Fury at Sony's delay in telling millions their details were hacked
PlayStation users left uninformed for five days after world's largest data theft
Thursday 28 April 2011
Sony was battling to contain an escalating public relations disaster last night after the hardware giant revealed that personal details of more than 77 million PlayStation customers have been stolen in one of the world's largest data thefts.
Sophisticated criminal hackers are believed to have broken into Sony's PlayStation Network more than a week ago and made off with vast quantities of personal information, including players' names, dates of birth, email, passwords and addresses.
The company also revealed that credit card information may have been stolen as its experts try to uncover the full extent of the hack.
The PlayStation Network, which allows gamers to play and purchase games over the web, has been offline for the past eight days. But it took Sony until Tuesday evening to inform customers that their details may have been stolen.
After days of silence Sony finally revealed in a blog post that an "illegal and unauthorised person" had breached the company's security systems to steal personal data and that its experts "could not rule out the possibility" that credit card numbers have also been taken.
Industry analysts and gamers yesterday reacted with dismay that such a profound data breach was kept secret for so long.
James Holland, editor of Electric Pig, told The Independent: "The fact that Sony took more than five days to inform people that their data may have been stolen is nothing short of appalling."
Gamers flocked to internet forums to vent their fury, threatening to return Sony products and close down any accounts they hold with the gaming giant.
Users speaking to The Independent said they were deeply concerned about how the attack might affect their other online passwords and accounts. One, Tom Calverley, said that he was "very angry" about what he called a "fiasco".
The Glasgow PlayStation owner and blogger Jon Brady said Sony should have "taken more care to secure our passwords and other personal information", but said that he thought the firm had been "unlucky".
Sony refused to say whether it would offer refunds to customers who took to its official online forums demanding their money back.
Some customers said they wanted to return their hardware and cancel any subscriptions they had taken out, but the company would only say: "When the full services are restored and the length of the outage is known,we will assess the correct course ofaction."
Analysts have described the hack as one of the world's largest data thefts.
"This is certainly one of the biggest breaches in terms of the sheer amount and type of data taken," said George Campbell, a technology lawyer at McGrigors. "It is a huge problem for Sony in terms of negative publicity."
Although it is still not clear whether credit card details were taken, cyber security experts warned that much of the information already accessed by the hackers is a goldmine for criminal networks.
"Even without the credit card numbers this information can be used by criminals," said Rik Ferguson, a cyber security expert at Trend Micro. "Unfortunately many people duplicate passwords across websites, they often use the same password as the one on their email. Those who think their data may have been stolen need to change their online passwords straight away."
Yesterday the Information Commissioner's Office announced that it would question Sony about the breach. Equivalent authorities in Australia and the United States said they would also investigate the data theft.
When rumours of a hack first surfaced a week ago, speculation centred on Anonymous, the shadowy "hactivist" network behind a string of high-profile ideological cyber protests. But Anonymous has denied being behind the breach as suspicion instead falls on sophisticated criminal networks, probably based somewhere in eastern Europe.
A tempting target for hackers
* Dreamt up in 2006 as a way for PlayStation gamers all over the world to be able to play against each other, the PlayStation Network (PSN) is an online service provided by Sony. As long as they have a broadband connection, customers can use the service to connect with other users and play games together, as well as to chat to each other and visit webpages. Users can also download and buy games, add-ons and videos from the PSN Store.
* Subscription to the service itself is free, but users still provide credit card details because certain services, such as the PSN Store, charge a fee for downloads. Last June, a premium sister service called PlayStation Plus was launched, offering exclusive content to subscribers for a fee. Besides their login details, users are also required to provide home addresses, email addresses, and dates of birth – information that can be highly useful to identity fraudsters.
* The service has amassed 77 million users in the five years since it was launched, 3 million of them in Britain.
* Sony only allows authorised products to be used over the service, but some users have found ways of "jailbreaking" their consoles to allow them to use pirated products. One was sued over such allegations and there was speculation that the legal action against him was the motivation behind last week's attack.
Q&A: Do criminals have my credit card details?
Q. I have a Sony PlayStation. Should I be worried?
If you've used a credit or debit card to buy content, your account may be compromised. The fears are that all the 3 million or so British PlayStation users have been hit by hackers.
Q. What does compromised mean?
It means that crooks may have your plastic card details. Sony has admitted that hackers have stolen names, addresses, email addresses, birth dates and logins and passwords, but has yet to say if financial details have been stolen.
Q. Should I cancel my credit card?
There's no need to panic. If as a result of hackers' activity money is stolen from your account, it should be returned by your bank or cardcompany.
Q. So I don't need to do anything?
That depends. If you use your PlayStation password elsewhere, you should change it right away. In any event, it's good practice to change your password regularly to cut down the possibility of fraud.
Q. Once I've switched password, do I have any reason to worry?
Not really. You should monitor your account for unusual activity and tell your bank if you see any strange payments. Also be on the lookout for phishing emails. Banks never ask for passwords or PINs. If anyone else does, refuse and tell your bank or card company.
Life & Style blogs
Reader dilemma: 'My boyfriend jokes about putting photos of us having sex on Facebook'
The Gay Beards: Whiskers as you've never seen them before
Scientists have discovered a new taste that could profoundly change the way we eat
Topshop pulls 'ridiculously skinny' mannequins after being shamed by customer on Facebook
What do the emojis on Snapchat mean?
The 9 charts that show the 'left-wing' policies of Jeremy Corbyn the public actually agrees with
Labour leadership contender Jeremy Corbyn says 'we can learn a great deal from Karl Marx'
The last thing Labour needs is a leader like Jeremy Corbyn who people want to vote for
What the Labour party could look like under Jeremy Corbyn
I am the Jeremy Corbyn supporter that many will tell you doesn't exist
Public anger after French sunbather beaten up by gang for wearing a bikini in Reims park
- 1 Lord Sewel quits: Peer 'boasts of having sex with BBC presenter and seeing 13 mistresses'
- 2 Topshop pulls 'ridiculously skinny' mannequins after being shamed by customer on Facebook
- 3 Five-year-old boy forced classmate to simulate oral sex at primary school, claims mother
- 4 Black and ethnic minority people twice as likely to be hit by Tory cuts than white people, report finds
- 5 Polish court orders bank to repay drugged man after he spends £23,400 in lap dance bar
iJobs Gadgets & Tech
£42000 - £50000 per annum: Recruitment Genius: Our client is looking for a C# ...
£21000 - £25000 per annum: Recruitment Genius: IT Support Technician with expe...
£45000 - £80000 per annum: Recruitment Genius: Ambitious, entrepreneurial busi...
£30000 - £32000 per annum: Recruitment Genius: They have a unique reputation f...