PlayStation Network hacked, personal information of 77 million accounts accessed

PlayStation Network hacked, personal information of 77 million accounts accessed
PlayStation Network
PlayStation Network
View 1 Image
PlayStation Network
PlayStation Network

PlayStation 3 owners in the audience will likely have noticed an inability to connect to the PlayStation Network (PSN) over the past week, though Sony today made an announcement revealing that things are much worse than a week without access to online multiplayer gaming. At some stage between the 17th and 19th of April, a hacker gained access to Sony's systems. Sony believes the hacker was able to retrieve the personal information of 77 million PSN accounts, and say it is possible that credit card details were also retrieved.

Before we delve further into the story, I want to highlight one important lesson I hope everyone learns from this incident: you should not use the same password for multiple online services. If you have a PSN account with the same password as other services, I hope you've already stopped reading and started changing your passwords.

Sony made the announcement on the 26th – a full week after learning of the intrusion – though it is plausible it took the external forensic team this long to determine the personal information had been retrieved, given the Easter break.

A post over at Reddit by a member of the PS3 hacking scene highlights a series of recent hacking milestones, and presents a theory that Sony turned off the PSN to prevent users of custom firmware (CFW) from using a recently discovered method of pirating PSN content. While this is likely not the case given Sony's admission of the leaked personal information, it's still worth noting the claim that CFW users (the first of which was released in January this year) have had access to the Sony developer network "the whole time", and that the developer network inherently trusted all connected clients – a massive no-no in client/server architecture and most certainly a potential attack vector.

Marsh Ray has blogged a theoretical worst-case scenario, where hackers manage to fool some percentage of the 50 million PS3 owners out there into installing a firmware that grants back-door access to the PS3. The resultant botnet could be used to eat modern cryptography for breakfast or, far more plausibly, distributed denial-of-service attacks.

Hacktivist group Anonymous has denied responsibility for the attack, which raises the important question as to who has motive. Is this retribution against Sony for the prosecution of PS3 hackers fail0verflow and George Hotz? or is it an organized crime group who can capitalize on the biographical information of 77 million people?

We suspect there will be more questions than answers for a long time, if not forever. In the meantime, we suggest disconnecting your PS3 from your network and keeping a close eye on your credit card statements.

All these online services should be running two servers: one connected to the internet which keeps no records, the other one isolated from the internet that keeps all the records; and the only way to access information is via an internal communication link between the two. That is the only way to keep hackers from hacking into the information server and doing mass-downloads like this.
Sherwin Kahn
Just went to cancel my debit card and get a re-issue with Santander...I was told not to bother really, they had been informed of the breach. Santander told me it was only credit card details and the information was only the expiry date...
I find it questionable that there are 77 million users on the PSN network. They have only sold ~ 50 million units of the PS3. I don\'t think they\'ve sold 27 million PSPs. Even if you guaranteed every single person put their personal info onto on the PSN that bought a system is not realistic.
Mack McDowell
They forgot to mention that its not just PSN but also their Quriosity network for streaming content to Sony media devices like Blu Ray players and TVs.
Knut Sulen
I have reason to believe the same has happened to the "Tagged" network.
Have no access to my own account there, but no financial info from me there, neither personal info, except name, adress and age.
Tagged has been unable to get me access, but I can visit, like everyone else, my own account, but not read and answer my mail. This problem occured for approx. a month. Tagged has not been able to solve it. (give me access to own account)
Mark Penver
bdsterne, you\'re forgetting duplicate accounts. As in the amount of people with more than one account on a single playstation, from sharing with mates and family to wanting a different gamer name.
Robert Hestand