM, SOE is granting customers 30 days of additional time on their subscriptions, in addition to compensating them one day for each day the system is down.  No word on how long the system will be down.

(SOE Offline graphic from the Kotaku story.)

PlayStation Network – Hacked Before I Could Enter My Credit Card

We have had a PlayStation 3 for a little over two weeks now, and for about half of that time the PlayStation Network has been down.

Sony, along with their PlayStation branch here in the US, Sony Computer Entertainment America (SCEA), has failed miserably to keep people informed in anything like a timely or complete manner.

And even when they have attempted to be forthcoming, their statements have had the tentative, CYA tone common to corporate BS rather than anything like a frank assessment of what has happened.  This blurb is about as clear as any statement I have seen so far:

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

Out of an abundance of caution?  This isn’t an advisory suggesting one wear both a belt and suspenders.  This is people’s financial information.

Not to pick on the Japanese, but we’ve seen how reluctant large Japanese corporations are to tell their customers bad news.  We saw how Toyota behaved last year which was followed up by TEPCO’s closed mouth approach to the information after the Tohoku earthquake, both of which potentially put people’s lives at risk.

So I suppose it is no surprise that Sony is dragging its feet when it is just your credit card information that might have been stolen.

As noted elsewhere, It is better to be safe than Sony.

Personally though, the melt down of the PSN has had little impact on the PlayStation 3 usage at our home.

We are still able to stream Netflix through the PS3, which is the unit’s primary function in our household.

Sony tries to make you log into the PSN when you use the Netflix streaming application.  However, once it fails a couple of times, it gives up and then Netflix runs just fine.

Go Netflix!  Way to look good!

We are also able to watch Blu-Ray and DVD movies through the unit.  In the Blu-Ray version of The Sound of Music, the hills do genuinely seem alive on our TV.

Even our gaming was undisturbed.  The Easter Bunny brought us a copy of Little Big Planet, which not only ran just fine, but which updated without a hitch, all without the PSN being active.

It is enough for us to wonder what the PSN is for, aside from distributing our personal data to hackers.  And I hadn’t even had time to enter a credit card number, so it is just personal data about me that hackers have.

Granted, we do not yet play any games that require the PSN for connectivity.  I had no plans to bother with DC Universe Online and my daughter was done with Free Realms in less time than it took to download it.  But I am sure many people miss being able to connect to those games and many more.

So I suppose we are lucky.  We are largely unaffected.

But on my list of things to do, subscribing to the PlayStation Plus program now falls somewhere behind changing my birth date.